test

SunScreen 3.1 Configuration Examples

General Centralized Management Group Configuration

Setting up centralized management requires several steps, in the following order:

  1. Install the firewall software on the routing-mode primary Screen.

  2. Configure the primary Screen with a basic policy, including an administrative certificate.

    Which is created during installation by selecting remote administration, or it can be created manually once the installation is complete.

    Also, be sure to specify the primary Screen's name on any interfaces defined for the primary Screen.

  3. Install the firewall software on the stealth-mode secondary Screens.

    On the secondary Screens, create the following:

    • Certificate objects for both the primary and secondary Screens.

    • Address objects required to correctly define the Screen objects, interfaces, and policy rules on the secondary Screens.

    • Screen object for primary Screen.

    • Interface objects for the secondary Screens.

    • Policy rules to enable at least SunScreen SKIP and CDP packets from the primary Screen to pass through the secondary Screens' interfaces.

  4. Modify the object for the secondary Screens to contain the primary Screen's name and encryption information.

  5. Save and activate the policy on the secondary Screens.

  6. On the primary Screen, create the following:

    • Certificate object for the secondary Screens.

    • Screen object for the secondary Screens containing the primary Screen's name and encryption information.

    • Address objects required to correctly define all the interfaces on the secondary Screens (be sure to include the Screen name for each interface defined).

    • Interface objects for all interfaces on the secondary Screens (be sure to supply the Screen name for each interface defined).

    • Policy rules for the secondary Screens, as needed.

      Note -

      To enable centralized management to push the policy to the secondary Screens, SunScreen SKIP and CDP from the primary Screen must be enabled to pass through the secondary Screens.

  7. Save and activate the policy on the primary Screen.

    This pushes the policy to each secondary Screen that was defined.

  8. Repeat Steps 3 through 7 for each secondary Screen in the centralized management group.