SunScreen 3.1 Reference Manual

What Is SunScreen?

SunScreen is a versatile firewall used for access control, authentication, and network data encryption. SunScreen integrates the two earlier SunScreen firewall products SunScreen EFS and SunScreen SPF-200 as modes of operation.

Each physical interface can operate in one of two modes: routing or stealth.

Virtual interfaces are supported only in routing mode. An interface in routing mode has its own IP address and behaves like the interfaces of the SunScreen EFS system. If two or more routing mode interfaces are present, the firewall subdivides a network.

An interface in stealth mode does not have an IP address, nor does it have a TCP/IP stack. Multiple stealth interfaces act like a bridge and do not subdivide a network with respect to routing.

SunScreen consists of a rules-based, dynamic packet-filtering engine for network-access control, and an encryption and authentication engine that allows you to create secure Virtual Private Network (VPN) gateways by integrating public-key encryption technology. It is the first firewall to address high availability (HA) for standards-based encryption. Secure administration is provided through an easy-to-use administration graphical user interface (GUI) through a Web browser.

SunScreen consists of two components: Screen and Administration Station. The Screen is the firewall responsible for screening packets and for performing the necessary encryption and decryption. The Administration Station is where you define your security policy and from where you administer your Screen or Screens. The two components can be installed on separate machines for remote administration or on a single machine for local administration.

SunScreen fuses open-standard SKIP (Simple Key-Management for Internet Protocols) technology for encryption, authentication, access control, and secure virtual private networks (VPN). SunScreen incorporates SunScreen SKIP 1.5.1 for Solaris. You must use the Solaris command line to administer SKIP on the Screen directly.

See the SunScreen SKIP User's Guide, Release 1.5.1, for further information regarding SKIP encryption and administration.

You can administer SunScreen remotely from any computer that has a browser compliant with JDK 1.1.3 and has a supported version SKIP software installed. SKIP software is available for the Sun Solaris operating environment and the Microsoft Windows operating environment.