SunScreen EFS Release 3.0 Release Notes

Previous: Book Information

Release Notes SunScreen EFS 3.0

This document contains information that was not available when SunScreen EFS 3.0 documents were printed. This Release Notes document is the companion to the SunScreen EFS 3.0 Installation Guide, SunScreen EFS 3.0 Administration Guide, and SunScreen EFS 3.0 Reference Manual.

This document contains the following information:

A word of caution
What is new in this release
SunScreen EFS 3.0 limitations
Known problems in SunScreen EFS 3.0
Supplemental SunScreen EFS 3.0 documentation
Release Notes SunScreen SKIP 1.5
Getting support for your SunScreen products

Note -
These release notes apply to SunScreen EFS 3.0, revision B. The SunScreen EFS 3.0 CD-ROM and user documentation do not contain revision B in the title. The date and revision level appear below the part number.

A Word of Caution

Understand that a savecore file (kernel core dump) contains your local secret or secrets. It would be difficult for someone to discern or discover, but it can be done! You should, therefore, protect a core file as carefully as any of your other local secrets.

Remember, if you send your core file out-of-house for analysis, you are giving your local secret to the analyst.

Any system backups made while such a core file exists can contain the core file as well and so must be considered a possible means of discovering your local secret or secrets.

All regular system backups also contain the files in which your local secret or secrets are stored. These backups must be kept in a secure location.

What is New in This Release

SunScreen EFS 3.0, revision B, has fixed several internationalization bugs to allow for the localization of this product. In addition to internationalization fixes, the following bugs have been fixed in this revision:

4228572 Error message "Error opening access control file..." when running GUI admin.
4233646 GUI: Admin Certificate for remotely administered HA primary Screen is missing in the Screen object.
4234993 Adding a Service with PARAMETERS keyword with nothing following will cause the editor to core dump.
4235002 Could not create or modify a default service with a negative PARAMETERS value.
4235205 ssadm lock: Usage string is incorrect.
4235969 Encryption tunneling uses incorrect tunnel address in Solaris 7 64-bit mode.
4236424 Solaris 7 man command can't access man pages for ssadm subcommands.
4241689 "ssadm activate" fails when policy is named "default".
4241691 "ssadm active" displays redundant version number.
4242081 Miscellaneous packaging errors.
4244587 Problems with ssadm patch command.
4248275 Telnet and FTP fail when using NAT to share Screen's IP address and the traffic is not encrypted.
4248946 HA: ssadm ha add_secondary gives error message: "142: not found".
4252713 Typographical error in ICMP-HOST_FORBIDDEN that causes activation to fail.
4252737 Remote back out of a patch does not work.
4253130 Newer SKIP key sizes not available for key generation.

Known Problems in SunScreen EFS 3.0

The following are problems known in SunScreen EFS 3.0. They include workarounds as available.

ARP Responses Cannot Get From the Administrative Interface To the Stealth Interface (4257738)

Synopsis: Address Resolution Protocol (ARP) responses cannot get from the Administrative interface to the stealth interface with a QFE card if the two interfaces are on the same network and the remote Administration station is outside the EFS stealth protected network.

Description: This problem is caused by a feature of the QFE card. If you use the QFE card, the ethernet address is the same for the ADMIN and SPF ports. Packets are ignored by the QFE card when the source ethernet address is the same as itself.

Workaround: In Openboot PROM, set the local-mac-address variable to true. Type:

ok setenv local-mac-address? true

Online Help and Documentation Is Not Displayed in Netscape Browser When Using the Plugin (4258953)

Synopsis: The Help buttons and Documentation banner do not display the online Help and online documentation respectively if you use the plugin.

Description: The following error message is displayed:

Error 404: Not Found The requested URL "/plugin/htmldocs/fr/DocIndex.html" was not found on this server. The link you followed is either outdated, inaccurate, or the server has been instructed not to let you have it. The URL displayed is: http://localhost:3852/plugin/htmldocs/en_US/DocIndex.html

Workaround: To work around this problem:

Select the Documentation banner or one of the Help buttons.

Modify the URL by removing the plugin directory. For example, the following URL is used to display the on-line Documentation:
http://localhost:3852/htmldocs/en_US/DocIndex.html

Error Message When Activating HA Stealth Configuration (4252244)

Synopsis: When you activate the configuration for High Availability (HA) in stealth mode, the console displays a list of error messages.

