SunScreen 3.1 Configuration Examples

On hk-screen1

  1. Define an address object for the other Screen in the configuration (bos-screen in this example).

    The address of this object is the tunnel address.

  2. Define the networks behind both Screens as address objects (that is, bos-net and hk-net).

  3. Add the certificate name for bos-screen1.

    Use Certificate --> Associate MKID to generate a certificate object called bos-screen1.cert.

  4. Add a rule to the configuration to encrypt the traffic between bos-net and hk-net.

    The following figure, Figure 6-7, and Figure 6-8 show the parameters used. The example uses Common Services, but the actual service you use reflects the security policy that you are implementing.

    Figure 6-6 Encryption Configuration

    Graphic

    Figure 6-7 Rule Definition Window

    Graphic

    Figure 6-8 Rule Index, Action Details Window

    Graphic

  5. Add a rule to pass CDP in the clear before the encryption rules.

  6. Save and activate the policy.