Documentation Home
> SunScreen 3.1 Administration Guide
SunScreen 3.1 Administration Guide
Book Information
Preface
Chapter 1 Starting the Administration GUI and Logging In
Terms Used in This Book
Administration GUI Browser Requirements
Accessing Local System Resources
Using the Administration GUI
Changing the Admin User Password
Chapter 2 Getting Status and Managing Logs
Finding the Information Page
Viewing Statistics
Viewing Logs
Saving and Clearing the Log
Chapter 3 Working with Common Objects
The Policy Rules Page
Common Objects
The Screen Field and Common Objects
Address Objects
Service and Service Group Objects
Interface Objects
Stealth Interfaces
Screen Objects
SNMP Alert Receivers
Timed-Status Indicator Field
Time Objects
Time Object Example
Certificate Objects
Chapter 4 Creating and Managing Rules
Packet Filtering Rules
Administrative Access Rules
Network Address Translation (NAT) Rules
NAT Mapping Overview
NAT Administration Page
Your NAT Scenario
Example: Static NAT of a Host to a Host
Example: Reverse Rule
Example: Dynamic Translation of a Range Of Addresses to One Host
Virtual Private Network (VPN) Rules
Before You Begin
Configuring a VPN
Chapter 5 Creating and Managing Policies
Leaving an Administration Session
Working With Policies
Editing Policies
Chapter 6 Using High Availability
Setting Up High Availability
HA Policy
Preparing to Install High Availability
Using the /etc/hosts File for Name Resolution
Defining HA
Modifying the HA Service Group
Using NAT with HA in Routing Mode
Installing High Availablility
Configuring Policies for a HA Cluster
Upgrading a SunScreen EFS 2.0 or 3.0 HA Systems
Removing HA
HA Logging
Chapter 7 Setting Up and Using Proxies
Matching Proxy Rules
Preparing to Use Proxies
Defining Proxy Data
Adding Jar Signatures and Jar Hashes
Proxy Users and Authentication
Writing and Editing Policy Rules for Proxies
PROXY_FTP
PROXY_Telnet
PROXY_SMTP
Define the Local Domain Name
Create a List of Valid Relay Targets
PROXY_HTTP
FTP Proxy
TELNET Proxy
SMTP Proxy
HTTP Proxy
Proxy Logging
Chapter 8 Configuring Centralized Management Groups
CMG Overview
CMG Requirements
CMG Configuration Tasks
Chapter 9 Adding Remote Administration Stations After Installation
Installing the Software on the New Remote Administration Station
Overview
If you Have an Existing Remote Administration Station
If This is the First Remote Administration Station (Screen Installed With Local Administration Only)
Setting Up the Access Control List on the New Remote Administration Station
Appendix A Using the Command Line
UNIX (shell) Command Summary
UNIX (shell) Commands
ss_install Command
ssadm Command
Remotely Logging Into and Out of SunScreen
ssadm Sub-Command Summary
Configuration Editor Commands
Command-Line Session
Creating and Editing Policies
Services and Service Groups
Addresses, Address Ranges, and Address Groups
Certificates
Screens
Interfaces
Authorized Users
Adding or Modifying an Authorized User
Policy Rules
Defining New Rules
Network Address Translation
Virtual Private Network (VPN)
Information, Statistics, and Logs
Setting Up High Availability (HA)
Centralized Management Group
Gathering Information From Your System to Report to SunService
Getting Support for SunScreen Products
Gathering Data From the Screen
Troubleshooting
Appendix B Quick Start Procedures
FTP Proxy Service Without Proxy User Authentication
FTP Proxy Service With Proxy User Authentication
Telnet Proxy Service Without Proxy User Authentication
Telnet Proxy Service With Proxy User Authentication
HTTP Proxy Service
SMTP Proxy Service
Configuring RADIUS Authentication
Telnet Proxy Service With RADIUS User Authentication
FTP Proxy Service With RADIUS User Authentication
SecurID Clients Supported by SunScreen
Telnet Proxy Service With SecurID User Authentication
FTP Proxy Service With SecurID User Authentication
Port-by-Port Cookbook
Network 1 Topology
Port-by-Port Limitations
Testing Proxy Telnet/FTP
Testing Telnet and FTP Without Going Through the Proxy Server
Testing Proxy HTTP
Testing HTTP Without Going Through the Proxy Server
Testing NAT
Network 2 Topology
Port-by-Port limitations
Testing Proxy Telnet/FTP
Testing Telnet/FTP Without Going Through the Proxy Server
Testing Proxy HTTP
Testing HTTP Without Going Through the Proxy Server
Testing NAT
Index
A
B
C
D
E
F
G
H
I
J
K
L
M
N
P
R
S
T
U
V
© 2010, Oracle Corporation and/or its affiliates