Proxies

A proxy is a user-level application that runs on the Screen. The main purpose of proxies is to provide content filtering (for example, allow or deny Java applets) and user authentication.

You can set up proxies for ftp, HTTP, SMTP, and Telnet protocols. Although each proxy has different filtering capabilities and requirements, you can allow or deny sessions based on the source or destination address of packets. Proxies share common objects and policy rule files. To start a proxy, you set up rules for a proxy in your security policy and activate the policy.

Use of these proxies does not require installing any additional client or server system software. Some changes, however, may be required in system configurations or user-supplied commands to have access to protected destinations through the proxies.

Event Logging With Proxies

In addition to packet (SUMMARY and DETAIL) and SESSION log events, authentication, editing and activation, HA, proxies and other components of SunScreen create additional log entries. These entries are added to the SunScreen log chronologically, interspersed as events take place. Events such as administrator or proxy user authentication (or denial), policy-related events, HA failovers, proxy connection establishment, connection completion, transfers, as well as large a variety of debugging messages are inserted.

These non-packet, non-session events are sometimes referred to as extended events, since the mechanism used to log them is both an extension of earlier types of logging and it is itself extensible. They consist almost entirely of printable (UTF-8) strings

These extended events are flagged by ssadm logdump as XLOG. In the log browser, they are flagged with the severity level, followed by the application name.

Extended log events are described in detail in Chapter 11, Logging.