User Guide
Page 5
... Viewing the DHCP Server Status 63 Using the Network Diagnostic Tools 64 Choosing a Diagnostic Tool 64 5 SETTING UP WEB FILTERING Changing the Filter Settings 67 Restricting the Web Features Available 68 Setting Blocking Options 69 Specifying the Categories to Filter 69 Specifying When Filtering Applies 70 Filtering Web Sites using a Custom List 70 Setting up Trusted and Forbidden Domains 71 Changing the Message to display when a site is blocked 72 Updating the Web Filter 73 Checking the Web Filter Status 73 Downloading an Updated Filter List 74 Setting Actions if no Filter List is Loaded...
... Viewing the DHCP Server Status 63 Using the Network Diagnostic Tools 64 Choosing a Diagnostic Tool 64 5 SETTING UP WEB FILTERING Changing the Filter Settings 67 Restricting the Web Features Available 68 Setting Blocking Options 69 Specifying the Categories to Filter 69 Specifying When Filtering Applies 70 Filtering Web Sites using a Custom List 70 Setting up Trusted and Forbidden Domains 71 Changing the Message to display when a site is blocked 72 Updating the Web Filter 73 Checking the Web Filter Status 73 Downloading an Updated Filter List 74 Setting Actions if no Filter List is Loaded...
User Guide
Page 6
... 92 Upgrading the Firewall Firmware 92 7 SETTING A POLICY Changing Policy Services 97 Amending Network Policy Rules 98 Changing NetBIOS Broadcast Settings 99 Enabling Stealth Mode 100 Allowing Fragmented Packets 100 Adding and Deleting Services 101 Editing Policy Rules 103 Viewing Network Policy Rules 103 Adding a New Rule 106 Restoring Rules to Defaults 106 Updating User Privileges 106 Establishing an Authenticated Session 108 Setting Management Method 109 Selecting Remote Management 110 Using the Firewall with the NBX 100 Business Telephone System 110 8 ADVANCED SETTINGS Automatic Proxy/Web...
... 92 Upgrading the Firewall Firmware 92 7 SETTING A POLICY Changing Policy Services 97 Amending Network Policy Rules 98 Changing NetBIOS Broadcast Settings 99 Enabling Stealth Mode 100 Allowing Fragmented Packets 100 Adding and Deleting Services 101 Editing Policy Rules 103 Viewing Network Policy Rules 103 Adding a New Rule 106 Restoring Rules to Defaults 106 Updating User Privileges 106 Establishing an Authenticated Session 108 Setting Management Method 109 Selecting Remote Management 110 Using the Firewall with the NBX 100 Business Telephone System 110 8 ADVANCED SETTINGS Automatic Proxy/Web...
User Guide
Page 7
... GroupVPN Security Association 138 Installing the IRE VPN Client Software 139 Configuring the IRE VPN Client 139 10 CONFIGURING HIGH AVAILABILITY Getting Started 141 Network Configuration for High Availability Pair 142 Configuring High Availability 142 Configuring High Availability on the Primary Firewall 143 Configuring High Availability on the Backup Firewall 144 Making Configuration Changes 145 Checking High Availability Status 146 High Availability Status Window 146 E-Mail Alerts Indicating Status Change 147 View Log 147 Forcing Transitions 148 III ADMINISTRATION AND TROUBLESHOOTING...
... GroupVPN Security Association 138 Installing the IRE VPN Client Software 139 Configuring the IRE VPN Client 139 10 CONFIGURING HIGH AVAILABILITY Getting Started 141 Network Configuration for High Availability Pair 142 Configuring High Availability 142 Configuring High Availability on the Primary Firewall 143 Configuring High Availability on the Backup Firewall 144 Making Configuration Changes 145 Checking High Availability Status 146 High Availability Status Window 146 E-Mail Alerts Indicating Status Change 147 View Log 147 Forcing Transitions 148 III ADMINISTRATION AND TROUBLESHOOTING...
User Guide
Page 11
... GUIDE Introduction This guide describes the following : I SuperStack 3 Firewall Web Site Filter 3C16111 This guide describes how to set up and maintain the SuperStack® 3 Firewall and how to install and use by the features a web site uses or content it provides. The Firewall acts as a secure barrier to protect a private LAN from hacker attacks from the information in this guide, follow the instructions in Adobe Acrobat Reader Portable Document Format (PDF) or HTML on a site...
... GUIDE Introduction This guide describes the following : I SuperStack 3 Firewall Web Site Filter 3C16111 This guide describes how to set up and maintain the SuperStack® 3 Firewall and how to install and use by the features a web site uses or content it provides. The Firewall acts as a secure barrier to protect a private LAN from hacker attacks from the information in this guide, follow the instructions in Adobe Acrobat Reader Portable Document Format (PDF) or HTML on a site...
User Guide
Page 12
... an application, system, or device. Appendix C Information about installing and setting up the Web Site Filter. A description of the Firewall's front and back panel displays and Chapter 2 connectors, and installation information. Information that describes important features or instructions. Appendix B Cable Specifications. Table 2 Notice Icons Icon Notice Type Description Information note Caution Warning Information that alerts you are used throughout this guide. Chapter 1 A description of the Firewall's features and example applications. Chapter...
... an application, system, or device. Appendix C Information about installing and setting up the Web Site Filter. A description of the Firewall's front and back panel displays and Chapter 2 connectors, and installation information. Information that describes important features or instructions. Appendix B Cable Specifications. Table 2 Notice Icons Icon Notice Type Description Information note Caution Warning Information that alerts you are used throughout this guide. Chapter 1 A description of the Firewall's features and example applications. Chapter...
User Guide
Page 13
... instruction simply says "type." Click OK. The Firewall has an extra port. Commands appear in this guide, you must enter the command exactly as shown and then press Return or Enter. Keyboard key names If you connect publicly-accessible servers and workstations to : I Emphasize a point. I Identify menu names, menu commands, and software button names. Terminology Terminology 13 Table 3 Text Conventions Convention Description Screen displays This typeface represents information as a Web or FTP server. Commands...
... instruction simply says "type." Click OK. The Firewall has an extra port. Commands appear in this guide, you must enter the command exactly as shown and then press Return or Enter. Keyboard key names If you connect publicly-accessible servers and workstations to : I Emphasize a point. I Identify menu names, menu commands, and software button names. Terminology Terminology 13 Table 3 Text Conventions Convention Description Screen displays This typeface represents information as a Web or FTP server. Commands...
User Guide
Page 15
... the SuperStack 3 Web Site Filter. It is a method of networking that server. VPN - stands for Universal Time Co-ordinated, and is where a client opens a connection with partially-open connections, no other clients can make our documentation more useful to you. Used in User Service. A type of leased lines. See Chapter 13, "Types of Attack and Firewall Defences" for accounting and access. They will help make genuine connections to that uses data encryption and the public internet to provide secure communications between sites...
... the SuperStack 3 Web Site Filter. It is a method of networking that server. VPN - stands for Universal Time Co-ordinated, and is where a client opens a connection with partially-open connections, no other clients can make our documentation more useful to you. Used in User Service. A type of leased lines. See Chapter 13, "Types of Attack and Firewall Defences" for accounting and access. They will help make genuine connections to that uses data encryption and the public internet to provide secure communications between sites...
User Guide
Page 23
... restrict LAN users from trusted sites. See "Filter Settings" on page 162 for more information. Web site technologies such as cookies and Java and ActiveX applets give enhancements to web pages, but hackers may use the optional SuperStack 3 Web Site Filter to extend these sites or log them only from accessing inappropriate information on the Internet. The Firewall is supplied with the latest URLs matching the selected categories. You can create a list of...
... restrict LAN users from trusted sites. See "Filter Settings" on page 162 for more information. Web site technologies such as cookies and Java and ActiveX applets give enhancements to web pages, but hackers may use the optional SuperStack 3 Web Site Filter to extend these sites or log them only from accessing inappropriate information on the Internet. The Firewall is supplied with the latest URLs matching the selected categories. You can create a list of...
User Guide
Page 24
... logging into the Firewall from the Internet. To download it point your connection must be seen as a high availability pair and configure the backup Firewall to send an alert message through an MD5-based encrypted authentication mechanism. 24 CHAPTER 1: INTRODUCTION purchase a twelve month Web Site Filter (3C16111) subscription. To use the High Availability function, connect another SuperStack 3 Firewall to the first as security concerns. It also provides simplified IP address Configuration administration using a Web...
... logging into the Firewall from the Internet. To download it point your connection must be seen as a high availability pair and configure the backup Firewall to send an alert message through an MD5-based encrypted authentication mechanism. 24 CHAPTER 1: INTRODUCTION purchase a twelve month Web Site Filter (3C16111) subscription. To use the High Availability function, connect another SuperStack 3 Firewall to the first as security concerns. It also provides simplified IP address Configuration administration using a Web...
