manualshive.com logo in svg

3Com OfficeConnect 3C16771, User Manual, Page: 105 / 182

Share
Download
3Com OfficeConnect 3C16771 User Manual Download Page 105

Policy Rules

105

The more specific, the better. For example, if traffic is being 
allowed from the Internet to the LAN, it is better to allow 
only certain machines on the Internet to access the LAN.

Once you have defined the logic of the rule, it is critical to 
consider the security ramifications created by the rule:

Will this rule stop LAN users from accessing critical 
resources on the Internet? 

For example, if IRC is blocked, are there users that 
require this service? 

Is it possible to modify the rule to be more specific? 

For example, if IRC is blocked for all users, will a rule 
that blocks just certain users be more effective?

Will this rule allow Internet users access to resources on 
the LAN in a manner that may create an undue security 
vulnerability?

For example, if NetBIOS ports (UDP 137, 138, 139) are 
allowed from the Internet to the LAN, Internet users 
may be able to connect to PCs with file sharing 
enabled. 

Does this rule conflict with any existing rules? 

Once you have answered these questions, to add rules 
you type the information into the correct boxes in the 

Policy Rules

 

window.

a

Action

Select the

 Allow

 or 

Deny 

option button depending on 

the intent of the rule, as defined by item 2 in the 

“Network Access Rule Logic List”

 

on 

page 104

.

b

Service

From the 

Service 

menu, select the IP protocol, as defined 

by item 4 in the 

“Network Access Rule Logic List”

 

on 

page 104

. If the protocol is not listed, it is necessary to 

first define it in the 

Add Service

 window.

Summary of Contents for OfficeConnect 3C16771

Page 1: ...com OfficeConnect Internet Firewall User Guide OfficeConnect Internet Firewall 25 3C16770 OfficeConnect Internet Firewall DMZ 3C16771 OfficeConnect Web Site Filter 3C16772 Part No DUA1677 0AAA03 Publi...

Page 2: ...tates government agency then this documentation and the software described herein are provided to you subject to the following All technical data and computer software are commercial in nature and dev...

Page 3: ...from the Internet 22 Automatic IP Address Sharing and Configuration 22 2 INSTALLING THE HARDWARE Important Safety Information 23 Wichtige Sicherheitshinweise 24 Consignes Importantes de S curit 25 Be...

Page 4: ...ternet Firewall DMZ only 58 Setting up the DHCP Server 60 Viewing the DHCP Server Status 63 Diagnostic Tools 63 DNS Name Lookup 64 Find Network Path 65 Ping 66 Packet Trace 67 Technical Support Report...

Page 5: ...of Installing a Proxy Server 112 Specifying Intranet Settings 113 Installing the Internet Firewall to Protect the Intranet 114 Configuring the Internet Firewall to Protect the Intranet 115 Intranet W...

Page 6: ...IONAL DIRECT CONNECTION Introduction 135 Direct Connection Instructions 135 D IP PORT NUMBERS Introduction 137 Well Known Port Numbers 137 Registered Port Numbers 137 E EXAMPLE CONFIGURATIONS Introduc...

Page 7: ...CAL SUPPORT Online Technical Services 167 World Wide Web Site 167 3Com Knowledgebase Web Services 168 3Com FTP Site 168 3Com Facts Automated Fax Service 168 Support from Your Network Supplier 168 Supp...

Page 8: ......

Page 9: ...OfficeConnect Internet Firewall DMZ supports up to 100 users on the LAN In addition the OfficeConnect Internet Firewall DMZ has a Demilitarized Zone DMZ port Servers and workstations attached to this...

Page 10: ...ow to Use This Guide Table 1 shows where to look for specific information in this guide Table 1 Where to find specific information If you are looking for Turn to A description of the Internet Firewall...

Page 11: ...resetting the Internet Firewall Appendix G Information about obtaining Technical Support Appendix H Table 1 Where to find specific information continued If you are looking for Turn to Table 2 Notice...

Page 12: ...ts information as it appears on the screen Commands The word command means that you must enter the command exactly as shown and then press Return or Enter Commands appear in bold Example To remove the...

Page 13: ...s that provides Internet access to individuals or organizations Internet Firewall Used in this guide to refer to both the OfficeConnect Internet Firewall 25 and the OfficeConnect Internet Firewall DMZ...

