SunScreen 3.1 Administration Guide

Matching Proxy Rules

Each proxy is an independent program that reads its own policy file. The file for each proxy consists of policy rules selected by the compiler; rules may in turn reference data in the user database.

The following is the sequence of tests that each proxy makes to determine whether a rule matches:

  1. Is the source address of the packet in source-address range in the policy rule?

  2. Is the destination address of the final connection (that is, the host that the user specifies) in the destination address in the policy rule?

  3. If the policy rule requires user authentication, did the user authenticate correctly? Is that user enabled?

  4. Is this possibly-anonymous authenticated user included (either directly or by group membership) in the policy rule?

Note -

At present, there is no way for SunScreen High Availability systems to share proxy state. Proxies are not highly available.