User Guide
Page 51
...the menu structure General Network Filter Log Tools Policy Advanced VPN High Availability Unit Status Settings Settings View Log Restart Services Proxy Relay VPN Summary Configure Set Password DMZ Address Custom List Log Settings Configuration Add Service Intranet VPN Configure Set Time DHCP Server Filter Update Reports Upgrade Policy Rules Static Routes RADIUS DHCP Setup Keywords Diagnostics Consent User Privileges One-to Figure 20 below for your Firewall. Refer to -One NAT Management The descriptions of these operations using a Web browser. I Chapter 5 - "Using the Firewall...
...the menu structure General Network Filter Log Tools Policy Advanced VPN High Availability Unit Status Settings Settings View Log Restart Services Proxy Relay VPN Summary Configure Set Password DMZ Address Custom List Log Settings Configuration Add Service Intranet VPN Configure Set Time DHCP Server Filter Update Reports Upgrade Policy Rules Static Routes RADIUS DHCP Setup Keywords Diagnostics Consent User Privileges One-to Figure 20 below for your Firewall. Refer to -One NAT Management The descriptions of these operations using a Web browser. I Chapter 5 - "Using the Firewall...
User Guide
Page 54
... is automatically logged out of the Web interface. Setting the Time From the General screen, select Set Time. A window similar to the Internet. 3Com recommends that initially you set the time manually even if you have selected this box to allow the Firewall to set the time automatically you need a connection to that in the list, you should set time automatically Check this option. To set the time manually. 54 CHAPTER 4: BASIC SETTINGS OF THE FIREWALL Setting the Inactivity...
... is automatically logged out of the Web interface. Setting the Time From the General screen, select Set Time. A window similar to the Internet. 3Com recommends that initially you set the time manually even if you have selected this box to allow the Firewall to set the time automatically you need a connection to that in the list, you should set time automatically Check this option. To set the time manually. 54 CHAPTER 4: BASIC SETTINGS OF THE FIREWALL Setting the Inactivity...
User Guide
Page 61
... Firewall click Network, and then select the DHCP Server tab. The default value is disabled by LAN clients to the pool of the Firewall. Leave the DHCP server disabled if there already is a DHCP server on the LAN or if manual addressing is freed and returned to access the Internet. If the client no longer requires the IP address, the address is used again. To set up to enable or disable...
... Firewall click Network, and then select the DHCP Server tab. The default value is disabled by LAN clients to the pool of the Firewall. Leave the DHCP server disabled if there already is a DHCP server on the LAN or if manual addressing is freed and returned to access the Internet. If the client no longer requires the IP address, the address is used again. To set up to enable or disable...
User Guide
Page 72
... screen. Changing the Message to display when a site is blocked When a user attempts to access a site that are links to your company's acceptable use policy and to the network administrator's email address. The default message is updated each week, as the custom list does not expire. With careful screening, this box. In certain cases, it may be desirable to allow Java, ActiveX and cookies from sites that is blocked by 3Com SuperStack 3 Firewall. You can type any message...
... screen. Changing the Message to display when a site is blocked When a user attempts to access a site that are links to your company's acceptable use policy and to the network administrator's email address. The default message is updated each week, as the custom list does not expire. With careful screening, this box. In certain cases, it may be desirable to allow Java, ActiveX and cookies from sites that is blocked by 3Com SuperStack 3 Firewall. You can type any message...
User Guide
Page 88
... by IP Address from the Display Report popup menu. The sample period is also reset when data collection is stopped or started, and when the Firewall is listed in the reports. If using DHCP, remember that site during the current sample period. You may signal the need to view drop-down list displays a table showing the IP Address of the 25 top users of Internet bandwidth and the number of...
... by IP Address from the Display Report popup menu. The sample period is also reset when data collection is stopped or started, and when the Firewall is listed in the reports. If using DHCP, remember that site during the current sample period. You may signal the need to view drop-down list displays a table showing the IP Address of the 25 top users of Internet bandwidth and the number of...
User Guide
Page 108
... the Web Site Filters. Make sure that the Caps Lock key on the keyboard is displayed, asking you point your Web browser at the Firewall's LAN IP Address. This process is verified using MD5 authentication. NAT must re-authenticate. To configure a user's machine to establish an authenticated session support Java, JavaScript or ActiveX scripting. In that case, the remote user must not be enabled for no reason, make sure that the Web browser software being used to support privileged users see...
... the Web Site Filters. Make sure that the Caps Lock key on the keyboard is displayed, asking you point your Web browser at the Firewall's LAN IP Address. This process is verified using MD5 authentication. NAT must re-authenticate. To configure a user's machine to establish an authenticated session support Java, JavaScript or ActiveX scripting. In that case, the remote user must not be enabled for no reason, make sure that the Web browser software being used to support privileged users see...
