The upgrade script removes and adds packages as needed. To avoid corruption of your existing configurations, do not attempt to remove or add packages manually.
Before installing SunScreen, complete the following tasks:
Since SunScreen 3.2 is only supported on the SPARC versions of Trusted Solaris 8 and Solaris 9, upgrade your operating system to the required level.
Ensure that the system you have identified to upgrade is secure.
When running the Solaris 8 software, install the recommended kernel and security patches from http://sunsolve.sun.com. In addition, make sure the following patches are installed:
To upgrade a SunScreen EFS 3.0, revision A, system to SunScreen 3.2, you must first install the SunScreen EFS 3.0, revision A, patch that is available at: http://www.sun.com/software/securenet/securenet3/install.html.
SPARC: 108156 patch
Intel: 108157 patch
This patch is only required for SunScreen EFS 3.0, revision A. Refer to the README for instructions on installing the patch.
For all installations:
SPARC 108528-06; Intel 108529-05: kernel update patch.
SPARC 109279-08; Intel 109280-08: /kernel/drv/ip patch.
For systems with a qfe board installed:
SPARC 108806-02: Sun Quad Fast Ethernet qfe driver patch.
For systems running Trusted Solaris 8:
SPARC 110337-02: Security CIPSO TCP kernel support patch.
Review custom scripts from SunScreen EFS 3.0 or SunScreen 3.1 because the directory structure has been changed in SunScreen 3.2.
Upgrading a SunScreen SPF-200 stealth system is performed differently than other SunScreen upgrades. (See "Upgrading From SunScreen SPF-200".)
To reduce network downtime consider transferring your SunScreen SPF-200 configurations to a new system and performing the upgrade on the new system. See "Upgrading From SunScreen SPF-200" in the SunScreen 3.2 Installation Guide.
After completing the upgrade from SunScreen EFS 1.1, 2.0, or from SunScreen SPF-200, you must review your packet filtering rules to verify the filtering order because SunScreen 3.2 uses ordered packet filtering rules and ordered NAT mappings. Also, be aware that NAT mappings changed considerably in SunScreen EFS 3.0 from the NAT mappings used in prior releases of SunScreen. See "Packet Filtering" and "Network Address Translation" in SunScreen 3.2 Administrator's Overview for details on packet filtering rules and NAT mappings.
The order in which you install the upgrade software is different from an initial installation. Upgrading requires that you first install it on the Screen and then on the Administration Station. This order prevents damage to the existing policies and makes communication easier between the Administration Station and the Screen.
To retain your existing SunScreen policy configuration files, you must take special care when upgrading to SunScreen 3.2. Do not remove your existing software packages unless you are instructed to do so.
Before installing the SunScreen software, review the SunScreen 3.2 Release Notes for the latest product information.