This content has been marked as final. Show 1 reply
SMF control for IPSEC didn't come along until Solaris 10 5/09. You would need this release (this ability is not provided by patches) in order to control ipsec via SMF:
docs.sun.com Home > Solaris 10 What's New Collection > Solaris 10 5/09 What's New > 1. What's New in the Solaris 10 5/09 Release
SMF Services for IPsec
IP security (IPsec) is now managed by the following Solaris Management Facility (SMF) services:
* svc:/network/ipsec/policy:default The policy service checks for the /etc/inet/ipsecinit.conf file and feeds the data into the IPsec Security Policy Database (SPD). The policy service must be started and its file, /etc/inet/ipsecinit.conf, must exist for boot-time IPsec policy configuration.
* svc:/network/ipsec/ike:default The ike service controls the Internet Key Exchange (IKE) daemon in iked(1M). This service controls ike in a manner similar to other daemon-controlled services like ssh or sendmail.
* svc:/network/ipsec/manual-key:default The manual-key service checks for the /etc/inet/secret/ipseckeys file and feeds the keys into the IPsec Security Association Database (SADB). Prior to SMF, the mere existence of the /etc/inet/secret/ipseckeys file was sufficient, but now the service should also be enabled to load manual IPsec keys.
* svc:/network/ipsec/ipsecalgs:default The ipsecalgs service is enabled by default and maps Solaris Cryptographic Framework algorithms to their use in IPsec. Changes enabled with ipsecalgs(1M) subsequently refresh the ipsecalgs service.
The SMF management brings all the SMF features to IPsec, for example, interface consistency, capability of restarting, and fault-tracking.