SunScreen 3.2 Installation Guide

SunScreen Operation Modes

You can install the SunScreen software in routing mode or in stealth mode.

It is possible to mix the two modes so that the interfaces protecting your system from the outside network are stealth and the interfaces to your internal network are routing. When mixing modes, install the Screen in routing mode first, then configure the stealth interfaces.


Caution - Caution -

Mixing interface modes requires careful consideration. Before you attempt this configuration, refer to the SunScreen 3.2 Administration Guide and the SunScreen 3.2 Configuration Examples documents, the latter of which includes an example of a mixed mode configuration.


Routing Mode

Choose routing mode when you need to filter packets between multiple networks connected by a Solaris-based system. A system in routing mode acts as both a router and a firewall. To use proxies or to install additional network services on the Screen, the interfaces must be configure in routing mode. Routing mode requires at least two exposed IP interfaces.

Be aware of the following considerations when operating in routing mode:

Stealth Mode

Choose stealth mode to increase your defense against attacks and when routing functions are not needed. In stealth mode, your system behaves like a bridge in that no IP interfaces are exposed to the public or private network and packets are filtered by the Screen transparently. While operating in stealth mode, the Screen cannot be seen or detected through traceroute or similar network tools.

Be aware of the following considerations when operating in stealth mode: