Policies in ScreenOS are configured from zone to zone let's say from trust to untrust. You need to create an addressbook entry to use in the policy (rule).
To create an addressbook antry:
set addres <zone> <name> <address>
For the smallest ssgs there are the following max's:
- 125 policies
- 512 addressbook entries per zone
- 32 entries per addressbook group
a policy looks like this:
set policy from <zone> to <zone> <soure zone addressbook entry> <dest zone addressbook entry> <service object> <nat src> permit log
Example: my_host on 172.16.1.1 access to internet. (I'm in trust zone, internet untrust) with source nat and logging
set adress trust my_host 172.16.1.1/32
set pol frim trust to untrust my_host any any nat src permit log
to allow my host from trust to untrust, with source natting
There's a lot more to tell, but this might give you an idea.