Detecting changes to the local configuration on firewalls
After a configuration is deployed for the first time, SMC will regularly check whether the configuration deployed from the server continues to match the one found on the firewall. The SMC server can therefore detect changes made directly on the SNS firewall without going through SMC.
You can manage verifications by using an environment variable:
| Variable | Description |
|---|---|
|
SMC_CONFIG_STATUS_CHECK_PERIOD_INT By default: 120000 ms |
The variable defines the frequency with which SMC will check the configuration on firewalls. The value is defined in milliseconds. Setting a variable to 0 disables the feature; the configuration on firewalls will no longer be verified. |
If SMC detects changes to the configuration that were made locally, the status of the firewall switches to Critical and the “Local modification” health indicator will appear.
The version number will therefore be struck through in red because it no longer matches the configuration on the firewall.
When a firewall is being updated, the detection of local changes is disabled until the next time the configuration is deployed. After a new deployment, SMC will resume monitoring local changes.
Viewing local changes on a firewall
In the Deployment menu, click on 
next to the version number to view changes made locally on the firewall. In the window that opens, you can:
-
download the comparison of the configuration on the firewall with the latest configuration deployed from the SMC server.
-
restore the configuration prior to the changes made locally.