SUMMARY: SunScreen Lite 3.1 - not working

From: Oscar Knight <knightod_at_appstate.edu>
Date: Mon Nov 19 2001 - 20:47:46 EST
Hello All,

First, I would like to thank all those that responded.  It was amazing.
The first response came in less than and hour and it had great info!  This
list rocks.

I asked two questions:

1) why was traffic getting through when it clearly should not
   based on my rules.  I was using '*' as the service for all of my rules.

   First there is a patch for SunScreen Lite.  One of the things it
   address is an issue with '*' as service.   As of this writing it's

    Patch ID   Updated    Description
    109737-05  7/25/2001  SunScreen 3.1 LITE (Intel) miscellaneous fixes
    109736-05  7/25/2001  SunScreen 3.1 LITE (Sparc) miscellaneous fixes

   Available at http://sunsolve.sun.com/

   And second, when using '*' as the service you loose stateful checking.
   It's best to stay away from '*' for the service.


2) how to get the logging to show which rule matched?

   You can't :(  But you can turn logging on and off, or set an SNMP trap
   for the rule you're testing.

Also, it was pointed out that sun has a "blueprint" for using SunScreen
Lite 3.1 as a host-based firewall.  I found it very useful.  It's at

http://www.sun.com/security/blueprints/#sunscreenlite

Several folks gave pointers to using the CLI for management.  The CLI is
MUCH easier to use than the GUI!

Thanks again to those that responded!
odk
--
Oscar D. Knight                                     knightod@appstate.edu
Network Support Services                              Voice: 828-262-6946
Appalachian State University, Boone, NC 28608           FAX: 828-262-2236
Received on Tue Nov 20 01:47:46 2001

This archive was generated by hypermail 2.1.8 : Wed Mar 23 2016 - 16:32:36 EDT