You cannot connect to a passive HA Screen directly except with remote administration to the HA interface. You also cannot connect from one HA Screen to another except with remote administration to the HA interface. You can allow:
Heartbeat (the communication between or among HA Screens to assure that the dedicated HA network is working)
Adding additional services or service groups might be useful, for example, if you need to copy Solaris system files between the HA hosts or to be able to log into the active HA Screen remotely and then connect to the Primary administration HA host using telnet. Adding a service to the HA service group circumvents the passive HA mode and allows the traffic that the added service permits through the SunScreen filters.
You can add any services to the HA service group by selecting Service in the Type choice list on the Edit Policy page, save the change, and reactivate the configuration.
The services or service groups that you add to the HA service group are only allowed between the HA hosts.