Description: The console displays the following error messages:

HA in Stealth mode worked fine, but when activating the configuration the first time after setting up, there are the following error messages on the console:
....
qfe2: screen module pushed
qfe3: screen module pushed
Original ether addr: 8:0:20:9d:c7:be.
Setting new enter addr: 8:0:20:9e:e0:66.
Error: SIOCGIFFLAGS
: No such device or address
Jun 18 19:47:59 u5 ss_had[1291]: Error: SIOCGIFFLAGS
Jun 18 19:47:59 u5 ss_had[1291]: Error: No such device
 or address
Error: SIOCGIFFLAGS
: No such device or address
Jun 18 19:48:00 u5 ss_had[1291]: Error: SIOCGIFFLAGS
Jun 18 19:48:00 u5 ss_had[1291]: Error: No such device
 or address
Error: setting ethernet address
EFS HA host entering PASSIVE mode.
High Availability daemon started

Workaround: You can disregard these messages; the Screen functions correctly.

VPN Column Label Gets Renamed (4246917)

Synopsis: On the VPN tab of the Administration GUI, the column label "Name" can be renamed.

Description: If the blue table heading is highlighted in the VPN tab and you perform the procedure to rename a VPN, the column label "Name" is renamed.

Workaround: The blue table heading should not be highlighted when changing the name.

Supplemental SunScreen EFS 3.0 Documentation

The following information was not included in the documentation when the SunScreen EFS 3.0 documents were printed.

Note -

For future documentation updates, see http://docs.sun.com.

SunScreen EFS 3.0 Reference Manual

The following supplements the SunScreen EFS 3.0 Reference Manual.

HA in Stealth Mode

Chapter 2 of the SunScreen EFS 3.0 Reference Manual states that HA is supported only in routing mode. SunScreen EFS 3.0 supports HA in routing mode and in stealth mode.

Note -

When you activate the configuration for HA in stealth mode, the console displays a list of error messages. You can disregard these messages; the Screen is functioning properly. For more information, see "Error Message When Activating HA Stealth Configuration (4252244)".

Mixed Interfaces

SunScreen EFS 3.0 supports both routing and stealth interfaces on a single Screen. You can model a Screen with a mixture of routing and stealth interfaces as though it were two completely separate Screens, one containing the stealth interfaces and the other containing routing interfaces. If you configure your Screen in this way, you must have at least two interfaces of each type.

The following sections show two supported configurations.

Separate Network

The separate network configuration consists of a Screen that has two stealth interfaces and two routing interfaces. Although both types of interfaces are on the same machine, packets cannot pass between the stealth and routing interfaces.

Figure 1-1 Separate Network Configuration

This configuration is subject to the following restrictions:

Packets do not flow between the routing and stealth interfaces.
NAT can be performed only in the networks connected to the stealth interfaces.
Computers on the stealth network cannot use proxies.

Proxied Stealth

The proxied stealth configuration consists of a Screen that has two stealth interfaces, two routing interfaces, and a router that passes packets from a stealth interface to a routing interface. Use this type of configuration if you want to use proxy services with a stealth machine.

Figure 1-2 Proxied Stealth Configuration

This configuration is subject to the following restrictions:

NAT can be performed only in the networks connected to the stealth interfaces.
FTP and Telnet between the stealth and routing networks work only if you use proxies for this type of communication.

SunScreen EFS 3.0 Administration Guide

The following information updates the HTML version of the SunScreen EFS 3.0 Administration Guide.

Figure Updates

Some figures in the HTML version of the SunScreen EFS 3.0 Administration Guide are incorrect. Refer to the PDF, included on the CD, or the printed versions of the SunScreen EFS 3.0 Administration Guide to see the correct figures.

The following figures in chapters 3 and 6 in the HTML version of the SunScreen EFS 3.0 Administration Guide are incorrect:

Figure 3-11
Figure 6-18
Figure 6-21
Figure 6-22
Figure 6-23
Figure 6-24

SunScreen EFS 3.0 Installation Guide

The following information updates the SunScreen EFS 3.0 Installation Guide.

Installing SunScreen EFS 3.0 in Stealth Mode (4252799)

The procedure shown in Chapter 5 of the SunScreen EFS 3.0 Installation Guide for installing the software on the Screen using self-generated certificates contains steps that do not apply when you install SunScreen EFS 3.0 in stealth mode.

Omit steps 17 through 19 when you use the procedure for installing the software on the Screen using self-generated certificates.

Upgrading From SunScreen EFS 3.0, Revision A, to SunScreen EFS 3.0, Revision B, on the Administration Station

The following procedures describe how to upgrade to SunScreen EFS 3.0, revision B, from SunScreen EFS 3.0, revision A, on the Administration Station. These procedures are necessary only if you have previously installed and are running SunScreen EFS 3.0, revision A.

Identify the software version by typing:

# pkginfo -l SUNWicgSS

Note -

This upgrade requires that the Administration Station be disconnected from the Screen while these procedures are performed.

To Remove the SunScreen EFS 3.0, Revision A, Software From the Administration Station

Backup your Administration Station's configurations and store this backup in a secure location. It contains secret information like private keys.

Note -
Backing up your Administration Station's configuration is a safety precaution only. The configuration and keys are maintained during the upgrade.

On the Administration Station, open a terminal window and become root.

If you have installed any SunScreen EFS 3.0 patches, remove them.
1. For SPARC systems, type:
  # patchrm 107849-01
2. For x86 systems, type:
  # patchrm 107850-01

Remove the SunScreen EFS 3.0, revision A, packages.

Note -
If you did not install all of these packages, omit the ones you did not install from the command, or remove the packages one at a time.
1. For SPARC systems, type:
  #pkgrm SUNWbdc SUNWbdcx SUNWdthj SUNWes SUNWesx \ SUNWicgSA SUNWicgSM SUNWsman
2. For x86 systems, type:
  # pkgrm SUNWbdc SUNWdthj SUNWes SUNWicgSA SUNWicgSM SUNWsman

Follow the program prompts and answer all the questions with y.

The pkgrm program ends with the statement: Removal of name_of_package was successful.

Remove the SKIP software packages.

Note -
Use the following command if you installed all possible SKIP packages. If you have not installed all of the following SKIP packages, remove only the packages that you installed.
1. For SPARC systems, type:
  # pkgrm SUNWkeymg SUNWkisup SUNWrc2 SUNWrc4 SUNWrc4x
2. For x86 systems, type:
  # pkgrm SUNWkeymg SUNWkisup SUNWrc2 SUNWrc4

Follow the program prompts and answer all the questions with y.

The pkgrm program ends with the statement: Removal of name_of_package was successful.

Remove SKIP upgrade packages if you have installed them.

Note -
Use the following command if you installed all the possible SKIP upgrade packages. If you have not installed all of the following SKIP upgrade packages, remove only the packages that you installed.
1. For SPARC systems, type:
  #pkgrm SUNWkusup SUNWdes SUNWdesx SUNWkdsup SUNW3des \ SUNW3desx SUNWrc4s SUNWrc4sx SUNWsafe SUNWsafex
2. For x86 systems, type:
  # pkgrm SUNWkusup SUNWdes SUNWkdsup SUNW3des SUNWrc4s SUNWsafe

Follow the program prompts and answer all the questions with y.

The pkgrm program ends with the statement: Removal of name_of_package was successful.

Reboot by typing:
# sync; init 6

To Install the SunScreen EFS 3.0, Revision B, Software on the Administration Station

Open a terminal window on the Administration Station and become root.

Caution -
Verify that the File Manager is not running because it interferes with the operation of the volcheck command used for installation.

Install the required Solaris patches listed in Chapter 2 of the SunScreen EFS 3.0 Installation Guide, as necessary.

Insert the SunScreen EFS 3.0, revision B, CD-ROM into the Administration Station's CD-ROM drive.

Mount the CD-ROM by typing:
# volcheck

Add the SunScreen EFS 3.0, revision B, packages. Follow step 6 for SPARC systems and step 7 for x86 systems.

Caution -
Do not use the AdminInstaller to install SunScreen EFS 3.0, revision B, if you are upgrading from SunScreen EFS 3.0, revision A. If the AdminInstaller is used, your previous configurations can be corrupted!

For SPARC systems:

Run the package add command by typing:
# pkgadd -d /cdrom/cdrom0/sparc
You are prompted with a menu of packages to install.

