Hello Valerie,
I hope you won't object to my critising your reply to Chris
regarding the mandatory ADMIN interface in 3.1 especially as
you give such excellent support to us Sunscreen administrators.
> If you don't want to use it for every day administration, you can
> simply unplug the cable and not use it. You can then tip into the box
> or administer it via console. Some users have even changed their
> ADMIN interface to ROUTING to enable ssh to the box. What you don't
> want is administration in the clear, over an insecure network.
This is exactly what we do. Our ADMIN interface is a ROUTING interface
and we use ssh. By forcing us to give an ADMIN interface at install
time means we must install skip on the admin system[s] which buys us
nothing if we are using ssh. In fact it is an administrative burden.
We use ssh only to access all our servers whether they are firewalls
or not. I don't see why removing the option of local only admin at
install time gains you much. You can always stress in the install
docs that configuring an interface for remote access is highly
recommended when setting up a stealth mode Sunscreen. What do you
do when someone wants to remotely admin a Sunscreen from a system
where skip is not available?
I hope you aren't offended by my objecting to the removal of selecting
local only administration when installing 3.1 in stealth mode. I like
Sunscreen firewalls very much and most of the improvements in each new
major release have been very good. I started with the spf100 and its
horrible Windows based admin tool, then the spf200 which made admin a
lot easier although the split tcl/tk and http interface was perhaps not
the greatest thing in the world. The big plus with 3.0 was the vastly
improved rule handling and the ability to do all admin work relatively
simply from the command line. So I plead and ask that you allow us to
select local only admin when installing in stealth mode.
Regards,
Roy
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
