Roy -
Yes, you can have up to 15 interfaces (depending on
underlying OS/hardware support) in stealth mode for
SunScreen.
It must all still subdivide a single subnet, but it can
have different pieces of that subnet off of different
interfaces. So, if your DMZ hosts are on the subnet that
your Screen is subdividing, you can do that. (your correct
about needing to define the address objects to associate
with the interfaces, and also make sure you have defined
the subnet address and netmask as part of the Screen object
and all should work out well).
Valerie
SunScreen development
> To: [EMAIL PROTECTED]
> Subject: sunscreen efs 3.0 and stealth mode
> Date: Thu, 19 Oct 2000 14:29:37 +0200
> From: "Roy G. Culley" <[EMAIL PROTECTED]>
>
> Hello,
>
> I currently administer several sunscreen efs 3.0 firewalls using
> stealth mode. The sunscreen is installed like a 'bridge' within
> a single subnet.
>
> A colleague of mine says it is possible to have a third interface
> connected to a DMZ subnet while in stealth mode and that packets
> would be routed correctly as long as the interfaces are associated
> with groups representing the addresses accessible from each
> interface. Is this possible in stealth mode?
>
> Regards,
> Roy
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
