SunScreen EFS Release 3.0 Installation Guide

Chapter 6 Upgrading to SunScreen EFS 3.0

This chapter explains how to upgrade to SunScreen EFS 3.0 from either SunScreen EFS 1.1 or 2.0, or SunScreen SPF-200.

Topics covered include:

For a remotely administered SunScreen EFS, the order in which the upgrade software is installed is different from the order given for an initial installation. Upgrade software is installed on the Screen first and then on the Administration Station. This order prevents damaging the configurations and makes communication between the Administration Station and the Screen easier.


Note -

Since SunScreen EFS 3.0 uses ordered packet filtering rules and ordered NAT mappings, you must review your packet filtering rules after the conversion is complete to verify the filtering order is as you want. NAT mappings have changed considerably between earlier releases and SunScreen EFS 3.0. Please see the SunScreen EFS Reference Manual for detail on NAT mappings.


Before installing, review the SunScreen EFS 3.0 Release Notes for the latest information about this product.

Do not begin any of these procedures until you have read the information in Chapter 2.

Overview of the Upgrade from EFS 1.1 or 2.0

The SunScreen EFS 3.0 CD-ROM includes a program that automatically backs up your SunScreen EFS 1.1 or 2.0 configurations, certificates, and packages to elsewhere in the filesystem in case the upgrade fails. Then the program automatically removes your SunScreen EFS 1.1 or 2.0 software packages and then installs the SunScreen EFS 3.0 software packages. The following procedures describe how to upgrade both locally and remotely administered SunScreen EFS machines.


Note -

Before starting the upgrade procedure to SunScreen EFS 3.0, first make a backup of your existing logfiles. The upgrade procedure will remove your existing logfiles and they will be lost if a backup is not performed. Refer to your SunScreen EFS 1.1 or 2.0 documentation for backup procedures, if needed.



Caution - Caution -

To retain configurations and SKIP keys and certificates (including your system's SKIP local identities) between software upgrades, do not remove /etc/opt/SUNWicg.


Preparing to Upgrade

The following sections describe how to prepare both locally administered and remotely administered machines for upgrading.


Note -

If you want to use the command line, be aware that some commands and some arguments have been removed or added since SunScreen EFS 1.1 and 2.0. Check the man pages and the SunScreen EFS 3.0 Reference Manual before using.


Before proceeding, verify that all the software packages required for your operating environment are installed.

Preparing the Screen and Administration Station

SunScreen EFS, Release 3.0, runs on Solaris 2.6 and Solaris 7 operating environments for SPARC and x86 platforms. If you are running Solaris 2.5.1, or earlier, you must upgrade your operating environment to at least Solaris 2.6. In addition to the Solaris Core System Support packages, there are additional Solaris packages required prior to installing SunScreen EFS.


Caution - Caution -

Do not reinstall the Core System Support software group if you are upgrading from SunScreen EFS 1.1 or 2.0 to SunScreen EFS 3.0.


To Install the Prerequisite Solaris Packages and Kernel Patches on the Screen
  1. Add the following packages to the Screen from your Solaris CD, if not already on your system:

    system SUNWdoc Documentation Tools

    system SUNWeuluf UTF-8 L10N For Language Environment User Files

    system SUNWjvjit Java JIT compiler

    system SUNWjvrt JavaVM run time environment

    system SUNWlibC SPARCompilers Bundled libC

    system SUNWlibms SPARCompilers Bundled shared libm

    system SUNWsprot SPARCompilers Bundled tools

    system SUNWtoo Programming Tools

    system SUNWvolr Volume Management (Root)

    system SUNWvolu Volume Management (Usr)

    system SUNWxwice ICE components

    system SUNWxwplt X Window System platform software

    system SUNWxwrtl X Window System & Graphics Runtime Library Links

    system SUNWmfrun Motif RunTime Kit

  2. If you are using Solaris 2.6 as your operating environment, add the following patches, if not already on your system, by typing:


    For SPARC systems:
    # cd /cdrom/cdrom0/sparc/Patches
    # patchadd 106125-06
    # patchadd 105181-11
    # patchadd 105284-15
    # patchadd 105490-04
    # patchadd 106040-10
    # patchadd 106409-01
    
    For x86 systems:
    # cd /cdrom/cdrom0/i386/Patches
    # patchadd 106126-06
    # patchadd 105182-13
    # patchadd 105285-15
    # patchadd 105491-04
    # patchadd 106041-10
    # patchadd 106410-01
    


    Note -

    These patches must be added in the order given.


