SMC 3.3.1 fixes

Object database

Network objects

Support reference 84405

Network objects with a subnet mask in /32 can no longer be used or imported in the firewall configuration. The consistency checker will raise an alarm if such objects are found on SMC.

Router objects

Support reference 84643

Router objects can now be created even when the HTTPS port object does not exist in the SMC object database.

Monitoring SMC with SNMP

Status of the SNMP service after updating SMC

Support reference 84438

When SNMP is enabled on the SMC server, it will now automatically restart after SMC is updated. The service remains enabled after SMC is restarted.


service command

Support reference 84381

SMC no longer supports the service command. Since version 3.0, the use of the service --status-all command, which listed the services on the system, would make SMC stop functioning.

Some errors caused SMC to stop

Some errors, which could occur during a configuration deployment for example, caused SMC server to stop. SMC now continues to run correctly even if these errors occur.

Configuration deployment

Use of the same peer in VPN topologies

Support references 84584 and 84647

Whenever the same peer was used twice in a VPN topology, SMC would no longer restart during a deployment. This would make the deployment fail and SMC would display an error message.

Filter rules

Use of the @ character in the comments of a rule

Support reference 84423

The local filter rules on SNS firewalls now display correctly in SMC when the @ character is used in comments.

Display of local filter rules

Support references 84396, 84440 and 84442

The local filter rules on SNS firewalls now display correctly in SMC when:

  • they use a group of regions, a category of public IP address reputations or web services that SMC does not know.

  • they use router objects,

  • they use objects that SNS did not export in SMC,

Configuration of SNS firewalls

Managing network interfaces

Support reference 84529

SMC now no longer deploys the network configuration if it has not retrieved all network interfaces beforehand.

Importing SNS firewalls

Support reference 84644

The #vpn_fw_public_ip_address parameter functions again when importing SNS firewalls from a CSV file.

Consistency check on network interfaces

Support reference 84576

The consistency check no longer fails when it analyzes network interfaces with IP addresses in /32.

Authorities and certificates

Verification of the revocation list

Support reference 84603

SMC now forces SNS firewalls to retrieve the certificate revocation list (CRL) after every time the configuration is deployed. So when a VPN topology is deployed with the CRL verification option enabled, tunnels will be operational immediately. There is no longer any need to wait for the firewalls to retrieve the CRL.

Changes to the CRL

Support reference 84646

SMC now ignores the CRL file CA.crl.pem in the folder ConfigFiles/Global/Certificates/<topo_name>/ of SNS firewalls, so it no longer raises any alerts when this file is modified locally.