Select the SunScreen EFS 3.0, revision B, packages to be installed by typing:
# 1-5,8,10,12-17

For SPARC systems, the package menu that displays is as follows:

The following packages are available:
  1  SUNWbdc       SKIP Bulk Data Crypt
                   (sparc) 1.5_revB
  2  SUNWbdcx      SKIP Bulk Data Crypt (64-bit)
                   (sparc) 1.5_revB
  3  SUNWdthj      HotJava Browser for Solaris
                   (sparc) 1.1.5,REV=1998.12.03
  4  SUNWes        SKIP End System
                   (sparc) 1.5_revB
  5  SUNWesx       SKIP End System (64-bit)
                   (sparc) 1.5_revB
  6  SUNWfwcnv     SunScreen Firewall conversion
                   (sparc) 3.0_revB=19990714
  7  SUNWhttp      Sun WebServer daemon and supporting binaries
                   (sparc) 2.0
  8  SUNWicgSA     SunScreen Administration Software
                   (sparc) 3.0_revB=19990714
  9  SUNWicgSD     SunScreen online documentation
                   (sparc) 3.0_revB=19990714
 10  SUNWicgSM     SunScreen man pages
                   (sparc) 3.0_revB=19990714

... 7 more menu choices to follow;
<RETURN> for more choices, <CTRL-D> to stop display: 

 11  SUNWicgSS     SunScreen Firewall
                   (sparc) 3.0_revB=19990714
 12  SUNWkeymg     SKIP Key Manager Tools
                   (sparc) 1.5_revB
 13  SUNWkisup     SKIP I-Support module
                   (sparc) 1.5_revB
 14  SUNWrc2       SKIP RC2 Crypto Module
                   (sparc) 1.5_revB
 15  SUNWrc4       SKIP RC4 Crypto Module
                   (sparc) 1.5_revB
 16  SUNWrc4x      SKIP RC4 Crypto Module (64-bit)
                   (sparc) 1.5_revB
 17  SUNWsman      SKIP Man Pages
                   (sparc) 1.5_revB

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: 1-5,8,10,12-17

Note -

The revision information in the package menu shown in this document might differ from what is displayed in your terminal window. The package names, however, will remain identical.

For x86 systems:

Run the package add command by typing:
# pkgadd -d /cdrom/cdrom0/i386
You are prompted with a menu of packages to install.

Select the SunScreen EFS 3.0, revision B, packages to be installed by typing:
# 1-3,6,8,10-14

For x86 systems, the package menu that displays is as follows:

The following packages are available:
  1  SUNWbdc       SKIP Bulk Data Crypt
                   (i386) 1.5_revB
  2  SUNWdthj      HotJava Browser for Solaris
                   (i386) 1.1.5,REV=1998.12.03
  3  SUNWes        SKIP End System
                   (i386) 1.5_revB
  4  SUNWfwcnv     SunScreen Firewall conversion
                   (i386) 3.0_revB=19990714
  5  SUNWhttp      Sun WebServer daemon and supporting binaries
                   (i386) 2.0
  6  SUNWicgSA     SunScreen Administration Software
                   (i386) 3.0_revB=19990714
  7  SUNWicgSD     SunScreen online documentation
                   (i386) 3.0_revB=19990714
  8  SUNWicgSM     SunScreen man pages
                   (i386) 3.0_revB=19990714
  9  SUNWicgSS     SunScreen Firewall
                   (i386) 3.0_revB=19990714
 10  SUNWkeymg     SKIP Key Manager Tools
                   (i386) 1.5_revB

... 4 more menu choices to follow;
<RETURN> for more choices, <CTRL-D> to stop display:

 11  SUNWkisup     SKIP I-Support module
                   (i386) 1.5_revB
 12  SUNWrc2       SKIP RC2 Crypto Module
                   (i386) 1.5_revB
 13  SUNWrc4       SKIP RC4 Crypto Module
                   (i386) 1.5_revB
 14  SUNWsman      SKIP Man Pages
                   (i386) 1.5_revB

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: 1-3,6,8,10-14

Note -

The revision information in the package menu shown in this document might differ from what is displayed in your terminal window. The package names, however, will remain identical.

Follow the program prompts, answering all the questions with y.

When completed, you return to the same menu of packages.

Type q to quit pkgadd.

Eject the CD-ROM from the Administration Station's CD-ROM drive by typing:
# eject cdrom0

Install any SKIP upgrade packages (Export Controlled [1024-bit] or U.S. and Canada Use Only [4096-bit] keys) as instructed in the documentation that is included with the upgrade SKIP CD-ROM.

See Appendix B of the SunScreen EFS 3.0 Installation Guide for additional information.

