Acs -
Disclaimer: I work for Sun on the SunScreen team. :)
We are not going to stop supporting the SPF-200 in July,
only we are going to stop selling them. This means the
beginning of the product EOL cycle. Sun will still support
the product for 3-5 years (depending on support contract type),
so you are not so rushed. :-)
There is a direct migration path from SPF-200 to SunScreen 3.1.
SunScreen 3.1 is a merge of our two former product lines,
SPF and EFS, so you only need to buy one product and you
can choose how to install it. The new modes of operation
are called Routing (formerly EFS) and Stealth (formerly SPF).
It is possible to upgrade the SPF-200 hardware to
SunScreen 3.1, but requires some downtime. I recommend
upgrading the configuration on new(er) hardware, which
has essentially no downtime for your network. This procedure
is documented in the SunScreen 3.1 Installation Guide.
The technical advantage of upgrading as opposed to switching
vendors is that you will still have all of your address,
service and rule definitions after the upgrade. :)
I have done this many times, but then again, I was doing
unit testing. :-)
Features available in SunScreen 3.1 Stealth mode that
were not available to SPF-200 (this list is by no means complete,
but just off the top of my head):
* Offered as a layered product, so it is easier to apply OS
specific patches, and the user can choose between Solaris 2.6,
7, or 8 on either SPARC or Intel hardware for the firewall.
* Performance improvements for scaling in MP environments
(the original SPF-200 was not supported in MP setups).
* Improved Network Address Translation, allowing the user
to specify when the hosts should be NATed, and providing
order precedence for NAT rules.
* Ordered packet filtering rules. In SPF-200, rules were processed
by first checking for a match against Encrypt rules, then PASS,
then DENY. In SunScreen 3.1, you can specify the order you want
your rules to be processed.
* Centrally Managed Groups. You can now create clusters of
SunScreen machines that you manage from one administration
station or one Screen where you can push policies at one
time to all machines in the cluster.
* High Availability. SunScreen 3.1 license allows you to
install the same copy of the software on all machines in
one HA cluster at no additional charge.
* Java applet based GUI, so you can administer from any
SunScreen SKIP protected host. Sun sells SKIP for
Windows 95, Windows 98 (first and second edition), WinNT 4.0,
Solaris SPARC and Solaris x86. There are also Linux
versions floating around, as SKIP was an open source project.
* New SNMP status traps, time based rules, versioned policies,
VPN Gateway configuration, and simpler command line interface.
* and more... see http://www.sun.com/security/ for whitepapers
and other information.
No features, other than automatic OS installation and configuration,
and applying patches via floppy, have been removed since
SPF-200.
hope that helps...
Valerie
SunScreen Development
> Delivered-To: [EMAIL PROTECTED]
> Date: Wed, 21 Jun 2000 16:00:50 -0700 (PDT)
> From: ACS <[EMAIL PROTECTED]>
> Subject: sunscreen spf 2
>
> I am about to inherit a bunch of sunscreen spf 2
> packet fitlters, I understand that in July Sun will
> stop supporting them!
>
> Any pointers to upgrade paths and information on the
> differences between all the different versions would
> be appreciated..
>
> Anybody had the pleasure of trying to go from spf 2 to
> 3.1?
>
> Any opinions on the advantages of trying to do the
> upgrade or abandon the sunsreen for lucent or another
> fw (transparent bridging is a requirement, packet
> filtering is all they need to do) would be great..
>
> And NO, unfortunately OpenBSD with IPF is not an
> option (corporate cust.. ;-( )
>
>
> TIA
>
> acs
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
