SMC 2.4 new features

VPN topologies

Configuration of the contact IP address and local address

In VPN topologies, it is now possible to configure the contact IP address and local address of each firewall. Different addresses can therefore be defined for each topology on the same firewall.

Support for several certificate authorities in a topology

Several trusted certificate authorities can now be selected within the same VPN topology. This makes it possible to include in a topology equipment belonging to various entities and certified by different authorities.

Support for dynamic peers

It is now possible to create VPN topologies that involve peers using dynamic IP addresses.

Status of the SMC server

Diagnostics report

You can now download a diagnostics report on the performance status of the SMC server in HTML format from the web interface or the command line interface. This report may provide useful information if issues arise on the server.

Communication between the SMC server and SN firewalls

Compression and optimization

From version 3.6.0 of SN firewalls onwards, data exchanged between the SMC server and firewalls will now be compressed. The SMC server in version 2.4.0 requires about 100 times less bandwidth that version 2.3.0. The bandwidth required to supervise 30 firewalls is now about 6 Kb/s.

Configuration deployment

Configuration comparison

Before deploying a new configuration on your firewalls with the SMC server, you can now view a configuration comparison in order to compare the last configuration deployed on the firewalls and the new configuration about to be deployed.

Selection of SN firewalls by default

Support reference: 157606CW

Firewalls are now no longer selected by default during the deployment of the configuration from the web interface.

SNS CLI Scripts

Scheduled running of scripts

You can now schedule when to run SNS CLI scripts. You can therefore schedule when your pool of firewalls needs to be updated, for example, without impacting production. New variables make it possible to update a disparate pool using a single script.

Sample CSV file

The sample file example-sns-cli-script.csv has been added on the server in the repository of sample CSV files /var/fwadmin/examples/csv.