Problem Description

The customer must connect some machines that are limited to SMBv1 for SMB file access. To mitigate the security risks associated with the outdated SMBv1 protocol, an SMB protocol converter application is required. This app has to be installed on the Edge Device and enables secure SMBv3 communication while maintaining backward compatibility with SMBv1-only devices.

Solution

The solution enables file transfer between a SMBv3 server on the external network and SMBv1 machine clients on the internal network:

• Upload: Files from the external SMBv3 server are uploaded on upload directory and made available in an SMBv1 upload directory on the internal machine network.

• Download: Files can be downloaded from the SMBv1 machine to the SMBv3 Server, by saving the relevant file in the download folder on the SMBv1 machine. The file is then mirrored in the download folder of the SMBv3 server.

• Synchronization: Upload and download directories remain synchronized, meaning that the identical file sets are maintained, and any file deletion on the inbound directory is mirrored on the outbound directory of the other side.

• Deployment: The app will be installed on the target machine through the Edge Device portal, with network drive configurations defined during setup.

Edge Device Preparation

• Ensure the Edge Device has the OS image version 25.09.0 or newer.

Since the SMBv1 server is provided by the device in the machine network (GREEN), you must ensure that the ports for the Samba server are open in the firewall of the machine network. This can be done on the CockpitUI of the Edge Device.

Open Cockpit UI

• Configure the Firewall on the Edge Device, so that the Samba v1 server is reachable from the machine network (GREEN).

• Select menu Networking and in the Firewall section “Edit rules and zones“.

Open

• Add samba Firewall rule for Internal zone.

• For the Internal Zone click Add services.

Open

• Filter for samba and select the samba setting, then press Add service.

Open

The samba service should be added into the Internal zone:

Open

How the SMB Converter App works

The SMB Converter App connects the SMBv1 machine with SMBv3 server to transfer files with different samba protocol versions and synchronizes stored files based on outbound directories.

SMBv3 Server: Handles the SMBv3 protocol and contains two directories:

• /upload: Provides files to be transferred to the SMBv1 server and keeps synchronized by removing any file that no longer exists on the SMBv1 server (Set as outbound directory)

• /download: Receives files from the SMBv1 server (Set as inbound directory)

SMBv1 Machine Client: Handles the SMBv1 protocol and contains two directories:

• /upload: Receives files from the SMBv3 server (Set as inbound directory)

• /download: Provides files to be transferred to the SMBv3 server and keeps synchronized by removing any file that no longer exists on the SMBv3 server (Set as outbound directory)

Converter App: Executes all file transfer and synchronization operations.

Open

SMB Converter App Installation

The installation is performed through the Portal page, which requires the SMBv3 Server parameters and application settings.

In the Portal page:

• Navigate to the Assets section and select the Applications tab.

• Install the SMB Converter App by clicking Install.

Open

App installation parameters

The application requires the following configuration parameters:

• SMBv1 credentials: Username, password and shared directory for the internal container with the SMBv1 machine

• SMBv3 connection parameters: Server details and credentials for the SMBv3 Server.

• Synchronization settings: Polling interval and synchronization rate for the file transfer system.