test

SunScreen 3.1 Administration Guide

Addresses, Address Ranges, and Address Groups

To Add a New Host Address

SunScreen lets you define a new host address.

    Type the following to add the new host address and an optional description within quotation marks:


    edit> add address ftp-www HOST 172.16.1.2  
COMMENT "Address of the  DMZ host"

    To have the changes take effect, you must activate the policy whose rules you edited.

To Add a Range of Addresses

    Type the following to add an address range and an optional description within quotation marks, for example:


    edit> add address corp RANGE 172.16.3.2 172.16.3.255  
COMMENT "All hosts  in corporate"

    To have the changes take effect, you must activate the policy whose rules you edited.

To Add an Address Group

    Type the following to add an address group and an optional description within quotation marks, for example:


    edit> add address Internet GROUP { corp sales ftp-www } {} 
COMMENT "The ranges corporate and sales and the host ftp-www have 
access  to the Internet"

    To have the changes take effect, you must activate the policy whose rules you edited.

To Delete an Address, Address Range, or Address List
Note -

To make troubleshooting easier, do not delete the names of addresses, ranges of addresses, and lists of addresses that were defined when SunScreen was installed.

This command does not check for references to the address, range of addresses, or list of addresses that you are deleting.

    Type the following to delete an address, a range of addresses, or a list of addresses, for example:


    edit> del address host0

    To have the changes take effect, you must activate the policy.

To Check References to a Deleted Address, Address Range, or Address List

To check references to the address, range of addresses, or list of addresses that you want to delete or have deleted, use these commands:

    Type the following to find the reference to an address, a range of addresses, or a list of address that you want to delete or have deleted, for example:


    edit> referlist address host0

    You see a list of all the instances where the address, range of addresses, or list of addresses is used. You, then, can remove the address, range of addresses, or list of addresses from the address list in which it is used, and edit the policy rule to remove it from the rule or rules in which it is used.

To Rename an Address, Address Range, or Address Group
Note -

To make troubleshooting easier, do not delete the names of addresses, ranges of addresses, and lists of address that were defined when SunScreen was installed.

  1. Type the following to rename an address, a range of addresses, or a list of addresses and all reference to it, for example:


    edit> renamereference address ftp-www DMZ

  2. Type the following to rename an address, a range of addresses, or a list of addresses only, for example:


    edit> rename address ftp-www DMZ

    To have the changes take effect, you must activate the policy whose rules you edited.