The following information was not included in the documentation when the SunScreen 3.1 documents were printed.
For future documentation updates, see http://docs.sun.com.
To upgrade from a SunScreen 3.1 Lite configuration to the Full release of SunScreen 3.1, follow the instructions in Chapter 7, "Upgrading from SunScreen EFS and SunScreen SPF-200" in the SunScreen 3.1 Installation Guide. The instructions that apply to SunScreen EFS 1.1, 2.0, and 3.0 also apply to SunScreen 3.1 Lite.
If you installed SunScreen 3.1 from the installer, and the Product Registry is present, to uninstall SunScreen from the Product Registry run the product registry by typing:
$ /usr/bin/prodreg |
SunScreen 3.1 appears as an installed component, which you can select and uninstall by clicking the "uninstall" button.
The section in Chapter 1, "To Install the Required Java Plug-In," in the SunScreen 3.1 Installation Guide is missing an important part of Step 5, which sets an environment variable to point to the Java(TM) Plug-In directory. The step should also instruct you to add the path or the setenv statement to your .cshrc, .profile, or .login file. Unless you perform this step, the path to the plug-in directory will be lost at the next system reboot and you will not be able to run the administration GUI.
When running in stealth mode, SunScreen supports the passing of Ethernet packets that are not IP-based. Examples of these types of packets include Novell IPX, AppleTalk, DECNet, and others. The method for passing these packets is based on the undocumented ether state engine.
To pass such packets, you must define a new service using the ether state engine, and must know exact Ethernet frame types that are used by the non-IP packets.
The following supplements the information in Chapter 9, "Removing SunScreen 3.1," in the SunScreen 3.1 Installation Guide.
If you remove SunScreen packages from a Screen when the active configuration includes rules that use proxies, the disabled Solaris services, such as the standard FTP daemon, are not reinstated.
To ensure that they are reinstated, perform the following steps before removing the SunScreen packages:
Remove the Screen from the managed group, if it is a secondary Screen.
Use the instructions in the Section, To Remove a Screen From a Cluster in the Centralized Group, in Appendix A, "Using the Command Line," in the SunScreen 3.1 Administration Guide.
Stop the current proxies in one of the following two ways:
Activate a policy that does not contain proxy rules.
Deactivate the proxies manually using the command line, as root, by typing:
# rm /etc/opt/SUNWicg/SunScreen/.active/*.conf # /etc/init.d/proxy stop |
This method is specific to SunScreen 3.1, as it uses path names and interfaces that are not guaranteed to exist in future releases.
The original daemons (that is, sendmail, telnetd, and ftpd) are reinstated.