The table below lists the data types that compose the Data Model as maintained by the configuration editor (ssadm edit) and the ssadm policy command.
Table B-8 Configuration Editor Object Type Names
Object Type Name |
Storage |
Access Method |
Description |
---|---|---|---|
address |
common |
named |
Addresses of network elements |
screen |
common |
named |
Screen objects and their relationships |
state engine |
common (read only) |
named |
Filtering capabilities of packet filter engine. |
service |
common |
named |
Network services that can be filtered |
interface |
common |
named |
Network interfaces of a Screen. |
certificate |
common |
named |
Certificate used for SKIP or IKE connections |
key |
common |
named |
Manual encryption keys for IPsec manual mode and pre-shared keys for IKE usage |
time |
common |
named |
Time intervals for time-dependent rules |
authuser |
external |
named |
Users for administration and/or proxy access |
proxyuser |
external |
named |
Users for proxy access |
jar_hash |
external |
named |
Java archive hash (for HTTP proxy applet filtering) |
jar_sig |
external |
named |
Java archive signature (for HTTP proxy applet filtering) |
logmacro |
external |
named |
Log filtering macro definitions |
mail_relay |
external |
named |
Mail relays (for SMTP proxy mail filtering) |
mail_spam |
external |
named |
Spam domains (for SMTP proxy mail filtering) |
policy |
policy list |
named |
Multiple named polices for storing different configurations |
filter rule |
policy |
ordered |
Network traffic filtering/control/logging |
nat rule |
policy |
ordered |
NAT translations |
local access rule |
policy |
ordered |
Who can access the Screen for local administration and what they can do |
remote access rule |
policy |
ordered |
Who can access the Screen for remote administration and what they can do |
vars |
external |
named |
General environment-like configuration variables |
VPN gateway |
policy |
ordered |
Define which hosts (addresses) are protected by which Screens, and the encryption mechanisms to be employed |
VPN |
|
|
All vpngateway objects with the same name constitute / define (virtually) any given VPN. That name is used in filter rules, causing the VPN to use the encryption mechanisms of the vpngateway |
Object types marked as having common storage in the table are normally stored in the common objects registry that is not part of any individual policy. These objects are used by all policies, so changes to the common objects can affect the behavior of multiple policies. To edit the common objects, specify a policy name when starting the configuration editor even if you are not modifying any policy objects.
Object types marked as having policy storage in Table B-8 are stored as part of a policy. Policy objects often refer to common objects and, therefore, can behave differently depending on the value of common objects. For example, a policy can contain a rule object that allows address A to communicate with address B. The address objects A and B are defined in the common objects.
Object types marked as having external storage in the table are almost equivalent to common objects, but they are stored in a separate database that is not affected by the quit, reload, or save commands. Changes to these objects are always stored immediately, and persist even if the savecommand is not used.
Object types marked as having policy list storage in Table B-8 represent the names of the policies themselves. A policy currently being edited can be saved or cloned (or portions of it) into a new policy. Other policy requests, such as add, delete, and rename are provided by the ssadm policy command.