Recommendations

Information prior to an update of the SMC server

Size of the System disk

After successive updates of the SMC server, it may happen that free space on the System disk is not enough to allow new updates to be installed:

  1. Use the following command to check the state of the system disk:

    df -h /

    For example:

  2. If the disk is almost full, you need to deploy a new virtual machine using the following procedure:

    1. Back up the 3.x SMC server configuration.

    2. Shut down the SMC server.

    3. Deploy a new SMC server in the same 3.x version.

    4. Restore the the configuration from your backup on the new virtual machine.

  3. Update your new SMC server to the new 3.y version.

EXAMPLE
To update from a 3.1.4 version to a 3.1.6 version:

  1. Back up the 3.1.4 SMC server configuration.

  2. Shut down the server.

  3. Deploy a new 3.1.4 server.

  4. Restore the backed up configuration on the new 3.1.4 server.

  5. Update the new server to version 3.1.6.

To get help or more information on these procedures, refer to the SMC Administration guide or contact the Technical Assistance Center.


Address range of SMC micro-services

If the address range that your SNS firewalls use conflicts with the address range that micro-services on the SMC server use, you can change the address of the SMC server's "docker0” interface (172.17.0.1/16). To do so, follow the steps in the Stormshield Knowledge base article.


Access to the SMC server during updates

When you update your SMC server, we recommend that you prevent other administrators from accessing SMC for the duration of the update. If you do not do so, they will not be informed of updates in progress and any configurations they are working on will not be saved.

Minimum hardware recommendations

To ensure good performance of the SMC server, we recommend installing it on a virtual machine with at least 2 vCPUs and 4 GB of RAM.

Warning before connecting SNS firewalls to the SMC server

Take note of the following information if you wish to associate the SMC server with a pool of SNS firewalls already used in production, and which contain global configuration items.

Whenever SMC deploys a configuration on a firewall, all global configuration items found on this firewall will be deleted and replaced with configuration items defined in the SMC configuration, if any.

This includes:

  • Global objects defined on the firewall,
  • Global filter rules defined on the firewall,
  • Global VPN tunnels defined on the firewall.

These items are not displayed by default in the SNS web configuration interface. To display them, go to the firewall Preferences, Application settings section and enable the option Display global policies (Filter, NAT, IPsec VPN and Objects).

By attaching an SNS firewall to SMC, you therefore accept that these global items, which could have been set up on this firewall, will be overwritten as soon as SMC deploys the configuration.

However, local objects, rules and VPN tunnels (which you handle by default in the firewalls' web administration interface) will never be modified or deleted when SMC deploys a configuration.

We therefore recommend that you recreate these global items in the form of local items on the firewall or rewrite rules in SMC before attaching the firewall to SMC, in order to avoid losing configuration items and disrupting production.

In most cases, in which the firewall to be connected does not have any global configuration items, no particular precautions need to be taken in attaching the firewall to SMC, and doing so will leave no impact on production.

In any case, we advise you to back up your firewall's configuration before connecting it to SMC.