What Is SunScreen EFS 3.0?

SunScreen EFS 3.0 is a versatile firewall used for access control, authentication, and network data encryption. SunScreen EFS 3.0 integrates the two SunScreen firewall products SunScreen EFS and SunScreen SPF-200. SunScreen EFS 3.0 consists of a rules-based, dynamic packet-filtering engine for network-access control, and an encryption and authentication engine that enables you to create secure Virtual Private Network (VPN) gateways by integrating public-key encryption technology. It is the first firewall to address high availability (HA) for standard based encryption. Secure administration is provided through an easy-to-use administration graphical user interface (GUI) through a Web browser.

Stealth mode reflects the operation of the SunScreen SPF product; whereas, routing mode reflects prior releases of SunScreen EFS.

SunScreen EFS 3.0 consists of two components: Screen and Administration Station. The Screen is the firewall responsible for screening packets and for performing the necessary encryption and decryption. The Administration Station is where you define your security policy and from where you administer your Screen(s). The two components can be installed on separate machines for remote administration or on a single machine for local administration.

A machine can support as many as 15 interfaces, one of which should be the path to the external (public) network. Stealth and routing modes are supported on all SPARC and x86 systems listed on the Solaris supported hardware list (located at: http://access1.sun.com/drivers/hcl/hcl.html).

Manually deleting and then re-installing network interfaces also removes SunScreen EFS 3.0 from the interfaces.

Both stealth and routing modes support the following link adapters: SBus local (le, be) (10Mb/s) and Quad (qe) Ethernet; as well as X1059A SBus (hme), X1049A SBus Quad (qfe), X1032A 10/100 Mbps PCI (hme), X1033 PCI (hme), and X1034A PCI Quad (qfe) FastEthernet. Screens running in routing mode additionally support: FDDI, Token Ring, and ATM.

SunScreen EFS 3.0 uses open-standard SKIP (Simple Key-Management for Internet Protocols) technology, pioneered by Sun, for encryption, authentication, access control, and secure virtual private networks. SunScreen EFS 3.0 incorporates SunScreen SKIP 1.5 for Solaris. You must log into the Solaris command line to directly administer SKIP on the Screen.

SunScreen SKIP new features includes support for 4096-bit Diffie-Hellman modulus and new DH primes.

See the SunScreen SKIP 1.5 User's Guide for further information regarding SKIP encryption and administration.

You can remotely administer SunScreen EFS 3.0 with any computer that has a supported version of SKIP and a Java browser compliant with JDK 1.1.3. SKIP software is available for Sun Solaris, Windows NT with Service Pack 3, Windows 95, and Windows 98 with PC SKIP patches.

If the choice list flickers when using the HotJava browser, quit and restart the browser.