  3. Reboot by typing:


    # sync; init 6
    

To Install the Prerequisite Solaris Packages on the Remote Administration Station
  1. If you will be using a remote administration station, add the following packages to the Administration Station from your Solaris CD, if not already on your system:

    system SUNWjvrt JavaVM run time environment

    system SUNWmfrun Motif RunTime Kit

    system SUNWxwplt X Window System Platform software

  2. If you are using Solaris 2.6 as your operating environment, add the following patches, if not already on your system, by typing:


    For SPARC systems:
    # cd /cdrom/cdrom0/sparc/Patches
    # patchadd 106125-06
    # patchadd 105284-15
    # patchadd 105490-04
    # patchadd 106040-10
    # patchadd 106409-01
    
    For x86 systems:
    # cd /cdrom/cdrom0/i386/Patches
    # patchadd 106126-06
    # patchadd 105285-15
    # patchadd 105491-04
    # patchadd 106041-10
    # patchadd 106410-01
    

Upgrading a Locally Administered SunScreen EFS

The following procedures explain how to upgrade to SunScreen EFS 3.0 from either SunScreen EFS 1.1 or 2.0.


Note -

The upgrade software automatically backs up your system in case the upgrade fails. If there are any other system backups you want to make, do so now before performing the upgrade.


To Upgrade to SunScreen EFS 3.0 in Routing Mode With Local Administration
  1. Open a terminal window and become root.


    Caution - Caution -

    Ensure that the OpenWindows File Manager is not running because it interferes with the operation of the volcheck command used for installation.


  2. Insert the SunScreen EFS 3.0 CD-ROM into the CD-ROM drive.

  3. Mount the CD-ROM by typing:


    # volcheck
    

  4. Start the upgrade software by typing:


    # /cdrom/cdrom0/upgrade
    

    The software backs up existing SunScreen EFS packages for you. The file and package names will appear as output on your monitor. Wait until this completes.

  5. Next, the software automatically removes the existing SunScreen SKIP and SunScreen EFS 1.1 or 2.0 software packages. Wait until this completes.

    The packages are removed automatically one-by-one. No confirmations are needed or accepted. The file and package names will appear as output on your monitor.

  6. Next, the SunScreen EFS 3.0 software is automatically installed for you. Wait until this completes.

    The file and package names will appear as output on your monitor.

  7. Next your existing SunScreen EFS 1.1 or 2.0 configurations are automatically converted to SunScreen EFS 3.0 policies. Wait until this completes.

    If there are any conversion errors, they are itemized as output on your monitor.

  8. Remove the SunScreen EFS, Release 1.1 or 2.0 PATH and MANPATH from your shell initialization file.

  9. Set the SunScreen EFS 3.0 PATH and MANPATH by editing your shell initialization file (such as .profile or .login file).

    1. Set the PATH for the Bourne shell by typing:

      PATH=/opt/SUNWicg/SunScreen/bin:$PATH

      PATH=/usr/dt/bin:$PATH

      export PATH

    2. Set the MANPATH for the Bourne shell by typing:

      MANPATH=$MANPATH:/opt/SUNWicg/SunScreen/man

      export MANPATH

  10. Eject the CD from the CD-ROM drive by typing:


    # eject cdrom0
    

  11. Install any SKIP upgrades (Export Controlled [1024-bit] or U.S. and Canada Use Only [2048-bit] keys) as instructed in the documentation that is included with the upgrade SKIP CD-ROM.

    While you do not need to use encryption in a locally administered SunScreen EFS, you may want to use encrypted communication over public and private networks.


    Caution - Caution -

    Do not run the installation wizard as it is for an initial installation only and can corrupt your existing configurations.


  12. Reboot by typing:


    # sync; init 6
    

  13. Open a terminal window and become root, if not already.

  14. List the policies that have been converted by typing:


    # ssadm policy -l
    


    Note -

    NAT mappings have changed considerably in SunScreen EFS 3.0. If you are using NAT, you must modify it before activating the configuration. If you are converting from SunScreen EFS 1.1, be aware that ordered rules is a new feature. See the SunScreen EFS 3.0 Reference Manual for more detail.


  15. Choose the one policy that you want to activate by typing:


    # ssadm activate configuration_name
    

  16. To configure and manage your SunScreen from your Administration Station, run a Java-enabled Web browser compliant with JDK 1.1.3 or later, and launch the Administration GUI by typing the following URL:


    http://localhost:3852
    

    The Administration GUI login page appears, as shown in Figure 6-1

    Figure 6-1 Administration GUI Login Page

    Graphic

To configure and manage SunScreen EFS, see the SunScreen EFS 3.0 Administration Guide.

