Stormshield Management Center Administration guide
Publicité
Publicité
STORMSHIELD MANAGEMENT
CENTER
ADMINISTRATION GUIDE
Date Version Details
6 April 2017 V 2.1 Update
Reference : sns-en-SMC-administration_guide-v2.1
CENTER
ADMINISTRATION GUIDE
Date Version Details
6 April 2017 V 2.1 Update
Reference : sns-en-SMC-administration_guide-v2.1
Table of contents
1. Getting started 5
1.1 Connecting to the SMC server's web interface 5
1.2 Connecting to the command line interface 5
1.3 Installing the SMC license 5
1.3.1 Troubleshooting 5
2. Warning before connecting SN firewalls to the SMC server 7
3. Connecting SN firewalls to the SMC server 8
3.1 Connecting a firewall with a factory configuration to the SMC server 8
3.1.1 Declaring the firewall in the SMC server web interface 8
3.1.2 Building the firewall connecting package 8
3.1.3 Installing the connecting package on the firewall from a USB drive 9
3.1.4 Installing the connecting package on the firewall from the installation wizard 10
3.2 Connecting a firewall already in production to the SMC server 11
3.2.1 Declaring the firewall in the SMC server web interface 11
3.2.2 Building the firewall connecting package 11
3.2.3 Installing the connecting package on the firewall 12
3.3 Connecting a high availability cluster to the SMC server 12
3.3.1 Declaring the cluster in the SMC server web interface 12
3.3.2 Building the cluster connecting package 13
3.3.3 Installing the connecting package on the active node of the cluster 13
3.4 Troubleshooting with the server's logs 14
3.4.1 Generating a firewall's connecting package 14
3.4.2 Installing the connecting package on the SN firewall 14
3.5 Importing SN firewalls from a CSV file 14
3.5.1 Creating the CSV file 14
3.5.2 Importing firewalls 15
4. Supervising SN firewalls 17
4.1 Monitoring and organizing firewalls 17
4.1.1 Getting information about firewalls 17
4.1.2 Organizing firewalls by folders 17
4.1.3 Check usage of a firewall in the configuration 19
4.2 Accessing the logs and activity reports of firewalls 19
5. Configuring SN firewalls 20
5.1 Editing firewalls 20
5.2 Managing objects 20
5.2.1 Deploying objects on SN firewalls 21
5.2.2 Creating variable objects 21
5.2.3 Check usage of an object in the configuration 22
5.2.4 Importing objects from a CSV file 22
5.3 Deploying a configuration on firewalls 23
5.3.1 Deploying a configuration on a firewall 24
5.3.2 Deploying a configuration on a high availability cluster 24
5.3.3 Troubleshooting with the server's logs 25
5.4 Loading and deploying a former configuration 25
5.5 Accessing the web administration interface of firewalls 25
5.6 Using the Emergency mode 26
5.7 Converting a firewall connected to the SMC server into a high availability cluster 26
Page 2/66 sns-en-SMC-administration_guide-v2.1 - Copyright © Stormshield 2017
SMC - ADMINISTRATION GUIDE 2.1
1. Getting started 5
1.1 Connecting to the SMC server's web interface 5
1.2 Connecting to the command line interface 5
1.3 Installing the SMC license 5
1.3.1 Troubleshooting 5
2. Warning before connecting SN firewalls to the SMC server 7
3. Connecting SN firewalls to the SMC server 8
3.1 Connecting a firewall with a factory configuration to the SMC server 8
3.1.1 Declaring the firewall in the SMC server web interface 8
3.1.2 Building the firewall connecting package 8
3.1.3 Installing the connecting package on the firewall from a USB drive 9
3.1.4 Installing the connecting package on the firewall from the installation wizard 10
3.2 Connecting a firewall already in production to the SMC server 11
3.2.1 Declaring the firewall in the SMC server web interface 11
3.2.2 Building the firewall connecting package 11
3.2.3 Installing the connecting package on the firewall 12
3.3 Connecting a high availability cluster to the SMC server 12
3.3.1 Declaring the cluster in the SMC server web interface 12
3.3.2 Building the cluster connecting package 13
3.3.3 Installing the connecting package on the active node of the cluster 13
3.4 Troubleshooting with the server's logs 14
3.4.1 Generating a firewall's connecting package 14
