SMC 3.6 fixes

System

Robustness

The system has been enhanced in order to limit the risk of the server unexpectedly shutting down or suddenly disconnecting. Now SMC is both more robust and more reliable.

VPN topologies

Support reference 84974

Using "Any" remote site

"Any" remote site can now be used in several VPN topologies, through the contact address during the selection of peer traffic endpoints, without causing the configuration deployment to fail.


Support reference 85685

In a route-based VPN topology, using the “Any” contact address for several peers no longer causes the configuration deployment to fail.

Support reference 85502

Displaying the Local address column

In step 4 when configuring a VPN topology, the Outgoing interface column has been renamed Local address.

Support reference 85696

VTI network pool

In step 2 when configuring a VPN topology, changes to the default VTI network pool are now correctly applied if the new sub-network entered belongs to the private IP address ranges:

  • 10.0.0.0/8

  • 172.16.0.0/12

  • 192.168.0.0/16

Reading logs

Support reference 85429

Deleting logs

Every time SMC starts or restarts, the following log would appear:

psql: error: connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed

This log was a false negative that had no impact on the operation of SMC, and has since been removed.

Direct access to SNS firewalls from SMC

Support reference 85375

Accessing the SD-WAN monitoring view

The SD-WAN monitoring view on firewalls in version 4.3.23 or 4.3.24 can now be accessed by connecting directly to the firewall from SMC.

Support reference 85158

Installing a connecting package

Administrators can now install connecting packages on a firewall by connecting directly to the firewall from SMC, without being logged out from SMC.

Authorities and certificates

Support reference 85304

Importing certificates in command line

Certificates can now be updated using the command smc-install-certificate with the -u option.

Firewall configuration

Support reference 85554

Using customized variables

All custom variables that use the former %FW_CUSTOMX% format are now correctly converted to the new %CUSTOM_varX% format, even when the variables are written in lowercase, e.g., %FW_customX%. The former format therefore can no longer be used.

Support reference 85550

Using the consistency check

The consistency check no longer reports false anomalies, notably with regard to the overlap of IP addresses.

Support reference 85331

Using environment variables to configure timeout periods

The following environment variables are no longer available:

  • SMC_HASYNC_TIMEOUT_INT

  • SMC_LICENSEDUMP_TIMEOUT_INT

  • SMC_POLLING_TIMEOUT_INT

They have been replaced with the variable SMC_PROXY_RESPONSE_TIMEOUT_INT. It allows configuring the maximum time to wait for a response from an SNS firewall for four requests initiated by SMC:

  • Synchronizing both nodes of a cluster,

  • Retrieving firewall license information: options and validity dates,

  • Retrieving firewall monitoring information,

  • Connecting to the firewall administration interface.

The default value of the variable is 300 seconds.

Object database

Support reference 85560

Managing time objects

Dates associated with a time object now match the dates that you have entered when creating or editing the object. Previously, there was a lag, which caused issues when the object was used in rules that filter traffic over a given period, for example.

Support reference 85344

Deleting a group that is used in a router object

Groups can no longer be deleted from the object database if they belong to a router object.

Port range in a Port object

Support reference 85478

When creating a Port object, the automatic verification of the “From” field now correctly works.

Filter and NAT rules

Support reference 85255

Displaying local rules in SMC

When local filter rules on SNS firewalls contain global objects in their configurations, they now appear correctly in SMC, even when the deployment of these global objects is forced on the firewalls.

Support reference 85654

Importing local rules

During failed attempts to import a firewall's local filter rules into SMC, an error message now indicates the reasons for the failure.

Support reference 85484

Choosing options in filter rules

Filter rules that contain the following configuration no longer cause the configuration deployment to fail:

  • The options Force source packets in IPsec and Force return packets in IPsec have been selected in the advanced properties of the Action menu,

  • The options Syslog server and IPFIX collector have been unselected in the advanced properties of the Action menu,

  • The option Via IPsec VPN tunnel has been selected in the advanced properties of the Source menu.

Active Update server

Support reference 85565

Active Update server certificate

If you are using the SMC Active Update server, you can now replace the default server certificate with a certificate of your choice without causing errors.

Monitoring SMC with SNMP

Support reference 85561

Restarting the SNMP service

The SNMP service now correctly restarts with the nrestart snmpd command.

Managing SNS firewalls

Support reference 85389

Using custom variables with firewalls in versions below 3.7

The former custom variable format used on SNS firewalls in versions below 3.7 would cause SMC to shut down. As of SMC version 3.6, SNS firewalls in versions lower than 3.7 can no longer connect to SMC.

Support reference 85549

Monitoring memory use

On the SNS firewall monitoring screen, the graph in the Memory (%) column functions once again, and accurately indicates the amount of memory used on firewalls.

Configuring SMC

Support reference 85400

Adding interfaces

Interfaces can now be added to the SMC server without the need to configure a DNS server.

Connecting SNS firewalls to SMC

Support reference 85424

Connection errors

Permission errors on connecting files could prevent a firewall from connecting to SMC. This issue has been fixed.