A Sample SunScreen Network Map

SunScreen divides the network into discrete areas, each served by an interface. You set up filtering rules to control access to one area from another area, which can be another network within your company or an area outside your company.

The following figure shows a sample map of a simple network in which a Screen in stealth mode functions as a firewall to connect the Engineering network over an unsecured public network (the Internet) through a Screen in routing mode to other secure networks.

Figure 2-1 Sample Network Map

The ftp-www server might be the public area of the company, also called the demilitarized zone (DMZ), and the engineering, sales, and corporate network segments might be part of the private area. SunScreen can then control access between these areas and the rest of the Internet.

See "Defining Security Policies" in SunScreen 3.2 Installation Guide for worksheets and instructions to aid you in determining your network configuration and your desired security level.