Command and Executable Files
When you create the new SunScreen configuration, you run the configuration
program, which then executes the command files. You do not need to take further
action on the command and executable files.
The following shows examples of these files.
Example 8-1 policyname_Objects File
# The address commands may contain other addresses
which need to be created.
# These objects are logged in the policyname_Obj.log file
add_nocheck Address "mailhost-INT" HOST 205.167.60.6
COMMENT "Object from FW-1"
add_nocheck Address "mailhost-EXT" HOST 207.82.121.5
COMMENT "Object from FW-1"
add_nocheck Address "localnet" NETWORK 205.167.60.00
255.255.255.00 COMMENT "Object from FW-1"
add_nocheck Address "talon" HOST 205.167.60.200
COMMENT "Object from FW-1" add_no
|
check Address "exosecure-alc" HOST 207.82.121.254
COMMENT "Object from FW-1" save
|
Example 8-2 policyname_Rules
File
add_nocheck Rule "ip all" "*" "*" ALLOW LOG SUMMARY save
|
Example 8-3 policyname_sscfg
File (where policyname is 4complex)
#!/bin/csh
setenv PATH .:/usr/bin:/usr/sbin:/bin:/usr/sbin
echo Creating Policy: 4complex
ssadm policy -a 4complex
echo Adding Policy Addresses
/usr/sbin/ssadm edit -P 4complex < 4complex_Objects
echo Adding Policy Rules
/usr/sbin/ssadm edit -P 4complex < 4complex_Rules
echo Finished!
|