Getting started with the SMC server
Welcome to the Stormshield Management Center administration guide version 3.7.
In the documentation, Stormshield Management Center is referred to in its short form: SMC and Stormshield Network Security in its short form: SNS.
To manage or maintain the SMC server, you can either connect to the web interface with a web browser or directly to the command line interface.
SMC also has a public REST API. It is not enabled by default, and only the super administrator can enable it. For more information on SMC's public API, refer to the section Enabling and managing SMC's public API.
If you have forgotten your password, refer to the section Managing administrators from local and external directories and the SMC Installation guide.
- Connect to the IP address of the SMC server preceded by https://, from one of the following web browsers:
- Microsoft Edge, latest stable version,
- Google Chrome, latest stable version,
- Mozilla Firefox, latest stable version.
- Enter your login and password, or use the default administrator’s login and password. IDs and passwords can originate from LDAP or Radius authentication servers.
If you make four consecutive mistakes, you must wait for a minute before you can authenticate again. If you attempt to authenticate a fifth time before the minute is up, the waiting time will be extended by another minute, and may increase by up to 10 minutes.
You can create several administrators for the SMC server’s web interface and grant them read/write or read-only access rights. For more information, refer to the section Managing administrators from local and external directories.
The SMC server allows:
- An unlimited number of read/write connections on the SMC server,
- One direct connection via SMC in read/write mode for each firewall,
- An unlimited number of direct connections via SMC in read-only mode for each firewall.
NOTE
We recommend that you customize the certificate of the SMC server web interface. For more information, refer to the section Customizing the certificate of the SMC server web interface.
Some advanced or maintenance operations can only be performed in command line. Connect to the SMC server in to perform these operations. You can connect:
- Via the console port on your hypervisor,
- In SSH on port 22.
In both cases, connect:
-
with the “root” username and password specified when you initialized the server. For more information, refer to the Stormshield Management Center Installation Guide.
-
with your administrator credentials if you hold privileges for console and/or SSH access.
In SSH connections, if you enter the wrong ID five consecutive times, you must wait 15 minutes before you can log in again.
To connect transparently via SSH, you can also configure authentication using SSH keys. For more information, refer to the section Connecting to the command line interface via SSH keys.
For details on commands that can be used to administer SMC, refer to the section Details of smc-xxx commands.
The default “admin” user does not have access to SMC in console or SSH. Only access to SMC via the web interface is possible.
Your license determines the maximum number of firewalls that can simultaneously log in to the SMC server.
An SNS high availability firewall cluster requires only one license.
To install the license:
- Go to SMC server > License.
- Select the license file. If a license has already been installed, its information will appear.
- Click on Apply.
Troubleshooting
- Situation: The SMC server rejects all new firewall connections but keeps ongoing connections.
- Cause: You do not have a license, your license has expired, or you may have reached the maximum number of firewalls allowed to connect to the server according to your license.
- Solution: Look up the server logs and contact your Stormshield support center in order to obtain a valid license. A tool tip and the Last activity column will also provide an indication.
- Situation: You have restored the configuration of the SMC server, and your license is no longer valid.
- Cause: When a configuration is being restored, the license that was installed at time of the backup will be restored. If it expired in the interim, you no longer have a valid license.
- Solution: Once you have restored the configuration, reinstall your most recent license.