3Com 3CRFW102 Скачать руководство пользователя страница 17 | Manualshive

Страница: 17 / 38

background image

Firewall PC Card

13

Fragmented Packets

--Denies fragmented packets.

IP Options

--Denies packets with IP options. These packets are usually used for

network testing and debugging.

In addition to these features, the Firewall PC Card products are also “location
aware”. This allows a security administrator to provide varying levels of security
depending on where the notebook computer is located. A strict policy can be
implemented while the notebook computer is outside of the perimeter firewall,
and a less restrictive one can be in place while the notebook is inside the
perimeter.

Enabling the Firewall

Until you enable the firewall functionality of the 3Com Firewall PC Card with
10/100LAN, it will emulate the functions of a standard network interface card.
Enabling the firewall functionality requires the 3Com Embedded Firewall Policy
Server.

The 3Com Embedded Firewall Policy Server allows you to create a cryptographic
binding between the Firewall Client Devices and the Policy Server. This prevents
someone from installing a central management console and taking control of your
Firewall Client Devices.

When you create a customized installation package, the following cryptographic
functions are preformed:

1

When the Policy Server is installed, it generates an RSA 1024 Public/Private keypair.

The public key is written to the Firewall Client Device flash memory.

2

When the Firewall Client Device boots up, it generates a random 3DES session key,
encrypts that key with the policy server’s public key, and then sends that
information to the policy server.

3

The policy server decrypts the message using its private key, and then implements
the random 3DES session key as communicated by the Firewall Client Device.

4

This cryptographic binding adds to the tamper resistance of the 3Com Embedded
Firewall solution. It encrypts the policy distribution traffic between your Policy
Server and the Firewall Client Devices. It also locks down your Firewall Client
devices so they only accept policies from your specific Policy Server (because of the
public/private keypair).

Please see the 3Com Embedded Firewall Policy Server Administration Guide for
more information on creating a customized installation package that will enable
the firewall functionality on your Firewall PC Card and cryptographically bind the
card to your Policy Server.

Important Notes

The 3Com Firewall Client provides state-of-the-art network security and is
designed to be tamper resistant. Follow these simple procedures to avoid
inadvertently triggering the tamper-resistance feature. Doing so will prevent a
time-consuming recovery process.

«
...
15
16
17
18
19
...
»

Содержание 3CRFW102

Страница 1: ...3Com Firewall PC Card with 10 100 LAN Models 3CRFW102 and 3CRFW103 User Guide http www 3com com http www 3com com productreg Published August 2002 User guide version 2 0 ...

Страница 2: ...cumentation and the software described herein are provided to you subject to the following All technical data and computer software are commercial in nature and developed solely at private expense Software is delivered as Commercial Computer Software as defined in DFARS 252 227 7014 June 1995 or as a commercial item as defined in FAR 2 101 a and as such is provided with only such rights as are pro...

Страница 3: ...erating Systems 8 INSTALLING THE FIREWALL CLIENT Architecture of Embedded Firewalls 11 Firewall PC Card 12 ADDITIONAL PC CARD FEATURES Firewall Filtering 15 Advanced Security Processor 15 Data Encryption 15 Windows 2000 and Windows XP Offload Features 15 Hot Swapping 16 Offline Diagnostics 16 ADDITIONAL 3COM SOFTWARE 3Com Mobile Connection Manager 17 3Com Diagnostics 17 3Com Connection Assistant 2...

Страница 4: ... Services 25 Support from Your Network Supplier 26 Support from 3Com 27 Returning Products for Repair 27 CONFIGURING IPSEC Configuring IPSec in Windows 2000 and Windows XP 29 Example Creating a Security Policy 29 REGULATORY INFORMATION ...

Страница 5: ...l protection This unique solution consists of the 3Com Embedded Firewall Policy Server and Management Console and a Firewall Client which resides on the 3Com Firewall PC Card In addition to providing firewall protection the 3Com Firewall PC Card with 10 100 LAN connects a notebook computer securely to an Ethernet or Fast Ethernet network The 3Com Firewall PC Card models are shown below The 3CRFW10...

