Enabling Diffusion Restreinte mode on SMC and firewalls

The super administrator (admin account) can enable DR mode on the SMC server and connected SNS firewalls.

In high availability clusters, DR mode only needs to be enabled on the active node; it will be automatically enabled on the passive node.

All firewalls must be connected to the SMC server to enable DR mode.

To enable DR mode:

1. Enable the consistency checker as described in the previous section.
2. Enable ANSSI “Diffusion Restreinte (DR)" mode.
3. Accept the conditions and click on Enable DR mode.
   When DR mode is enabled on the SMC server, an automatic deployment enables DR mode on the firewalls connected to the server.
4. Immediately restart the firewalls manually.

Enabling DR mode on the SMC server has the following consequences:

• Anomalies relating to the consistency check in DR mode are reported in the form of errors instead of warnings,
• SMC connecting packages can only be created on firewalls in SNS version 4.3 or higher,
• Firewalls on which DR mode has never been enabled can no longer be connected to SMC.