Details of SMC_XXX environment variables
This section lists the environment variables that can be used in SMC.
They can be configured in the file /data/config/fwadmin-env.conf.local. To know the purpose of the variables, refer to the sections of the SMC Administration guide or to the Stormshield Knowledge base.
There are other variables that were not mentioned in this list as they are solely intended for the internal operations of the server.
-
Variables with names that end with "_ENABLED" must contain the boolean values “true” or “false”.
-
Variables with names that end with "_INT" must contain numbers. Check that the value matches the corresponding unit if there is one.
-
In all other cases, the variable values are considered character strings.
-
If the variable is not defined, the default value is the value chosen by SMC.
| Variable name | Unit | Default value | Description |
|---|---|---|---|
| SMC_AUTOBACKUP_EXCLUDE_PRIVATE_KEY_ENABLED | false | Includes or excludes private keys from automatic firewall backups. More information. | |
| SMC_BULK_RULES_OPERATIONS_TIMEOUT_INT | sec | 600 (minimum 30) | Makes it possible to set the timeout after which copied/pasted or cut/pasted filter and translation rules expire. |
| SMC_CERT_SUBJECT_AS_PEER_LOCALID_ENABLED | false | Enables or disables the subject of the certificate as the peer's "Local ID" | |
| SMC_CFGCHECK_BEFORE_DEPLOY_ENABLED | true | Enables or disables configuration consistency verification prior to deployment. Ignored if the variable SMC_CFGCHECK_ENABLED is enabled. More information. | |
| SMC_CFGCHECK_ENABLED | true | Enables or disables the configuration consistency verification. More information. | |
| SMC_CFGCHECK_INCOHERENCIES_INT | 100 | Restricts the number of inconsistencies reported by the consistency checker. More information. | |
| SMC_CONFIG_STATUS_CHECK_PERIOD_INT | msec |
120000 (minimum 1 - maximum 2147483647) |
Sets the frequency with which SMC checks the status of the configuration on firewalls. More information. |
| SMC_CSV_DELIMITER | , | Sets the separator character used to separate values in .csv files. More information. | |
| SMC_DECBACKUP_DIR | /opt/stormshield/security | Specifies the path of the binary file decbackup. | |
| SMC_DEPLOYMENT_ROLLBACK_CHECK_DONE_TIMEOUT_INT | msec | 900000 |
Sets the length of time to wait for a response from the firewall when SMC deploys a configuration that disconnects the firewall, and in which the firewall has to restore its previous configuration. |
| SMC_DEPLOYMENT_TIMEOUT_BEFORE_ROLLBACK_INT | sec |
30 (minimum 3600 - maximum 2147483647) |
Sets the duration for which the firewall will attempt to restore the connection with SMC after the deployment of a configuration. Once this duration is exceeded, the firewall's previous configuration will be restored. |
| SMC_FW_CONNECTION_TIMEOUT_INT | sec | 60 | As part of IPsec VPN connections, makes it possible to set the maximum duration for which tunnels between SMC and firewalls will stay connected (KeepAlive duration). More information. |
| SMC_FW_DEPLOYMENT_ROLLBACK_ENABLED | true | Enables or disables the feature that keeps the connection alive during the deployment of a configuration. More information. | |
| SMC_FW_DEPLOYMENT_TIMEOUT_INT | sec | 300 | Sets the maximum waiting time for the collection of deployment information. |
| SMC_FW_DEPLOYMENT_VPN_PEER_INACTIVITY_INT | sec | 0 |
Makes it possible to detect an idle VPN tunnel in both traffic directions. |
| SMC_FW_LICENSE_CRITICAL_INT | days | 0 | Sets the warning period for the imminent expiry of license options. Shows the Critical status. More information. |
| SMC_FW_LICENSE_WARNING_INT | days | 0 | Sets the warning period for the imminent expiry of license options. Shows the Not Critical status. More information. |
| SMC_FW_TPM_ENABLED | true | Enables or disables TPM certificate protection. | |
| SMC_GETSA_POLLING_PERIOD_INT | msec | 30000 | Sets the frequency with which the command MONITOR GETSA is executed. |
| SMC_GETSPD_POLLING_PERIOD_INT | msec | 30000 | Sets the frequency with which the command MONITOR GETSPD is executed. |
| SMC_HAINFO_POLLING_PERIOD_INT | msec |
30000 (minimum 1) |
Sets the frequency with which the command HA INFO is executed. |
| SMC_HASYNC_ON_DESYNCHRO_ENABLED | true | Enables or disables the automatic synchronization of high availability clusters. More information. | |
| SMC_IMPORT_RULES_FROM_SNS_TIMEOUT_INT | sec |
600 (minimum 30) |
Sets the maximum time allowed for retrieving local and global rules from a firewall that is connected to SMC. |
| SMC_LDAP_FIELD_NAME_DN |
