Routing and Stealth Mode Installation Summary

Although you can use the installer to guide you through the installation, this chapter covers installing the SunScreen software through the command-line interface on systems using IKE with self-generated certificates for encryption.

For Trusted Solaris 8, there is no built-in facility for generating IKE certificates on a remote Administration Station like there is when using SKIP encryption. Instead, you employ a second Screen (known as an administrative Screen) for remote administration. Solaris 9 has native IKE support so you only need to install the Administration packages.

Perform the installation in the following order:

1. On the Administration Station:

   1. Install the administration software. In the Solaris 9 case, you only install the administration package. In the Trusted Solaris 8 case, you install both the administration and Screen packages.

   2. Create the Administration Station's IKE certificate. Export it to a file, then transfer the file to the firewall Screen system.

2. On the firewall Screen

   1. Install the Screen and the administration software.

      This step requires the Administration Station's certificate ID.

   2. Create the Screen's IKE certificate. Export it to a file, then transfer the file to the Administration Station.

   3. Import the Administration Station's IKE certificate.

   4. Mark the certificate as trusted.

   5. Create an address object for the Administration Station.

   6. Create an Admin Acess rule allowing communication bewteen the Administration Station and the Screen.

   7. Edit the Screen object to specify the Administration Station's IP address.

3. On the Administration Station

   1. Import the Screen's certificate.

   2. Mark the certificate as trusted.

   3. Set up encrypted communication between the Administration Station and the Screen. In the Solaris 9 case, this means editing the IKE configuration files. In the Trusted Solaris 8 case, you must create certificate and address object then use these objects to create a packet filtering rule allowing communication between the two systems.

The following sections describe the installation procedures for installing the SunScreen software and how to establish encrypted communication using IKE certificate technology.