test

SunScreen 3.2 Installation Guide

Creating the SunScreen Configuration

The following procedures explain how you prepare for and generate the new SunScreen configuration.

Choosing which of the next two procedures to follow depends on whether you plan to run SunScreen on the former FireWall-1 system or on a new system. Option 1 discusses preparing the FireWall-1 system to become a SunScreen system. Option 2 discusses preparing a new system to run the converted FireWall-1 configurations.

Note -

Choose only one of the four options.

Option 1: To Prepare the FireWall-1 System to Run SunScreen

  1. Open a terminal window and become root, if not already.

  2. Save the existing FireWall-1 configuration files located in the /opt/SUNWfw/conf directory as a backup.

  3. Use the pkgrm command to remove the SUNWfw package by typing:


    # pkgrm SUNWfw


    # pkgrm SUNWwfwvpn


    # pkgrm SUNWwfwdes

  4. Upgrade to at least the Solaris 9 operating environment (if not already done).

    See your Solaris documentation for instructions, if necessary.

  5. Install the additional Solaris software packages and kernel packages required as listed in "Installation Overview" in SunScreen Installation Guide (if not already done).

    Note -

    Prior to installing the SunScreen software, make sure that the system is performing properly as a router.

  6. Install the SunScreen software as described in "Installing in Routing Mode With Local Administration" in SunScreen Installation Guide.

Continue to the section, "To Generate the New SunScreen Configuration".

Option 2: To Prepare a New SunScreen System to Run the Converted FireWall-1 Configuration
Note -

Prior to installing the SunScreen software, make sure that the system is performing properly as a router.

  1. Open a terminal window and become root, if not already.

  2. Upgrade to at least the Solaris 2.6 operating environment (if not already done).

    See your Solaris operating environment documentation for instructions, if necessary.

  3. Install the additional Solaris software packages and kernel packages required as listed in "Installation Overview" in SunScreen Installation Guide (if not already done).

  4. Copy the generated configuration files to a directory on the new SunScreen system.

  5. Install the SunScreen software as described in "Installing in Routing Mode With Local Administration" in SunScreen Installation Guide.

Continue to the section, "To Generate the New SunScreen Configuration".

To Generate the New SunScreen Configuration

  1. Open a terminal window and become root, if not already.

  2. Change to the directory where the conversion files were saved and make the policyname_sscfg file executable by typing:


    # chmod 544policyname_sscfg

  3. Verify that the commands in the generated file are accurate by typing:


    # ./policyname_sscfg

policyname_sscfg creates the new SunScreen configuration from the FireWall-1 configuration, which is similar to the FireWall-1 policy.

See the SunScreen 3.2 Administration Guide for instructions on activating the configuration.