Page 14: ...ons no other clients can make genuine connections to that server UTC stands for Universal Time Co ordinated and is the standard time common to all places in the world It is also commonly referred to a...

Page 15: ...Guide 15 Example OfficeConnect Internet Firewall User Guide Part Number DUA1677 1AAA02 Page 24 Do not use this e mail address for technical support questions For information about contacting Technica...

Page 16: ...16 ABOUT THIS GUIDE...

Page 17: ...ow a private Local Area Network LAN to be securely connected to the Internet You can use the Internet Firewall to Prevent theft destruction and modification of data Filter incoming data for unsafe or...

Page 18: ...ed from hacker attacks Users on the secure LAN port can also access servers on the DMZ port Internet Firewall Security Functions Figure 1 and Figure 2 illustrate security functions on the Internet Fir...

Page 19: ...ures This section lists the features of the Internet Firewall Firewall Security The OfficeConnect Internet Firewall is preconfigured to monitor Internet traffic and detect and thwart Denial of Service...

Page 20: ...t Figure 2 Internet Firewall DMZ Security Functions The Internet Firewall uses stateful packet inspection to determine if a data packet from the Internet is allowed through to the private LAN This is...

Page 21: ...ackers may use the technologies to steal or damage data The Internet Firewall can block these potentially damaging applications from being downloaded from the Internet or allow them only from trusted...

Page 22: ...g and Configuration The Internet Firewall provides sharing of a single public IP address through Network Address Translation NAT It also provides simplified IP address administration using the Dynamic...

Page 23: ...formationen sorgf ltig durch bevor Sie das Ger t einschalten AVERTISSEMENT Veuillez lire attentivement la section Consignes importantes de s curit avant de mettre en route See Appendix A for informati...

Page 24: ...h problem solving actions in this guide contact your supplier Disconnect the power adapter before moving the unit WARNING RJ 45 ports These are shielded RJ 45 data sockets They cannot be used as telep...

Page 25: ...Anschl sse Dies sind abgeschirmte RJ 45 Datenbuchsen Sie k nnen nicht als Telefonanschlu buchsen verwendet werden An diesen Buchsen d rfen nur RJ 45 Datenstecker angeschlossen werden Consignes Import...

Page 26: ...VERTISSEMENT Ports RJ 45 Il s agit de prises femelles blind es de donn es RJ 45 Vous ne pouvez pas les utiliser comme prise de t l phone Branchez uniquement des connecteurs de donn es RJ 45 sur ces pr...

Page 27: ...a flat surface 2 Fit the clip across the top of the Internet Firewall as shown in Figure 3 picture 1 making sure that the longer sections of the fastening piece are pointing downwards 3 Align the fas...

Page 28: ...acing upwards to prevent dust entering the cooling vents When wall mounting the Internet Firewall make sure that it is within reach of the power outlet You need two suitable screws Make sure that the...

Page 29: ...ing LEDs Alert LED Orange alerts you to the following A failure in the self test the Internet Firewall runs when switched on Potential attacks on your network An attempt to access a restricted Web sit...

Page 30: ...Panel The Internet Firewall 25 does not have a DMZ port The Internet Firewall rear panel contains the following Power Adapter socket Only use the power adapter supplied with the Internet Firewall Do n...

Page 31: ...plink Unless you are configuring the Internet Firewall DMZ for intranet support devices on the WAN port are not directly accessible by users on the LAN Do not attach servers or any device other than t...

Page 32: ...of its Ethernet port If it has an MDIX normal configuration then you can use a standard 10BASE T cable Otherwise you must use a crossover cable See Appendix A for more information about the cable pin...

Page 33: ...t see Chapter 6 for troubleshooting information The Internet Firewall is now attached to the network By default no traffic that originates from the Internet is allowed onto the LAN and all communicati...

Page 34: ...34 CHAPTER 2 INSTALLING THE HARDWARE...

Page 35: ...Firewall on a label on the underside of the unit Initial Configuration using the Internet Firewall Wizard Please refer to the Quick Start Guide for information on how to connect to your Internet Fire...

Page 36: ...Internet Firewall Wizard You need the following information about IP addressing on your network You may be able to obtain this information from the Internet Service Provider ISP that you use to connec...

Page 37: ...nds on whether you have decided to use the Internet Firewall as a DHCP server or to retain an existing DHCP server If you are using the Internet Firewall as a DHCP server you will now need to set all...