3.4.2 Installing the connecting package on the SN firewall 14
3.5 Importing SN firewalls from a CSV file 14
3.5.1 Creating the CSV file 14
3.5.2 Importing firewalls 15
4. Supervising SN firewalls 17
4.1 Monitoring and organizing firewalls 17
4.1.1 Getting information about firewalls 17
4.1.2 Organizing firewalls by folders 17
4.1.3 Check usage of a firewall in the configuration 19
4.2 Accessing the logs and activity reports of firewalls 19
5. Configuring SN firewalls 20
5.1 Editing firewalls 20
5.2 Managing objects 20
5.2.1 Deploying objects on SN firewalls 21
5.2.2 Creating variable objects 21
5.2.3 Check usage of an object in the configuration 22
5.2.4 Importing objects from a CSV file 22
5.3 Deploying a configuration on firewalls 23
5.3.1 Deploying a configuration on a firewall 24
5.3.2 Deploying a configuration on a high availability cluster 24
5.3.3 Troubleshooting with the server's logs 25
5.4 Loading and deploying a former configuration 25
5.5 Accessing the web administration interface of firewalls 25
5.6 Using the Emergency mode 26
5.7 Converting a firewall connected to the SMC server into a high availability cluster 26
Page 2/66 sns-en-SMC-administration_guide-v2.1 - Copyright © Stormshield 2017
SMC - ADMINISTRATION GUIDE 2.1
5.8 Importing a certificate for an SN firewall 26
5.8.1 Importing a certificate from the server's web interface 26
5.8.2 Importing a certificate from the command line interface 27
5.8.3 Importing a certificate on a high availability cluster 27
5.8.4 Troubleshooting 27
6. Creating and monitoring VPN tunnels 29
6.1 Configuring a mesh topology 29
6.1.1 Importing certificates for SN firewalls 30
6.1.2 Declaring the certificate authority 30
6.1.3 Creating objects included in the topology 31
6.1.4 Creating the VPN topology 31
6.2 Configuring a star topology 32
6.2.1 Creating objects included in the topology 33
6.2.2 Creating the VPN topology 33
6.3 Editing and deleting a VPN topology 34
6.4 Monitoring the status of VPN tunnels 35
6.5 Defining the public IP address of SN firewalls for VPN topologies 35
7. Creating and organizing filter and NAT rules 36
7.1 Understanding the order in which rules are read 36
7.2 Creating filter and NAT rules 37
7.3 Use case examples 37
7.3.1 Managing an environment without rule sharing 37
7.3.2 Managing an environment with shared and specific rules 38
7.3.3 Managing a multi-site environment with shared and specific rules and delegated filtering 38
7.4 Managing the migration of a firewall environment in production in SMC 40
8. Running SNS CLI commands on an environment of firewalls 41
8.1 Creating the CLI command script 41
8.2 Using variables 42
8.2.1 Using variables specific to firewalls 42
8.2.2 Using global variables 42
8.2.3 Using a CSV file 42
8.3 Running the SNS CLI script from the web interface 43
8.4 Running the SNS CLI script in command line 43
8.5 Running the SNS CLI script on a high availability cluster 45
8.6 Attaching files to a script and receiving files generated by script 46
8.6.1 Command arguments to be used in the script 46
8.6.2 Attaching files to a script 47
8.6.3 Receiving files generated by a script 47
8.7 Troubleshooting 48
8.7.1 The script file is too large 48
8.7.2 Certain characters are not supported in the script 48
8.7.3 The script fails to run on certain firewalls 48
8.7.4 The Execute script button remains grayed out 49
9. Backing up the configuration of firewalls and SMC 50
9.1 Automatic backups of the configuration of the server and firewalls 50
9.2 Backing up the configuration of firewalls manually 50
10. Removing SN firewalls from the SMC server 52
Page 3/66 sns-en-SMC-administration_guide-v2.1 - Copyright © Stormshield 2017
SMC - ADMINISTRATION GUIDE 2.1
5.8.1 Importing a certificate from the server's web interface 26
5.8.2 Importing a certificate from the command line interface 27
5.8.3 Importing a certificate on a high availability cluster 27
5.8.4 Troubleshooting 27
6. Creating and monitoring VPN tunnels 29
6.1 Configuring a mesh topology 29
6.1.1 Importing certificates for SN firewalls 30
6.1.2 Declaring the certificate authority 30
