background image

3Com Corporation  

  5400 Bayfront Plaza  

  Santa Clara, California 

 95052-8145

Copyright © 2000, 3Com Technologies. All rights reserved. No part of this documentation may be 
reproduced in any form or by any means or used to make any derivative work (such as translation, 
transformation, or adaptation) without written permission from 3Com Technologies.

3Com Technologies reserves the right to revise this documentation and to make changes in content 
from time to time without obligation on the part of 3Com Technologies to provide notification of such 
revision or change.

3Com Technologies provides this documentation without warranty, term, or condition of any kind, 
either implied or expressed, including, but not limited to, the implied warranties, terms or conditions of 
merchantability, satisfactory quality, and fitness for a particular purpose. 3Com may make 
improvements or changes in the product(s) and/or the program(s) described in this documentation at 
any time.

If there is any software on removable media described in this documentation, it is furnished under a 
license agreement included with the product as a separate document, in the hard copy documentation, or 
on the removable media in a directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to 
locate a copy, please contact 3Com and a copy will be provided to you.

UNITED STATES GOVERNMENT LEGEND

If you are a United States government agency, then this documentation and the software described 
herein are provided to you subject to the following: 

All technical data and computer software are commercial in nature and developed solely at private 
expense. Software is delivered as “Commercial Computer Software” as defined in DFARS 
252.227-7014 (June 1995) or as a “commercial item” as defined in FAR 2.101(a) and as such is 
provided with only such rights as are provided in 3Com’s standard commercial license for the Software. 
Technical data is provided with limited rights only as provided in DFAR 252.227-7015 (Nov 1995) or FAR 
52.227-14 (June 1987), whichever is applicable. You agree not to remove or deface any portion of any 
legend provided on any licensed program or documentation contained in, or delivered to you in 
conjunction with, this User Guide.

Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or 
may not be registered in other countries.

3Com, the 3Com logo, and OfficeConnect are registered trademarks of 3Com Corporation. 

Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Netscape 
Navigator is a registered trademark of Netscape Communications. Novell and NetWare are registered 
trademarks of Novell, Inc. UNIX is a registered trademark in the United States and other countries, 
licensed exclusively through X/Open Company, Ltd. CyberNOT is a registered trademark of Learning 
Company Properties Inc. 

All other company and product names may be trademarks of the respective companies with which they 
are associated.

Содержание OfficeConnect 3C16771

Страница 1: ...com OfficeConnect Internet Firewall User Guide OfficeConnect Internet Firewall 25 3C16770 OfficeConnect Internet Firewall DMZ 3C16771 OfficeConnect Web Site Filter 3C16772 Part No DUA1677 0AAA03 Publi...

Страница 2: ...tates government agency then this documentation and the software described herein are provided to you subject to the following All technical data and computer software are commercial in nature and dev...

Страница 3: ...from the Internet 22 Automatic IP Address Sharing and Configuration 22 2 INSTALLING THE HARDWARE Important Safety Information 23 Wichtige Sicherheitshinweise 24 Consignes Importantes de S curit 25 Be...

Страница 4: ...ternet Firewall DMZ only 58 Setting up the DHCP Server 60 Viewing the DHCP Server Status 63 Diagnostic Tools 63 DNS Name Lookup 64 Find Network Path 65 Ping 66 Packet Trace 67 Technical Support Report...

Страница 5: ...of Installing a Proxy Server 112 Specifying Intranet Settings 113 Installing the Internet Firewall to Protect the Intranet 114 Configuring the Internet Firewall to Protect the Intranet 115 Intranet W...

Страница 6: ...IONAL DIRECT CONNECTION Introduction 135 Direct Connection Instructions 135 D IP PORT NUMBERS Introduction 137 Well Known Port Numbers 137 Registered Port Numbers 137 E EXAMPLE CONFIGURATIONS Introduc...

Страница 7: ...CAL SUPPORT Online Technical Services 167 World Wide Web Site 167 3Com Knowledgebase Web Services 168 3Com FTP Site 168 3Com Facts Automated Fax Service 168 Support from Your Network Supplier 168 Supp...

Страница 8: ......

Страница 9: ...OfficeConnect Internet Firewall DMZ supports up to 100 users on the LAN In addition the OfficeConnect Internet Firewall DMZ has a Demilitarized Zone DMZ port Servers and workstations attached to this...

Страница 10: ...ow to Use This Guide Table 1 shows where to look for specific information in this guide Table 1 Where to find specific information If you are looking for Turn to A description of the Internet Firewall...

