Stealth Interfaces
Stealth interfaces have no IP address. All stealth interfaces on a Screen are part of the same IP network. Thus, a Screen with stealth interfaces partitions one IP network and controls packet flow between those partitions.
Although it operates much like an IP bridge or switch, the Screen with stealth interfaces does not implement the bridging algorithms that detect loops. Make sure no loops exist in your network configuration where a packet could be sent out from one stealth interface and be received on another.
Stealth interfaces also provide a higher degree of security than routing interfaces because they are separate from the standard IP mechanisms used by the operating system. Thus, packets flowing through stealth interfaces cannot inadvertently leak into other network applications running on the system, thereby compromising the security of the firewall.
A stealth interface can define a set of five routers by IP address, using the ROUTER #.#.#.# keyword.
In summary, use stealth interfaces when you want to partition an existing IP network and control packet flow between those partitions without having to modify the configuration of your existing network.
- © 2010, Oracle Corporation and/or its affiliates