6.1.3 Creating objects included in the topology 31
6.1.4 Creating the VPN topology 31
6.2 Configuring a star topology 32
6.2.1 Creating objects included in the topology 33
6.2.2 Creating the VPN topology 33
6.3 Editing and deleting a VPN topology 34
6.4 Monitoring the status of VPN tunnels 35
6.5 Defining the public IP address of SN firewalls for VPN topologies 35
7. Creating and organizing filter and NAT rules 36
7.1 Understanding the order in which rules are read 36
7.2 Creating filter and NAT rules 37
7.3 Use case examples 37
7.3.1 Managing an environment without rule sharing 37
7.3.2 Managing an environment with shared and specific rules 38
7.3.3 Managing a multi-site environment with shared and specific rules and delegated filtering 38
7.4 Managing the migration of a firewall environment in production in SMC 40
8. Running SNS CLI commands on an environment of firewalls 41
8.1 Creating the CLI command script 41
8.2 Using variables 42
8.2.1 Using variables specific to firewalls 42
8.2.2 Using global variables 42
8.2.3 Using a CSV file 42
8.3 Running the SNS CLI script from the web interface 43
8.4 Running the SNS CLI script in command line 43
8.5 Running the SNS CLI script on a high availability cluster 45
8.6 Attaching files to a script and receiving files generated by script 46
8.6.1 Command arguments to be used in the script 46
8.6.2 Attaching files to a script 47
8.6.3 Receiving files generated by a script 47
8.7 Troubleshooting 48
8.7.1 The script file is too large 48
8.7.2 Certain characters are not supported in the script 48
8.7.3 The script fails to run on certain firewalls 48
8.7.4 The Execute script button remains grayed out 49
9. Backing up the configuration of firewalls and SMC 50
9.1 Automatic backups of the configuration of the server and firewalls 50
9.2 Backing up the configuration of firewalls manually 50
10. Removing SN firewalls from the SMC server 52
Page 3/66 sns-en-SMC-administration_guide-v2.1 - Copyright © Stormshield 2017
SMC - ADMINISTRATION GUIDE 2.1
11. Managing and maintaining the SMC server 53
11.1 Verifying the SMC server version in command line 53
11.2 Changing the SMC server time zone and date 53
11.2.1 Changing the time zone 53
11.2.2 Changing the date manually 53
11.2.3 Changing the date via NTP 53
11.2.4 Displaying a comprehensive summary of the SMC server's date/time 54
11.3 Managing administrators 54
11.3.1 Managing administrators when connected as the "admin" user 54
11.3.2 Managing administrators when connected as a user other than the "admin" user 54
11.4 Consulting and saving the SMC server's logs locally 54
11.4.1 Viewing server.log logs from the web interface 55
11.4.2 Saving server logs 55
11.5 Sending SMC logs to a remote server in Syslog format 55
11.5.1 Sending logs to a remote server without encryption 55
11.5.2 Sending logs to a remote server with encryption 55
11.5.3 Disabling the sending of logs to a remote server 56
11.5.4 Troubleshooting 56
11.6 Saving and restoring the SMC server configuration 56
11.6.1 Saving the server configuration from the web interface 57
11.6.2 Saving the server configuration from the command line interface 57
11.6.3 Restoring server configuration from the web interface 57
11.6.4 Restoring server configuration from the command line interface 58
11.6.5 Restoring server configuration from the initialization wizard 58
11.7 Updating the SMC server from the command line interface 58
11.8 Resetting "root" and administrator passwords 59
11.8.1 Resetting the "root" administrator password 59
11.8.2 Resetting the administrator password 60
11.9 Disabling automatic synchronization of high availability clusters 60
11.10 Monitoring SMC with SNMP 60
11.10.1 Using the SNMP service 60
11.10.2 Using MIBs 60
Annexe A. Examples of the use of SNS CLI scripts 62
A.1 Backing up the configuration of firewalls 62
A.2 Updating firewalls 63
Annexe B. Details of fwadmin-xxx commands 64
Annexe C. Compatibility of SMC/SN firewalls 65
In the documentation, Stormshield Management Center is referred to in its short form: SMC and
Stormshield Network in its short form: SN.
