test

SunScreen 3.2 Installation Guide

Upgrading to SunScreen 3.2

The following includes overview information as well as instructions for upgrading to SunScreen 3.2 from SunScreen EFS 1.1, 2.0, and 3.0, and from SunScreen 3.1 and SunScreen 3.1 Lite.

If you are upgrading from SunScreen EFS 1.1 or 2.0, your system upgrades to SunScreen 3.2 in routing mode. If you are upgrading from SunScreen EFS 3.0, SunScreen 3.1, or SunScreen 3.1 Lite, the current mode of your system is preserved.

The upgrade procedure automatically backs up your previous SunScreen policies, certificates, and packages in case the upgrade fails. It does not, however, save your existing log files, thus, before beginning the upgrade procedure, save your existing log files according to your specific SunScreen EFS 1.1, 2.0, or 3.0, or SunScreen 3.1 documentation, if needed. Also at this time, make any other system backups according to your standard Solaris backup procedures, if needed. Next, the program automatically removes your old SunScreen software packages and installs the SunScreen 3.2 software packages.

Note -

For the commands you use to back up this information, refer to the documentation that accompanied your release of SunScreen.

The following procedures describe how to upgrade both locally and remotely administered Screens.

Caution - Caution -

To retain your existing policies and SKIP keys and certificates (including your system's SKIP local identities) between software upgrades, do not remove /etc/opt/SUNWicg. Also, to retain your old remote administration rules, backup your /etc/skip directory, which contains all of your local keys, ACLs, and skipd.conf.

The following describes how to prepare to upgrade both locally and remotely administered systems:

Note -

If you use the command line, check the man pages and "Migrating From Earlier SunScreen Firewall Products" in the SunScreen 3.2 Administrator's Overview document for information regarding any commands or arguments that were removed or added since prior releases of SunScreen.

The following describes how to prepare both locally and remotely administered systems for upgrading.

Before proceeding, verify that all the software packages required for your operating environment are installed. That is, in addition to the Solaris Core Distribution software, and the Solaris End User Distribution software when using the administration GUI locally on the Screen itself, there are additional Solaris software packages required prior to installing the SunScreen 3.2 software, if not already on your system (see "Operating System Package Requirements" in the SunScreen 3.2 Installation Guide).

Caution - Caution -

Do not reinstall the Solaris Core Distribution software group when upgrading your system to SunScreen 3.2.

SunScreen 3.2 runs on Solaris 2.6, Solaris 7, and Solaris 8 operating environments for SPARC and Intel platform editions, as well as on Trusted Solaris 8. To upgrade your system, it must be running at least the Solaris 2.6 software because Solaris 2.5.1 or earlier software releases are not supported.

To Install the Prerequisite Solaris Packages and Kernel Patches on the Screen

  1. Add the packages to the Screen from your Solaris software CD, if not already on your system.

    For your locally-administered Screen to use the SunScreen administration GUI, you must install the End User Distribution of Solaris, as well as the following packages.

    Caution - Caution -

    Never install the End-System SKIP packages (SUNWes or SUNWesx) on a Screen.

  2. If you are using Solaris 2.6 software, add the following patches in the following order, if not already on your system, by typing:


    For SPARC platform edition systems:
# #cd /cdrom/cdrom0/Solaris_9/ExtraValue/CoBundled/SunScreen_3.2/sparc/Patches
# patchadd 106125-06
# patchadd 105181-11
# patchadd 105284-15
# patchadd 105490-04
# patchadd 106040-10
# patchadd 106409-01

  3. Reboot by typing:


    # sync; init 6
To Install the Solaris Packages on the Remote Administration Station

  1. Add the packages to the Administration Station from your Solaris software CD, if not already on your system.

  2. If you are using Solaris 2.6 software, add the following patches, if not already on your system, by typing:


    For SPARC platform edition systems:
# #cd /cdrom/cdrom0/Solaris_9/ExtraValue/CoBundled/SunScreen_3.2/sparc/Patches
# patchadd 106125-06
# patchadd 105284-15
# patchadd 105490-04
# patchadd 106040-10
# patchadd 106409-01
    Note -

    In addition to the patches provided by SunScreen, make sure you install all recommended security patches available for your operating environment. For security reasons, always keep your operating environment up to date with available patches.