Страница 6: ... it is firmly seated 2 Connect the network cable to the 3CRFW103 PC Card 1 3 Connect the network cable to the network port 2 3CRFW102 Type II PC Card Follow these steps to connect your 3CRFW102 Firewall PC Card 1 Insert the PC Card into the PC Card slot Slide it in until it is firmly seated 2 Connect the PC Card cable to the 3CRFW102 PC Card 1 3 Connect the PC Card cable to the network cable 2 NOT...

Страница 7: ...nstallation CD If so use D where D is your CD ROM drive 5 During the installation process you may receive prompts for your Windows operating system installation CD Insert the operating system installation CD and indicate the correct path 6 Your computer goes through a brief installation process during which it displays several windows indicating what is currently installing This takes several minu...

Страница 8: ... speed Use My Computer Control Panel System Hardware Device Manager Network Adapters to inspect the status of your PC Card If you see a red X enable the PC Card by checking the appropriate box under Properties If you see a yellow exclamation mark click the icon to see what the conflict is Verify there are adequate system resources Free system resources for example disable the infrared port remove ...

Страница 9: ...e Network Setup Wizard If this message does not appear go to Windows NT With Networking Installed and follow the instructions 6 Check Wired to the network and click Next 7 When the system prompts to have setup start searching for a network adapter click Select from List 8 Click Have Disk 9 Insert the 3Com Firewall PC Card with 10 100 LAN Installation CD in the CD ROM drive Type the path to drivers...

Страница 10: ...ard with 10 100 LAN Installation CD from the CD ROM drive and click Yes If you had a Windows service pack installed prior to setting up the PC Card reinstall it now Confirming Installation To confirm installation 1 Double click My Computer double click Control Panel and then double click Network 2 Select the Adapters tab 3Com Firewall PC Card with 10 100 LAN appears on the list Windows NT with Net...

Страница 11: ...opied to your notebook 12 In the Network Settings window accept the default settings and click Continue The default settings work in most instances However you may specify network link settings auto polarity and IRQ and I O values 13 Click OK to save 14 If prompted enter IP information and click OK 15 When prompted whether you are using DHCP click Yes if you are using DHCP or No if you are not usi...

Страница 12: ... in the BIOS Make sure you have the latest BIOS for your notebook or upgrade your software from Microsoft Card not functioning Open Windows NT Diagnostics From the Start menu select Programs Admin Tools Windows NT Diagnostics Check for resource conflicts and make sure the settings for the PC Card are valid Need to force speed and duplex settings In most cases the automatic settings work fine To fo...

Страница 13: ...ible problems may be indicated if The PC Card is not working Windows NT is not detecting the PC Card The system issues a warning tone at startup If you are having any of these problems 1 From the Control Panel Network Adapters select 3Com Firewall PC Card with 10 100 LAN and click Remove 2 Remove the PC Card from the PC Card slot 3 Restart the computer and reinstall the PC Card This procedure remo...

Страница 14: ...10 CHAPTER 1 INSTALLING THE PC CARD AND DRIVERS ...

Страница 15: ...programs Manageable enforcement that allows you to define security through user policies Software based security such as personal firewalls interact with and protect a PC s operating system This dependency on the host makes them inherently susceptible to malicious code and security holes found in many well known operating systems Once the OS has been compromised it is easy to disable the host base...

Страница 16: ...sktop or server The Firewall Client Device provides transparent packet filtering in accordance with the rules that are setup by a security administrator The rules are defined through a centralized management console and are communicated to the firewall client devices via the policy server Like traditional perimeter firewalls the 3Com Embedded Firewall solution is capable of classifying and acting ...

Страница 17: ...med 1 When the Policy Server is installed it generates an RSA 1024 Public Private keypair The public key is written to the Firewall Client Device flash memory 2 When the Firewall Client Device boots up it generates a random 3DES session key encrypts that key with the policy server s public key and then sends that information to the policy server 3 The policy server decrypts the message using its p...

