SunScreen 3.1 Administration Guide

Common Objects

You add common objects in the Common Objects area of the Policy Rules page (see FIGURE 2-6.) You construct policy rules using the common objects defined here. The currently active policy is not affected by any changes to common objects until you activate the changed policy.

The following table lists the common objects used in SunScreen.

Table 3-1 Common Object Descriptions

Common Object 



describes network protocols


defines the network elements that make up the policy


describes the certificate used for SKIP connections


describes Screen objects and their relationships 


describes the networkl interface ports of Screen objects

Proxy User

describes the proxy user name for an authorized user

Admin Users

describes an administrator for your Screen administration 

Authorized User

creates a user identity/authentication mechanism 

Jar Hash

the Java archive hash for HTTP proxy dialog filtering

Jar Signature

the Java archive signature for HTTP proxy dialog filtering


describes time intervals for time-dependent rules

Figure 3-2 Common Objects Area


The Screen Field and Common Objects

The Screen field is a way to define the object or rule in a Screen-specific manner. It has no effect on a standalone Screen-administration scenario. Objects with the same name can be defined multiple times if they have different Screen objects selected. They can have different parameters, as well. Such objects are interpreted locally by the Screen to which they refer.

An object with All Screen objects selected applies to all Screens. This is the default, and is recommended for all objects, unless there is a need to define multiple definitions for a single name.

Similarly, rules with a blank Screen field apply to all Screens. Rules with a Screen object selected apply only to the Screen referred to in the rule.

To Add a Common Object

You use the same steps to add all common objects; the dialog windows displayed vary according to the common object selected.

  1. Select the common object in the Type choice list.

  2. Click the Add New button to display the choices.

  3. Type the necessary information in the dialog window that appears.

  4. Click the OK button.

To Search for a Common Object
  1. Select a common object type in the Type choice list.

  2. (Optional) Enter a character string that partly matches the name of the desired common object in the Search String field.

  3. Click the Search button or click Enter in the Search String field.

    The results that return depend on whether or not the common object matches one of the three search criteria for the selected type. The search criteria are:

    • Search String: This field restricts the search to names that match a specified character pattern. Leaving the field blank returns all names.

    • Search on Screen: This field returns all objects when set to "All." When a specific Screen is selected, it returns all objects that have a Screen object selected.

    • Search Subtype: This field returns all objects when set to "All." If you select a specific subtype, the search returns those objects that match the subtype.

  4. Select a result from the Results field to retrieve and display its properties in the Detail field.

After you retrieve the common object, you can edit, rename, or delete it.

To Edit a Common Object
  1. Select the Common Object in the Type choice list.

  2. Select the search criteria.

  3. Click the Search button.

  4. From the Results list, highlight the name of the common object to edit.

    The details for the common object selected appears.

  5. Click the Edit button.

    The dialog window for the object appears.

  6. Make the changes you wish in the common object dialog window.

  7. Click the OK button.

To View and Edit the Details of a Common Object From the Policy Rules Table

    Click once on the cell in the Policy Rules Table containing the object to be viewed or edited. The dialog window for the chosen object appears.

    Note -

    Because different Common Objects can have the same name, sometimes it may not be possible to display the details for a cell. You must must then search for desired object, and select it.

To Delete a Common Object

When you delete a named common object (such as, address, service, Certificate, and so on), SunScreen checks to see whther the named common object is being used in a policy object. If the common object is being used, SunScreen presents a warning message before it deletes the object.

  1. Select the Common Object in the Type choice list.

  2. Select the search criteria.

  3. Click the Search button.

  4. From the Results list, highlight the name of the common object to delete.

  5. Click the Delete button.

  6. Click Yes in the Delete Rule dialog window.

    Note -

    Be careful not to remove your Administration Station's address accidentally from its interface address group. If you do, you will be unable to administer your Screen after you activate the next policy.

To Rename a Common Object
  1. Select the Common Object in the Type choice list.

  2. Click the Search button.

  3. From the Results list, highlight the name of the common object to be renamed.

  4. Click the Rename... button.

    The Rename dialog window is appears.

  5. Type the new name in the Please enter the new name field.

  6. Click the OK button.

Renaming a common object with no Screen object also renames all references to the object in the current policy, if the renamed object contains no references to a Screen object (that is, the object definition is not specific to any Screen).