When users originate from an LDAP server, makes it possible to select LDAP attributes that correspond to the LDAP DN field in the window to add administrators. The field corresponds to the distinguishedName,dn,entryDN attributes by default. |
||
| SMC_LDAP_FIELD_NAME_LOGIN |
When users originate from an LDAP server, makes it possible to select the LDAP attribute that corresponds to the ID field in the window to add administrators. The field corresponds to the sAMAccountName or uid attribute by default. |
||
| SMC_LDAP_FIELD_NAME_MEMBEROF |
When users originate from an LDAP server, makes it possible to select the LDAP attribute that corresponds to user groups. The field corresponds to the memberOf attribute by default. More information. |
||
| SMC_LOCK_SERIAL_NUMBER_ENABLED | true |
Enables or disables verification of the firewall's serial number during its connection to SMC. |
|
| SMC_MESSAGING_RESPONSE_DEFAULT_TIMEOUT_INT | sec | 120 |
Sets the length of time to wait for a response from the firewall to a websocket message sent by SMC. This variable is overwritten by the variable SMC_PROXY_RESPONSE_TIMEOUT_INT for serverd commands. |
| SMC_MONITOR_ROUTE__POLLING_PERIOD_INT | msec |
60000 (minimum 60000) |
Sets the frequency with which routes are monitored. |
| SMC_MONITOR_STAT_POLLING_PERIOD_INT | msec |
60000 (minimum 1 - maximum 2147483647) |
Sets the frequency with which processor, memory and hard disk usage is monitored, as well as other firewall information. |
| SMC_PROXY_RESPONSE_TIMEOUT_INT | sec | 300 |
Sets the maximum length of time to wait for a response from a firewall for serverd commands that were run by SMC. More information. |
| SMC_RADIUS_NAS_IDENTIFIER | Makes it possible to define the Radius NAS-ID attribute. | ||
| SMC_RADIUS_NAS_IP_ADDRESS | Makes it possible to define the Radius NAS-IP-Address. | ||
| SMC_SNS_CERTS_PROBE_EXPIRATION_INT | days |
30 (minimum 1) |
Makes it possible to set the warning period for the imminent expiry of a firewall certificate. More information. |
| SMC_SNS_CLI_ATTACHMENTS_DIR | /data/tmp/sns-cli/input | Makes it possible to change the default folder of an SNS CLI script in which attachments are saved. More information. | |
| SMC_SNS_CLI_CSV_DELIMITER | ; | Makes it possible to set the separator character used in the .csv files that are attached to SNS CLI scripts run in command line. More information. | |
| SMC_SNS_CLI_OUTPUT_DIR | /data/tmp/sns-cli/output | Makes it possible to change the default folder of an SNS CLI script in which generated files are received. More information. | |
| SMC_SNS_CLI_SCRIPT_MAX_UPLOAD_SIZE_INT | bytes |
2097152 (minimum 1) |
Makes it possible to set a file size limit for SNS CLI scripts. More information. |
| SMC_SNS_CLI_STEP_TIMEOUT_INT | sec | 120 | Makes it possible to set the maximum time allowed to synchronize the backup node after an SNS CLI script has been run. |
| SMC_SNS_DEPLOYMENT_ROLLBACK_TIMEOUT_INT | sec |
180 (maximum 2147483647) |
Makes it possible to set the maximum duration between the restoration of the configuration and the reconnection to the SMC server when issues occur during the deployment of a configuration. More information. |
| SMC_SNS_UPDATE_HA_LINK_TIMEOUT_INT | sec | 1800 | Makes it possible to set the maximum duration before restoring the HA link when the backup node restarts after the firmware has been updated. The verification frequency is determined by the variable SMC_HAINFO_POLLING_PERIOD_INT. |
| SMC_SNS_UPDATE_MAX_KEEP_DAYS_INT | days | 14 | Makes it possible to change the duration for which firewall update files will be stored on SMC. More information. |
| SMC_SNS_UPDATE_SYSTEM_CLONE_TIMEOUT_INT | sec | 1800 | During firewall updates, makes it possible to configure the maximum duration to create a backup of the active partition on the firewall’s system. More information. |
| SMC_SYSTEM_PROP_POLLING_PERIOD_INT | msec |
3600000 (minimum 1 - maximum 2147483647) |
Makes it possible to set the frequency with which firewall information is retrieved, e.g., the firewall's serial number or model. |
| SMC_UI_PORT_INT | 443 | Makes it possible to customize the port of the SMC web administration interface. | |
| SMC_UI_SERVER_CERT_PATH | /etc/certs/uiserver | Makes it possible to customize the certificate of the SMC web administration interface. More information. | |
| SMC_PUBLIC_API_PORT_INT | 443 | Makes it possible to customize the listening port of the public SMC API. More information. | |
| SMC_VPN_MESH_ROUTE_BASED_MAX_PEERS_INT | 50 | Makes it possible to set the maximum number of peers in a route-based mesh VPN topology. More information. | |
| SMC_WARNING_MODIFICATION_ENABLED | false | Makes it possible to enable warnings when configurations are modified by another administrator. More information. |