test

SunScreen 3.2 Installation Guide

Configuring a Default Screen Installation Through the Command Line

The following describes installing the SunScreen default installation through the command line.

To Configure a Screen Locally in Routing Mode Through the Command Line
Note -

For the following procedure to work, you must have already installed the prerequisite Solaris packages; added the SunScreen packages, and rebooted your system.

  1. To begin the configuration after rebooting your system, as root, type the following:


    # ssadm configure

    A message appears: Checking for required packages.

  2. Press ENTER to continue if the prerequisite Solaris packages were installed, the SunScreen packages added, and you rebooted your system; otherwise, press Control-C to abort the installation.

    You are asked which type of Screen you want to install: 1 (routing, the default entry) or 2.

  3. Specify 1, Routing, as the Screen Type.

    The Screen can be set up as a router or as a bridge providing stealth. Which type of Screen you employ affects how the interfaces are initialized. For routing Screens, each interface is set up as a routing interface. For a stealth Screen, there is only one interface available, which is dedicated to Screen administration.

    You are asked which type of administration you want to install: 1 (routing, the default entry) or 2.

  4. Specify 1, Local administration.

    When using (1) local administration, all administration is performed on the Screen itself. When administering the Screen from a (2) remote Administration Station, you need to install the SunScreen administration packages, IKE or SKIP certificates, and a local key onto the Administration Station before continuing. When appropriate, you can also specify both Local and Remote.

    You are asked which level of security you want to install.

  5. Specify 3, Permissive, as the security level.

    There are three possible security levels and each security level corresponds to a different set of permitted services to, from, and through the Screen. The permissive security level is the default and can be used for the initial configuration and changed at any time after installation.

    The security levels are as follow:

    1. Permissive - This level allows most traffic, including inbound connections to the Screen itself and all traffic through the Screen. This security level is for installing the Screen onto a host that has multiple network interfaces and that acts as a router, or on a host that is acting as a server (for example, for NFS, NIS, or WWW).

    2. Restrictive - This level of security disallows all traffic to, from, and through the Screen, except for encrypted administration traffic. This level is best for deploying the Screen in an unsecured network environment. It requires that static routing and name resolution are configured on the host.

    3. Secure (routing Screens only) - This level disallows all traffic to and through the Screen, except for encrypted administration traffic, common services from the Screen, name server resolution traffic (like DNS and NIS), and routing (RIP). This level is a good starting point for getting a Screen up and running on a secure network, where the Screen cannot be a standalone system and depends on NIS, DNS, or NFS to function properly.

    Note -

    With the exception of the Restrictive security level, no IP spoofing protection is provided until the system is properly configured.

    A message appears: The following name resolution method was detected on this machine: None or Static name resolution from the /etc/hosts file.

  6. Specify 1, YES, to accept the Name Resolution as detected, if this is the name service that you want to use on this machine.

    Note -

    Make sure this is the name service that you want to use on this system (see "Preparing to Install High Availability" in SunScreen 3.2 Administration Guide).

  7. When the system configuration completes, reboot the system for your changes to take effect.