Upgrading From SunScreen EFS 3.0, Revision A, to SunScreen EFS 3.0, Revision B, on the Screen

The following procedures describe how to upgrade to SunScreen EFS 3.0, revision B, from SunScreen EFS 3.0, revision A, on the Screen. These procedures are necessary only if you have previously installed and are running SunScreen EFS 3.0, revision A.

Identify the software version by typing:

# pkginfo -l SUNWicgSS

This upgrade requires that the firewall be taken off-line while these procedures are performed.

To Remove the SunScreen EFS 3.0, Revision A, Software From the Screen

1. Backup your Screen's configurations and store this backup in a secure location, as it contains secret information like private keys.

   ---

   Note -

   Backing up your Screen's configuration is a safety precaution only. The configuration and keys are maintained during the upgrade.

   ---

2. Open a terminal window on the Screen and become root.

3. If you have installed any SunScreen EFS 3.0 patches, remove them.

   1. For SPARC systems, type:

      # patchrm 107849-01

   2. For x86 systems, type:

      # patchrm 107850-01

4. Remove SKIP upgrade packages if they are installed (Export Controlled [1024-bit] or US and Canada Use Only [4096-bit] keys).

   ---

   Note -

   Use the following command if you installed all possible upgrade packages. If you have not installed all of the following upgrade packages, remove only the packages that you installed.

   ---

   1. For SPARC systems, type:

      # pkgrm SUNW3desx SUNW3des SUNWdes SUNWdesx \ SUNWideax SUNWidea SUNWsafex SUNWsafe \ SUNWkusup SUNWkdsup

   2. For x86 systems, type:

      # pkgrm SUNW3des SUNWdes SUNWidea SUNWsafe \ SUNWkusup SUNWkdsup

5. Follow the program prompts, answering all the questions with a y.

   The pkgrm program ends with the statement: Removal of name_of_package was successful.

6. Remove the base SKIP packages.

   ---

   Note -

   Use the following command if you installed all possible SKIP packages. If you have not installed all of the following SKIP packages, remove only the packages that you installed.

   ---

   1. For SPARC systems, type:

      # pkgrm SUNWrc4sx SUNWrc4s SUNWrc2 SUNWrc4x \ SUNWrc4 SUNWbdcx SUNWbdc \ SUNWkisup SUNWkeymg

   2. For x86 systems, type:

      # pkgrm SUNWrc4s SUNWrc2 SUNWrc4 SUNWbdc \ SUNWkisup SUNWkeymg

7. Follow the program prompts, answering all the questions with a y.

   The pkgrm program ends with the statement: Removal of name_of_package was successful.

8. Remove the base SunScreen EFS 3.0, revision A, software. For SPARC and x86 systems type:

   # pkgrm SUNWicgSM SUNWicgSA SUNWicgSS \ SUNWhttp SUNWicgSD

   ---

   Note -

   Remove the SUNWes or SUNWesxs packages if they are installed.

   ---

9. Follow the program prompts, answering all the questions with a y.

   The pkgrm program ends with the statement: Removal of name_of_package was successful.

10. Remove the Firewall-1 Migration package if you have installed it. For SPARC and x86 systems, type:

    # pkgrm SUNWfwcnv

11. Follow the program prompts, answering all the questions with a y.

    The pkgrm program ends with the statement: Removal of name_of_package was successful.

12. Reboot by typing:

    # sync; init 6

    ---

    Caution -

    Your machine will no longer be filtering traffic until you have completed step the final step in the procedure "To Install the SunScreen EFS 3.0, Revision B, Software on the Screen". For security reasons, this upgrade should be done offline.

    ---

To Install the SunScreen EFS 3.0, Revision B, Software on the Screen

1. Open a terminal window on the Screen and become root.

2. Install the required Solaris patches listed in Chapter 2 of the SunScreen EFS 3.0 Installation Guide, as necessary.

3. Insert the SunScreen EFS 3.0, revision B, CD-ROM into the Screen's CD-ROM drive.

4. Mount the CD-ROM by typing:

   # volcheck

5. Add the SunScreen EFS 3.0, revision B, packages. Follow step 6 for SPARC systems; follow step 7 for x86 systems.

   ---

   Caution -

   Do not use the ScreenInstaller to install SunScreen EFS 3.0, revision B, if you are upgrading from SunScreen EFS 3.0, revision A. If used, your previous configuration can be corrupted.

   ---

6. For SPARC systems:

   1. Run the package add command by typing:

      # pkgadd -d /cdrom/cdrom0/sparc

      You are prompted with a menu of packages to install.

