Known issues

VPN topology deployment

VPN topologies cannot be deployed from the SMC server if the name of a firewall is too long. The names of VPN topologies on firewalls cannot contain more than 64 characters.

SMC server diagnostics report

Whenever the SMC server diagnostics report is downloaded via command line, errors such as sysctl: reading key "xxx" would be highlighted in the report. These errors do not negatively impact the diagnosis.

Routing configuration from SMC

Several of the interfaces used for contacting the SMC server can be configured, but only one default gateway can be declared on a single interface. Routing must be configured manually for the other interfaces. An article in the Stormshield Knowledge base sets out the procedure to follow.

Using global network objects in a local configuration

On SN firewalls, global objects may be used in local configurations. However, when SMC deploys a configuration on a firewall, existing global objects on the firewall will be deleted and replaced with objects defined in the SMC configuration. To keep the local configuration running, you need to impose the deployment of necessary global objects on affected firewalls.

For more information, refer to the section Warning before connecting SN firewalls to the SMC server.

Migrating a V model virtual firewall to an EVA model

V-50, V-100 and V-200 virtual firewalls can no longer be upgraded to EVA models using the variable %FW_UPD_SUFFIX% in an SNS CLI script run from the SMC server.

To work around this issue, replace the variable %FW_SIZE% with the value "XL-VM" in the upgrade script.

Upgrading the SMC server from a lower version to version 2.0

Whenever the SMC server is upgraded from a lower version to version 2.0, or whenever a backup created in a lower version is restored to version 2.0, the server cannot be contacted.

To work around this issue, refer to the Stormshield Knowledge base.

Retrieving the public section of a certificate obtained via SCEP

If certificates obtained via SCEP and declared on the SMC server have been created manually on the SN firewall, and their default IDs are customized (shortname), the SMC server would not be able to retrieve the public section of certificates. VPN topologies that include firewalls affected by this issue therefore do not function.

This issue also prevents such certificates from being renewed.

For more information, refer to the Stormshield Knowledge base.

Issues connecting SN firewalls to the SMC server

Support reference: 157684

In some cases that are still being analyzed, SN firewalls may appear offline on the monitoring screen of the SMC server. If you encounter this issue, contact the Technical Assistance Center Stormshield.