Use case examples

We will use the example of a service provider who manages SNS firewalls for several clients:

• Each client only has one firewall,
• All firewalls are located in the MySMC root folder, and no sub-folders are used,
• The firewalls do not have any filter rules or NAT rules in common,
• The service provider does not wish to connect to each firewall in real time to define rules.

The service provider must therefore:

• Set specific rules on each firewall in SMC, going to the firewall's Filtering and translation tab.
• If necessary, define a "Block all" rule as the last rule on each firewall in order to ignore the rules found in the firewalls' local security policy.
• Deploy the configuration on the firewalls. These rules will be deployed in the firewalls' global security policy.

We shall use the example of a service provider who also administers SNS firewalls for several clients:

• Each client only has one firewall,
• The firewalls are organized in sub-folders named after clients,
• The firewalls have filter rules or NAT rules in common and specific rules.

The service provider must therefore:

• Define the rules shared by all firewalls in the MySMC folder, for example to provide all firewalls with access to its datacenter. For this purpose, a variable object will be used: a Host object representing a firewall interface. A single rule and a single object will therefore suffice for all firewalls. For more information, please refer to the section Managing objects.
• Set specific rules on each firewall from SMC, going to the firewall's Filtering and translation tab.
• If necessary, define a "Block all" rule as the last low-priority rule in the MySMC folder in order to ignore the rules found in the firewalls' local security policy.
• Deploy the configuration on the firewalls. These rules will be deployed in the firewalls' global security policy.

We shall use the example of a trading company that has a warehouse, offices, hypermarkets and supermarkets spread out over several sites:

• The central administrator uses two levels of sub-folders under the root folder to organize its firewalls,
• Filter and NAT rules apply to all firewalls, and other rules apply only to certain folders,
• The administrator wishes to delegate the administration of certain traffic to local administrators in order to give them the possibility of implementing local rules on specific services, protocols, users or networks. A store may, for example, need to communicate with a CCTV service provider.

The central administrator must therefore:

• Define the rules shared by all firewalls in the MySMC folder using variable objects. For more information, please refer to the section Managing objects.
• Define rules shared by warehouses/offices/stores in the corresponding folders and sub-folders.
• Set specific rules on some firewalls from SMC, by going to the firewall's Filtering and translation tab.
• Select the action Delegate for the rules concerned in the rule Action menu.
• Define a “Block all” rule as the last low priority rule on the root folder MySMC.
• Deploy the configuration on the firewalls. These rules will be deployed in the firewalls' global security policy.

We will use the example of a company that has several sites. Every site has the same number of departments with networks and firewalls that must be uniformly configured. The sites are not necessarily configured in the same folder on SMC.

• The central administrator wants to define all filter and NAT rules for a specific department.
• The administrator does not wish to connect to the firewall of each department to define the rules.

The central administrator must therefore:

• Create a rule set containing all the filter and NAT rules dedicated to a department in the menu Configuration > Rule set.
• Select the firewalls on which the rule set is to be deployed.
• The next time the rule set is deployed, it will be applied to all the selected firewalls. For more information, refer to the section Creating rule sets.