SunScreen Proxies

SunScreen enables you to set up proxies for FTP, HTTP, SMTP, and Telnet traffic protocols. Although each proxy has different filtering capabilities and requirements, you can allow or deny sessions based on source or destination addresses of packets. Proxies share common objects and policy rule files. To start a proxy, you set up rules for a proxy in your security policy and activate the policy.

Use of these proxies does not require installing additional client or server system software. However, some changes may be required in system configurations or user-supplied commands to access protected destinations through the proxies.

The activation process employs a script to see if the policy being activated contains one or more rules that use a given proxy. If so, the corresponding proxy is automatically started. If this same script determines that the Screen has been configured as a SecurID client, then the SecurID PIN server is started as well.

With SunScreen 3.2, filtering of scripts, applets, and viruses in downloaded content is possible using VirusWall, which is separately licensed from TrendMicro, Inc. See information about VirusWall scanning in "HTTP Proxy", "SMTP Proxy", and "VirusWall Content Scanning".

The figure below shows a Screen using a proxy to filter packets for the HTTP protocol.

Figure 10-1 Screen With a Proxy