Security considerations for SMC deployment
The information stored in the FlexEdge Secure SD-WAN Manager is highly valuable to anyone conducting or planning malicious activities in your network. Someone who gains administrator rights to the Management Server can change the configurations.
An attacker can gain access by exploiting operating system weaknesses or other services running on the same computer to gain administrator rights in the operating system.
Consider at least the following points to secure the Management Server and Log Server:
- Prevent any unauthorized access to the servers. Restrict access to the minimum required both physically and with operating system user accounts.
- We recommend allowing access only to the required ports.
- Never allow Management Client connections from insecure networks.
- Take all necessary steps to keep the operating system secure and up to date.
- We recommend that you do not run any third-party server software on the same computer with the SMC servers.
- We recommend placing the servers in a separate, secure network segment without third-party servers and limited network access.
You can optionally install the SMC with external certificate management. Using certificates issued by an external CA allows you to use your own established internal CA infrastructure to generate certificates for internal TLS communication between system components. Certificate revocation checking is also supported. If any devices are compromised, the certificates associated with them can be revoked and replaced centrally using the external certificate management system.