STORMSHIELD MANAGEMENT CENTER

If you have installed the Stormshield Management Center centralized administration server, this panel will allow you to install the connecting package in order to connect your firewall to the SMC server.

IMPORTANT
If you have logged on via the web administration interface to a firewall connected to an SMC server, "Managed by SMC" will be displayed in the upper panel. By default, the account used only has read-only access privileges.
You are strongly advised against directly modifying the configuration of a firewall administered by an SMC server, except in an emergency (SMC server uncontactable, for example).
This is because any changes made directly to the configuration via the web administration interface on a firewall connected to an SMC server may be overwritten when a new configuration is sent from the SMC server.
For more information on implementing SMC, refer to the SMC installation guide and the SMC administration guide.

Connecting the firewall to the SMC server

Select the connecting package Choose the SMC connecting package from the centralized administration server.

Buttons

Install the package: When a connecting package has been selected, this button will download and install it on the firewall.

Connection settings

Once the package has been installed, information regarding the connection to the server will then be displayed (IPv4/IPv6 address of the server, connection validity, verification frequency for this connection, timeout before the server's response, timeout before reconnection).

NOTE
For more information on Stormshield Management Center centralized administration, refer to the SMC installation guide and SMC administration guide.

TPM

When the firewall is equipped with a TPM, this section makes it possible to protect the private key in the certificate that is used for communications with the SMC server. Click on Protect the SMC agent to enable this protection.

If the firewall is already connected to an SMC server during the initialization of the TPM, the private key of the certificate that is used for communications with the SMC server will be automatically protected.

For more information on the TPM, see the section Trusted Platform Module.

Installing a new connecting package on an SNS firewall

When an SNS firewall is already connected to SMC, and you wish to replace the connecting package, proceed as follows.

Ensure in advance that there are no SMC configuration deployments or updates in progress.

  1. In SMC, generate a new connecting package from the firewall's System > Configuration menu.

  2. On the firewall, run the command CLI CONFIG RESTORE list=fwadmin,network < /tmp/my_file.pack by providing the package (.pack).

Sending a connection request to the SMC server

In this method, a firewall can be manually connected to the SMC server without installing any connecting package.

NOTE
In order for this connection method to succeed, the firewall needs to be declared in advance on the SMC server.

SMC server address Enter the IP address of the SMC server to which you want to connect the firewall.
SMC server hash Enter the SHA-256 hash of the certificate presented by the SMC server to which you want to connect the firewall.

Buttons

Send request: once the information regarding the SMC server has been entered, this button will make it possible to send the connection request to the SMC server, and launch the connection process.