Upgrading a Remotely Administered SunScreen EFS

The following procedures explain how to upgrade to a remotely administered SunScreen EFS 3.0 from either SunScreen EFS 1.1 or 2.0. The upgrade software automatically backs up your system in case the upgrade fails. If there are any other system backups you want to make, do so now before performing the upgrade.


Note -

The upgrade procedure for remote administration requires that you install the upgrade software on the Screen first and then on the Administration Station.


To Upgrade a Remotely Administered Screen
  1. Open a terminal window on the Screen and become root.


    Caution - Caution -

    Ensure that the OpenWindows File Manager is not running because it interferes with the operation of the volcheck command used for installation.


  2. Insert the SunScreen EFS 3.0 CD-ROM into the CD-ROM drive.

  3. Mount the CD-ROM by typing:


    # volcheck
    

  4. Start the upgrade software by typing:


    # /cdrom/cdrom0/upgrade
    

  5. Next, the program automatically does a back up of your existing SunScreen EFS configurations, software packages, and certificates.

    The file system names appear as output on your monitor. Wait until this completes.

  6. Next, the software automatically removes the existing SunScreen SKIP and SunScreen EFS 1.1 or 2.0 software packages. Wait until this completes.

    The packages are removed automatically one-by-one. No confirmations are needed or accepted. The file and package names will appear as output on your monitor.

  7. Next, the SunScreen EFS 3.0 software is automatically installed for you. Wait until this completes.

    The file and package names will appear as output on your monitor.

  8. Next your existing SunScreen EFS 1.1 or 2.0 configurations are automatically converted to SunScreen EFS 3.0 policies. Wait until this completes.

    If there are any conversion errors, they are itemized as output on your monitor.

  9. Remove the SunScreen EFS, Release 1.1 or 2.0 PATH and MANPATH from your shell initialization file.

  10. Set the SunScreen EFS 3.0 PATH and MANPATH by editing your shell initialization file (such as .profile or .login file).

    1. Set the PATH for the Bourne shell by typing:

      PATH=/opt/SUNWicg/SunScreen/bin:$PATH

      PATH=/usr/dt/bin:$PATH

      export PATH

    2. Set the MANPATH for the Bourne shell by typing:

      MANPATH=$MANPATH:/opt/SUNWicg/SunScreen/man

      export MANPATH

  11. Eject the CD from the CD-ROM drive by typing:


    # eject cdrom0
    

  12. Install any SKIP upgrades (Export Controlled [1024-bit] or U.S. and Canada Use Only [2048-bit] keys) as instructed in the documentation that is included with the upgrade SKIP CD-ROM.


    Caution - Caution -

    Do not run the installation wizard as it is for an initial installation only and can corrupt your existing configurations.


  13. Reboot by typing:


    # sync; init 6
    

  14. Open a terminal window and become root, if not already.

  15. List the policies that have been converted by typing:


    # ssadm policy -l
    


    Note -

    NAT mappings have changed considerably in SunScreen EFS 3.0. If you are using NAT, you must modify it before activating the configuration. If you are converting from SunScreen EFS 1.1, be aware that ordered rules is a new feature. See the SunScreen EFS 3.0 Reference Manual for more detail.


  16. Choose the one policy that you want to activate by typing:


    # ssadm activate configuration_name
    

    You next move to the remote Administration Station.

To Upgrade a Remote Administration Station
  1. Open a terminal window on the Administration Station and become root.


    Caution - Caution -

    Ensure that the OpenWindows File Manager is not running because it interferes with the operation of the volcheck command used for installation.


  2. Remove each SunScreen EFS, Release 1.1 or 2.0, package individually by typing:


    For SunScreen EFS 1.1:
    # pkgrm SUNWicgSA 
    
    For SunScreen EFS 2.0:
    # pkgrm SUNWicgSA SUNWicgSD SUNWicgSM SUNWHJicg
    

  3. Follow the program prompts and answer all the questions with y.

    The pkgrm program ends with the statement: Removal of name_of_package was successful.


    Note -

    If you did not originally install any of these packages, omit them from the string or else remove the packages one at a time.


