Verifying configuration consistency

The consistency checker is a tool that analyzes the consistency of your configuration in real time. In the lower panel of the SMC server web interface, it shows warnings and errors if it has detected any.

To show the consistency check:

  • Select Maintenance > Consistency check.

- or -

  • Open the lower panel of the screen by clicking on the black arrow at the bottom of the interface Arrow to show logs panel.

The consistency checker shows all warnings and errors affecting all firewalls. However, error analyses take priority over warning analyses. If a firewall reports at least one error, the analysis of warnings on this firewall will be canceled.

You can filter these warnings and errors by firewall or by inconsistency, or by entering a character string in the search field.

By clicking on certain items (filter or translation rules, objects, etc.), you can go straight to the panels or items in question.

The consistency checker also runs when configurations are deployed. However, only errors are checked; warnings are ignored. When an error is detected, the deployment will fail.

The environment variable SMC_CFGCHECK_ENABLED makes it possible to disable the consistency check whenever necessary.

  1. Log in to the SMC server via the console of your hypervisor or in SSH.
  2. Edit the file /data/config/fwadmin-env.conf.local by adding the following line at the end: SMC_CFGCHECK_ENABLED=false.
  3. Restart the server with the command nrestart smc.

You can specifically disable checks in some areas or disable some of the configuration consistency checks.

  1. To know which entries can be disabled, refer to the file /opt/fwadmin-server/config/cfgcheck.ini without modifying it.
  2. In the file /data/config/cfgcheck.ini, add the keys or sections you want to disable.

The number of inconsistencies reported by the checker can be restricted by using the environment variable SMC_CFGCHECK_INCOHERENCIES_INT. By default, up to 100 inconsistencies are reported. Once this limit is reached, SMC will cancel all pending analyses.

  1. Log in to the SMC server via the console of your hypervisor or in SSH.
  2. In the file /data/config/fwadmin-env.conf.local, change the value of the environment variable: SMC_CFGCHECK_INCOHERENCIES_INT.
  3. Restart the server with the command nrestart smc.