Centrally Managed Groups - provides a way for you to manage multiple Screens with a set of common objects through a specific, primary Screen, as well as monitor logs on individual Screens in a centralized management group or HA cluster. The primary Screen, where the objects reside, can be managed by many different Administration Stations like in prior SunScreen firewall releases.
Stealth or Routing Modes - allows you to designate interfaces in either stealth or routing mode on a port-by-port basis. Stealth mode, as a layered product, no longer boots from a CD-ROM nor requires an installation diskette, and operating system (OS) hardening is optional. High availability (HA) is accessible in both modes. Proxies work in routing mode only.
Data Organization - increases the efficiency of data storage and retrieval by handling text data through a common access method. Common objects comprised of policy objects defining your security policy, are maintained by the edit sub-command of the new process ssadm, which is written in Java, that provides local as well as remote administration capabilities.
High Availability (HA) - supports stealth and routing mode installations. The primary HA Screen manages secondary HA Screens in an HA cluster. A passive HA Screen within a HA cluster mirrors the state of the active Screen, which can be the primary or a secondary HA Screen. When the active Screen fails, the passive Screen that has been running the longest takes over as the active Screen within 15 seconds. During this time (before the passive Screen takes over), no traffic will go through the HA cluster.
Logging - allows you to search, sort, and filter log messages to find critical information quickly and easily. You specify the log size value and what information you want recorded in administrative log files when you set up SunScreen EFS 3.0. Once running, you can monitor logs using the browser and the command line in real time.
Network Address Translation (NAT) - enables a Screen to map an internal network address to a different network address. As it passes packets between an internal host and a public network, the addresses in the packet are replaced with new addresses transparently, checksums and sequence numbers are corrected, and the state of the address map is monitored. You specify when a packet using ordered NAT translations is applied based on source or destination addresses.