This chapter explains how to install a SunScreen EFS 3.0 in routing mode with local administration. In this configuration, SunScreen EFS 3.0 is installed on a single machine and does not have to use SKIP. Use this installation method if you need routing functions in addition to firewall capabilities, as the SunScreen will function both as a router and a firewall.
Topics covered include:
Installation of the software on a single machine
Setting of the PATH and installing SKIP upgrades
Launching the Administration GUI
SunScreen EFS 3.0 runs on the Solaris 2.6 and Solaris 7 operating environment for SPARC or x86 systems. If you are presently running Solaris 2.5.1 or lower, you must ugrade your operating environment before proceeding.
If you want to install SunScreen EFS 3.0 in routing mode with remote administration, read the information and instructions in Chapter 4.
If you want to install SunScreen EFS 3.0 in stealth mode, read the information and instructions in Chapter 5.
If you are presently running SunScreen EFS 1.1 or 2.0, and want to upgrade to SunScreen EFS 3.0, read the information and instructions in Chapter 6.
If you are presently running SunScreen SPF-200 and want to upgrade to SunScreen EFS 3.0, read the information and instructions in Chapter 6.
If you are converting a running FireWall-1 machine, Release 2.1 or 3.0 to a SunScreen EFS 3.0 machine, read the information and instructions in Chapter 7.
Before installing, review the SunScreen EFS 3.0 Release Notes for the latest information about this product.
The following procedures explain how to install SunScreen EFS 3.0 with local administration. Installation is performed on a single machine. Prior to installation, make sure the machine is performing properly as a router.
Do not begin this procedure until you have read the information in Chapter 2.
The installation procedure requires that the machine be rebooted when indicated. Do not perform any other tasks on the machine while installing the software, as a delay in rebooting the machine may affect installation and cause your system to hang.
The installation wizard will guide you through this procedure. You must be on the machine you are installing on in order to use the wizard and must not telnet to the machine.
While following this procedure, accept all defaults as given. If you want to choose another option when presented, you should quit the installation wizard and use the appropriate installation procedure. If this happens, see the Table of Contents to locate the correct chapter.
Configure all network interfaces you plan on using.
Before continuing with installation, configure all network interfaces you plan on using, if not already done. In routing mode, SunScreen EFS 3.0 will only see the network interfaces that Solaris sees. For details on Solaris network configuration, see the documentation accompanying the Solaris operating environment.
Open a terminal window and become root.
Ensure that the OpenWindows(TM) File Manager is not running because it interferes with the operation of the volcheck command used for installation.
Insert the SunScreen EFS 3.0 CD-ROM into the CD-ROM drive.
Mount the CD-ROM by typing:
# volcheck |
# /cdrom/cdrom0/screenInstaller |
Due to late software changes, the appearance of the installation wizards may differ slightly from that shown. Functionality and performance is not affected. The panels of the installation wizards can be resized, if needed.
The SunScreen EFS 3.0 Screen Install's Welcome window appears, as shown in Figure 3-1.
Click Next to continue the installation process.
The Checking Installed Solaris Packages window appears, as shown in Figure 3-2. Prior to installation of the SunScreen EFS 3.0 software, a check is performed to verify that the prerequisite Solaris packages are installed on your machine.
If there are missing required packages, a list will be displayed. You must exit the installation wizard at this point and install the required Solaris packages from your Solaris CD.
Click Next to continue the installation process.
The Secondary HA Designation window appears, as shown in Figure 3-3. No is the default.
Choose Yes if you are configuring an HA cluster and are installing the Secondary SunScreen of that cluster. If this is what you want to do, exit the installation wizard and see the SunScreen EFS 3.0 Administration Guide for instructions on how to set-up an HA cluster.
Click Next to continue the installation process.
The Select Screen Type window appears, as shown in Figure 3-4. You are given two types of installations to choose from: Stealth or Routing. Routing mode is the default.
If you want to install in stealth mode, exit the installation wizard and see Chapter 5 of this book.
Accept the default, Routing, and Click Next.
The Select Administration Type(s) window appears, as shown in Figure 3-5. You are given the choice of Local Administration, or Remote Administration, or both. Both are selected when there is a monitor on the Screen and you want an additional Administration Station. Local Administration is the default.
If you want to install a remotely administered SunScreen, exit the installation wizard and see Chapter 4.
Accept the default, Local Administration, and Click Next.
The Select Type of Install window appears, as shown in Figure 3-6. You are given two choices: Default Install and Custom Install.
The HotJava browser, version 1.1.5, is packaged on the SunScreen EFS 3.0 CD-ROM and is installed as part of the Default Install. If you do not want this installed, select Custom Install and deselect package SUNWdthj.
Select the type of install desired, and Click Next.
The disk space on your machine is checked. An error message appears if you do not have enough disk space.
The Ready to Install window appears, as shown in Figure 3-7. The size of the packages to be installed is confirmed.
Click Install Now to continue the installation process.
The Installing window appears, as shown in Figure 3-8. The status bar shows the progress of the installation.
Once completed, the Select Initial Security Level window appears.
Select the level of security you want: Restrictive, Secure, or Permissive. Permissive is the default.
When in doubt, select Permissive as your initial security level, as shown in Figure 3-9. You can change this later if you need to.
Click Next to continue the installation process.
The Select Name Service(s) window appears, as shown in Figure 3-10. You must select the name service that will be used on the Screen. Your choices are both NIS and DNS, either NIS or DNS, or None. For None, deselect both.
Click Next to continue the installation process.
The Screen Configuration window appears with the message: Configuring Screen, as shown in Figure 3-11. Figure 3-12 shows the message which appears once the Screen is successfully configured.
Click Next to continue the installation process.
The Screen Reboot window appears.
To reboot the machine, Click the Screen Reboot button.
The installation wizard disappears.
You must reboot the machine at this time in order to complete the installation process.
Open a terminal window and become root, if not already.
Set the PATH and MANPATH by editing your shell initialization file (such as .profile or .login file).
PATH=/opt/SUNWicg/SunScreen/bin:$PATH
PATH=/usr/dt/bin:$PATH
export PATH
Set the MANPATH for the Bourne shell by typing:
MANPATH=$MANPATH:/opt/SUNWicg/SunScreen/man
export MANPATH
Install any SKIP upgrades (Export Controlled [1024-bit] or U.S. and Canada Use Only [2048-bit] keys) as instructed in the documentation that is included with the SKIP upgrade CD-ROM.
While the use of encryption is not required in a locally administered Screen, you may want to use encryption for communication over public and private networks.
If SKIP upgrades were installed, reboot by typing:
# sync; init 6 |
To configure and manage your SunScreen from your Administration Station, open a Java-enabled web browser compliant with JDK 1.1.3 or later, and launch the Administration GUI by typing the following URL:
http://localhost:3852 |
The SunScreen EFS Administration GUI appears, as shown in Figure 3-13.
To login, type the following and Click Login:
User Name: admin Password: admin |
You next configure and manage your SunScreen with the Administration GUI. See the SunScreen EFS 3.0 Administration Guide for further instructions.