Reboot by typing:
# sync; init 6

Upgrading From SunScreen EFS 3.0, Revision A, to SunScreen EFS 3.0, Revision B, on the Screen

The following procedures describe how to upgrade to SunScreen EFS 3.0, revision B, from SunScreen EFS 3.0, revision A, on the Screen. These procedures are necessary only if you have previously installed and are running SunScreen EFS 3.0, revision A.

Identify the software version by typing:

# pkginfo -l SUNWicgSS

Note -

This upgrade requires that the firewall be taken off-line while these procedures are performed.

To Remove the SunScreen EFS 3.0, Revision A, Software From the Screen

Backup your Screen's configurations and store this backup in a secure location, as it contains secret information like private keys.

Note -
Backing up your Screen's configuration is a safety precaution only. The configuration and keys are maintained during the upgrade.

Open a terminal window on the Screen and become root.

If you have installed any SunScreen EFS 3.0 patches, remove them.
1. For SPARC systems, type:
  # patchrm 107849-01
2. For x86 systems, type:
  # patchrm 107850-01

Remove SKIP upgrade packages if they are installed (Export Controlled [1024-bit] or US and Canada Use Only [4096-bit] keys).

Note -
Use the following command if you installed all possible upgrade packages. If you have not installed all of the following upgrade packages, remove only the packages that you installed.
1. For SPARC systems, type:
  # pkgrm SUNW3desx SUNW3des SUNWdes SUNWdesx \ SUNWideax SUNWidea SUNWsafex SUNWsafe \ SUNWkusup SUNWkdsup
2. For x86 systems, type:
  # pkgrm SUNW3des SUNWdes SUNWidea SUNWsafe \ SUNWkusup SUNWkdsup

Follow the program prompts, answering all the questions with a y.

The pkgrm program ends with the statement: Removal of name_of_package was successful.

Remove the base SKIP packages.

Note -
Use the following command if you installed all possible SKIP packages. If you have not installed all of the following SKIP packages, remove only the packages that you installed.
1. For SPARC systems, type:
  # pkgrm SUNWrc4sx SUNWrc4s SUNWrc2 SUNWrc4x \ SUNWrc4 SUNWbdcx SUNWbdc \ SUNWkisup SUNWkeymg
2. For x86 systems, type:
  # pkgrm SUNWrc4s SUNWrc2 SUNWrc4 SUNWbdc \ SUNWkisup SUNWkeymg

Follow the program prompts, answering all the questions with a y.

The pkgrm program ends with the statement: Removal of name_of_package was successful.

Remove the base SunScreen EFS 3.0, revision A, software. For SPARC and x86 systems type:
# pkgrm SUNWicgSM SUNWicgSA SUNWicgSS \ SUNWhttp SUNWicgSD
Note -
Remove the SUNWes or SUNWesxs packages if they are installed.

Follow the program prompts, answering all the questions with a y.

The pkgrm program ends with the statement: Removal of name_of_package was successful.

Remove the Firewall-1 Migration package if you have installed it. For SPARC and x86 systems, type:
# pkgrm SUNWfwcnv

Follow the program prompts, answering all the questions with a y.

The pkgrm program ends with the statement: Removal of name_of_package was successful.

Reboot by typing:
# sync; init 6
Caution -
Your machine will no longer be filtering traffic until you have completed step the final step in the procedure "To Install the SunScreen EFS 3.0, Revision B, Software on the Screen". For security reasons, this upgrade should be done offline.

To Install the SunScreen EFS 3.0, Revision B, Software on the Screen

Open a terminal window on the Screen and become root.

Install the required Solaris patches listed in Chapter 2 of the SunScreen EFS 3.0 Installation Guide, as necessary.

Insert the SunScreen EFS 3.0, revision B, CD-ROM into the Screen's CD-ROM drive.

Mount the CD-ROM by typing:
# volcheck

Add the SunScreen EFS 3.0, revision B, packages. Follow step 6 for SPARC systems; follow step 7 for x86 systems.

Caution -
Do not use the ScreenInstaller to install SunScreen EFS 3.0, revision B, if you are upgrading from SunScreen EFS 3.0, revision A. If used, your previous configuration can be corrupted.

For SPARC systems:

Run the package add command by typing:
# pkgadd -d /cdrom/cdrom0/sparc
You are prompted with a menu of packages to install.

