Managing the firewall pool

This feature was not part of the security target.

To manage several SNS firewalls, setting up an administration IS is recommended, as this complies with the recommendations in the guide relating to the secure administration of information systems (in line with the Recommendations on the secure administration of information systems - in French). This administration IS should be used in particular to:

• Provide centralized authentication of administrators as described in the chapter Centralized authentication and the external PKI in compliance with the chapter Using a PKI,

• Access the SNS firewall’s administration services remotely (HTTPS and NSRPC - the relevant tools use TCP port 1300) from administration workstations, in line with the chapter Administration services.

• Forward logs generated by the SNS firewall to the central log server, in line with the chapter Logging and the Security recommendations for the implementation of log systems (in French),

• Allow the passage of monitoring traffic described in the chapter Monitoring, exchanged between the SNS firewall and the central monitoring server,

• Forward the SNS firewall’s backup files to the central backup server, in line with the chapter Backup.

These features can be implemented with the SMC server provided by Stormshield, among other tools. The server also makes it possible to easily manage a pool of SNS firewalls through the use of specific features such as:

• Managing SNS firewalls by folder,

• Using filter and translation rule sets,

• Configuring offline SNS firewalls,

• Postponing configuration deployments,

• Scheduling the execution of SNS CLI scripts on a firewall pool,

• etc.