SMC 2.5 new features

Monitoring

Health indicators

From version 3.6.0 onwards, SN firewalls have a set of probes that allow them to report on the general status of their health. The SMC server now supports these health indicators, which can be found in the upper banner of the SMC web interface and in the Status column in the list of firewalls.

For firewalls in versions lower than 3.6.0, the health indicators available are the same as the ones previously available.

VPN topologies

Star topologies

The center of a star topology can now be configured in "Responder-only" mode. The other peers will always initiate the setup of VPN tunnels. This feature is only available on SN firewalls from version 3.6.0 and upwards.

Encryption profiles

The AES GCM 16 encryption algorithm can now be used. This algorithm is available on SN firewalls from version 3.6.0 and upwards.

PKI

Importing CRLs

The fwadmin-import-crl command no longer requires write privileges. You can now use it regardless of whether an administrator is currently logged on, and without having to disrupt him.

Importing certificates

Importing a certificate on an SN firewall via SMC now forces any administration sessions opened directly on the firewall to be logged off.

Filter and NAT rules

SSL decryption

For rules with a 'decrypt' action, a visual indicator similar to the one seen in the SNS administration console now informs the user that decrypted traffic will continue to be evaluated by the rules that follow.

Importing rules from the web administration interface

You can now import a firewall's local and global filter and NAT rules from the SMC web interface.

Configuration deployment

Deployment script in command line

You can now deploy configurations on SN firewalls in command line using the fwadmin-deploy command.

Object database

Length of firewall object names

Up to 255 characters can now be used to create a firewall name.

Authentication

Active Directory

The SMC server no longer needs to be restarted in order to apply the configuration of the connection to the LDAP server entered in the ldap-server.ini file.