Interfaces
For Routing interfaces, there are two types of spoof detection : Complete and Incomplete. On the Interface Definition panel (see "To Add or Edit Interfaces"), you can set the spoof detection by clicking on the "Spoof Protection" pulldown and making the selection (see "Interface Object" in SunScreen 3.2 Administrator's Overview for information on Complete and Incomplete spoof detection).
For Stealth interfaces, the type of spoof detection is always set to Complete and is not modifiable.
Overlapping Interfaces
Note -
The maximum number of stealth interfaces per Screen is 15; however, the number of routing interfaces is virtually limitless.
To Add Interfaces (in Routing Mode)
Before you add a new interface, you must define the address group that the interface will use.
Type the following to define the interface named qe0 with no logging, no SNMP alerts, and ICMP_PORT_UNREACHABLE:
edit> add interface qe0 ROUTING qe0 ICMP PORT_UNREACHABLE |
To Add Interfaces (in Routing Mode) with a Detailed Log
Type the following to define the interface qe0 with detailed logging and SNMP alerts:
edit> add interface qe0 ROUTING qe0 LOG DETAIL SNMP ICMP PORT_UNREACHABLE |
To Remove an Interface
-
List the currently active interfaces by typing:
edit> list interface
A list of active interfaces is displayed.
-
Find the interface you want to delete and type the following:
edit> del interface interface_name
Note -
Any interfaces that you remove with this procedure remain active until you reactivate a policy.
- © 2010, Oracle Corporation and/or its affiliates