SunScreen Lite

SunScreen Lite is a stateful, packet-filtering firewall that has a subset of the features in SunScreen. It protects individual servers and small work groups.

This manual is a reference for both the SunScreen and the SunScreen applications. Keep the following differences and similarities in mind when configuring and administering SunScreen Lite.

Limitations

The SunScreenLite firewall does not support the following feature that are available in SunScreen. A SunScreen Lite firewall:

• Does not support stealth-mode operation.

• Cannot support more than two routing interfaces; the filtering mechanisms ignore any other interfaces.

• Does not support and cannot create the ADMIN, HA, or STEALTH interfaces.

• Cannot support more than ten unregistered IP addresses that can be translated to registered addresses using network address translation (NAT); it is limited to two NAT rules.

• Cannot be a member of a high availability (HA) cluster.

• Cannot create and cannot be made the primary Screen in a centralized management group (CMG).

• Does not support proxies.

• Does not support and cannot create the time objects.

• Ignores the time-of-day field. It makes all rules active while that policy is active.

Supported Features

The SunScreen 3.1 Lite firewall:

• Can administer a Screen from a remote Administration Station.

• Supports basic packet filtering.

• Displays all data for supported SunScreen types and data fields.

• Can be used in virtual private networks (VPNs).

• Can be used for secondary machines in a centralized management group.

• Uses SunScreen SKIP (Simple Key Management for Internet Protocols) for the Solaris operation environment for encryption. SunScreen SKIP is included as part of SunScreen 3.1 Lite and is automatically installed.