Страница 11: ...resetting the Internet Firewall Appendix G Information about obtaining Technical Support Appendix H Table 1 Where to find specific information continued If you are looking for Turn to Table 2 Notice...

Страница 12: ...ts information as it appears on the screen Commands The word command means that you must enter the command exactly as shown and then press Return or Enter Commands appear in bold Example To remove the...

Страница 13: ...s that provides Internet access to individuals or organizations Internet Firewall Used in this guide to refer to both the OfficeConnect Internet Firewall 25 and the OfficeConnect Internet Firewall DMZ...

Страница 14: ...ons no other clients can make genuine connections to that server UTC stands for Universal Time Co ordinated and is the standard time common to all places in the world It is also commonly referred to a...

Страница 15: ...Guide 15 Example OfficeConnect Internet Firewall User Guide Part Number DUA1677 1AAA02 Page 24 Do not use this e mail address for technical support questions For information about contacting Technica...

Страница 16: ...16 ABOUT THIS GUIDE...

Страница 17: ...ow a private Local Area Network LAN to be securely connected to the Internet You can use the Internet Firewall to Prevent theft destruction and modification of data Filter incoming data for unsafe or...

Страница 18: ...ed from hacker attacks Users on the secure LAN port can also access servers on the DMZ port Internet Firewall Security Functions Figure 1 and Figure 2 illustrate security functions on the Internet Fir...

Страница 19: ...ures This section lists the features of the Internet Firewall Firewall Security The OfficeConnect Internet Firewall is preconfigured to monitor Internet traffic and detect and thwart Denial of Service...

Страница 20: ...t Figure 2 Internet Firewall DMZ Security Functions The Internet Firewall uses stateful packet inspection to determine if a data packet from the Internet is allowed through to the private LAN This is...

Страница 21: ...ackers may use the technologies to steal or damage data The Internet Firewall can block these potentially damaging applications from being downloaded from the Internet or allow them only from trusted...

Страница 22: ...g and Configuration The Internet Firewall provides sharing of a single public IP address through Network Address Translation NAT It also provides simplified IP address administration using the Dynamic...

Страница 23: ...formationen sorgf ltig durch bevor Sie das Ger t einschalten AVERTISSEMENT Veuillez lire attentivement la section Consignes importantes de s curit avant de mettre en route See Appendix A for informati...

Страница 24: ...h problem solving actions in this guide contact your supplier Disconnect the power adapter before moving the unit WARNING RJ 45 ports These are shielded RJ 45 data sockets They cannot be used as telep...

Страница 25: ...Anschl sse Dies sind abgeschirmte RJ 45 Datenbuchsen Sie k nnen nicht als Telefonanschlu buchsen verwendet werden An diesen Buchsen d rfen nur RJ 45 Datenstecker angeschlossen werden Consignes Import...

Страница 26: ...VERTISSEMENT Ports RJ 45 Il s agit de prises femelles blind es de donn es RJ 45 Vous ne pouvez pas les utiliser comme prise de t l phone Branchez uniquement des connecteurs de donn es RJ 45 sur ces pr...

Страница 27: ...a flat surface 2 Fit the clip across the top of the Internet Firewall as shown in Figure 3 picture 1 making sure that the longer sections of the fastening piece are pointing downwards 3 Align the fas...

Страница 28: ...acing upwards to prevent dust entering the cooling vents When wall mounting the Internet Firewall make sure that it is within reach of the power outlet You need two suitable screws Make sure that the...

Страница 29: ...ing LEDs Alert LED Orange alerts you to the following A failure in the self test the Internet Firewall runs when switched on Potential attacks on your network An attempt to access a restricted Web sit...

Страница 30: ...Panel The Internet Firewall 25 does not have a DMZ port The Internet Firewall rear panel contains the following Power Adapter socket Only use the power adapter supplied with the Internet Firewall Do n...

Страница 31: ...plink Unless you are configuring the Internet Firewall DMZ for intranet support devices on the WAN port are not directly accessible by users on the LAN Do not attach servers or any device other than t...

Страница 32: ...of its Ethernet port If it has an MDIX normal configuration then you can use a standard 10BASE T cable Otherwise you must use a crossover cable See Appendix A for more information about the cable pin...

Страница 33: ...t see Chapter 6 for troubleshooting information The Internet Firewall is now attached to the network By default no traffic that originates from the Internet is allowed onto the LAN and all communicati...

Страница 34: ...34 CHAPTER 2 INSTALLING THE HARDWARE...

