Proxy Considerations
Ensure that the rules do not open a back door into the Intranet that bypasses the proxy rules. For example, a rule that enables telnet directly to a host.
Adding a rule that explicitly drops telnet/FTP after the proxy rules does this as shown in .
Figure 9-9 Add a Rule to Drop telnet or FTP After the Proxy Rules
Your user must telnet/ FTP to the firewall to be authenticated. The proxy connects the user to the target system (even though the rule has the destination address as the target host), as shown in the following figure.
Figure 9-10 Target System Proxy Connection
After configuring a proxy rule you may need to reboot or rule this script to start the proxy by typing:
# /etc/rc2.d/S79proxy start |
You can verify that the proxies are running by typing:
# ps -ef |
which gives results like those shown in the following table:
Table 9-2 Proxies|
root 4820 |
1 0 15:25:47? |
0:00 /opt/SUNWicg/SunScreen/proxies/ftpp |
|
root 4819 |
1 0 15:25:47? |
0:00 /opt/SUNWicg/SunScreen/proxies/telnetp |
|
root 4818 |
1 0 15:25:47? |
0:00 /opt/SUNWicg/SunScreen/proxies/httpp |
The common objects, authorized user, administrative user, and proxy user that appear in the administration GUI are automatically saved when they are edited or new objects are added. You do not need to save these objects. Changes made to them apply immediately and cannot be reversed; however, they do not take effect until a policy is activated. To install the new objects and to propagate these changes to secondary Screens, activate your system configuration.
Note -
The Save button is grayed out to show that it is inactive.
See the SunScreen 3.1 Reference Manual for more information regarding authentication.
- © 2010, Oracle Corporation and/or its affiliates