CONFIGURATION
The configuration-administration screen consists of 3 tabs:
l General configuration: definition of the firewall’s settings (name, language, keyboard), date
and time settings and NTP servers.
l Firewall administration : configuration of access to the firewall’s administration interface
(listening port, SSH etc.)
l Network settings: Ipv6 activation, configuration of the proxy server and DNS resolution.
“General configuration” tab
The General configuration tab allows the modification of the following parameters:
General configuration
To find out which characters are allowed or prohibited in various fields, please refer to Appendix
A: Allowed names.
Firewall name This name is used in alarm e-mails sent to the administrator and is displayed in the
firewall’s main window. It can also be used as the DNS name of the captive portal if it
has been enabled and the option “Use firewall name or certificate CN as FQDN” has
been selected.
Firewall language
(logs)
Choice of language, limited to French and English.
This language is used for logs, syslog and the CLI configuration.
Keyboard (console) Type of keyboard that the firewall supports. 5 layouts are available: English, French,
Italian, Polish, Swiss.
Cryptographic settings
Enable regular retrieval
of certificate
revocation lists (CRL)
If this option is selected, the firewall will regularly check the validity of each CRL
downloaded from the distribution points specified in the PKI. When a CRL is close to its
expiry date or has expired, an alarm will then be generated.
Enable “ANSSI
Diffusion Restreinte
(DR)” mode
The Enable “ANSSI Diffusion Restreinte (DR)” mode option forces the firewall to abide
by the ANSSI’s (French national information security agency) doctrine on the use of
coprocessors and cryptographic accelerators on products for which qualification is
sought. It is an imperative on networks that fall under the “Restricted” classification.
This mode relies in particular on the use of software versions for asymmetrical and
symmetrical cryptographic algorithms and random key generation algorithms. As for
symmetrical cryptographic algorithms, "AES-NI" instructions available on certain
products are exempt as they are made up only of “simple acceleration instructions” of
certain cryptographic operations.
Enabling the “ANSSI Diffusion Restreinte (DR)” mode requires rebooting the firewall.
NOTE
Enabling this mode has a tendency of lowering performance on SN150, SN200,
SN300, SN500 and SN700 models.
Page 77/448 sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
SNS - USER CONFIGURATION MANUAL V.3
CONFIGURATION
To Next Page
Loading...