Страница 35: ...Firewall on a label on the underside of the unit Initial Configuration using the Internet Firewall Wizard Please refer to the Quick Start Guide for information on how to connect to your Internet Fire...

Страница 36: ...Internet Firewall Wizard You need the following information about IP addressing on your network You may be able to obtain this information from the Internet Service Provider ISP that you use to connec...

Страница 37: ...nds on whether you have decided to use the Internet Firewall as a DHCP server or to retain an existing DHCP server If you are using the Internet Firewall as a DHCP server you will now need to set all...

Страница 38: ...ploads for example Netscape version 4 or above or Internet Explorer version 4 or above If the browser does not support HTTP uploads you cannot use certain features such as updating the software and up...

Страница 39: ...top of the browser window The Login dialog box is displayed Figure 7 Login dialog box b In the User Name field type the default user name admin c In the Password field type the default password passwo...

Страница 40: ...Z subnet masks from a remote DHCP server on the WAN If you use a modem to connect to the Internet you may have to use this setting because some modem ISPs implement DHCP in their service This is the d...

Страница 41: ...s on page 50 for more information about the Network Addressing Mode 4 Configure password settings a From the main screen see Figure 8 select Set Password A window similar to the following is displayed...

Страница 42: ...s displayed Figure 10 Set Date and Time dialog box b Type the time in 24 hour format c Click Update to send the configuration data to the Internet Firewall 6 Restart the Internet Firewall a Click Tool...

Страница 43: ...stem 8 Review the status of the Internet Firewall a When the Internet Firewall has restarted log in again see step 2 using the new administrator password you set up in step 4 b From the Home screen se...

Страница 44: ...make a note of the registration code c On the main screen select Unit Status A message is displayed stating that the Internet Firewall is not registered d Type the registration code you were given int...

Страница 45: ...u access these command functions using a Web browser to launch the management interface This chapter is divided into sections dedicated to the major windows and functions within the Web management int...

Страница 46: ...ll DMZ Any problems will be listed in red text For example if the Internet router was not contacted or the default password was not changed this would be listed Items listed in red require immediate c...

Страница 47: ...time common to all places in the world It is also commonly referred to as Greenwich Mean Time or World Time Many ISPs require firewall logs to be recorded to UTC or within a fraction of it as tracking...

Страница 48: ...eck the box labelled Automatically adjust clock for daylight saving changes You can also specify that UTC is used in your logs rather than the time in your location this may be a requirement of some I...

Страница 49: ...1 In the Old Password box type the old password 2 In the New Password and Confirm New Password boxes type the new password 3 Click Update to send the configuration data to the Internet Firewall If you...

Страница 50: ...to display the Network Settings window A window similar to that in Figure 16 is displayed Figure 16 Network Settings Window Network Addressing Mode The Network Addressing Mode drop down list contains...

Страница 51: ...for configuration and monitoring Choose a unique IP address from the LAN address range LAN Subnet Mask This value is used to determine what subnet an IP address belongs to An IP address has two compo...

Страница 52: ...ecause all the addresses on the LAN are invisible to the outside world In cases where a network uses invalid IP addresses or if addresses are in short supply NAT can be used to connect the LAN to the...

Страница 53: ...ose a unique IP address from the LAN address range LAN Subnet Mask This value is used to determine what subnet an IP address belongs to An IP address has two components the network address and the hos...

Страница 54: ...the DNS Servers These servers are used by the Internet Firewall to lookup the addresses of machines used to download the Web Site Filter and for the built in DNS Lookup tool Type the required values...

Страница 55: ...nge LAN Subnet Mask This value is used to determine what subnet an IP address belongs to An IP address has two components the network address and the host address For example consider the IP address 1...

Страница 56: ...to look up the addresses of machines used to download the Web Site Filter and for the built in DNS Lookup tool Type the required values and click Update to send the configuration data to the Internet...

Страница 57: ...ask This value is used to determine what subnet an IP address belongs to An IP address has two components the network address and the host address For example consider the IP address 192 168 228 17 As...

Страница 58: ...g DMZ Addresses Internet Firewall DMZ only The Internet Firewall provides security by preventing Internet users from accessing machines inside the LAN This security however also prevents users from re...

Страница 59: ...addresses for the DMZ individually or as a range Type an individual address in the From Address box To enter a range of addresses such as the 51 IP addresses from 199 168 23 50 to 199 168 23 100 type...

