test

SunScreen 3.1 Installation Guide

Creating the SunScreen 3.1 Configuration

The following procedures explain how you prepare for and generate the new SunScreen 3.1 configuration.

Choosing which of the next two procedures to follow depends on whether you plan to run SunScreen 3.1 on the former FireWall-1 machine or on a new machine. Option 1 discusses preparing the FireWall-1 machine to become a SunScreen machine. Option 2 discusses preparing a new machine to run the converted FireWall-1 configurations.

Note -

Choose only one option or the other.

Option 1: To Prepare the FireWall-1 Machine to Run SunScreen 3.1

  1. Open a terminal window and become root.

  2. Save the existing FireWall-1 configuration files located in the /opt/SUNWfw/conf directory as a backup.

  3. Use the pkgrm command to remove the SUNWfw package by typing:


    # pkgrm SUNWfw

  4. Upgrade your operating environment to at least Solaris 2.6 (if not already done).

    See your Solaris documentation for instructions, if necessary.

  5. Install the additional Solaris packages and kernel packages required as listed in "Installation Overview" (if not already done).

    Note -

    Prior to installing the SunScreen software, make sure that the machine is performing properly as a router.

  6. Install the SunScreen 3.1 software as described in "Installing in Routing Mode With Local Administration."

What Is Next?

Continue to the section, "To Generate the New SunScreen Configuration."

Option 2: To Prepare a New SunScreen Machine to Run the Converted FireWall-1 Configuration

Note -

Prior to installing the SunScreen 3.1 software, make sure that the machine is performing properly as a router.

  1. Open a terminal window and become root.

  2. Upgrade your operating environment to at least Solaris 2.6 (if not already done).

    See your Solaris documentation for instructions, if necessary.

  3. Install the additional Solaris packages and kernel packages required as listed in "Installation Overview" (if not already done).

  4. Copy the generated configuration files to a directory on the new SunScreen machine.

  5. Install the SunScreen 3.1 software as described in "Installing in Routing Mode With Local Administration."

What Is Next?

Continue to the section, "To Generate the New SunScreen Configuration."

To Generate the New SunScreen Configuration

  1. Open a terminal window and become root.

  2. Change to the directory where the conversion files were saved and make the policy.name_sscfg file executable by typing:


    # chmod 544 policy.name_sscfg

    Verify that the commands in the generated file are accurate.

  3. Run the script by typing:


    # ./policy.name_sscfg

policy.name_sscfg creates the new SunScreen configuration from the FireWall-1 configuration, which is similar to the FireWall-1 policy.

See the SunScreen 3.1 Administration Guide for instructions on activating the configuration.