Select the SunScreen EFS 3.0, revision B, packages to be installed by typing:
# 1-2, 7-16

For SPARC systems, the package menu that displays is as follows:

The following packages are available:
  1  SUNWbdc       SKIP Bulk Data Crypt
                   (sparc) 1.5_revB
  2  SUNWbdcx      SKIP Bulk Data Crypt (64-bit)
                   (sparc) 1.5_revB
  3  SUNWdthj      HotJava Browser for Solaris
                   (sparc) 1.1.5,REV=1998.12.03
  4  SUNWes        SKIP End System
                   (sparc) 1.5_revB
  5  SUNWesx       SKIP End System (64-bit)
                   (sparc) 1.5_revB
  6  SUNWfwcnv     SunScreen Firewall conversion
                   (sparc) 3.0_revB=19990714
  7  SUNWhttp      Sun WebServer daemon and supporting binaries
                   (sparc) 2.0
  8  SUNWicgSA     SunScreen Administration Software
                   (sparc) 3.0_revB=19990714
  9  SUNWicgSD     SunScreen online documentation
                   (sparc) 3.0_revB=19990714
 10  SUNWicgSM     SunScreen man pages
                   (sparc) 3.0_revB=19990714

... 7 more menu choices to follow;
<RETURN> for more choices, <CTRL-D> to stop display: 

 11  SUNWicgSS     SunScreen Firewall
                   (sparc) 3.0_revB=19990714
 12  SUNWkeymg     SKIP Key Manager Tools
                   (sparc) 1.5_revB
 13  SUNWkisup     SKIP I-Support module
                   (sparc) 1.5_revB
 14  SUNWrc2       SKIP RC2 Crypto Module
                   (sparc) 1.5_revB
 15  SUNWrc4       SKIP RC4 Crypto Module
                   (sparc) 1.5_revB
 16  SUNWrc4x      SKIP RC4 Crypto Module (64-bit)
                   (sparc) 1.5_revB
 17  SUNWsman      SKIP Man Pages
                   (sparc) 1.5_revB

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: 1-2, 7-16

Note -

The revision information in the package menu shown in this document might differ from what is displayed in your terminal window. The package names, however, will remain identical.

For x86 systems:

Run the package add command by typing:
# pkgadd -d /cdrom/cdrom0/i386

Select the SunScreen EFS 3.0, revision B, packages to be installed by typing:
# 1, 5-13

For x86 systems, the package menu that displays is as follows:

The following packages are available:
  1  SUNWbdc       SKIP Bulk Data Crypt
                   (i386) 1.5_revB
  2  SUNWdthj      HotJava Browser for Solaris
                   (i386) 1.1.5,REV=1998.12.03
  3  SUNWes        SKIP End System
                   (i386) 1.5_revB
  4  SUNWfwcnv     SunScreen Firewall conversion
                   (i386) 3.0_revB=19990714
  5  SUNWhttp      Sun WebServer daemon and supporting binaries
                   (i386) 2.0
  6  SUNWicgSA     SunScreen Administration Software
                   (i386) 3.0_revB=19990714
  7  SUNWicgSD     SunScreen online documentation
                   (i386) 3.0_revB=19990714
  8  SUNWicgSM     SunScreen man pages
                   (i386) 3.0_revB=19990714
  9  SUNWicgSS     SunScreen Firewall
                   (i386) 3.0_revB=19990714
 10  SUNWkeymg     SKIP Key Manager Tools
                   (i386) 1.5_revB

... 4 more menu choices to follow;
<RETURN> for more choices, <CTRL-D> to stop display:

 11  SUNWkisup     SKIP I-Support module
                   (i386) 1.5_revB
 12  SUNWrc2       SKIP RC2 Crypto Module
                   (i386) 1.5_revB
 13  SUNWrc4       SKIP RC4 Crypto Module
                   (i386) 1.5_revB
 14  SUNWsman      SKIP Man Pages
                   (i386) 1.5_revB

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: 1, 5-13

Note -

The revision information in the package menu shown in this document might differ from what is displayed in your terminal window. The package names, however, will remain identical.

Follow the program prompts, answering all the questions with a y.

When completed, you return to the same menu of packages.

Type q to quit pkgadd.

Eject the CD-ROM from the CD-ROM drive by typing:
# eject cdrom0

Install any SKIP upgrades (Export Controlled [1024-bit] or US and Canada Use Only [4096-bit] keys) as instructed in the documentation included with the upgrade SKIP CD-ROM.

