Why Use SunScreen?

Your company may want to provide Internet services for customers and others, while allowing your employees to connect to the Internet for services and for access to corporate information. However, such connections may put your company assets at risk. SunScreen protects your company's assets by inserting a firewall between them and the Internet.

A Sample SunScreen Network Map

SunScreen divides the network into discrete areas, each served by an interface. You set up filtering rules to control access to one area from another area, which can be another network within your company or an area outside your company.

The following figure shows a sample map of a simple network in which a Screen in stealth mode functions as a firewall to connect the Engineering network over an unsecured public network (the Internet) through a Screen in routing mode to other secure networks.

Figure 2-1 Sample Network Map

The ftp-www server might be the public area of the company, also called the demilitarized zone (DMZ), and the engineering, sales, and corporate network segments might be part of the private area. SunScreen can then control access between these areas and the rest of the Internet.

See "Defining Security Policies" in SunScreen 3.2 Installation Guide for worksheets and instructions to aid you in determining your network configuration and your desired security level.