The following procedures explain how you prepare for and generate the new SunScreen EFS 3.0 configuration.
Choosing which of the next two procedures to follow depends on whether you plan to run SunScreen EFS 3.0 on the former FireWall-1 machine or on a new machine. Option 1 discusses preparing the FireWall-1 machine to become a SunScreen EFS 3.0 machine. Option 2 discusses preparing a new machine to run the converted FireWall-1 configurations.
Only one of the following two procedures must be done.
Open a terminal window and become root.
Save the existing FireWall-1 configuration files located in the /opt/SUNWfw/conf directory as a backup.
Use the pkgrm command to remove the SUNWfw package by typing:
# pkgrm SUNWfw |
Upgrade your operating environment to at least Solaris 2.6, if not already done.
See your Solaris documentation for instructions, if necessary.
Install the additional Solaris packages and kernel packages required as listed in Chapter 2, if not already done.
Prior to installing the SunScreen EFS software, make sure that the machine is performing properly as a router.
Insert the SunScreen EFS 3.0 CD-ROM into the CD-ROM drive.
Mount the CD-ROM by typing:
# volcheck |
Add the SunScreen EFS software by typing:
# /cdrom/cdrom0/screenInstaller |
This command sets up the Initial configuration. It is not equivalent to the FireWall-1 policy. The installation wizard performs the initialization required by SunScreen EFS 3.0.
The SunScreen EFS installation wizard's Welcome window appears. The installation wizard will guide you through the installation process. For more detailed instructions, see Chapter 3.
Reboot the system by typing:
# sync; init 6 |
Continue to the section, "To Generate the New SunScreen EFS Configuration."
Prior to installing the SunScreen EFS software, make sure that the machine is performing properly as a router.
Open a terminal window and become root, if not already.
Upgrade your operating environment to at least Solaris 2.6, if not already done.
See your Solaris documentation for instructions, if necessary.
Install the additional Solaris packages and kernel packages required as listed in Chapter 2, if not already done.
Insert the SunScreen EFS 3.0 CD-ROM into the CD-ROM drive.
Mount the CD-ROM by typing:
# volcheck |
Copy the generated configuration files to a directory on the new SunScreen EFS 3.0 machine.
Add the SunScreen EFS 3.0 software on the new SunScreen EFS machine by typing:
# /cdrom/cdrom0/screenInstaller |
The SunScreen EFS Screen Install's Welcome window appears. The installation wizard will guide you through the installation process. For more detailed instructions, see Chapter 3.
Reboot the new SunScreen EFS machine by typing:
# sync; init 6 |
Continue to the section, "To Generate the New SunScreen EFS Configuration."
Open a terminal window and become root, if not already.
Change to the directory where the conversion files were saved and make the policy.name_efscfg file executable by typing:
# chmod 544 policy.name_efscfg |
Verify that the commands in the generated file are accurate.
Run the script by typing:
# ./policy.name_efscfg |
policy.name_efscfg creates the new SunScreen EFS 3.0 configuration from the FireWall-1 configuration, which is similar to the FireWall-1 policy.
See the SunScreen EFS 3.0 Administration Guide for instructions on activating the configuration.