Page 38: ...ploads for example Netscape version 4 or above or Internet Explorer version 4 or above If the browser does not support HTTP uploads you cannot use certain features such as updating the software and up...

Page 39: ...top of the browser window The Login dialog box is displayed Figure 7 Login dialog box b In the User Name field type the default user name admin c In the Password field type the default password passwo...

Page 40: ...Z subnet masks from a remote DHCP server on the WAN If you use a modem to connect to the Internet you may have to use this setting because some modem ISPs implement DHCP in their service This is the d...

Page 41: ...s on page 50 for more information about the Network Addressing Mode 4 Configure password settings a From the main screen see Figure 8 select Set Password A window similar to the following is displayed...

Page 42: ...s displayed Figure 10 Set Date and Time dialog box b Type the time in 24 hour format c Click Update to send the configuration data to the Internet Firewall 6 Restart the Internet Firewall a Click Tool...

Page 43: ...stem 8 Review the status of the Internet Firewall a When the Internet Firewall has restarted log in again see step 2 using the new administrator password you set up in step 4 b From the Home screen se...

Page 44: ...make a note of the registration code c On the main screen select Unit Status A message is displayed stating that the Internet Firewall is not registered d Type the registration code you were given int...

Page 45: ...u access these command functions using a Web browser to launch the management interface This chapter is divided into sections dedicated to the major windows and functions within the Web management int...

Page 46: ...ll DMZ Any problems will be listed in red text For example if the Internet router was not contacted or the default password was not changed this would be listed Items listed in red require immediate c...

Page 47: ...time common to all places in the world It is also commonly referred to as Greenwich Mean Time or World Time Many ISPs require firewall logs to be recorded to UTC or within a fraction of it as tracking...

Page 48: ...eck the box labelled Automatically adjust clock for daylight saving changes You can also specify that UTC is used in your logs rather than the time in your location this may be a requirement of some I...

Page 49: ...1 In the Old Password box type the old password 2 In the New Password and Confirm New Password boxes type the new password 3 Click Update to send the configuration data to the Internet Firewall If you...

Page 50: ...to display the Network Settings window A window similar to that in Figure 16 is displayed Figure 16 Network Settings Window Network Addressing Mode The Network Addressing Mode drop down list contains...

Page 51: ...for configuration and monitoring Choose a unique IP address from the LAN address range LAN Subnet Mask This value is used to determine what subnet an IP address belongs to An IP address has two compo...

Page 52: ...ecause all the addresses on the LAN are invisible to the outside world In cases where a network uses invalid IP addresses or if addresses are in short supply NAT can be used to connect the LAN to the...

Page 53: ...ose a unique IP address from the LAN address range LAN Subnet Mask This value is used to determine what subnet an IP address belongs to An IP address has two components the network address and the hos...

Page 54: ...the DNS Servers These servers are used by the Internet Firewall to lookup the addresses of machines used to download the Web Site Filter and for the built in DNS Lookup tool Type the required values...

Page 55: ...nge LAN Subnet Mask This value is used to determine what subnet an IP address belongs to An IP address has two components the network address and the host address For example consider the IP address 1...

Page 56: ...to look up the addresses of machines used to download the Web Site Filter and for the built in DNS Lookup tool Type the required values and click Update to send the configuration data to the Internet...

Page 57: ...ask This value is used to determine what subnet an IP address belongs to An IP address has two components the network address and the host address For example consider the IP address 192 168 228 17 As...

Page 58: ...g DMZ Addresses Internet Firewall DMZ only The Internet Firewall provides security by preventing Internet users from accessing machines inside the LAN This security however also prevents users from re...

Page 59: ...addresses for the DMZ individually or as a range Type an individual address in the From Address box To enter a range of addresses such as the 51 IP addresses from 199 168 23 50 to 199 168 23 100 type...

Page 60: ...anagement of IP client configurations including IP addresses gateway address DNS address and more Enable DHCP Server Click this check box to enable or disable the DHCP server This is disabled by defau...

Page 61: ...n IP address belongs to Domain Name Type the registered domain name for the network in the Domain Name box for example 3Com com If you do not have a Domain Name leave this blank DNS Servers A DNS Serv...

Page 62: ...gured when they boot Dynamic BootP clients are BootP clients that do not have an IP address assigned to their MAC address They are similar to DHCP clients with the exception that leases are not suppor...

