You can install the SunScreen software in routing mode or in stealth mode.
It is possible to mix the two modes so that the interfaces protecting your system from the outside network are stealth and the interfaces to your internal network are routing. When mixing modes, install the Screen in routing mode first, then configure the stealth interfaces.
Mixing interface modes requires careful consideration. Before you attempt this configuration, refer to the SunScreen 3.2 Administration Guide and the SunScreen 3.2 Configuration Examples documents, the latter of which includes an example of a mixed mode configuration.
Choose routing mode when you need to filter packets between multiple networks connected by a Solaris-based system. A system in routing mode acts as both a router and a firewall. To use proxies or to install additional network services on the Screen, the interfaces must be configure in routing mode. Routing mode requires at least two exposed IP interfaces.
Be aware of the following considerations when operating in routing mode:
As with any router, the Screen is situated between subnets.
Adding a new router to your network can require a reorganization of your network and renumbering of your hosts.
Solaris software IP stack on the Screen's filtering interfaces exposes an IP address, as opposed to a stealth configuration that does not.
Choose stealth mode to increase your defense against attacks and when routing functions are not needed. In stealth mode, your system behaves like a bridge in that no IP interfaces are exposed to the public or private network and packets are filtered by the Screen transparently. While operating in stealth mode, the Screen cannot be seen or detected through traceroute or similar network tools.
Be aware of the following considerations when operating in stealth mode: