Limitations

SunScreen Lite does not support the following SunScreen features. Consequently, a SunScreen Lite firewall:

• Cannot be a member of a high availability (HA) cluster.

• Does not support stealth-mode operation.

• Does not support proxies.

• Can neither create nor be made the primary Screen in a CMG group.

• Only supports two routing interfaces when ip_forwarding is enabled on the Screen. Any additional interfaces that are configured on this system will not have filtering rules applied to them. Lite supports virtually unlimited routing interfaces when the Screen is not acting as a router; that is, ip_forwarding is turned off. This is ideal for protecting server systems that have multiple interfaces for connectivity, administration, and backup, but that are not routing packets between interfaces

• Cannot support more than ten unregistered IP addresses that can be translated to registered address using Network Address Translation (NAT); it is limited to two NAT rules.

• Ignores the time-of-day field. It makes all rules active while that policy is active.

• Can neither support nor create time objects.

• Can neither support nor create the ADMIN, HA, or STEALTH interfaces.