Page 63: ...urrent bindings IP and MAC address of the bindings Type of binding Dynamic Dynamic BootP or Static BootP To delete a binding which frees the IP address in the DHCP server select the binding from the l...

Page 64: ...that returns the numerical IP address of a host name Select DNS Name Lookup from the Choose a diagnostic tool menu A window similar to that in Figure 23 is displayed Type the host name to lookup in th...

Page 65: ...re is a problem with the configuration of the network or intranet settings Find Network Path also shows if the target node is behind a router and the Ethernet address of the target node or router Find...

Page 66: ...e Internet back to the sender This test shows if the Internet Firewall is able to contact the remote host If users on the LAN are having problems accessing services on the Internet try pinging the DNS...

Page 67: ...Packet Trace Use the Packet Trace tool to track the status of a data packet or communications stream as it moves from source to destination This is a useful tool to determine if a packet or communicat...

Page 68: ...Trace on IP address box not a host name such as www 3Com com 3 Click Refresh to display the packet trace information 4 Click Stop to terminate the packet trace and Reset to clear the results Technica...

Page 69: ...Figure 27 Tech Support Report Window Click Save Report to save the report as a text file to the local disk Filter Settings Click Filter and then select the Settings tab A window similar to that in Fig...

Page 70: ...at you can choose to allow access to ActiveX ActiveX is a programming language that is used to embed small programs in Web pages It is generally considered an insecure protocol to allow into a network...

Page 71: ...on the LAN Blocking Options The following is a list of the blocking options Log and Block Access When selected the Internet Firewall logs and blocks access to all sites on the Web Site Filter custom a...

Page 72: ...plete access to the Internet Similar policies could be enabled to allow employees complete access to the Internet after normal business hours Time of Day restrictions only apply to the Web Site Filter...

Page 73: ...ses are used for all Internet filtering functions for several reasons There are two reasons for this Many blocked sites operate server pools where many machines service a single host name making it im...

Page 74: ...ption is required If Filter List Not Loaded There are two radio buttons that determine what happens if the Filter List expires or if a download of a Filter List fails Block traffic to all websites exc...

Page 75: ...termined by the radio buttons described above Keywords Click Filter and then select the Keywords tab A window similar to that in Figure 30 is displayed Figure 30 Keywords Window You can block Web URLs...

Page 76: ...ng check box and click Update To add a keyword in the Add Keyword box type the keyword to block and click Update To remove a keyword select it from the list and click Delete Keyword Custom List This f...

Page 77: ...the Internet Firewall To block a Web site which does not appear in the Web Site Filter type its host name such as www bad site com into the Forbidden Domains box Do not use the complete URL of the sit...

Page 78: ...o display when a site is blocked When a user attempts to access a site that is blocked by the Web Site Filter a message is displayed on their screen The default message is Web Site Blocked by 3Com Off...

Page 79: ...lined in an organization s Acceptable Use Policy before you allow them to browse the Web any further Click Filter and then select the Consent tab A window similar to that in Figure 32 is displayed Fig...

Page 80: ...create this page in HTML It may contain the text from or links to the Acceptable Use Policy AUP You must include in this page links to two pages contained in the Internet Firewall which when selected...

Page 81: ...page contained in the Internet Firewall which when selected tell the Internet Firewall that the user wishes to have filtering enabled The link must be 192 168 1 254 iAcceptFilter html Use the Web Addr...

Page 82: ...uch as an attack on a server you can specify that this information is immediately e mailed either to the main e mail address used by the log or to a different address such as a paging service The Inte...

Page 83: ...on and review the log with an e mail client rather than with a Web browser Each log entry contains the date and time of the event and a brief message describing the event Some entries contain addition...

Page 84: ...lence profanity b Partial nudity c Full nudity d Sexual acts e Gross depictions f Intolerance g Satanic cult h Drug culture i Militant extremist j Sex education k Gambling illegal l Alcohol tobacco Se...

Page 85: ...true for SYN Flood attacks If the log message calls the attack possible or it only happens on an irregular basis then there is probably no attack in progress If the log message calls the attack proba...

Page 86: ...e for download See Upgrading the Software on page 96 for more information If there is a new software release an e mail notification is sent to this address Send Alerts To Alerts are events such as an...