All images in this document are for representational purposes only, actual products may differ.
Page 4/66 sns-en-SMC-administration_guide-v2.1 - Copyright © Stormshield 2017
SMC - ADMINISTRATION GUIDE 2.1
11.1 Verifying the SMC server version in command line 53
11.2 Changing the SMC server time zone and date 53
11.2.1 Changing the time zone 53
11.2.2 Changing the date manually 53
11.2.3 Changing the date via NTP 53
11.2.4 Displaying a comprehensive summary of the SMC server's date/time 54
11.3 Managing administrators 54
11.3.1 Managing administrators when connected as the "admin" user 54
11.3.2 Managing administrators when connected as a user other than the "admin" user 54
11.4 Consulting and saving the SMC server's logs locally 54
11.4.1 Viewing server.log logs from the web interface 55
11.4.2 Saving server logs 55
11.5 Sending SMC logs to a remote server in Syslog format 55
11.5.1 Sending logs to a remote server without encryption 55
11.5.2 Sending logs to a remote server with encryption 55
11.5.3 Disabling the sending of logs to a remote server 56
11.5.4 Troubleshooting 56
11.6 Saving and restoring the SMC server configuration 56
11.6.1 Saving the server configuration from the web interface 57
11.6.2 Saving the server configuration from the command line interface 57
11.6.3 Restoring server configuration from the web interface 57
11.6.4 Restoring server configuration from the command line interface 58
11.6.5 Restoring server configuration from the initialization wizard 58
11.7 Updating the SMC server from the command line interface 58
11.8 Resetting "root" and administrator passwords 59
11.8.1 Resetting the "root" administrator password 59
11.8.2 Resetting the administrator password 60
11.9 Disabling automatic synchronization of high availability clusters 60
11.10 Monitoring SMC with SNMP 60
11.10.1 Using the SNMP service 60
11.10.2 Using MIBs 60
Annexe A. Examples of the use of SNS CLI scripts 62
A.1 Backing up the configuration of firewalls 62
A.2 Updating firewalls 63
Annexe B. Details of fwadmin-xxx commands 64
Annexe C. Compatibility of SMC/SN firewalls 65
In the documentation, Stormshield Management Center is referred to in its short form: SMC and
Stormshield Network in its short form: SN.
All images in this document are for representational purposes only, actual products may differ.
Page 4/66 sns-en-SMC-administration_guide-v2.1 - Copyright © Stormshield 2017
SMC - ADMINISTRATION GUIDE 2.1
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
Publicité
Associés
Stormshield SN Series Manual: AI Chat & PDF Access
Stormshield Network Security User Guide - SNS User Configuration Manual
Stormshield Network Real-Time Monitor User Configuration Manual
ALIGN FL760 3G 使用说明书: AI Chat & PDF Access
ALIGN FL760 3G 光碟 安裝及使用說明
Stonesoft Next Generation Firewall Installation Guide 6.1
McAfee Security Management Center NGFW Engines Administrator's Guide
