Chris -
You're right, 3.1 was not a major release, as it came
out not too long after we did our localized version of
3.0RevB. See below for the feature differences.
As far as the requirement of an ADMIN interface for Stealth mode -
this is something I wanted, and here's why: if you *don't* have an
admin interface, and you run into some problems and you need
to open a service call -- how are you going to get configuration
information off of the box? If something core dumps, how
will you get a core file off? Unless you attatch a tape drive,
trying to configure an ADMIN interface on a system "in trouble"
will likely be too complex. So, we made it mandatory that you
configure an ADMIN interface at install time.
If you don't want to use it for every day administration, you
can simply unplug the cable and not use it. You can then tip
into the box or administer it via console. Some users have even
changed their ADMIN interface to ROUTING to enable ssh to the
box. What you don't want is administration in the clear, over
an insecure network.
Also, if you harden the system, you won't have a telnet or
ftp daemon on the system anymore.
Feature enhancements from 3.0 -> 3.1:
* name change (dropped the "EFS" designation, since product combines
"EFS" (aka ROUTING) *and* "SPF" (aka STEALTH) capabilities)
* Miscelaneous GUI & CLI improvements, other misc. enhancements
* new Timed Status SNMP traps (contains system & sunscreen information,
sent on user specified interval, good for monitoring disk usage,
memory usage, CPU stats, and active connection #s).
* new interfaces support (adds ATM CIP mode and gigabit ethernet)
* new OS support (3.0 only supported 2.6 & 7 (32 & 64 bit), 3.1 is supported
on 2.6, 7 (32 & 64 bit), 8 (32 & 64 bit), and Trusted Solaris 7)
* stronger base crypto (we up this every time we legally can)
probably other things I'm forgetting.
Valerie
SunScreen Developer
[EMAIL PROTECTED] -or- [EMAIL PROTECTED]
> Subject: Re: SunScreen 3.1
> Date: Tue, 10 Apr 2001 13:59:06 +0200
> From: Chris Osicki <[EMAIL PROTECTED]>
>
> Valerie,
>
> Thanks for your reply. Now I understand.
>
> Btw. I remember somebody saying there was no major changes
> from 3.0 to 3.1, the ss_install doesn't allow local
> administration in stealth mode, however.
> And a stealth screen insist in having an admin interface.
> How disappointing.
> Are we not allowed anymore to manage screens from ascii
> terminal, or am I missing something?
>
> Regards,
> Chris
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
