This file shows rules generated from FireWall-1 rules that cannot be used in the SunScreenenvironment without modification. The policyname_Rule.log file explains why these rules were not added to the SunScreen firewall, for example:
Source, Destination, or Installed on objects are of a type not supported by SunScreen
FireWall-1 Service is of a type not supported by SunScreen
FireWall-1 Action is not supported by SunScreen
SunScreen does not support FireWall-1 encryption, user authentication, or client authentication. Encryption in SunScreen is accomplished through SunScreen IKE or SunScreen SKIP, as explained in the SunScreen 3.2 Administrator's Overview. For more information regarding SKIP, see the SunScreen SKIP User's Guide, Release 1.5.1.
All FireWall-1 rules are generated during the conversion. You must remove any rules that you do not need manually.
The following shows a sample policyname_Rule.log file that might be generated after the FireWall-1 to SunScreen conversion.
/***** SunScreen: Firewall-1 conversion log *****/ /***** @(#)RuleStore.java 3.6 99/11/09 Sun Microsystems, Inc. *****/ Rule below not added as the action Encrypt is configured differently in SunScreen. add_nocheck Rule "smtp" "aiims" "*" Encrypt Rule below not added as the action Encrypt is configured differently in SunScreen. add_nocheck Rule "echo" "aiims" "*" Encrypt Rule below not added as the action User Authentication is not valid in SunScreen. add_nocheck Rule "ftp" "*" "aiims" User Rule below not added as the action Client Encryption/Authentication is not valid in SunScreen. add_nocheck Rule "dns" """ "*" Client |
|