The following problems are known to exist in SunScreen 3.1. They include workarounds as available.
Synopsis: Deleted stealth interface continues filtering based on old policy.
Description: When you activate a configuration that has removed an interface, that interface continues to filter based on the old policy.
Workaround: Reboot.
Synopsis: Screen will not come up when removing an interface from a Screen.
Description: When you physically remove an interface from the host or change the Solaris network configuration and reboot without first removing the SunScreen Interface object definition for that interface, the Screen will not work. This happens when the interface that was removed has already been defined in the Screen.
Workaround: The following steps explain how to fix this problem:
Log onto the console of the Screen as root.
Type the ssadm edit command to remove the offending Interface object from your SunScreen policy.
# ssadm edit Initial edit> delete interface qfe2 edit> save edit> quit |
See Appendix B, "Command-Line Reference", in the SunScreen 3.1 Reference Manual for more information on using the command-line interface.
Type the ssadm command to activate the policy.
# ssadm activate Initial |
Reboot the system.
Synopsis: Upgrade script cannot determine existing version when upgrading from SunScreen EFS 3.0, revision A (May 1999).
Description: The original release of SunScreen EFS 3.0 (May 1999) had an incorrect version name. When running the upgrade script for SunScreen 3.1, the script cannot determine the version of SunScreen currently installed. SunScreen EFS 3.0, revision B, (August 1999) does not have this problem.
Workaround: Install the patch for SunScreen EFS 3.0, revision A, before attempting to upgrade to SunScreen 3.1. The patch is available for download from:
http://www.sun.com/software/securenet/securenet3/install.html
This patch corrects the version name, which allows you to proceed with the upgrade to SunScreen 3.1.