Страница 60: ...anagement of IP client configurations including IP addresses gateway address DNS address and more Enable DHCP Server Click this check box to enable or disable the DHCP server This is disabled by defau...

Страница 61: ...n IP address belongs to Domain Name Type the registered domain name for the network in the Domain Name box for example 3Com com If you do not have a Domain Name leave this blank DNS Servers A DNS Serv...

Страница 62: ...gured when they boot Dynamic BootP clients are BootP clients that do not have an IP address assigned to their MAC address They are similar to DHCP clients with the exception that leases are not suppor...

Страница 63: ...urrent bindings IP and MAC address of the bindings Type of binding Dynamic Dynamic BootP or Static BootP To delete a binding which frees the IP address in the DHCP server select the binding from the l...

Страница 64: ...that returns the numerical IP address of a host name Select DNS Name Lookup from the Choose a diagnostic tool menu A window similar to that in Figure 23 is displayed Type the host name to lookup in th...

Страница 65: ...re is a problem with the configuration of the network or intranet settings Find Network Path also shows if the target node is behind a router and the Ethernet address of the target node or router Find...

Страница 66: ...e Internet back to the sender This test shows if the Internet Firewall is able to contact the remote host If users on the LAN are having problems accessing services on the Internet try pinging the DNS...

Страница 67: ...Packet Trace Use the Packet Trace tool to track the status of a data packet or communications stream as it moves from source to destination This is a useful tool to determine if a packet or communicat...

Страница 68: ...Trace on IP address box not a host name such as www 3Com com 3 Click Refresh to display the packet trace information 4 Click Stop to terminate the packet trace and Reset to clear the results Technica...

Страница 69: ...Figure 27 Tech Support Report Window Click Save Report to save the report as a text file to the local disk Filter Settings Click Filter and then select the Settings tab A window similar to that in Fig...

Страница 70: ...at you can choose to allow access to ActiveX ActiveX is a programming language that is used to embed small programs in Web pages It is generally considered an insecure protocol to allow into a network...

Страница 71: ...on the LAN Blocking Options The following is a list of the blocking options Log and Block Access When selected the Internet Firewall logs and blocks access to all sites on the Web Site Filter custom a...

Страница 72: ...plete access to the Internet Similar policies could be enabled to allow employees complete access to the Internet after normal business hours Time of Day restrictions only apply to the Web Site Filter...

Страница 73: ...ses are used for all Internet filtering functions for several reasons There are two reasons for this Many blocked sites operate server pools where many machines service a single host name making it im...

Страница 74: ...ption is required If Filter List Not Loaded There are two radio buttons that determine what happens if the Filter List expires or if a download of a Filter List fails Block traffic to all websites exc...

Страница 75: ...termined by the radio buttons described above Keywords Click Filter and then select the Keywords tab A window similar to that in Figure 30 is displayed Figure 30 Keywords Window You can block Web URLs...

Страница 76: ...ng check box and click Update To add a keyword in the Add Keyword box type the keyword to block and click Update To remove a keyword select it from the list and click Delete Keyword Custom List This f...

Страница 77: ...the Internet Firewall To block a Web site which does not appear in the Web Site Filter type its host name such as www bad site com into the Forbidden Domains box Do not use the complete URL of the sit...

Страница 78: ...o display when a site is blocked When a user attempts to access a site that is blocked by the Web Site Filter a message is displayed on their screen The default message is Web Site Blocked by 3Com Off...

Страница 79: ...lined in an organization s Acceptable Use Policy before you allow them to browse the Web any further Click Filter and then select the Consent tab A window similar to that in Figure 32 is displayed Fig...

Страница 80: ...create this page in HTML It may contain the text from or links to the Acceptable Use Policy AUP You must include in this page links to two pages contained in the Internet Firewall which when selected...

Страница 81: ...page contained in the Internet Firewall which when selected tell the Internet Firewall that the user wishes to have filtering enabled The link must be 192 168 1 254 iAcceptFilter html Use the Web Addr...

Страница 82: ...uch as an attack on a server you can specify that this information is immediately e mailed either to the main e mail address used by the log or to a different address such as a paging service The Inte...

Страница 83: ...on and review the log with an e mail client rather than with a Web browser Each log entry contains the date and time of the event and a brief message describing the event Some entries contain addition...

Страница 84: ...lence profanity b Partial nudity c Full nudity d Sexual acts e Gross depictions f Intolerance g Satanic cult h Drug culture i Militant extremist j Sex education k Gambling illegal l Alcohol tobacco Se...