   2. Select the SunScreen EFS 3.0, revision B, packages to be installed by typing:

      # 1-2, 7-16

   For SPARC systems, the package menu that displays is as follows:

   The following packages are available: 1 SUNWbdc SKIP Bulk Data Crypt (sparc) 1.5_revB 2 SUNWbdcx SKIP Bulk Data Crypt (64-bit) (sparc) 1.5_revB 3 SUNWdthj HotJava Browser for Solaris (sparc) 1.1.5,REV=1998.12.03 4 SUNWes SKIP End System (sparc) 1.5_revB 5 SUNWesx SKIP End System (64-bit) (sparc) 1.5_revB 6 SUNWfwcnv SunScreen Firewall conversion (sparc) 3.0_revB=19990714 7 SUNWhttp Sun WebServer daemon and supporting binaries (sparc) 2.0 8 SUNWicgSA SunScreen Administration Software (sparc) 3.0_revB=19990714 9 SUNWicgSD SunScreen online documentation (sparc) 3.0_revB=19990714 10 SUNWicgSM SunScreen man pages (sparc) 3.0_revB=19990714 ... 7 more menu choices to follow; <RETURN> for more choices, <CTRL-D> to stop display: 11 SUNWicgSS SunScreen Firewall (sparc) 3.0_revB=19990714 12 SUNWkeymg SKIP Key Manager Tools (sparc) 1.5_revB 13 SUNWkisup SKIP I-Support module (sparc) 1.5_revB 14 SUNWrc2 SKIP RC2 Crypto Module (sparc) 1.5_revB 15 SUNWrc4 SKIP RC4 Crypto Module (sparc) 1.5_revB 16 SUNWrc4x SKIP RC4 Crypto Module (64-bit) (sparc) 1.5_revB 17 SUNWsman SKIP Man Pages (sparc) 1.5_revB Select package(s) you wish to process (or 'all' to process all packages). (default: all) [?,??,q]: 1-2, 7-16

   ---

   Note -

   The revision information in the package menu shown in this document might differ from what is displayed in your terminal window. The package names, however, will remain identical.

   ---

7. For x86 systems:

   1. Run the package add command by typing:

      # pkgadd -d /cdrom/cdrom0/i386

   2. Select the SunScreen EFS 3.0, revision B, packages to be installed by typing:

      # 1, 5-13

   For x86 systems, the package menu that displays is as follows:

   The following packages are available: 1 SUNWbdc SKIP Bulk Data Crypt (i386) 1.5_revB 2 SUNWdthj HotJava Browser for Solaris (i386) 1.1.5,REV=1998.12.03 3 SUNWes SKIP End System (i386) 1.5_revB 4 SUNWfwcnv SunScreen Firewall conversion (i386) 3.0_revB=19990714 5 SUNWhttp Sun WebServer daemon and supporting binaries (i386) 2.0 6 SUNWicgSA SunScreen Administration Software (i386) 3.0_revB=19990714 7 SUNWicgSD SunScreen online documentation (i386) 3.0_revB=19990714 8 SUNWicgSM SunScreen man pages (i386) 3.0_revB=19990714 9 SUNWicgSS SunScreen Firewall (i386) 3.0_revB=19990714 10 SUNWkeymg SKIP Key Manager Tools (i386) 1.5_revB ... 4 more menu choices to follow; <RETURN> for more choices, <CTRL-D> to stop display: 11 SUNWkisup SKIP I-Support module (i386) 1.5_revB 12 SUNWrc2 SKIP RC2 Crypto Module (i386) 1.5_revB 13 SUNWrc4 SKIP RC4 Crypto Module (i386) 1.5_revB 14 SUNWsman SKIP Man Pages (i386) 1.5_revB Select package(s) you wish to process (or 'all' to process all packages). (default: all) [?,??,q]: 1, 5-13

   ---

   Note -

   The revision information in the package menu shown in this document might differ from what is displayed in your terminal window. The package names, however, will remain identical.

   ---

8. Follow the program prompts, answering all the questions with a y.

   When completed, you return to the same menu of packages.

9. Type q to quit pkgadd.

10. Eject the CD-ROM from the CD-ROM drive by typing:

    # eject cdrom0

11. Install any SKIP upgrades (Export Controlled [1024-bit] or US and Canada Use Only [4096-bit] keys) as instructed in the documentation included with the upgrade SKIP CD-ROM.

12. Reboot by typing:

    # sync; init 6

13. Activate the desired configuration according to the procedures found in the SunScreen EFS 3.0 Administration Guide.