SunScreen Lite is a stateful, packet-filtering firewall that has a subset of the features in SunScreen. It protects individual servers and small work groups.
This manual is a reference for both SunScreen Lite and SunScreen applications. Keep the following differences and similarities in mind when configuring and administering SunScreen Lite.
The SunScreen 3.2 Lite firewall:
Supports basic packet filtering.
Displays all data for supported SunScreen types and data fields.
Can be used for secondary machines in a centralized management group.
Uses SunScreen SKIP or IKE for encryption. SunScreen SKIP and IKE are included as part of SunScreen 3.2 Lite and are automatically installed.
The SunScreen Lite firewall does not support some features that are available in SunScreen. A SunScreen Lite firewall:
If you have more than two interfaces and ip_forwarding is on, cannot support more than two routing interfaces. Any additional interfaces that are configured on this system will not have filtering rules applied to them. Note that Lite supports virtually unlimited routing interfaces when the Screen is not acting as a router--when ip_forwarding is turned off. This is ideal for protecting server systems that have multiple interfaces for connectivity, administration, and backup, but that are not routing packets between interfaces.
Does not support and cannot create the ADMIN, HA, or STEALTH interfaces.
Cannot support more than ten unregistered IP addresses that can be translated to registered addresses using network address translation (NAT); it is limited to two NAT rules.
Cannot create and cannot be made the primary Screen in a centralized management group (CMG).