Страница 85: ...true for SYN Flood attacks If the log message calls the attack possible or it only happens on an irregular basis then there is probably no attack in progress If the log message calls the attack proba...

Страница 86: ...e for download See Upgrading the Software on page 96 for more information If there is a new software release an e mail notification is sent to this address Send Alerts To Alerts are events such as an...

Страница 87: ...d then clears the log Clear Log Now Deletes the contents of the log Send Log This pop up menu is used to configure the frequency of log messages being sent as e mail daily weekly or only when the log...

Страница 88: ...cked by the Web Site Filter by keyword or for any other reason are generated This is enabled by default Blocked Java ActiveX and Cookies When enabled log messages showing Java ActiveX and Cookies whic...

Страница 89: ...ow see page 85 Attacks When enabled all log entries that are categorized as an Attack are generated as an alert message This is enabled by default System Errors When enabled all log entries that are c...

Страница 90: ...window similar to that in Figure 35 is displayed Figure 35 Reports Window Start Data Collection By default the log analysis function is disabled Click Start Data Collection to begin log analysis When...

Страница 91: ...electing Bandwidth Usage by IP Address from the Report to view drop down list displays a table showing the IP Address of the 25 top users of Internet bandwidth and the number of megabytes transmitted...

Страница 92: ...t command to the Internet Firewall The restart takes about 90 seconds during which time the Internet Firewall cannot be reached from the Web browser and all network traffic through it is halted If you...

Страница 93: ...re 37 is displayed Figure 37 Configuration Window Use the Configuration tab to specify where the settings for the Internet Firewall are saved to and retrieved from for backup purposes You can also res...

Страница 94: ...dow similar to that in Figure 38 is displayed Figure 38 Export Window Choose the location to save the settings file This should be saved as Filename exp This defaults to internetfirewall exp The proce...

Страница 95: ...r the settings to take effect see page 92 Make sure that the Web browser supports HTTP uploads If it does not you cannot import the saved settings Note that this will not change the password for the u...

Страница 96: ...e Internet Firewall s settings before uploading new software and then import them again after the upgrade has been completed The Internet Firewall checks to see if new software is available for downlo...

Страница 97: ...Send email when new firmware is available check box 2 Click Update To load the new firmware 1 Click Upload Firmware Now A window similar to that in Figure 41 is displayed Figure 41 Save Settings Wind...

Страница 98: ...ts HTTP uploads When uploading the firmware to an Internet Firewall it is important not to interrupt the Web browser by closing the window clicking a link loading a new page or removing the power to t...

Страница 99: ...le showing the defined Network Access Rules Rules are sorted from the most specific at the top to the most general at the bottom At the bottom of the table is the Default rule The Default rule is all...

Страница 100: ...t of the check box there is a Custom Rule in the Rules tab section that modifies the behavior of the listed Network Access Rule The LAN In column is not displayed if NAT is enabled DMZ In If you are u...

Страница 101: ...security risks You can increase the timeout interval if users frequently complain of dropped connections in applications such as Telnet and FTP Click Update to send the configuration data to the Inter...

Страница 102: ...single service Up to 128 entries are supported To add support for a well known service by name 1 Select the name of the service from the Add a known service drop down list 2 Click Add The new service...

Страница 103: ...n of the service Policy Rules Network Access Rules evaluate network traffic s source IP address destination IP address and IP protocol type to decide if the IP traffic is allowed to pass through the f...

Страница 104: ...ule The following are examples of intent for rules This rule will restrict all IRC access from the LAN to the Internet This rule will allow a remote Lotus Notes server to synchronize over the Internet...

Страница 105: ...this rule allow Internet users access to resources on the LAN in a manner that may create an undue security vulnerability For example if NetBIOS ports UDP 137 138 139 are allowed from the Internet to...

Страница 106: ...the Network Access Rule s destination port LAN WAN or DMZ if appropriate from the Ethernet menu If there are IP address restrictions on the destination of the traffic such as limiting Telnet to a rem...

Страница 107: ...LAN from the Source Ethernet list 4 Since all computers on the LAN are to be affected enter in the Source Addr Range Begin box 5 Select WAN from the Destination Ethernet menu 6 Since the intent is to...

Страница 108: ...et list 4 Enter the starting IP address of the ISP s network in the Source Addr Range Begin box and the network s ending IP address in the Source Addr Range Begin box 5 Select WAN from the Destination...

Страница 109: ...ntains a list of all currently defined users In addition there is an entry at the top of the list labeled New User To add a new user 1 Highlight the Add New User entry 2 In the User Name box type the...

