SunScreen 3.2 Installation Guide

Software and Hardware Requirements

The table below lists the installation requirements for SunScreen 3.2.

SunScreen includes HotJava^TM 1.1, SunScreen SKIP for Solaris, and IKE software.

To read the SunScreen documentation from the administration GUI, you must have the Adobe Acrobat Reader plug-in installed on your system.

Note -

Because of a limitation in SunScreen SKIP, release 1.5.1 for Solaris, the RC2 encryption algorithm is not available when running Solaris 8 in 64-bit mode.

Table 1-1 SunScreen 3.2 Installation Requirements


Requirement	Description
Operating environment	Solaris 9 (with IPv4 only) in either 32-bit or 64-bit mode for (SPARC systems only) Trusted Solaris 8 (SPARC systems only)
Browsers supported:	A Java^TM-enabled Web browser compliant with JDK^TM, release 1.1.3 through 1.1.8 HotJava^TM 1.1 running on the SPARC platform Internet Explorer 4.0 (with or without the Java plug-in) on the Windows platform Netscape 4.0.1 or higher, can be used for all administrative functions except those requiring local file access. (See below for system requirements for Internet Explorer and Netscape to run Java plug-ins.) Note that a Solaris platform with SKIP and/or IKE installed can be used as an Administration Station for command line-based remote administration.
Hardware	All SPARCstation(TM) workstations, UltraSPARC systems supported by the Solaris 9 operating environment. All SPARCstations and UltraSPARC systems supported by Trusted Solaris 8.
Disk space	Minimum of 1 Gbyte (with at least 300 Mbytes unused). This space is needed for the following: configuration database = `/etc/sunscreen` = 10 MB [Can grow larger over the course of hundreds of policy or configuration changes] logs and temporary files = `/var/sunscreen` = 120 MB [Can grow larger if the SunScreen log size parameter is increased from its default of 100 MB] internal files = `/usr/lib/sunscreen` = 50 MB man pages = `/usr/share/man` = 1 MB
Memory	For administration software installation: a minimum of 32 Mbytes is required and 64 Mbytes is strongly recommended. For Screen-only software installation: a minimum of 32 Mbytes.
Network interfaces supported	For the Screen: [The Screen can support up to 15 stealth interfaces at one time.Stealth configurations do not support ATM, FDDI, token ring, or the use of proxies. SunScreen HA in routing mode does not support FDDI, token ring, ATM, Gigabit Ethernet, or failover of IKE-based IPsec connections] For SPARC and UltraSPARC systems in routing mode: 10-Mbps or 100-Mbps Ethernet interfaces (`le`, `qe`, `hme`, `be`, `qfe`, `pnet`) Gigabit Ethernet (ge) interfaces Token Ring interfaces (trp) ATM (155 and 622 Mbps) in LAN emulation mode (lane) or classic IP mode (ba) FDDI (nf), or PCI-based Ethernet cards For SPARC and UltraSPARC systems in stealth mode: 10-Mbps, 100-Mbps, Fast Ethernet, or Gigabit Ethernet interfaces High availability requires that the two machines be connected by means of a nonswitching hub. [Some switches, including Alteon, Radware's Fireproof, and Foundry's ServerIron, can be configured to work with SunScreen HA clusters. Each Screen is set up as an individual Screen, with different IP addresses, and no interconnect. You can use as many Screens as the switch supports. Note that because SunScreen is a stateful firewall, TCP connections do not failover. ] For the Administration Station: [A remote Administration Station can connect directly to a Screen only through an Ethernet local area network (LAN) or a fiber distributed data interface (FDDI). ] For SPARC systems: 10-Mbps or 100-Mbps Ethernet interfaces (`le`, `qe`, `hme`, `be`, `qfe`), or FDDI, or PCI-based Ethernet cards. An Administration Station can connect to the Screen by an asynchronous transfer mode (ATM) or Token Ring LAN, but only after it is connected directly to the network by way of an Ethernet or FDDI connection first.
Media	CD-ROM drive (and a diskette drive, if you are using certain types of CA-issued certificates.