SunScreen 3.2 Installation Guide

Command and Executable Files

When you create the new SunScreen configuration, you run the configuration program, which then executes the command files. You do not need to take further action on the command and executable files.

The following shows examples of these files.

Example 8-1 `policyname_Objects` File

# The address commands may contain other addresses 
which need to be created.
# These objects are logged in the policyname_Obj.log file
 add_nocheck Address  "mailhost-INT" HOST 205.167.60.6 
COMMENT "Object from FW-1"
 add_nocheck Address  "mailhost-EXT" HOST 207.82.121.5 
COMMENT "Object from FW-1"
 add_nocheck Address  "localnet" NETWORK 205.167.60.00 
255.255.255.00  COMMENT "Object from FW-1"
 add_nocheck Address  "talon" HOST 205.167.60.200 
COMMENT "Object from FW-1" add_no

check Address  "exosecure-alc" HOST 207.82.121.254 
COMMENT "Object from FW-1" save

Example 8-2 `policyname_Rules` File

add_nocheck Rule "ip all" "*" "*" ALLOW LOG SUMMARY save

Example 8-3 `policyname_sscfg` File (where `policyname` is `4complex`)

#!/bin/csh
setenv PATH .:/usr/bin:/usr/sbin:/bin:/usr/sbin 
echo Creating Policy: 4complex 
ssadm policy -a 4complex
echo Adding Policy Addresses
/usr/sbin/ssadm edit -P 4complex < 4complex_Objects 
echo Adding Policy Rules
/usr/sbin/ssadm edit -P 4complex < 4complex_Rules
echo Finished!

Command and Executable Files

Example 8-1 policyname_Objects File

Example 8-2 policyname_Rules File

Example 8-3 policyname_sscfg File (where policyname is 4complex)

Example 8-1 `policyname_Objects` File

Example 8-2 `policyname_Rules` File

Example 8-3 `policyname_sscfg` File (where `policyname` is `4complex`)