Страница 110: ...same as typing Password To change a user s password or privileges 1 Highlight the name in the scrollable box 2 Make the changes 3 Click Update User To delete a user highlight the name and click Remove...

Страница 111: ...s the request to the server Returns the requested information to the user Saves it locally to fulfill future requests Because of this a proxy can improve Internet response and lessen the load on the I...

Страница 112: ...er the IP address of the proxy in the Proxy Web Server Address box and the proxy s IP port in the Proxy Web Server Port box Click Update to send the configuration data to the Internet Firewall Example...

Страница 113: ...en select the Proxy Relay tab b Configure the Web proxy relay See Automatic Proxy Forwarding on page 111 for more information Web traffic is directed to the proxy which fulfills all requests without r...

Страница 114: ...ect the intranet Installing the Internet Firewall to Protect the Intranet 1 Connect the Ethernet port labeled LAN on the back of the Internet Firewall to the network segment that will be protected aga...

Страница 115: ...nes You can do this in two ways Inclusively by specifying which machines are members of the segment with restricted access Exclusively by specifying which machines are not members of the segment with...

Страница 116: ...Window Boxes and Controls Internet Firewall s WAN link is connected directly to the Internet router Use this setting if the Internet Firewall is protecting the entire network This is the default sett...

Страница 117: ...indow Use static routes if the LAN is segmented into subnets either for size or practical considerations For example you can create a subnet which only contains an organization s graphic design shop i...

Страница 118: ...id external addresses to internal addresses hidden by NAT Machines with an internal address may be accessed at the corresponding external valid IP address To create this relationship between internal...

Страница 119: ...ddress Correspondence in One to One NAT LAN Address Corresponding WAN Address Accessed Through 192 168 1 1 209 19 28 16 Inaccessible NAT Public IP Address 192 168 1 2 209 19 28 17 Accessed at 209 19 2...

Страница 120: ...ress of the public address range being mapped in the Public Range Begin box This address is assigned by the ISP Range Length Type the number of IP addresses for the range The range length may not exce...

Страница 121: ...e 3Com OfficeConnect Web Site Filter is provided as a 12 month subscription and can be automatically updated weekly to ensure that the filter keeps pace with the ever changing Internet The OfficeConne...

Страница 122: ...y or all portions of the human genitalia Please note The Partial Nudity and Full Nudity categories do not include sites containing nudity or partial nudity of a non prurient nature For example web sit...

Страница 123: ...al use of drugs for entertainment Includes substances used for other than their primary purpose to alter the individual s state of mind such as glue sniffing This category does not include material ab...

Страница 124: ...infringement computer hacking phreaking using someone s phone lines without permission and software piracy Also includes text advocating gambling relating to lotteries casinos betting numbers games on...

Страница 125: ...serial number 4 In the Activation Key box type the key supplied with the Web Site Filter 5 Click Activate After a short while a message confirming the subscription s activation is displayed in the Web...

Страница 126: ...126 CHAPTER 5 THE OFFICECONNECT WEB SITE FILTER ACTIVATION...

Страница 127: ...ng Make sure that all equipment is switched on Switch off the Internet Firewall wait approximately 5 seconds and then switch it back on Wait for the Power LED to stop flashing approximately 90 seconds...

Страница 128: ...on and off Make sure the wiring follows the 10BASE T specification See Pinout Diagrams on page 131 for more information Try replacing the cable with a known good cable Is it the correct cable Try usin...

Страница 129: ...ity reasons the Internet Firewall sends a slightly different Authentication page each time you log in to the management interface If the password you use does not allow access to the Internet Firewall...

Страница 130: ...the Internet Firewall does not save the changes that you make make sure that you click Update before moving to another window or tab or all changes are lost Duplicate IP Address Errors Are Occurring...

Страница 131: ...e OfficeConnect Internet Firewall supports the following cable types and maximum lengths 10BASE T Twisted Pair Maximum cable length of 100 m 327 86 ft Pinout Diagrams Table 5 shows the pinouts connect...

Страница 132: ...132 APPENDIX A CABLE SPECIFICATIONS AND PINOUT DIAGRAM Figure 52 Twisted Pair Pinouts...

Страница 133: ...185 x 54 mm 9 12 x 7 3 x 2 1in Weight 870 g 1 9 lbs Standards Functional ISO 8802 3 IEEE 802 3 Safety UL 1950 EN 60950 CSA 22 2 950 IEC 950 EMC EN 55022 Class B EN 50082 1 FCC Part 15 Class B ICES 003...

