SMC 2.0 new features

LAN to LAN IPSec VPN tunnels

SMC allows creating IPv4 LAN to LAN VPN tunnels between SN firewalls or external peers through mesh or star topologies. SMC supports IKEv1 and IKEv2 encryption protocols as well as two authentication methods: certificate authentication and pre-shared key authentication.

A monitoring view makes it possible to monitor the status of each tunnel in real time.

This feature is available for SN firewalls in at least version 3.0.

Filtering and translation

SMC enables the creation of filter and translation rules that can either be shared by several firewalls or defined specifically for some. Such rules can be deployed in the global security policy for SN firewalls and applied before the rules in the firewalls' local security policy. Firewalls may be classified by folders and sub-folders in SMC, thereby making it possible to apply common rules to a set of firewalls in a single operation.

In order to hand over control to the local administrator or manage the process of migrating an environment of firewalls already in production in SMC, you can choose to delegate the filtering of certain traffic. Rules defined locally on the firewall will then be given priority for such traffic.

This feature is available for SN firewalls in at least version 3.0.

Folders and sub-folders

To organize your firewalls based on criteria such as location, services, etc., you can now create up to four hierarchical levels of sub-folders under the default root folder MySMC. Filter and translation rules that apply to several sets and subsets of firewalls can be created in the folder tree.

Deploying objects

When you create objects in SMC, if they are used in a filter rule or VPN topology, they will be deployed on the firewalls concerned by default. However, their deployment on other firewalls or even on all firewalls can be forced.

Variable objects

SMC allows creating variable objects, meaning Host or Network objects whose IPv4 or IPv6 address values change according to the firewall on which they are installed. They can be used in filter rules and in VPN topologies.

Checking the use of a firewall and an object

SMC offers the possibility of checking whether a given firewall or object is being used in the configuration.

Likewise, if you attempt to delete a used firewall or object, a warning message will appear.

Creating and duplicating objects

Several similar objects can now be created quickly using the Create and Duplicate button in the object creation window.

Importing objects and firewalls from a CSV file

In the command line interface, you can import a list of objects in SMC through a CSV file. You can also import a list of firewalls and generate their connecting package.

SMC license

Using SMC now requires a license specifying a maximum number of SN firewalls that SMC can manage.

HyperV support

The Microsoft Hyper-V hypervisor for Windows Server 2008 R2 and 2012 R2 is now supported for the deployment of the SMC server.

NTP servers

From the command line interface, you can now enable NTP servers in order to configure the date and time of the SMC server.

Maintenance end date

In the firewall monitoring view, a new End of maintenance column indicates the date on which firewall maintenance ends.

This feature is available for SN firewalls in at least version 2.5.

Microsoft Edge

SMC now supports Microsoft Edge.

Disconnection of the passive node from the high availability cluster

A new orange icon in the firewall monitoring view indicates that the passive node of a cluster is no longer connected.