test

SunScreen 3.1 Installation Guide

To Upgrade a Locally Administered SunScreen EFS Screen

Caution - Caution -

Do not run the installation wizard as it is for an initial installation only and can corrupt your existing configurations.

  1. Open a terminal window and become root.

  2. Insert the SunScreen 3.1 CD-ROM into the CD-ROM drive.

  3. When the File Manager window appears, start by clicking on the upgrade icon.

  4. Next, the software automatically removes the existing SKIP and SunScreen EFS software packages. Wait until this completes.

    The packages are removed automatically one-by-one. No confirmations are needed or accepted. The file and package names will appear as output on your monitor.

  5. Next, the SunScreen 3.1 software is automatically installed.

    The file and package names appear as output, wait until this completes.

    Next, your existing SunScreen EFS configurations are automatically converted to SunScreen 3.1 policies.

    If there are any conversion errors, they are itemized and appear on your monitor. Wait until this completes.

  6. Remove the old SunScreen EFS PATH and MANPATH from your shell initialization file.

  7. Set the PATH and MANPATH by editing your shell initialization file (such as .profile or .login file).

    PATH=/opt/SUNWicg/SunScreen/bin:$PATH PATH=/usr/dt/bin:$PATH export PATH MANPATH=$MANPATH:/opt/SUNWicg/SunScreen/man export MANPATH

  8. Install any SKIP upgrades (see "Upgrading Cryptography Modules").

    While you do not need to use encryption in a locally administered Screen, you may want to use encrypted communication for a VPN over public and private networks.

  9. Reboot by typing: 


    # sync; init 6

  10. Open a terminal window and become root.

  11. List the policies that have been converted by typing:


    # ssadm policy -l
    Note -

    NAT mappings have changed considerably in SunScreen 3.1. If you are using NAT and are upgrading from SunScreen EFS 1.1 or 2.0, you must modify your NAT mappings before you activate the configuration. If you are converting from SunScreen EFS 1.1, be aware that ordered rules is a new feature. See the SunScreen 3.1 Reference Manual for more details on ordered rules.

  12. Choose the one policy that you want to activate by typing:


    # ssadm activate configuration_name

  13. To configure and manage your Screen from your Administration Station, run a Java-enabled Web browser compliant with JDK 1.1.3 or later, and launch the administration GUI by typing the following URL:


    http://localhost:3852

For management information, see the SunScreen 3.1 Administration Guide.