Page 87: ...d then clears the log Clear Log Now Deletes the contents of the log Send Log This pop up menu is used to configure the frequency of log messages being sent as e mail daily weekly or only when the log...

Page 88: ...cked by the Web Site Filter by keyword or for any other reason are generated This is enabled by default Blocked Java ActiveX and Cookies When enabled log messages showing Java ActiveX and Cookies whic...

Page 89: ...ow see page 85 Attacks When enabled all log entries that are categorized as an Attack are generated as an alert message This is enabled by default System Errors When enabled all log entries that are c...

Page 90: ...window similar to that in Figure 35 is displayed Figure 35 Reports Window Start Data Collection By default the log analysis function is disabled Click Start Data Collection to begin log analysis When...

Page 91: ...electing Bandwidth Usage by IP Address from the Report to view drop down list displays a table showing the IP Address of the 25 top users of Internet bandwidth and the number of megabytes transmitted...

Page 92: ...t command to the Internet Firewall The restart takes about 90 seconds during which time the Internet Firewall cannot be reached from the Web browser and all network traffic through it is halted If you...

Page 93: ...re 37 is displayed Figure 37 Configuration Window Use the Configuration tab to specify where the settings for the Internet Firewall are saved to and retrieved from for backup purposes You can also res...

Page 94: ...dow similar to that in Figure 38 is displayed Figure 38 Export Window Choose the location to save the settings file This should be saved as Filename exp This defaults to internetfirewall exp The proce...

Page 95: ...r the settings to take effect see page 92 Make sure that the Web browser supports HTTP uploads If it does not you cannot import the saved settings Note that this will not change the password for the u...

Page 96: ...e Internet Firewall s settings before uploading new software and then import them again after the upgrade has been completed The Internet Firewall checks to see if new software is available for downlo...

Page 97: ...Send email when new firmware is available check box 2 Click Update To load the new firmware 1 Click Upload Firmware Now A window similar to that in Figure 41 is displayed Figure 41 Save Settings Wind...

Page 98: ...ts HTTP uploads When uploading the firmware to an Internet Firewall it is important not to interrupt the Web browser by closing the window clicking a link loading a new page or removing the power to t...

Page 99: ...le showing the defined Network Access Rules Rules are sorted from the most specific at the top to the most general at the bottom At the bottom of the table is the Default rule The Default rule is all...

Page 100: ...t of the check box there is a Custom Rule in the Rules tab section that modifies the behavior of the listed Network Access Rule The LAN In column is not displayed if NAT is enabled DMZ In If you are u...

Page 101: ...security risks You can increase the timeout interval if users frequently complain of dropped connections in applications such as Telnet and FTP Click Update to send the configuration data to the Inter...

Page 102: ...single service Up to 128 entries are supported To add support for a well known service by name 1 Select the name of the service from the Add a known service drop down list 2 Click Add The new service...

Page 103: ...n of the service Policy Rules Network Access Rules evaluate network traffic s source IP address destination IP address and IP protocol type to decide if the IP traffic is allowed to pass through the f...

Page 104: ...ule The following are examples of intent for rules This rule will restrict all IRC access from the LAN to the Internet This rule will allow a remote Lotus Notes server to synchronize over the Internet...

Page 105: ...this rule allow Internet users access to resources on the LAN in a manner that may create an undue security vulnerability For example if NetBIOS ports UDP 137 138 139 are allowed from the Internet to...

Page 106: ...the Network Access Rule s destination port LAN WAN or DMZ if appropriate from the Ethernet menu If there are IP address restrictions on the destination of the traffic such as limiting Telnet to a rem...

Page 107: ...LAN from the Source Ethernet list 4 Since all computers on the LAN are to be affected enter in the Source Addr Range Begin box 5 Select WAN from the Destination Ethernet menu 6 Since the intent is to...

Page 108: ...et list 4 Enter the starting IP address of the ISP s network in the Source Addr Range Begin box and the network s ending IP address in the Source Addr Range Begin box 5 Select WAN from the Destination...

Page 109: ...ntains a list of all currently defined users In addition there is an entry at the top of the list labeled New User To add a new user 1 Highlight the Add New User entry 2 In the User Name box type the...

Page 110: ...same as typing Password To change a user s password or privileges 1 Highlight the name in the scrollable box 2 Make the changes 3 Click Update User To delete a user highlight the name and click Remove...

