Configuration Editor Data Model
The following table lists the data types that compose the Data Model as maintained by the configuration editor (ssadm edit) and the ssadm policy command.
Table B-4 Configuration Editor Object Type Name Summary|
Object Type Name |
Storage |
Access Method |
Description |
|---|---|---|---|
|
address |
common |
named |
Describe addresses of network elements |
|
screen |
common |
named |
Describe Screen objects and their relationships |
|
state engine |
common (read-only) |
named |
Describe filtering capabilities of packet filter engine. |
|
service |
common |
named |
Define network services that can be filtered |
|
interface |
common |
named |
Describe network interfaces of a Screen. |
|
certificate |
common |
named |
Refer to certificate used for SKIP connections |
|
time |
common |
named |
Define time intervals for time-dependent rules |
|
authuser |
external |
named |
Describe users for administration and/or proxy access |
|
proxyuser |
external |
named |
Describe users for proxy access |
|
jar_hash |
external |
named |
Describe Java archive hash (for HTTP proxy applet filtering) |
|
jar_sig |
external |
named |
Describe Java archive signature (for HTTP proxy applet filtering) |
|
logmacro |
|
|
|
|
mail_relay |
external |
named |
Describe mail relays (for SMTP proxy mail filtering) |
|
mail_spam |
external |
named |
Describe spam domains (for SMTP proxy mail filtering) |
|
policy |
policy list |
named |
Create, delete, rename, or list the defined policies |
|
filter rule |
policy |
ordered |
Describe network traffic flow policy |
|
nat rule |
policy |
ordered |
Describe NAT translations (read-only) |
|
local access rule |
policy |
ordered |
Describe who can access the Screen for local administration and what they can do. |
|
remote access rule |
policy |
ordered |
Describe who can access the Screen for remote administration and what they can do. |
|
VPN gateway |
policy |
ordered |
Describe how VPN hosts are protected behind certificates and tunnels |
|
VPN |
policy |
ordered |
Virtual object representing a collection of VPN gateways |
Object types marked as having "common" storage in the table are normally stored in the common objects registry that is not part of any particular policy. These objects are used by all policies, so changes to the common objects can affect the behavior of multiple policies. To edit the common objects, it is necessary to specify a policy name when starting the configuration editor even if you are not modifying any policy objects.
Object types marked as having "policy" storage in the table are stored as part of a policy. Policy objects often refer to common objects and therefore can have different meaning depending on the value of common objects. for example, a policy can contain a rule object that allows address A to communicate with address B. The address objects A and B are defined in the common objects.
Object types marked as having "external" storage in the table are almost equivalent to "common" objects, but they are stored in a separate database that is not affected by the "quit," "reload," or "save" commands. Changes to these objects are always immediate, and persist even if the "save" command is not used.
Object types marked as having "policy list" storage in the table represents the names of the policies themselves. Minimal capabilities are provided by the configuration editor to manage the policy. A policy currently being edited can be saved or "cloned" (or portions of it) into a new policy. Other policy requests, such as add, delete, and rename are provided by the ssadm policy command.
- © 2010, Oracle Corporation and/or its affiliates