SunScreen 3.1 Lite

SunScreen 3.1 Lite is a stateful, packet-filtering firewall that has a subset of the features in SunScreen 3.1. It protects individual servers and small work groups.

This manual applies to both the SunScreen 3.1 Lite and the full version of SunScreen 3.1. Keep the following difference and similarities in mind when configuring and administering SunScreen 3.1 Lite.

Supported Features

SunScreen 3.1 Lite supports the following SunScreen features. A SunScreen 3.1 Lite firewall:

• Can do basic packet filtering.

• Can administer a Screen from a remote Administration Station.

• Can be used in Virtual private networks (VPNs).

• Can be used for CMG Secondary machines.

• Uses SunScreen SKIP (Simple Key-Management for Internet Protocols) for encryption. SunScreen SKIP is included as part of SunScreen 3.1 Lite and is automatically installed.

Limitations

SunScreen 3.1 Lite does not support the following SunScreen features. A SunScreen 3.1 Lite firewall:

• Cannot be a member of a high availability (HA) cluster.

• Does not support stealth-mode operation.

• Does not support proxies.

• Cannot create and cannot be made the primary Screen in in a CMG group.

• Cannot support more than two interfaces; the filtering mechanisms ignore any other interfaces.

• Cannot support more than ten unregistered IP addresses that can be translated to registered address using Network Address Translation (NAT); it is limited to two NAT rules.

• Ignores the time-of-day field. It makes all rules active while that policy is active.

• Does not support and cannot create the time objects.

• Does not support and cannot create the ADMIN, HA, or STEALTH interfaces.