Страница 134: ...134 APPENDIX B TECHNICAL SPECIFICATIONS AND STANDARDS See Electromagnetic Compatibility on page 182 for conditions of operation...

Страница 135: ...from the factory with a default password It is critical to change this password during the initial configuration of the firewall Unfortunately the default password can only provide limited protection...

Страница 136: ...adapter other than the one supplied with the Internet Firewall 4 Wait for the Power LED to stop flashing This takes approximately 90 seconds 5 Follow the initial configuration steps as described in Ch...

Страница 137: ...only be used by system processes or by programs executed by privileged users Many popular services such as Web FTP SMTP POP3 e mail DNS and so forth operate in this range The assigned ports use a sma...

Страница 138: ...138 APPENDIX D IP PORT NUMBERS The Registered Ports are in the range 1024 65535 Visit http www normos org ietf rfc rfc1700 txt for a list of IP port numbers...

Страница 139: ...rmation in the rest of this manual and also how some of the more advanced features can be set up and be beneficial to you The examples themselves are hypothetical and so you should not try using any o...

Страница 140: ...activate at the same time that you set up the Internet Firewall 25 This one year subscription is additional to the 30 day free subscription supplied with the Internet Firewall The IP addresses are in...

Страница 141: ...ctly to one PC from which you intend to manage the Internet Firewall 25 the management station If the Internet Firewall 25 is connected directly to one PC then this reduces the risk of another user on...

Страница 142: ...word password Passwords are case sensitive d Click Login 5 When you have logged in successfully the main screen of the management interface for the Internet Firewall 25 is displayed From here configur...

Страница 143: ...LAN subnet mask of 255 255 255 0 c In the WAN Router Address field type 172 16 54 1 as supplied by the ISP d In the DNS Server 1 field type 172 16 54 253 and click Update The settings are updated and...

Страница 144: ...et Firewall 25 restarts c Restore the IP address and subnet mask of your management station to 172 16 58 15 subnet mask 255 255 255 0 and reboot if required 10 When the Internet Firewall 25 has restar...

Страница 145: ...he IP address of the mail server to send out logs and alerts To find out the IP address a Click Network on the button bar and select the Diagnostics tab b From the drop down list select DNS Name Looku...

Страница 146: ...ess is selected and click Block all categories Click Update Increasing the number of IP addresses available using NAT In this example you also have 16 IP addresses assigned statically by the ISP Howev...

Страница 147: ...Internet Firewall DMZ so that the servers are accessible from the Internet but are protected from attacks The server access can be logged and monitored All the other PCs are on the LAN port and so ca...

Страница 148: ...ses NAT so to make sure that the same subnet is used change the TCP IP settings for the network card refer to the user guide for your operating system for further instructions on how to do this a For...

Страница 149: ...ne from the drop down list at the top of the screen If you can t find your city use one with the correct offset from GMT all are covered c Here you want to use Network Time Protocol to set the Firewal...

Страница 150: ...stration form and make a note of the registration code that you are given on completion 11 Set up access to the server machines connected to the DMZ ports Run the Internet Firewall DMZ management inte...

Страница 151: ...address that you want to appear on the WAN side 172 20 54 212 d In the Range Length box type 3 because there are 3 PCs that you want to be visible on the Internet Click Update Table 6 shows how the a...

Страница 152: ...rovide dial up connectivity and an Internet Firewall 25 for security In this example you have an account with an ISP for the dial up connection This account offers one IP address configured dynamicall...

Страница 153: ...es the Internet Firewall before you have changed the default password 2 Switch on the Internet Firewall 25 and check the LEDS a Wait for the Power LED to stop flashing approximately 90 seconds b Make...

Страница 154: ...te and time The Internet Firewall 25 relies on this for logs reports and updates to the content filter list a Click Set Date Time on the Home screen b Select your time zone from the drop down list at...

Страница 155: ...eck box is selected and in the Client Default Gateway box type the Web address for the Internet Firewall 25 192 168 1 254 d Enter the IP addresses for the DNS servers into the DNS Server 1 and DNS Ser...

Страница 156: ...192 168 1 230 You do not need to change any other settings Click Update 12 Set up the web filtering so that users of the network can only access addresses on the domain 3Com com a Click Filter and the...

Страница 157: ...ww 3com com internetfirewall b Complete the registration form and make a note of the registration code c On the Home screen select Unit Status A message is displayed stating that the Internet Firewall...

