test

SunScreen 3.1 Installation Guide

Troubleshooting the fwconvert Utility

The following section describes how to troubleshoot the fwconvert utility.

Conditions for Failure

The following conditions can cause the conversion to fail:

When fwconvert encounters these conditions, it displays an error message in the FW-1 Converter dialog box, as shown in the following figure.

Figure 8-2 Error Message From fwconvert

Graphic

Note -

When data cannot be parsed, this error is displayed on the terminal window and not in the FW-1 Converter dialog box.

To Clear Conversion Errors (Except Parse Errors)

  1. Click the OK bar to clear the error message in the FW-1 Converter dialog box.

  2. Change permissions on the affected directories, if applicable.

  3. Fill in the corrected information in the fwconvert FW-1 Convertor dialog box, making sure you have the accurate path names and file names that you need to specify.

  4. Click the Retry button.

    When it completes successfully, the FireWall-1 Configuration Converter displays the DONE button.

  5. Click DONE to exit fwconvert.

    fwconvert creates a set of files that are used to generate the SunScreen configuration.

  6. Verify the converted Rules.

    For more information, see "Verfying the Converted Rules."

After the conversion completes, the generated configuration files are located in the directory you specified in the FireWall-1 Configuration Converter dialog box, (/opt/SUNWfwcnv/output by default). The policy.name_Objects and policy.name_Rules files must reside in the same directory as policy.name_sscfg before you can run the policy.name_sscfg generation program. Look at these files to confirm that the information was correctly converted.

To Clear Parse Errors

Note -

The most common parse error is caused by the use of a reserved character (such as a ` ` space) in an object name.

  1. Hand edit the line containing the error.

  2. Restart fwconvert.

    See the procedure "To Run the Conversion Utility," if needed.