SunScreen EFS Release 3.0 Installation Guide

Command and Executable Files

When you create the new SunScreen EFS 3.0 configuration, you run the configuration program, which then executes the command files. You do not need to take further action on the command and executable files.

Examples of the policy.name_Objects file, policy.name_Rules file, and the policy.name _efscfg file, respectively, follows.


# The address commands may contain other addresses which need to be created.
# These objects are logged in the policyname_Obj.log file

 add_nocheck Address  "mailhost-INT" HOST 205.167.60.6 COMMENT "Object from FW-1"
 add_nocheck Address  "mailhost-EXT" HOST 207.82.121.5 COMMENT "Object from FW-1"
 add_nocheck Address  "localnet" NETWORK 205.167.60.00 255.255.255.00  COMMENT 
"Object from FW-1, will need to be modified before using the GUI"
 add_nocheck Address  "talon" HOST 205.167.60.200 COMMENT "Object from FW-1"
 add_nocheck Address  "exosecure-alc" HOST 207.82.121.254 COMMENT "Object from FW-1"
 save

add_nocheck Rule  "ip all" "*" "*"  ALLOW  LOG SUMMARY 
 save


#!/bin/csh


setenv PATH .:/usr/bin:/usr/sbin:/bin:/opt/SUNWicg/SunScreen/bin


echo Creating Policy: 4complex

ssadm policy -a 4complex

echo Adding Policy Addresses

/opt/SUNWicg/SunScreen/bin/ssadm edit -P 4complex < 4complex_Objects

echo Adding Policy Rules

/opt/SUNWicg/SunScreen/bin/ssadm edit -P 4complex < 4complex_Rules

echo Finished!