  4. Remove the SKIP software packages by typing:


    # pkgrm SICGcrc2 SICGcrc4 SICGes SICGkeymg SICGkisup SICGbdcdr
    

  5. If needed, remove any SKIP crypto upgrades by typing:


    # pkgrm SICGcdes SICGc3des SICGcsafe SICGkdsup
    SICGkusup
    

  6. Insert the SunScreen EFS 3.0 CD-ROM into the Administration Station's CD-ROM drive.

  7. Mount the CD-ROM by typing:


    # volcheck
    


  8. For SPARC systems:
    # pkgadd  -d /cdrom/cdrom0/sparc
    
    For x86 systems:
    # pkgadd  -d /cdrom/cdrom0/i386
    
    Add the SunScreen EFS 3.0 packages by typing:

For SPARC systems, you are prompted with a menu of packages to install:


The following packages are available:
1  SUNWbdc       SKIP Bulk Data Crypt  1.5 Software
                   (sparc) 1.5
  2  SUNWbdcx      SKIP Bulk Data Crypt (64-bit) 1.5 Software
                   (sparc) 1.5
  3  SUNWdthj      HotJava Browser for Solaris
                   (sparc) 1.1.5,REV=1998.12.03
  4  SUNWes        SKIP End System  1.5 Software
                   (sparc) 1.5
  5  SUNWesx       SKIP End System (64-bit) 1.5 Software
                   (sparc) 1.5
  6  SUNWfwcnv     SunScreen Firewall conversion
                   (sparc) 3.0
  7  SUNWhttp      Sun WebServer daemon and supporting binaries
                   (sparc) 2.0
  8  SUNWicgSA     SunScreen Administration Software
                   (sparc) 3.0
  9  SUNWicgSD     SunScreen online documentation
                   (sparc) 3.0
 10  SUNWicgSM     SunScreen man pages
                   (sparc) 3.0

... 7 more menu choices to follow;
<RETURN> for more choices, <CTRL-D> to stop display:


 11  SUNWicgSS     SunScreen Firewall
                   (sparc) 3.0
 12  SUNWkeymg     SKIP Key Manager Tools 1.5 Software
                   (sparc) 1.5
 13  SUNWkisup     SKIP I-Support module 1.5 Software
                   (sparc) 1.5
 14  SUNWrc2       SKIP RC2 Crypto Module
                   (sparc) 1.5
 15  SUNWrc4       SKIP RC4 Crypto Module  1.5 Software
                   (sparc) 1.5
 16  SUNWrc4x      SKIP RC4 Crypto Module (64-bit) 1.5 Software
                   (sparc) 1.5
 17  SUNWsman      SKIP Man Pages 1.5 Software
                   (sparc) 1.5

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: 

For x86 systems, you are prompted with a menu of packages to install:


The following packages are available:
1  SUNWbdc       SKIP Bulk Data Crypt  1.5 Software
                   (i386) 1.5
  2  SUNWdthj      HotJava Browser for Solaris
                   (i386) 1.1.5,REV=1998.12.03
  3  SUNWes        SKIP End System  1.5 Software
                   (i386) 1.5
  4  SUNWfwcnv     SunScreen Firewall conversion
                   (i386) 3.0
  5  SUNWhttp      Sun WebServer daemon and supporting binaries
                   (i386) 2.0
  6  SUNWicgSA     SunScreen Administration Software
                   (i386) 3.0
  7  SUNWicgSD     SunScreen online documentation
                   (i386) 3.0
  8  SUNWicgSM     SunScreen man pages
                   (i386) 3.0
  9  SUNWicgSS     SunScreen Firewall
                   (i386) 3.0
 10  SUNWkeymg     SKIP Key Manager Tools 1.5 Software
                   (i386) 1.5

... 4 more menu choices to follow;
<RETURN> for more choices, <CTRL-D> to stop display:


 11  SUNWkisup     SKIP I-Support module 1.5 Software
                   (i386) 1.5
 12  SUNWrc2       SKIP RC2 Crypto Module
                   (i386) 1.5
 13  SUNWrc4       SKIP RC4 Crypto Module  1.5 Software
                   (i386) 1.5
 14  SUNWsman      SKIP Man Pages 1.5 Software
                   (i386) 1.5

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:

  1. For SPARC systems, enter: 1-5, 8, 10, 12-17 For x86 systems, enter: 1-3, 6, 8, 10-14

  2. Follow the program prompts, answering all the questions with y.

    When completed, you return to the same menu of packages.