Страница 158: ...158 APPENDIX E EXAMPLE CONFIGURATIONS...

Страница 159: ...dded to provide these services TCP stands for Transmission Control Protocol In TCP IP TCP works with IP to ensure the integrity of the data traveling over the network TCP IP is the protocol of the Int...

Страница 160: ...P addressing it is necessary to always use the entire number when communicating with other devices There are three classes of IP addresses A B and C Like a main business phone number that one can call...

Страница 161: ...gns local IP address numbers Subnet Mask As mentioned in IP Address on page 160 the IP addressing system allows creation of subnetworks or interchanges and device numbers or extensions within those su...

Страница 162: ...ty In complex networks with many subnetworks gateways keep traffic from traveling between different subnetworks unless addressed to travel there While this helps to keep overall network traffic more m...

Страница 163: ...le due to a lost password then you must completely reset your Internet Firewall CAUTION The reset procedure described below not only deletes all the settings from your Internet Firewall but also erase...

Страница 164: ...the firmware erased Reloading the Firmware Even when the firmware has been erased you can use a basic web management interface to get the Internet Firewall up and running again The Internet Firewall...

Страница 165: ...ct a firmware file type in the full file and path name of the firmware image that you want to upload to the unit Use the Browse button to locate the file if you are not sure of its location 3 Once you...

Страница 166: ...e you have logged into the management interface you may upload your saved settings file as described in Saving and Restoring Configuration Settings on page 93 Note that the administrator password is n...

Страница 167: ...ide product support 24 hours a day 7 days a week through the following online systems World Wide Web site 3Com Knowledgebase Web Services 3Com FTP site 3Com FactsSM Automated Fax Service World Wide We...

Страница 168: ...anonymous Password your Internet e mail address You do not need a user name and password with Web browser software such as Netscape Navigator and Internet Explorer 3Com Facts Automated Fax Service The...

Страница 169: ...n you contact 3Com for assistance have the following information ready Product model name part number and serial number A list of system hardware and software including revision levels Diagnostic erro...

Страница 170: ...nmark Finland France Germany Hungary Ireland Israel Italy Netherlands Norway Poland Portugal South Africa Spain Sweden Switzerland U K 0800 297468 0800 71429 800 17309 0800 113153 0800 917959 0800 182...

Страница 171: ...rs select option 2 and then option 2 Austria Belgium Denmark Finland France Germany Hungary Ireland Israel Italy Netherlands Norway Poland Portugal South Africa Spain Sweden Switzerland U K 0800 29746...

Страница 172: ......

Страница 173: ...vice 91 BCIQ statement 182 blocking categories 71 84 broadband modems 22 C cable modem Internet Firewall using with cable modem 35 cable specifications 131 Categories tab 69 clock setting 47 code arch...

Страница 174: ...irmware e mail notification 97 loading 97 lost 163 reloading 164 uploading 97 forbidden domains 77 front panel 29 G gateway default 162 H hardware warranty information 179 hardware installing 27 I IAN...

Страница 175: ...ic IP address 54 with DHCP Client option 40 network addressing mode 50 settings 50 network access rules 21 103 creating 104 examples 107 hierarchy 106 Network Address Translation See NAT network proto...

Страница 176: ...functions 18 extending 21 self diagnostic tests 33 166 services adding 101 deleting 103 setting admin password 49 clock 47 settings reloading 94 siting the Internet Firewall 28 software warranty info...

Страница 177: ...s advanced 21 deleting 110 Internet 18 LAN 18 using an OfficeConnect modem 152 V VCCI statement 182 View Log tab 83 W wall mounting the Internet Firewall 28 WAN LED 30 port 17 31 warranty information...

Страница 178: ...178 INDEX...

Страница 179: ...e at 3Com s option and expense to refund the purchase price paid by Customer for any defective software product or to replace any defective media with software which substantially conforms to applicab...

Страница 180: ...ninety 90 day period begins on the date of Customer s product purchase The telephone technical support is available from 3Com from 9 a m to 5 p m local time Monday through Friday excluding local holid...

Страница 181: ...Y REMEDY PROVIDED HEREIN SHALL FAIL OF ITS ESSENTIAL PURPOSE DISCLAIMER Some countries states or provinces do not allow the exclusion or limitation of implied warranties or the limitation of incidenta...

Страница 182: ...rrect the interference by one or more of the following measures Reorient the receiving antenna Relocate the equipment with respect to the receiver Move the equipment away from the receiver Plug the eq...

Отзывы: