SunScreen EFS Release 3.0 Installation Guide

policy.name_Obj.log

The policy.name_Obj.log file lists objects found in your FireWall-1 security policy that were not directly supported in SunScreen EFS 3.0. Table 7-5 lists the FireWall-1 objects and shows whether they were converted to SunScreen EFS.

Table 7-5 How Conversion to SunScreen EFS Affects FireWall-1 Objects

FireWall-1 Object 

EFS Equivalent 

Conversion Status 

Host 

Host 

Yes. 

Network 

None 

Yes. Does not appear in the GUI but will show up on the command line. To make them visible in the GUI, manually change the NETWORK objects to RANGE objects via the command line. 

Router 

None 

No. See the policy.name_Obj.log file for details.

Switch 

None 

No. See the policy.name_OBJ log file for details.

Domain 

None 

No. See the policy.name_OBJ log file for details.

Group 

Group 

Yes. 

Gateways 

None 

No. However, they are logged in the policy.name_OBJ.log file. Gateways require more configuration within SunScreen EFS to assure that the IP addresses of the gateway are correct. See the ss_interfaces man pages for more information.

Following is a sample which shows the policy.name_Obj.log file, similar to the file that you can generate from your FireWall-1 policy.


/***** SunScreen EFS 3.0: Firewall-1 conversion log *****/
/***** @(#)ObjStore.java        3.6 99/03/03 Sun Microsystems, Inc. *****/

Objects of type: gateway, need some user decisions
You had a gateway with name "skil" ipaddr 205.167.60.13
If this is the gateway on which SunScreen is being installed please refer to the 
'ssadm edit' command to enable the interfaces