  3. Type q to quit pkgadd.

  4. Move the SKIP keys by typing:


    # cp -rp /etc/opt/SUNWicg/skip/* /etc/skip/.
    

  5. Eject the CD-ROM from the CD-ROM drive by typing:


    # eject cdrom0
    

  6. Install any SKIP upgrades (Export Controlled [1024-bit] or U.S. and Canada Use Only [2048-bit] keys) as instructed in the documentation that is included with the upgrade CD-ROM.

  7. Reboot to complete the upgrade by typing:


    # sync; init 6
    

  8. Open a terminal window and become root, if necessary.

  9. To configure and manage your SunScreen from your Administration Station, run a Java-enabled Web browser compliant with JDK 1.1.3 or later, and launch the Administration GUI by typing the following URL:


     http://localhost:3852
    

To configure and manage SunScreen EFS, see the SunScreen EFS 3.0 Administration Guide.

Upgrading an EFS 2.0 High Availability (HA) System


Note -

Do not run the upgrade procedure on a HA Secondary machine. It is to be run only on the EFS 2.0 HA Primary machine.


To upgrade an EFS 2.0 HA System, you must:

  1. Upgrade the EFS 2.0 HA Primary machine.

To upgrade the EFS 2.0 Primary machine, follow the procedure "To Upgrade to SunScreen EFS 3.0 in Routing Mode With Local Administration".

  1. Upgrade the EFS 2.0 HA Secondary machine.

To upgrade an HA Secondary machine, you must:

  1. Remove the EFS 2.0 software packages

  2. Install the EFS 3.0 software packages on the machine that will be an HA Secondary

  3. Configure your HA cluster

For more information on configuring and managing HA clusters, see the SunScreen EFS 3.0 Administration Guide.

To Upgrade an EFS 2.0 HA Secondary Machine
  1. On the machine that is the EFS 2.0 Secondary, become root, if necessary.

  2. Remove the EFS 2.0 software packages by typing:


    # pkgrm SUNWicgSS SUNWicgEF SUNWicgSA SUNWicgSD SUNWicgSM SUNWHJicg
    


    Note -

    If you did not originally install any of these packages, omit them from the string or else remove the packages one at a time.


  3. Remove the SKIP software packages by typing:


    # pkgrm SICGcrc2 SICGcrc4 SICGes SICGkeymg SICGkisup SICGbdcdr
    

  4. If needed, remove any SKIP crypto upgrades by typing:


    # pkgrm SICGcdes SICGc3des SICGcsafe SICGkdsup
    SICGkusup
    

  5. Remove all old EFS 2.0 certificates, configurations, and logfiles by typing:


    # rm -rf /var/opt/SUNWicg /etc/opt/SUNWicg
    

  6. Reboot your machine to complete the removal of the EFS 2.0 installation by typing:


    # sync; init 6
    

To Complete the Upgrade of an HA Primary Screen From SunScreen EFS 2.0

After you have upgraded the SunScreen EFS 2.0 HA primary Screen to SunScreen EFS 3.0, you must perform this procedure to define your HA primary Screen's HA interface. This is done only on the HA primary Screen and not on any of the HA secondary Screens. Before proceeding, you must know the following information:

In this example:

After you have completed the upgrade program on the HA primary Screen and have rebooted:

  1. On the HA primary Screen, open a terminal window and become root.

  2. Type the following:


    # ssadm edit Initial
    edit> add address qfe0 RANGE 129.129.129.0 129.129.129.255
    edit> delete interface qfe0
    edit> add interface SCREEN haprimary qfe0 HA qfe0
    edit> save
    edit> quit
    

  3. Activate the configuration by typing:


    # ssadm activate Initial
    

To Install the SunScreen EFS 3.0 Software on the HA Secondary

See the SunScreen EFS 3.0 Administration Guide for instructions.

To Configure The Upgraded HA Cluster

See the SunScreen EFS 3.0 Administration Guide for instructions on setting up an EFS 3.0 HA cluster.

Upgrading From SunScreen SPF-200 to SunScreen EFS 3.0 in Stealth Mode

The upgrade from SunScreen SPF-200 to SunScreen EFS 3.0 requires a unique set of steps. You can use the same machine that operates as the SPF-200 Screen and upgrade it to become a SunScreen EFS 3.0 Screen in stealth mode. If choosing this option, be aware that this will require significant downtime and you should plan a time that is convenient for this.


Note -

It is recommended you have your original installation diskette for your SPF-200 Screen in the event that the upgrade procedure fails and you must then return to your original SPF-200 configuration.


