Four Action Types
The following shows the four action types: ALLOW, DENY, ENCRYPT, and SECURE.
-
ALLOW options:
-
LOG_NONE
-
LOG_SUMMARY
-
LOG_DETAIL
-
SNMP_NONE
-
SNMP
-
A proxy type can be chosen if the service can be proxied by one of the SunScreen proxies.
-
-
DENY options:
-
LOG_NONE
-
LOG_SUMMARY
-
LOG_DETAIL
-
SNMP_NONE
-
SNMP
-
ICMP_NONE
-
ICMP_NET_UNREACHABLE
-
ICMP_HOST_UNREACHABLE
-
ICMP_PORT_UNREACHABLE
-
ICMP_NET_FORBIDDEN
-
ICMP_HOST_FORBIDDEN
-
-
ENCRYPT options:
-
NONE
-
SKIP_Version_1 (for connection to a SunScreen SPF-100 system only)
You must decide on:
-
SKIP_Version_2 (for connection to all other SKIP-enabled devices) (Optional: Tunnel addresses are allowed)
You must decide on:
-
Manual IPsec
-
Forward ESP
-
Forward AH
-
Reverse ESP
-
Reverse AH
Note -Forward and Reverse can be set the same or different. This is designated on the administration GUI by the Asymmetric and Symmetric options.
-
Transport or Tunnel Mode
-
Optional:
-
Source Screen (object)
-
Destination Screen (object)
-
Source Tunnel
-
Destination Tunnel
-
-
-
Solaris IKE
-
-
VPN options:
This option is selected only when forming VPN rules using the previously defined VPN gateways.
After you define and map out your network and decide on your security policy, use data objects, such as services and addresses, to configure SunScreen with the policy rules to control access to your network. At installation, the SunScreen software automatically creates a policy named Initial that you can use to build your own security policies.
Additional information on creating security policies can be found at: http://www.sun.com/software/white-papers/wp-security-devsecpolicy/
- © 2010, Oracle Corporation and/or its affiliates