SMC 3.6 fixes
System
Robustness
The system has been enhanced in order to limit the risk of the server unexpectedly shutting down or suddenly disconnecting. Now SMC is both more robust and more reliable.
VPN topologies
Support reference 84974
Using "Any" remote site
"Any" remote site can now be used in several VPN topologies, through the contact address during the selection of peer traffic endpoints, without causing the configuration deployment to fail.
Support reference 85685
In a route-based VPN topology, using the “Any” contact address for several peers no longer causes the configuration deployment to fail.
Support reference 85502
Displaying the Local address column
In step 4 when configuring a VPN topology, the Outgoing interface column has been renamed Local address.
Support reference 85696
VTI network pool
In step 2 when configuring a VPN topology, changes to the default VTI network pool are now correctly applied if the new sub-network entered belongs to the private IP address ranges:
-
10.0.0.0/8
-
172.16.0.0/12
-
192.168.0.0/16
Reading logs
Support reference 85429
Deleting logs
Every time SMC starts or restarts, the following log would appear:
psql: error: connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed
This log was a false negative that had no impact on the operation of SMC, and has since been removed.
Direct access to SNS firewalls from SMC
Support reference 85375
Accessing the SD-WAN monitoring view
The SD-WAN monitoring view on firewalls in version 4.3.23 or 4.3.24 can now be accessed by connecting directly to the firewall from SMC.
Support reference 85158
Installing a connecting package
Administrators can now install connecting packages on a firewall by connecting directly to the firewall from SMC, without being logged out from SMC.
Authorities and certificates
Support reference 85304
Importing certificates in command line
Certificates can now be updated using the command smc-install-certificate with the -u option.
Firewall configuration
Support reference 85554
Using customized variables
All custom variables that use the former %FW_CUSTOMX% format are now correctly converted to the new %CUSTOM_varX% format, even when the variables are written in lowercase, e.g., %FW_customX%. The former format therefore can no longer be used.
Support reference 85550
Using the consistency check
The consistency check no longer reports false anomalies, notably with regard to the overlap of IP addresses.
Support reference 85331
Using environment variables to configure timeout periods
The following environment variables are no longer available:
-
SMC_HASYNC_TIMEOUT_INT
-
SMC_LICENSEDUMP_TIMEOUT_INT
-
SMC_POLLING_TIMEOUT_INT
They have been replaced with the variable SMC_PROXY_RESPONSE_TIMEOUT_INT. It allows configuring the maximum time to wait for a response from an SNS firewall for four requests initiated by SMC:
-
Synchronizing both nodes of a cluster,
-
Retrieving firewall license information: options and validity dates,
-
Retrieving firewall monitoring information,
-
Connecting to the firewall administration interface.
The default value of the variable is 300 seconds.
Object database
Support reference 85560
Managing time objects
Dates associated with a time object now match the dates that you have entered when creating or editing the object. Previously, there was a lag, which caused issues when the object was used in rules that filter traffic over a given period, for example.
Support reference 85344
Deleting a group that is used in a router object
Groups can no longer be deleted from the object database if they belong to a router object.
Port range in a Port object
Support reference 85478
When creating a Port object, the automatic verification of the “From” field now correctly works.
Filter and NAT rules
Support reference 85255
Displaying local rules in SMC
When local filter rules on SNS firewalls contain global objects in their configurations, they now appear correctly in SMC, even when the deployment of these global objects is forced on the firewalls.
Support reference 85654
Importing local rules
During failed attempts to import a firewall's local filter rules into SMC, an error message now indicates the reasons for the failure.
Support reference 85484
Choosing options in filter rules
Filter rules that contain the following configuration no longer cause the configuration deployment to fail:
-
The options Force source packets in IPsec and Force return packets in IPsec have been selected in the advanced properties of the Action menu,
-
The options Syslog server and IPFIX collector have been unselected in the advanced properties of the Action menu,
-
The option Via IPsec VPN tunnel has been selected in the advanced properties of the Source menu.
Active Update server
Support reference 85565
Active Update server certificate
If you are using the SMC Active Update server, you can now replace the default server certificate with a certificate of your choice without causing errors.
Monitoring SMC with SNMP
Support reference 85561
Restarting the SNMP service
The SNMP service now correctly restarts with the nrestart snmpd
command.
Managing SNS firewalls
Support reference 85389
Using custom variables with firewalls in versions below 3.7
The former custom variable format used on SNS firewalls in versions below 3.7 would cause SMC to shut down. As of SMC version 3.6, SNS firewalls in versions lower than 3.7 can no longer connect to SMC.
Support reference 85549
Monitoring memory use
On the SNS firewall monitoring screen, the graph in the Memory (%) column functions once again, and accurately indicates the amount of memory used on firewalls.
Configuring SMC
Support reference 85400
Adding interfaces
Interfaces can now be added to the SMC server without the need to configure a DNS server.