Reboot by typing:
# sync; init 6

Activate the desired configuration according to the procedures found in the SunScreen EFS 3.0 Administration Guide.

SunScreen SKIP 1.5

The following information is the release note for SunScreen SKIP 1.5. This section contains information that was not available when SunScreen SKIP 1.5 documents were printed.

What is New in This Release

SunScreen SKIP 1.5 Revision B contains fixes for internationalization bugs and is functionally identical to SKIP 1.5. The following fixes were made for this release:

4239740 skipdb -l -v listing not entirely internationalized.

4248791 i18n skiptool GUI left edge of Authorized Systems cut

4248793 i18n skiptool GUI French and Asian characters not shown properly

4249575 i18n skiplocal -l won't work after skiplocal -k...

4249577 i18n skiplocal -P message partially not I18N

4249582 i18n skiphost message not i18n when skip not on interface

4249587 i18n skiptool Buttons overlap after

4249701 use strftime(3c) instead of ctime(3c)

4249785 skiplocal -l was never i18n'ed.

4249910 i18n skiplocal -l partially not I18N

4249911 i18n skiplocal -P partially not I18N

4249913 skipstat_ui not i18n!

4249926 i18n skiptool cannot save ACL in non English locale

4249927 i18n skiptool sub-window label not i18n

4249928 i18n skiptool sub-window not enough space on the right side edge

4249929 i18n skiptool: netmask got pseudo-translated

4249930 i18n skiptool: netmask got pseudo-translated and label not i18n

4249931 i18n skiptool: netmask got pseudo-translated: Click Add->Network...

4249932 i18n skiptool: Current address got pseudo-translated

4249933 i18n skiptool: Current address got pseudo-translated

SKIP Manuals on Product CD

This release contains HTML and PDF versions of the SunScreen SKIP User's Guide at the following location:

HTML Version - /docs/html/*

PDF Version - /docs/SKIP_UG.pdf

Upgrading to SKIP V1.5B

The following information applies when upgrading to SunScreen SKIP 1.5B from earlier versions of the product.

Preserving Configuration Files

If you are upgrading from a previous release of SKIP to SKIP 1.5, be aware that you are limited as to the configuration files you can preserve. At the present time, you cannot use an acl.<interface_name> file from a previous version of SKIP as it will contain incorrect commands.

Documentation Error

The "Upgrading From Earlier SKIP Versions" instructions in the User's Guide for SKIP1.5 RevB are not correct if you are upgrading from SKIP 1.5. They tell you to remove any version of SKIP for Solaris, by finding packages using this command:

pkginfo | grep SICG

As of SKIP 1.5, there are no more SICG packages. Therefore the correct command in this instance would be:

pkginfo | grep -i
skip

Upgrading Cryptography Modules

The following table provides information about the packages you need if you want to add additional cryptography modules to your configuration. For example, SunScreen EFS 3.0 ships with the Global version of SKIP which only contains the RC2 and RC4(x) Crypto modules. To add additional modules, for example DES, you must take some care to install only the packages you need. Please see the following table for more information.

Note -

The End System SKIP modules (SUNWes and SUNWesx) should not be added to a SunScreen EFS 3.0 screen.

Table 1-1 SKIP Crypto Upgrades


If you have the Global version...	Add these packages to upgrade to the Export Controlled version...	Add these packages to upgrade to the Domestic version...
	SUNWkusup SKIP U-Support module	SUNWkdsup SKIP D-Support module
	SUNWdes SKIP DES Crypto Module	SUNWdes SKIP DES Crypto Module
	SUNWdesx SKIP DES Crypto Module (64-bit)	SUNWdesx SKIP DES Crypto Module (64-bit)
		SUNW3des SKIP 3DES Crypto Module
		SUNW3desx SKIP 3DES Crypto Module (64-bit)
		SUNWrc4s SKIP RC4-128 Crypto Module
		SUNWrc4sx SKIP RC4-128 Crypto Module (64-bit)
		SUNWsafe SKIP SAFER Crypto Module
		SUNWsafex SKIP SAFER Crypto Module (64-bit)

Getting Support for SunScreen Products

If you have any support issues, call your authorized service provider. For further information about support, use the following URL to contact Enterprise Services: http://www.sun.com/service/contacting.

Previous: Book Information