Getting started with the SMC server

1. Connect to the IP address of the SMC server preceded by https://, from one of the following web browsers:
• Microsoft Edge, latest stable version,
• Google Chrome, latest stable version,
• Mozilla Firefox, latest stable version.
2. Enter your login and password, or use the default administrator’s login and password. IDs and passwords can originate from LDAP or Radius authentication servers.
   If you make four consecutive mistakes, you must wait for a minute before you can authenticate again. If you attempt to authenticate a fifth time before the minute is up, the waiting time will be extended by another minute, and may increase by up to 10 minutes.

You can create several administrators for the SMC server’s web interface and grant them read/write or read-only access rights. For more information, refer to the section Managing administrators from local and external directories.

The SMC server allows:

• An unlimited number of read/write connections on the SMC server,
• One direct connection via SMC in read/write mode for each firewall,
• An unlimited number of direct connections via SMC in read-only mode for each firewall.

NOTE
We recommend that you customize the certificate of the SMC server web interface. For more information, refer to the section Customizing the certificate of the SMC server web interface.

Some advanced or maintenance operations can only be performed in command line. Connect to the SMC server in to perform these operations. You can connect:

• Via the console port on your hypervisor,
• In SSH on port 22.

In both cases, connect:

• with the “root” username and password specified when you initialized the server. For more information, refer to the Stormshield Management Center Installation Guide.

• with your administrator credentials if you hold privileges for console and/or SSH access.

In SSH connections, if you enter the wrong ID five consecutive times, you must wait 15 minutes before you can log in again.

To connect transparently via SSH, you can also configure authentication using SSH keys. For more information, refer to the section Connecting to the command line interface via SSH keys.

For details on commands that can be used to administer SMC, refer to the section Details of smc-xxx commands.

The default “admin” user does not have access to SMC in console or SSH. Only access to SMC via the web interface is possible.

Your license determines the maximum number of firewalls that can log on simultaneously to the SMC server.

An SNS high availability firewall cluster requires only one license.

To install the license:

1. Go to SMC server > License.
2. Select the license file. If a license has already been installed, its information will appear.
3. Click on Apply.

Troubleshooting

The SMC server rejects all new firewall connections

• Situation: The SMC server rejects all new firewall connections but keeps ongoing connections.
• Cause: Either you do not have a license or your license has expired; or you may have reached the maximum number of firewalls allowed to connect to the server using your license.
• Solution: Look up the server logs and contact your Stormshield support center in order to obtain a valid license. A tool tip and the Last activity column will also provide an indication.

Your license is no longer valid after the restoration or backup of a configuration

• Situation: You have restored the configuration of the SMC server and your license is no longer valid.
• Cause: During the restoration of the configuration, the license that had been installed at time of the backup will be restored. So if it had expired in the meantime, you no longer have a valid license.
• Solution: Once you have restored the configuration, install your most recent license again.