SunScreen EFS Release 3.0 Installation Guide

Chapter 2 Prerequisites for Installation

This chapter details the prerequisites recommended prior to installing SunScreen EFS 3.0.

Topics included are:

Before installing, review the SunScreen EFS 3.0 Release Notes for the latest information about this product.

Determine Your Security Policy

Before actually installing the SunScreen EFS 3.0 software, you should first determine your network security policy. For a more thorough discussion of this topic, we suggest you read Computer Security Policies and SunScreen Firewalls by Kathryn M. Walker and Linda Croswhite Cavanaugh. Additional resources are listed in the Preface.

In brief, considerations when creating a security policy are:

Determine Your Network Configuration

Prior to installing SunScreen EFS 3.0, you should make a map of your network. This will help identify any potential security problems inherent in the way the network is currently connected. A diagram of your network will aid installation and should include:

Determining Your Initial Level of Security

You must determine your initial level of security. You have three possible security levels to choose from when installing SunScreen EFS 3.0 in routing mode. Each security level corresponds to a different set of network services permitted to, from, and through the Screen. If you are in doubt about which security level to select for the Initial configuration, use a more permissive security mode. You can always reconfigure it to be more secure by changing the rules using the Administration GUI.

The security levels are as follows:

You must also determine which naming service to use. You may choose one (NIS or DNS), both (NIS and DNS), or none. For none, deselect both.

In routing mode, SunScreen EFS 3.0 automatically installs all Ethernet interfaces that have been configured on the machine. In stealth mode, only the interface used for remote administration should be configured, and the other interfaces must not be configured.

If you are converting FireWall-1 configurations for use on SunScreen EFS 3.0, or when planning to convert a FireWall-1 machine to a SunScreen EFS 3.0 machine, read the information and instructions in Chapter 7 first.

Once the following preparation criteria are met, continue to the appropriate chapter for your particular installation.

Preparing for Installation

The following sections describe how to prepare for initial installations on both locally and remotely administered SunScreen EFS 3.0 machines.

Preparing the Screen and Administration Station

SunScreen EFS 3.0 runs on Solaris 2.6 and Solaris 7 operating environments for SPARC and x86 platforms. If you are running Solaris 2.5.1, or earlier, you must upgrade your operating environment to at least Solaris 2.6.

Minimally, the Screen must have installed the Core System Support software group, and the Administration Station must have installed the End User Distribution software group. Prior to installing SunScreen EFS 3.0, additional Solaris packages are required and must be installed.


Caution - Caution -

Do not reinstall the Core System Support software group if you are upgrading from either SunScreen EFS 1.1 or 2.0 to SunScreen EFS 3.0, as described in Chapter 6.


To Install the Prerequisite Solaris Packages and Kernel Patches on the Screen
  1. Add the following packages to the Screen from your Solaris CD, if not already on your system:

    system SUNWdoc Documentation Tools

    system SUNWeuluf UTF-8 L10N For Language Environment User Files

    system SUNWjvjit Java JIT compiler

    system SUNWjvrt JavaVM run time environment

    system SUNWlibC SPARCompilers Bundled libC

    system SUNWlibms SPARCompilers Bundled shared libm

    system SUNWsprot SPARCompilers Bundled tools

    system SUNWtoo Programming Tools

    system SUNWvolr Volume Management (Root)

    system SUNWvolu Volume Management (Usr)

    system SUNWxwice ICE components

    system SUNWxwplt X Window System platform software

    system SUNWxwrtl X Window System & Graphics Runtime Library Links

    system SUNWmfrun Motif RunTime Kit

  2. If you are using Solaris 2.6 as your operating environment, add the following patches, if not already on your system, by typing:


    For SPARC systems:
    # cd /cdrom/cdrom0/sparc/Patches
    # patchadd 106125-06
    # patchadd 105181-11
    # patchadd 105284-15
    # patchadd 105490-04
    # patchadd 106040-10
    # patchadd 106409-01
    
    For x86 systems:
    # cd /cdrom/cdrom0/i386/Patches
    # patchadd 106126-06
    # patchadd 105182-13
    # patchadd 105285-15
    # patchadd 105491-04
    # patchadd 106041-10
    # patchadd 106410-01
    


    Note -

    These patches must be added in the order given.


  3. Reboot by typing:


    # sync; init 6
    

  4. If you will be operating the SunScreen in routing mode, configure all network interfaces that will be used.

    See the documentation accompanying the Solaris operating environment, if needed.

  5. If you will be operating the SunScreen in stealth mode, configure only the network interface that will be used for remote administration.

    See the documentation accompanying the Solaris operating environment, if needed.

To Install the Prerequisite Solaris Packages on the Administration Station
  1. If you will be using a remote administration station, add the following packages to the Administration Station from your Solaris CD, if not already on your system:

    system SUNWjvrt JavaVM run time environment

    system SUNWmfrun Motif RunTime Kit

    system SUNWxwplt X Window System Platform software

  2. If you are using Solaris 2.6 as your operating environment, add the following patches, if not already on your system, by typing:


    For SPARC systems:
    # cd /cdrom/cdrom0/sparc/Patches
    # patchadd 106125-06
    # patchadd 105284-15
    # patchadd 105490-04
    # patchadd 106040-10
    # patchadd 106409-01
    
    For x86 systems:
    # cd /cdrom/cdrom0/i386/Patches
    # patchadd 106126-06
    # patchadd 105285-15
    # patchadd 105491-04
    # patchadd 106041-10
    # patchadd 106410-01