SunScreen EFS Release 3.0 Installation Guide

Determining Your Initial Level of Security

You must determine your initial level of security. You have three possible security levels to choose from when installing SunScreen EFS 3.0 in routing mode. Each security level corresponds to a different set of network services permitted to, from, and through the Screen. If you are in doubt about which security level to select for the Initial configuration, use a more permissive security mode. You can always reconfigure it to be more secure by changing the rules using the Administration GUI.

The security levels are as follows:

You must also determine which naming service to use. You may choose one (NIS or DNS), both (NIS and DNS), or none. For none, deselect both.

In routing mode, SunScreen EFS 3.0 automatically installs all Ethernet interfaces that have been configured on the machine. In stealth mode, only the interface used for remote administration should be configured, and the other interfaces must not be configured.

If you are converting FireWall-1 configurations for use on SunScreen EFS 3.0, or when planning to convert a FireWall-1 machine to a SunScreen EFS 3.0 machine, read the information and instructions in Chapter 7 first.

Once the following preparation criteria are met, continue to the appropriate chapter for your particular installation.