SunScreen 3.2 Administrator's Overview

Book Information
Preface
Chapter 1 SunScreen Overview
- What Is SunScreen?
- Software and Hardware Requirements
  - Required Patches
  - Java Plug-In Software
- Compatibility With Other SunScreen Products
- SunScreen Lite
  - Supported Features
  - Limitations
- Online Help and Documentation
Chapter 2 SunScreen Concepts
- Why Use SunScreen?
  - A Sample SunScreen Network Map
- How SunScreen Works
- Routing and Stealth Mode Interfaces
  - Routing Mode Interface
  - Stealth Mode Interface
    - Hardening the OS
- Administration
- Security Policy
- Proxies
  - Event Logging With Proxies
- IPsec/IKE
  - Internet Key Exchange (IKE)
  - SunScreen IPsec Configuration
Chapter 3 Packet Filtering
- SunScreen Model
- Stateful Packet Filtering
  - Inbound Packet Rule Checking
  - Outbound Packet Rule Checking
- Policy Rules
- Policy Versions
Chapter 4 Common Objects
- Service Object
  - Single Service
  - Service Group
- Address Object
- Screen Object
- Interface Object
- authuser Object
- Time Object
- proxyuser Object
- Jar Signature Object
- Jar Hash Object
- Certificate Object
  - Single Certificate
  - Certificate Group
- IPsec Key Object
- Administration GUI Limitations
Chapter 5 Administration
- Administering the Screen
  - Local Administration
  - Remote Administration
- Centralized Management Group
Chapter 6 Encryption, Tunneling, and Virtual Private Networks
- Encryption and Decryption
- How SunScreen Uses Encryption
  - Packet Examination
  - Tunneling
- Using IKE With SunScreen
  - IKE Options
  - IKE Policy Rules
    - IKE Policy Rule Syntax
- Defining a VPN
  - Adding a VPN Rule
  - VPN Limitations
Chapter 7 Network Address Translation
- Network Address Translation
- NAT Rules
- Static NAT
  - One-to-One Translations
  - Address Range to Another Address Range
- Dynamic NAT
- Dynamic NAT Collisions
- Choosing NAT Addresses
- NAT Examples
- Applying NAT
Chapter 8 High Availability
- Why High Availability?
  - Hardware Requirements
  - SunScreen HA Definitions
- SunScreen HA Configurations
- HA Network Connections and Failovers
- Configuring HA
- Administering HA
Chapter 9 Authentication
- User Authentication
  - User Identification
- Authorized User
- Administrative User
- Proxy Users
- RADIUS User Authentication Details
- SecurID User Authentication Processing Details
Chapter 10 Proxies
- SunScreen Proxies
- How Proxies Work
  - Policy Rule Matching
- Proxy User Authentication
  - Proxy Limitations
  - Automatically-Saved Common Objects
- FTP Proxy
- HTTP Proxy
- SMTP Proxy
- Telnet Proxy
- VirusWall Content Scanning
Chapter 11 Logging
- Packet Logging
  - Logging Limitations
- Log File Locations
- Configuring Traffic Log Size
- Log Retrieval and Clearing
  - Examples: get, clear, get_and_clear
- Log Statistics
  - ssadm logstats Subcommand
- Log Inspection and Browsing
  - Log Filters and the logdump Command
    - Examples: logdump Command
  - logdump Extensions
- SunScreen welfmt Utility
- HTTP Proxy Header Logging
- Logged Network Packet Enhancements
- General Event Type Enhancements
  - Log Record Format
  - Extended Log Event Enhancements
- Log Filtering Macros
Appendix A Migrating From Earlier SunScreen Firewall Products
Appendix B Configuration Editor Reference
- What Is the Configuration Editor?
  - Save Not Required for Some Common Objects
- Solaris (shell) Commands
  - ssadm
    - Executing an ssadm Command From a Local Screen
    - Executing an ssadm -r Command on a Remote Administration Station
- ssadm Subcommands
- Unsupported Commands
- ssadm SKIP Commands
- Configuration Editor
- Network Monitoring and Maintenance
Appendix C Services and State Engines
- Standard Services
- Network Service Groups
- State Engines
Appendix D Error Messages
- Error Messages From ssadm edit
- Error Messages From ssadm activate
- Error Messages From ssadm lock
Appendix E Logged Packet Reasons
- Why Codes
Glossary
Index
- Numbers and Symbols
- A
- B
- C
- D
- E
- F
- G
- H
- I
- J
- K
- L
- M
- N
- O
- P
- R
- S
- T
- U
- V
- W