Configuration

A SunScreen policy comprises the rules that a SunScreen Screen uses to implement your company's security policy. A configuration is the union of a SunScreen policy with common objects to form a complete description of the behavior of one or more Screens. A policy is a named set of policy objects. When the SunScreen software is first installed, there is one policy, named Initial, which contains a single rule and objects for the Screen and its interfaces. Common objects are data objects relevant to all policies. Common object types include address, screen, service, interface, certificate, and time. Ordered objects include filtering rules, NAT rules, administration access rules, and VPN (virtual private network) gateway descriptions.

Neither common objects nor rules include objects loaded into SKIP or IKE, but they do include the reference from the certificate name in the common object registry to the internal identity used by SKIP or IKE.