Page 111: ...s the request to the server Returns the requested information to the user Saves it locally to fulfill future requests Because of this a proxy can improve Internet response and lessen the load on the I...

Page 112: ...er the IP address of the proxy in the Proxy Web Server Address box and the proxy s IP port in the Proxy Web Server Port box Click Update to send the configuration data to the Internet Firewall Example...

Page 113: ...en select the Proxy Relay tab b Configure the Web proxy relay See Automatic Proxy Forwarding on page 111 for more information Web traffic is directed to the proxy which fulfills all requests without r...

Page 114: ...ect the intranet Installing the Internet Firewall to Protect the Intranet 1 Connect the Ethernet port labeled LAN on the back of the Internet Firewall to the network segment that will be protected aga...

Page 115: ...nes You can do this in two ways Inclusively by specifying which machines are members of the segment with restricted access Exclusively by specifying which machines are not members of the segment with...

Page 116: ...Window Boxes and Controls Internet Firewall s WAN link is connected directly to the Internet router Use this setting if the Internet Firewall is protecting the entire network This is the default sett...

Page 117: ...indow Use static routes if the LAN is segmented into subnets either for size or practical considerations For example you can create a subnet which only contains an organization s graphic design shop i...

Page 118: ...id external addresses to internal addresses hidden by NAT Machines with an internal address may be accessed at the corresponding external valid IP address To create this relationship between internal...

Page 119: ...ddress Correspondence in One to One NAT LAN Address Corresponding WAN Address Accessed Through 192 168 1 1 209 19 28 16 Inaccessible NAT Public IP Address 192 168 1 2 209 19 28 17 Accessed at 209 19 2...

Page 120: ...ress of the public address range being mapped in the Public Range Begin box This address is assigned by the ISP Range Length Type the number of IP addresses for the range The range length may not exce...

Page 121: ...e 3Com OfficeConnect Web Site Filter is provided as a 12 month subscription and can be automatically updated weekly to ensure that the filter keeps pace with the ever changing Internet The OfficeConne...

Page 122: ...y or all portions of the human genitalia Please note The Partial Nudity and Full Nudity categories do not include sites containing nudity or partial nudity of a non prurient nature For example web sit...

Page 123: ...al use of drugs for entertainment Includes substances used for other than their primary purpose to alter the individual s state of mind such as glue sniffing This category does not include material ab...

Page 124: ...infringement computer hacking phreaking using someone s phone lines without permission and software piracy Also includes text advocating gambling relating to lotteries casinos betting numbers games on...

Page 125: ...serial number 4 In the Activation Key box type the key supplied with the Web Site Filter 5 Click Activate After a short while a message confirming the subscription s activation is displayed in the Web...

Page 126: ...126 CHAPTER 5 THE OFFICECONNECT WEB SITE FILTER ACTIVATION...

Page 127: ...ng Make sure that all equipment is switched on Switch off the Internet Firewall wait approximately 5 seconds and then switch it back on Wait for the Power LED to stop flashing approximately 90 seconds...

Page 128: ...on and off Make sure the wiring follows the 10BASE T specification See Pinout Diagrams on page 131 for more information Try replacing the cable with a known good cable Is it the correct cable Try usin...

Page 129: ...ity reasons the Internet Firewall sends a slightly different Authentication page each time you log in to the management interface If the password you use does not allow access to the Internet Firewall...

Page 130: ...the Internet Firewall does not save the changes that you make make sure that you click Update before moving to another window or tab or all changes are lost Duplicate IP Address Errors Are Occurring...

Page 131: ...e OfficeConnect Internet Firewall supports the following cable types and maximum lengths 10BASE T Twisted Pair Maximum cable length of 100 m 327 86 ft Pinout Diagrams Table 5 shows the pinouts connect...

Page 132: ...132 APPENDIX A CABLE SPECIFICATIONS AND PINOUT DIAGRAM Figure 52 Twisted Pair Pinouts...

Page 133: ...185 x 54 mm 9 12 x 7 3 x 2 1in Weight 870 g 1 9 lbs Standards Functional ISO 8802 3 IEEE 802 3 Safety UL 1950 EN 60950 CSA 22 2 950 IEC 950 EMC EN 55022 Class B EN 50082 1 FCC Part 15 Class B ICES 003...

Page 134: ...134 APPENDIX B TECHNICAL SPECIFICATIONS AND STANDARDS See Electromagnetic Compatibility on page 182 for conditions of operation...

Page 135: ...from the factory with a default password It is critical to change this password during the initial configuration of the firewall Unfortunately the default password can only provide limited protection...

Page 136: ...adapter other than the one supplied with the Internet Firewall 4 Wait for the Power LED to stop flashing This takes approximately 90 seconds 5 Follow the initial configuration steps as described in Ch...

Page 137: ...only be used by system processes or by programs executed by privileged users Many popular services such as Web FTP SMTP POP3 e mail DNS and so forth operate in this range The assigned ports use a sma...

Page 138: ...138 APPENDIX D IP PORT NUMBERS The Registered Ports are in the range 1024 65535 Visit http www normos org ietf rfc rfc1700 txt for a list of IP port numbers...

Page 139: ...rmation in the rest of this manual and also how some of the more advanced features can be set up and be beneficial to you The examples themselves are hypothetical and so you should not try using any o...

Page 140: ...activate at the same time that you set up the Internet Firewall 25 This one year subscription is additional to the 30 day free subscription supplied with the Internet Firewall The IP addresses are in...

Page 141: ...ctly to one PC from which you intend to manage the Internet Firewall 25 the management station If the Internet Firewall 25 is connected directly to one PC then this reduces the risk of another user on...

Page 142: ...word password Passwords are case sensitive d Click Login 5 When you have logged in successfully the main screen of the management interface for the Internet Firewall 25 is displayed From here configur...

Page 143: ...LAN subnet mask of 255 255 255 0 c In the WAN Router Address field type 172 16 54 1 as supplied by the ISP d In the DNS Server 1 field type 172 16 54 253 and click Update The settings are updated and...

Page 144: ...et Firewall 25 restarts c Restore the IP address and subnet mask of your management station to 172 16 58 15 subnet mask 255 255 255 0 and reboot if required 10 When the Internet Firewall 25 has restar...

Page 145: ...he IP address of the mail server to send out logs and alerts To find out the IP address a Click Network on the button bar and select the Diagnostics tab b From the drop down list select DNS Name Looku...

Page 146: ...ess is selected and click Block all categories Click Update Increasing the number of IP addresses available using NAT In this example you also have 16 IP addresses assigned statically by the ISP Howev...

Page 147: ...Internet Firewall DMZ so that the servers are accessible from the Internet but are protected from attacks The server access can be logged and monitored All the other PCs are on the LAN port and so ca...

Page 148: ...ses NAT so to make sure that the same subnet is used change the TCP IP settings for the network card refer to the user guide for your operating system for further instructions on how to do this a For...

Page 149: ...ne from the drop down list at the top of the screen If you can t find your city use one with the correct offset from GMT all are covered c Here you want to use Network Time Protocol to set the Firewal...

Page 150: ...stration form and make a note of the registration code that you are given on completion 11 Set up access to the server machines connected to the DMZ ports Run the Internet Firewall DMZ management inte...

Page 151: ...address that you want to appear on the WAN side 172 20 54 212 d In the Range Length box type 3 because there are 3 PCs that you want to be visible on the Internet Click Update Table 6 shows how the a...

Page 152: ...rovide dial up connectivity and an Internet Firewall 25 for security In this example you have an account with an ISP for the dial up connection This account offers one IP address configured dynamicall...

Page 153: ...es the Internet Firewall before you have changed the default password 2 Switch on the Internet Firewall 25 and check the LEDS a Wait for the Power LED to stop flashing approximately 90 seconds b Make...

Page 154: ...te and time The Internet Firewall 25 relies on this for logs reports and updates to the content filter list a Click Set Date Time on the Home screen b Select your time zone from the drop down list at...

Page 155: ...eck box is selected and in the Client Default Gateway box type the Web address for the Internet Firewall 25 192 168 1 254 d Enter the IP addresses for the DNS servers into the DNS Server 1 and DNS Ser...

Page 156: ...192 168 1 230 You do not need to change any other settings Click Update 12 Set up the web filtering so that users of the network can only access addresses on the domain 3Com com a Click Filter and the...

Page 157: ...ww 3com com internetfirewall b Complete the registration form and make a note of the registration code c On the Home screen select Unit Status A message is displayed stating that the Internet Firewall...

Page 158: ...158 APPENDIX E EXAMPLE CONFIGURATIONS...