User Guide
Page 136
... local network/group with the remote Firewall. Logging is unchecked (ignore any warning.) Authentication Algorithm field should contain both firewall objects (Check Point Firewall-1 and Firewall), the services should be IPSEC group and it should be grayed out. h Go to synchronize encryption algorithms. a From the Manage menu select the Keys option. f Make sure that are allowed to each other. The Encryption Key and SPI Key number must create a rule to allow the Check Point Firewall to work . 6 Now...
... local network/group with the remote Firewall. Logging is unchecked (ignore any warning.) Authentication Algorithm field should contain both firewall objects (Check Point Firewall-1 and Firewall), the services should be IPSEC group and it should be grayed out. h Go to synchronize encryption algorithms. a From the Manage menu select the Keys option. f Make sure that are allowed to each other. The Encryption Key and SPI Key number must create a rule to allow the Check Point Firewall to work . 6 Now...
User Guide
Page 145
... 92 for instructions on upgrading firmware. Next, click the Import button. 5 Click the Browse button and select the file that was previously saved using the Export button. If the backup Firewall displays an error message when you have successfully configured your two Firewalls as a High Availability pair. I The firmware version loaded on the backup Firewall does not match the firmware version on the left side of the browser window and then click the Status tab...
... 92 for instructions on upgrading firmware. Next, click the Import button. 5 Click the Browse button and select the file that was previously saved using the Export button. If the backup Firewall displays an error message when you have successfully configured your two Firewalls as a High Availability pair. I The firmware version loaded on the backup Firewall does not match the firmware version on the left side of the browser window and then click the Status tab...
User Guide
Page 207
....0 181 3Com Knowledgebase Web Services 201 3Com Network Supervisor 20 3Com URL 201 A acceptable use policy 76, 88 access remote 24 access to URLs, restricting 23 ActiveX blocking 81 defined 68 add route 119 adding a service 101 administrator authenticating 164 password 53, 164 advanced redundant power supply 31 alert LED 30 alerts 24, 79 ARPS 31 attacks, DoS 21 authenticated management session 108 authentication 106 updating users 107 automatic IP address sharing and configuration 24...
....0 181 3Com Knowledgebase Web Services 201 3Com Network Supervisor 20 3Com URL 201 A acceptable use policy 76, 88 access remote 24 access to URLs, restricting 23 ActiveX blocking 81 defined 68 add route 119 adding a service 101 administrator authenticating 164 password 53, 164 advanced redundant power supply 31 alert LED 30 alerts 24, 79 ARPS 31 attacks, DoS 21 authenticated management session 108 authentication 106 updating users 107 automatic IP address sharing and configuration 24...
User Guide
Page 208
... 92 export settings 92 before updating the software 93 F factory defaults, restoring 92, 162 features automatic IP address sharing and configuration 24 firewall security 21 Internet filtering 23 logs and alerts 24 user remote access 24 filter list updating 73 filter settings 67 filtering web 23 filters, specifying when they apply 70 Firewall attaching to WAN 33 main features 21 ports 19 positioning 28 purpose 19 quick setup 35 uses 19 firewall security 21 Firewall, moving 35 firmware e-mail notification 93 loading...
... 92 export settings 92 before updating the software 93 F factory defaults, restoring 92, 162 features automatic IP address sharing and configuration 24 firewall security 21 Internet filtering 23 logs and alerts 24 user remote access 24 filter list updating 73 filter settings 67 filtering web 23 filters, specifying when they apply 70 Firewall attaching to WAN 33 main features 21 ports 19 positioning 28 purpose 19 quick setup 35 uses 19 firewall security 21 Firewall, moving 35 firmware e-mail notification 93 loading...
User Guide
Page 210
... repair 204 routes adding 119 specifying static 117 rubber feet 29 rules, creating 103 S safety information 193 sample network diagram 32 saving configuration 90 screen logs, disabling 102 security functions extending 23 security policy 21 self test LED 31 self-diagnostic tests 33, 164 services adding 101 deleting 102 setting admin password 53 clock 54 password using Installation Wizard 37 setting up a Management Station 36 settings, reloading 91 setup, quick 35 siting the Internet Firewall 28 software, upgrading 92 specifications...
... repair 204 routes adding 119 specifying static 117 rubber feet 29 rules, creating 103 S safety information 193 sample network diagram 32 saving configuration 90 screen logs, disabling 102 security functions extending 23 security policy 21 self test LED 31 self-diagnostic tests 33, 164 services adding 101 deleting 102 setting admin password 53 clock 54 password using Installation Wizard 37 setting up a Management Station 36 settings, reloading 91 setup, quick 35 siting the Internet Firewall 28 software, upgrading 92 specifications...