Generating Conversion Files

The following procedures explain how to generate conversion files.

The fwconvert utility (located in /opt/SUNWfwcnv/bin) generates files that create the SunScreen configuration from the original FireWall-1 configuration. fwconvert examines the rules and objects in your FireWall-1 security policy and generates new configuration files with commands for configuring SunScreen.

fwconvert uses the following FireWall-1 configuration files:

• policyname.W, for FireWall-1, Release 2.1, files

• policyname.pf, for FireWall-1, Release 3.0 and later files

• objects.C, for FireWall-1, Releases 3.0, 4.0, and 4.1 files, where policyname is either default or the name you have given your policy. These files are located in the /opt/SUNWfw/conf directory.

Verify the location of these files and the name of the policy file (indicated by the  .pf or  .W extension) before you run fwconvert.

You must run the conversion utility on the FireWall-1 system even if you are configuring SunScreen on a different system.

To Run the Conversion Utility

1. Open a terminal window and become root on the FireWall-1 system.

2. Run the conversion utility by typing:

   # /opt/SUNWfwcnv/bin/fwconvert &

   fwconvert displays the FW-1 Configuration Converter dialog box with the default values already inserted.

   

3. Type the path name where the FireWall-1 conversion files are located, or accept the default, if appropriate.

4. Type the name of the policy file you want to convert, if different from the default.

   ---

   Note -

   Do not type the .pf or  .W extension.

   ---

5. Type the name of the directory where you want to store the new configuration files. Make sure the directory actually exists before you proceed. Otherwise, accept the /opt/SUNWfwcnv/output default.

6. Choose the release number of your FireWall-1 software from the Version menu, or accept the default, if appropriate.

7. Click Proceed to begin the conversion.

   fwconvert reads the file policyname.pf (or policyname.W) and the objects.C files and generates the files used to create the SunScreen configuration.

   When fwconvert completes successfully, the FireWall-1 Configuration Converter dialog box displays a DONE button.

8. Click DONE to exit fwconvert.

9. Verify the converted rules.

   For more information, see "Verifying the Converted Rules."

After the conversion completes, the generated configuration files are located in the directory you specified in the FireWall-1 Configuration Converter dialog box (/opt/SUNWfwcnv/output by default). The policyname_Objects and policyname_Rules files must reside in the same directory as policyname_sscfg before you can run the policyname_sscfg generation program. Look at these files to confirm that the information converted correctly.