Page 159: ...dded to provide these services TCP stands for Transmission Control Protocol In TCP IP TCP works with IP to ensure the integrity of the data traveling over the network TCP IP is the protocol of the Int...

Page 160: ...P addressing it is necessary to always use the entire number when communicating with other devices There are three classes of IP addresses A B and C Like a main business phone number that one can call...

Page 161: ...gns local IP address numbers Subnet Mask As mentioned in IP Address on page 160 the IP addressing system allows creation of subnetworks or interchanges and device numbers or extensions within those su...

Page 162: ...ty In complex networks with many subnetworks gateways keep traffic from traveling between different subnetworks unless addressed to travel there While this helps to keep overall network traffic more m...

Page 163: ...le due to a lost password then you must completely reset your Internet Firewall CAUTION The reset procedure described below not only deletes all the settings from your Internet Firewall but also erase...

Page 164: ...the firmware erased Reloading the Firmware Even when the firmware has been erased you can use a basic web management interface to get the Internet Firewall up and running again The Internet Firewall...

Page 165: ...ct a firmware file type in the full file and path name of the firmware image that you want to upload to the unit Use the Browse button to locate the file if you are not sure of its location 3 Once you...

Page 166: ...e you have logged into the management interface you may upload your saved settings file as described in Saving and Restoring Configuration Settings on page 93 Note that the administrator password is n...

Page 167: ...ide product support 24 hours a day 7 days a week through the following online systems World Wide Web site 3Com Knowledgebase Web Services 3Com FTP site 3Com FactsSM Automated Fax Service World Wide We...

Page 168: ...anonymous Password your Internet e mail address You do not need a user name and password with Web browser software such as Netscape Navigator and Internet Explorer 3Com Facts Automated Fax Service The...

Page 169: ...n you contact 3Com for assistance have the following information ready Product model name part number and serial number A list of system hardware and software including revision levels Diagnostic erro...

Page 170: ...nmark Finland France Germany Hungary Ireland Israel Italy Netherlands Norway Poland Portugal South Africa Spain Sweden Switzerland U K 0800 297468 0800 71429 800 17309 0800 113153 0800 917959 0800 182...

Page 171: ...rs select option 2 and then option 2 Austria Belgium Denmark Finland France Germany Hungary Ireland Israel Italy Netherlands Norway Poland Portugal South Africa Spain Sweden Switzerland U K 0800 29746...

Page 172: ......

Page 173: ...vice 91 BCIQ statement 182 blocking categories 71 84 broadband modems 22 C cable modem Internet Firewall using with cable modem 35 cable specifications 131 Categories tab 69 clock setting 47 code arch...

Page 174: ...irmware e mail notification 97 loading 97 lost 163 reloading 164 uploading 97 forbidden domains 77 front panel 29 G gateway default 162 H hardware warranty information 179 hardware installing 27 I IAN...

Page 175: ...ic IP address 54 with DHCP Client option 40 network addressing mode 50 settings 50 network access rules 21 103 creating 104 examples 107 hierarchy 106 Network Address Translation See NAT network proto...

Page 176: ...functions 18 extending 21 self diagnostic tests 33 166 services adding 101 deleting 103 setting admin password 49 clock 47 settings reloading 94 siting the Internet Firewall 28 software warranty info...

Page 177: ...s advanced 21 deleting 110 Internet 18 LAN 18 using an OfficeConnect modem 152 V VCCI statement 182 View Log tab 83 W wall mounting the Internet Firewall 28 WAN LED 30 port 17 31 warranty information...

Page 178: ...178 INDEX...

Page 179: ...e at 3Com s option and expense to refund the purchase price paid by Customer for any defective software product or to replace any defective media with software which substantially conforms to applicab...

Page 180: ...ninety 90 day period begins on the date of Customer s product purchase The telephone technical support is available from 3Com from 9 a m to 5 p m local time Monday through Friday excluding local holid...

Page 181: ...Y REMEDY PROVIDED HEREIN SHALL FAIL OF ITS ESSENTIAL PURPOSE DISCLAIMER Some countries states or provinces do not allow the exclusion or limitation of implied warranties or the limitation of incidenta...

Page 182: ...rrect the interference by one or more of the following measures Reorient the receiving antenna Relocate the equipment with respect to the receiver Move the equipment away from the receiver Plug the eq...

Reviews:

No comments