Four Action Types

• ALLOW options:

  • LOG_NONE

  • LOG_SUMMARY

  • LOG_DETAIL

  • SNMP_NONE

  • SNMP

  • A proxy type may be chosen if the service can be proxied by one of the SunScreen proxies.

• DENY options:

  • LOG_NONE

  • LOG_SUMMARY

  • LOG_DETAIL

  • SNMP_NONE

  • SNMP

  • ICMP_NONE

  • ICMP_NET_UNREACHABLE

  • ICMP_HOST_UNREACHABLE

  • ICMP_PORT_UNREACHABLE

  • ICMP_NET_FORBIDDEN

  • ICMP_HOST_FORBIDDEN

• ENCRYPT options:

  • NONE

  • SKIP_Version_1 (for connection to a SunScreen SPF-100 only)

  • You must decide on:

Key Algorithm list (depends on the SKIP version chosen: Domestic or Global)

Data Algorithm list (depends on the SKIP version chosen: Domestic or Global)

SKIP_Version_2 (for connection to all other SKIP-enabled devices) (Optional: Tunnel addresses are allowed.)

You must decide on:

• From Encryptor list

• To Encryptor list

• Key Algorithm list (depends on the SKIP version chosen: Domestic or Global)

• Data Algorithm list (depends on the SKIP version chosen: Domestic or Global)

• MAC Algorithm list (NONE or MD5)

• SECURE options:

  • This option is selected only when forming VPN rules using the VPN gateways previously defined

After you define and map out your network and decide on your policy, you use data objects, such as services and addresses, to configure SunScreen with the policy rules to control access to your network. When you installed SunScreen, you automatically created a Policy named "Initial," which you can use connect build your own Security Policies.