Routing and Stealth Modes
SunScreen includes routing-mode and stealth-mode capabilities.
Routing Mode
Routing-mode interfaces have IP addresses and perform IP routing. Routing mode requires that you connect each interface to a different network with its own network number.
Access to all proxies is through the transmission control protocol (CP) and can only run on systems configured in routing mode.
Stealth Mode
Stealth mode firewall partitions an existing single network and, consequently, does not permit you to subnet the network. Stealth-mode interfaces do not have IP addresses, and bridge the MAC layer.
In stealth mode, you must configure one interface as an administration interface. This interface is special case of a routing interface that is configured so that it only passes encrypted administration traffic to the Screen from a remote Administration Station.
If all of your interfaces are in stealth mode, SunScreen offers optional hardening of the OS, which removes packages and files from the Solaris operating system that are not used by SunScreen.
Both Routing and Stealth Mode
If some of your interfaces are in stealth mode and other interfaces are in routing mode, you should not use the option of hardening of the OS that SunScreen offers.
- © 2010, Oracle Corporation and/or its affiliates