test

SunScreen 3.2 Administrator's Overview

add screen

add screen "name_SCREEN"

The following fields are optional and can be specified in any order after the screen keyword:

MASTER "name_SCREEN"

HA_PRIMARY

HA_SECONDARY

TIMEOUT #

SNMP #.#.#.# ... (list can be empty; not output if empty list)

SNMP_TIMER # (if SNMP is set)

CDP {"on" if present, "off" otherwise}

RIP {"on" if present, "off" otherwise}

DNS {"on" if present, "off" otherwise}

NIS {"on" if present, "off" otherwise}

LOGSIZE # {default is 100 MBytes if not present}

DEST_CHECK {destination address checking}

STEALTH_NET #.#.#.# #.#.#.# {Network and Netmask for stealth type Interfaces}

STEALTH_NET #.#.#.#/#.#.#.#

STEALTH_NET #.#.#.#/#bits

HA_IP #.#.#.# (required if HA_PRIMARY is set)

HA_ETHER xx:xx:xx:xx:xx:xx (required if HA_PRIMARY is set)

COMMENT "comment string"

If the Screen is to be a CMG slave Screen, the following SKIP and/or IKE fields must be specified as well. They can be specified in any order after the SCREEN keyword. The SKIP fields are:

ADMIN_IP #.#.#.# or name_ADDRESS

ADMIN_CERTIFICATE "name_CERTIFICATE"

KEY "name_key_algorithm"

DATA "name_data_algorithm"

MAC "name_mac_algorithm"

COMPRESSION "name_compression_algorithm"

TUNNEL "name_address"

The IKE fields are:

ADMIN_IP #.#.#.# or "name_ADDRESS"

AH( "name_auth_algorithm" )

ESP( "name_encr_algorithm" )

ESP( "name_encr_algorithm", "name_auth_algorithm" )

Note -

At least one of the above must be present. At most, one of the ESP forms can be present.

IKE( "name_encr_algorithm", "name_auth_algorithm", "oakley_group_#", name_auth_method", name_CERTIFICATE" )

Note -

If both SKIP and IKE CMG are in use, only one instance of ADMIN_IP is allowed (or needed).

If the Screen is to be a CMG master Screen, the following SKIP and/or IKE fields must be specified as well. They can be specified in any order after the SCREEN keyword. The SKIP fields are:

ADMIN_IP #.#.#.# or "name_ADDRESS"

ADMIN_CERTIFICATE "name_CERTIFICATE"

The IKE fields are:

ADMIN_IP #.#.#.# or "name_ADDRESS"

IKE( "name_CERTIFICATE" )

Note -

If both SKIP and IKE CMG are in use, only one instance of ADMIN_IP is allowed (or needed).

The screen * is reserved and cannot be edited.