Страница 18: ...k interface card installation install them first from the 3Com EtherCD before installing the 3Com Firewall Client Installing them over the Firewall Client may make the card inoperable Procedure 3 Do not attempt installation of non firewall firmware over an Firewall PC Card Instruct users and administrators that after installation of the Firewall Client on a card installing any non firewall firmwar...

Страница 19: ...ficing performance Until encryption is enabled the 3Com Firewall PC Card with 10 100 LAN functions as a standard 10 100 CardBus LAN card Windows 2000 and Windows XP Offload Features The 3Com Firewall PC Card with 10 100 LAN supports Windows 2000 and Windows XP IPSec offload features in an IP environment The offload features are designed to enhance the operating system capabilities by offloading ke...

Страница 20: ...ng the computer out of service It makes troubleshooting faster and easier because you do not need to wait for the computer to restart Offline Diagnostics The 3Com Firewall PC Card includes offline diagnostics programs for configuring testing and troubleshooting PC Cards The configuration program within the DOS diagnostics program is used for a notebook running DOS or NetWare The LAN diagnostics pr...

Страница 21: ...vate or Connect to start the connection process If no mobile configuration has been created MCM lets you create a new one by importing configurations developed by your system administrator or creating a new configuration 3Com Diagnostics The 3Com Firewall PC Card with 10 100 LAN uses two types of network card diagnostics programs a Windows based diagnostics program and a DOS based diagnostics prog...

Страница 22: ...s client running on the same network This client must have a successfully installed Windows diagnostics program that is currently not running A NetWare server running on the same network A DHCP server running on the same network NOTE Click Help to obtain general information about the function of a screen To obtain specific information about any topic on a screen click the question mark in the uppe...

Страница 23: ...rd Test to check the physical components connectors and circuitry on the network card 1 On the Diagnostics screen click Run NIC Test The NIC Test screen appears 2 Click Perform NIC Test While the test is running a progress bar indicates test progress If the test passes the network card is functioning correctly If the test fails a message indicates the error type Click Help in the error message scr...

Страница 24: ...nu 3 Select Programs and then 3Com NIC Utilities 4 Click 3Com NIC Doctor The 3Com network card Diagnostics General screen appears 5 Click the Statistics tab The Statistics screen appears The information is updated by the card driver every 5 seconds For a description of each statistic click the question mark in the upper right corner of the screen drag it over a statistic and click once A pop up bo...

Страница 25: ...Add Remove Programs Wizard in Windows For instructions on using the Add Remove Programs Wizard in Windows see your Windows documentation 3Com Connection Assistant The 3Com Connection Assistant is interactive software that gives you an easy to use diagnostic and repair tool Using this tool makes troubleshooting easier and helps you quickly resolve problems Go to Start Programs 3Com NIC Utilities 3C...

Страница 26: ...lso supplies solutions if a problem is detected with your 3Com network interface card List Solutions Contains a list of relevant topics for you reference Network Settings Provides detailed information about your network Search Locate topics and solutions 3Com Launcher The 3Com Launcher is a utility that allows you to start 3Com applications from a single source on your screen When the 3Com Launche...

Страница 27: ...ncryption which is a framework of open standards for ensuring secure private communications over IP networks IPSec ensures confidentiality integrity access control and authenticity of data communications across a public IP network Offloading Encryption Processing You can configure two or more computers running Windows 2000 and Windows XP to perform IPSec encryption by changing the local security s...

Страница 28: ...24 CHAPTER 5 DATA ENCRYPTION OFFLOAD ...

Страница 29: ...vice provides access to online support information such as technical documentation and a software library as well as support options that range from technical education to maintenance and professional services 3Com Knowledgebase Web Services The 3Com Knowledgebase is a database of technical information to help you install upgrade configure or support 3Com products The Knowledgebase is updated dail...

Страница 30: ...ch as Netscape Navigator and Internet Explorer you do not need a user name and password 3Com Connection Assistant The 3Com Connection Assistant is interactive software that gives you an easy to use diagnostic and repair tool Using this tool makes troubleshooting easier and helps you quickly resolve problems Go to Start Programs 3Com NIC Utilities 3Com Connection Assistant to find the utility By us...

Страница 31: ...ision levels Diagnostic error messages Details about recent configuration changes if applicable Returning Products for Repair Before you send a product directly to 3Com for repair you must first obtain an authorization number Products sent to 3Com without authorization numbers will be returned to the sender unopened at the sender s expense To obtain an authorization number go to the Web site liste...

Страница 32: ...A Technical Support 28 ...

Страница 33: ...H Medium Authentication only ESP High Authentication and encryption Custom Varies Provides encryption and an extra authentication that includes the IPheader Custom allows you to select options for both AH and ESP such as MD SHA 1 and DES 3DES and you can select the rate at which new keys are negotiated Microsoft uses IKE key exchange to renew keys every x seconds or y bytes You may want to set the...

Страница 34: ...IP Security Policies on Local Machine 2 Right click inside the right pane below the list items 3 From the pop up menu select Create IP Security Policy The IP Security Policy Wizard starts 4 Click Next The IP Security Policy Name screen appears 5 Enter a name for the new security policy that you are creating and if you wish a description that identifies the policy 6 Click Next The Requests for Secu...

Страница 35: ...sequence attaches the new filter to the policy The IP Filter List screen appears 1 Enable the option for the new filter name and make sure the new filter name is selected 2 Click Next Creating the Filter Action This sequence defines how the filter acts on the policy The Filter Action screen appears 1 Click Add The Filter Action Wizard starts 2 Click Next The Filter Action Name screen appears 3 Ent...

Страница 36: ...reated when you save the policy in the previous step Enabling Encryption An encryption policy must exist in the Console Root IP Security Policies on the Local Machine screen before you can enable encryption on the 3Com FIrewall PC Card with 10 100 LAN To enable encryption 1 Right click the desired policy icon in the right pane of the screen 2 Select Assign 3 A green plus symbol appears on the poli...

Страница 37: ...ceived including interference that may cause undesired operation INDUSTRY CANADA ICES 003 This Class B digital apparatus meets all requirements of the Canadian Interference Causing Equipment Regulations AVIS DE CONFORMITÉ À LA RÉGLEMENTATION D INDUSTRIE CANADA Cet appareil numérique de la classe B est conform à la norme NMB 003 du Canada SAFETY This equipment has been tested and certified accordin...

Страница 38: ... product based on the standard of the Voluntary Control Council for Interference from information Technology Equipment VCCI If this is used near a radio or television receiver in a domestic environment it may cause radio interference Install and use the equipment according to the instruction manual Manual version 2 0 August 15 2002 ...

Отзывы:

Нет отзывов

Похожие инструкции для 3CRFW102

FortiWiFi FortiWiFi-60A

Бренд: Fortinet Страницы: 2

Бренд: Forcepoint Страницы: 12

DIR-330 - Wireless G VPN Router

Бренд: D-Link Страницы: 112

Бренд: D-Link Страницы: 16

DFL-700 - Security Appliance

Бренд: D-Link Страницы: 12

DFL-800 - Security Appliance

Бренд: D-Link Страницы: 23

DFL-800 - Security Appliance

Бренд: D-Link Страницы: 32

DFL-700 - Security Appliance

Бренд: D-Link Страницы: 138

Бренд: D-Link Страницы: 147

Бренд: D-Link Страницы: 948

Бренд: D-Link Страницы: 4

Бренд: D-Link Страницы: 131

Proventia GX5000 Series

Бренд: IBM Страницы: 3

Бренд: IBM Страницы: 2

Бренд: IBM Страницы: 7

Бренд: Fortinet Страницы: 54

NPort 6150 Series

Бренд: Moxa Technologies Страницы: 2

Бренд: ZyXEL Communications Страницы: 2

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды