SNS firewall pools

The way URL/SSL filter policies are updated on an SNS firewall pool varies, depending on whether the pool is managed by an SMC server.

Firewall pools managed by an SMC server

The update of the URL/SSL filter policy requires five steps.

Rebuilding a compliant security policy on an SNS firewall in the pool

Follow the method described in the section Checking and adapting the security policy after the EWC URL database has been changed.

Exporting the configuration of the reference firewall (.na format file)

Follow the method described in the section Backing up the firewall's configuration to export the configuration of the reference firewall.

Importing the backup of the reference firewall's configuration on the SMC server

Follow the method described in the section Attaching files to a script and receiving files generated by script in the SMC administration guide to import the configuration backup file exported earlier.

Creating the CLI command script

Follow the method described in the paragraph Creating the CLI command script in the SMC administration guide.

The CLI/Serverd commands to be inserted in the script will be the following:

CONFIG OBJECT URLGROUP SETBASE base=CLOUDURL
CONFIG RESTORE list=urlfiltering,sslfiltering $FROM_DATA_FILE("backup_file_name.na")

Replace backup_file_name.na with the name of the file exported from the reference firewall. Ensure that you use the urlfiltering,sslfiltering values for the list parameter to restore only the URL/SSL filter policy.

Running the script from the SMC server on the firewall pool

Follow the method described in the section Running the SNS CLI script from the web interface in the SMC administration guide.

Firewall pools not managed by an SMC server

The update of the URL/SSL filter policy requires three steps.

Rebuilding a compliant security policy on an SNS firewall in the pool

Follow the method described in the section Checking and adapting the security policy after the EWC URL database has been changed.

Exporting the configuration of the reference firewall (.na format file)

Follow the method described in the section Backing up the firewall's configuration to export the configuration of the reference firewall.

Importing the backup of the firewall's configuration on every SNS firewall in the pool

IMPORTANT
By importing the backup, all URL/SSL filter profiles configured earlier on the destination firewall will be lost.

  1. In System > Maintenance > Restore, select the configuration backup file of the reference firewall (.na).

  2. In the Advanced properties section:

    • Unselect Restore the configuration from the file,

    • Select URL filtering and SSL filtering.

  3. Click on Restore the configuration from the file.
    The profiles will automatically be imported in the SSL/URL filter profiles.