policy.name_Rule.log

This file shows rules generated from FireWall-1 rules that cannot be used in the SunScreen 3.1 environment without modification. The policy.name_Rule.log file explains why these rules were not added to the SunScreen firewall, for example:

• Source, Destination, or Installed on objects are of a type not supported by SunScreen 3.1

• FireWall-1 Service is of a type not supported by SunScreen 3.1

• FireWall-1 Action is not supported by SunScreen 3.1

SunScreen 3.1 does not support FireWall-1 encryption, user authentication, or client authentication. Encryption in SunScreen is accomplished through SKIP, as explained in the SunScreen 3.1 Reference Manual. For more information regarding SKIP, see the SunScreen SKIP 1.5.1 User's Guide.

All FireWall-1 rules are generated during the conversion. You must manually remove any rules that you do not need.

The following shows a sample policy.name_Rule.log file such as you might find after a FireWall-1 to SunScreen 3.1 conversion.

Example 8-5 policy.name_Rule.log File

/***** SunScreen: Firewall-1 conversion log *****/
/***** @(#)RuleStore.java	3.6 99/11/09 Sun Microsystems, Inc. *****/
 
 
Rule below not added as the action Encrypt is configured differently in SunScreen.
 add_nocheck Rule  "smtp" "aiims" "*" Encrypt
 
 
 
Rule below not added as the action Encrypt is configured differently in SunScreen.
 add_nocheck Rule  "echo" "aiims" "*" Encrypt
 
 
 
Rule below not added as the action User Authentication is not valid in SunScreen.
 add_nocheck Rule  "ftp" "*" "aiims" User
 
 
 
Rule below not added as the action Client Encryption/Authentication is not valid in SunScreen.
 add_nocheck Rule  "dns" """ "*" Client