This file shows rules generated from FireWall-1 rules that cannot be used in the SunScreen EFS environment without modification. The policy.name_Rule.log file explains why these rules were not added to the SunScreen EFS firewall, for example:
Source, Destination, or Installed on objects are of a type not supported by SunScreen EFS 3.0
FireWall-1 Service is of a type not supported by SunScreen EFS 3.0
FireWall-1 Action is not supported by SunScreen EFS 3.0
SunScreen EFS 3.0 does not support FireWall-1 encryption, user authentication, or client authentication. Encryption in SunScreen EFS 3.0 is accomplished through SKIP, as explained in the SunScreen EFS 3.0 Reference Manual. For more information regarding SKIP, see the SunScreen SKIP 1.5 User's Guide.
All FireWall-1 rules are generated during the conversion. You must manually remove any rules that you do not need.
The following shows a sample of a policy.name_Rule.log file such as you might find after FireWall-1 to SunScreen EFS conversion.
/***** SunScreen EFS 3.0: Firewall-1 conversion log *****/ /***** @(#)RuleStore.java 3.5 99/03/03 Sun Microsystems, Inc. *****/ Rule below not added as the action Encrypt is configured differently in SunScreen EFS. add_nocheck Rule "smtp" "aiims" "*" Encrypt Rule below not added as the action Encrypt is configured differently in SunScreen EFS. add_nocheck Rule "echo" "aiims" "*" Encrypt Rule below not added as the action User Authentication is not valid in SunScreen EFS. add_nocheck Rule "ftp" "*" "aiims" User Rule below not added as the action Client Encryption/Authentication is not valid in SunScreen EFS. add_nocheck Rule "dns" """ "*" Client |