test

SunScreen 3.2 Administration Guide

Terms Used in This Book

To manage the SunScreen firewall effectively, you need to understand certain terms, a few of which are defined below. Other terms are defined when they are first used. All terms can be looked up in the Glossary at the back of this manual.

The system running the firewall software is called a Screen. An Administration Station is a system used to configure and administer the Screen. An Administration Station can be located:

Use common objects to model your network configuration and topology. Common objects are the smallest units that you can define on a Screen. The addresses of networks and individual hosts, different services (network protocols), and the user names of people authorized to administer the Screen are examples of common objects.

Policy rules are the individual rules that implement a security policy. Policy rules describe the relationships between the common objects (for example, hosts that can communicate with each other). There are four types of policy rules:

A policy is a named set of policy rules. When you install SunScreen, an initial policy is created for you, based on the information you supply. The name of this policy is Initial.

New installations can be performed at three levels for routing mode (see "Deciding on Your Initial Security Level" in SunScreen Installation Guide). After a new "permissive" installation, the default policy rules leave everything "open"; in other words, there is no packet filtering or any other type of firewall activity until you specify it. New "secure" and "restricting" installations begin with different default levels of filtering in place.

For stealth mode, the installation comes up without any rules.