To Upgrade from SPF-200 to SunScreen EFS 3.0 in Stealth Mode
  1. Perform a backup of the SPF-200 Screen. Refer to your SPF-200 documentation, if needed.

    This should be stored in a secure location as it contains sensitive information that must be protected.

  2. Perform a backup the SPF-200 Administration Station, following regular Solaris procedures.

    This should be stored in a secure location as it contains sensitive information that must be protected.

  3. Install Patch 105047-21 on the Administration Station and Screen, if not already installed.

    This patch is available through Sun Service.

  4. Insert the SunScreen EFS 3.0 CD-ROM into the Administration Station's CD-ROM drive.

  5. Mount the CD-ROM by typing:


    # volcheck
    

  6. You must install a special patch onto the Screen. From the Administration Station, install the SPF-200 patch on the Screen by typing:


    # ss_client Name_of_Screen ss_patch install noreboot < \
    /cdrom/cdrom0/sparc/Patches/spfUpgradePatch.tar.Z
    


    Note -

    Do not install this patch on the Administration Station itself or any other system. Do not reboot your system.


  7. You must gather the SPF-200 configurations and send them back to the Administration Station. Run the special script to do this by typing:


    # ss_client Name_of_Screen config2 > 200config.tar
    

    This file contains sensitive information. The SKIP connection creates secure, encrypted communication between the Administration Station and the Screen. Do not send this file over insecure lines. To move this file, use a diskette or a secured connection only.


    Note -

    Do not change the name of the file from 200config.tar.


  8. From the Administration Station, obtain your Administration Station's certificate ID by typing:


    # skiplocal list
    

    A list of encryption certificate IDs is displayed.

  9. Write down the correct certificate ID for your Administration Station.

  10. On the Screen, install either Solaris 2.6 or Solaris 7, following the instructions accompanying your Solaris CD.


    Note -

    You must do a fresh installation since the SPF-200 OS can not be upgraded.


  11. On the Administration Station, verify that your operating environment is at least Solaris 2.6. If not, upgrade your operating environment as necessary.

  12. On the Screen, using the same interface id that the SPF-200 used as its administrative interface (e.g. le0), configure that interface only.

    See the Solaris documentation, if necessary.

  13. Remove the old SunScreen SPF-200 Administration Station software by typing:


    # pkgrm SUNWicgSA 
    

  14. Remove the old SKIP packages from the Administration Station by typing:


    # pkgrm SICGcrc2 SICGcrc4 SICGes SICGkeymg SICGkisup
    SICGbdcdr
    
    To remove any SKIP crypto upgrades:
    # pkgrm SICGcdes SICGc3des SICGcsafe SICGkdsup
    SICGkusup
    

  15. On the Administration Station, install the SunScreen EFS 3.0 software by following the instructions in Chapter 5.

  16. On the Administration Station, move the SKIP keys by typing:


    # cp -rp /etc/opt/SUNWicg/skip/* /etc/skip/.
    

  17. Reboot the Administration Station by typing:


    # sync; init 6
    

  18. On the Screen, install the SunScreen EFS 3.0 software by following the instructions in Chapter 5.

    Enter the Administration Station's certificate ID from Step 9 when prompted.

  19. On the Administration Station, create a session on the Screen by entering:


    # SSADM_TICKET_FILE=$HOME/.ssadmticket
    # export SSADM_TICKET_FILE
    # touch $SSADM_TICKET_FILE
    # chmod go= $SSADM_TICKET_FILE
    # ssadm -r Name_of_Screen login admin admin
    

  20. On the Administration Station, verify that you are able to remotely administer the upgraded Screen by typing:


    # ssadm -r Name_of_Screen active
    

  21. On the Administration Station, begin the conversion of the SPF-200 configurations to SunScreen EFS 3.0 policies on the Screen by typing:


    # ssadm -r Name_of_Screen spf2efs < 200config.tar
    

  22. Verify your migrated configuration before activating it. To view/update the migrated configurations, open a Java-enabled web browser compliant with JDK 1.1.3 or later and launch the Administration GUI by typing:


    http://Name_of_Screen:3852
    


    Note -

    NAT mappings have changed considerably in SunScreen EFS 3.0. If you are using NAT, you must modify it before activating the configuration. Be aware that ordered rules is a new feature. See the SunScreen EFS 3.0 Reference Manual for more detail.


See the SunScreen EFS 3.0 Administration Guide for instructions on using the Administration GUI.

  1. On the Administration Station, activate your migrated configuration by entering:


    # ssadm -r Name_of_Screen activate Name_of_Configuration