User Guide
Page 19
... (LAN) to be important to the Internet access device, for unsafe or objectionable content. I Filter incoming data for example, Router or Cable Modem. I What is the SuperStack 3 Firewall? This chapter contains the following: I The Wide Area Network (WAN) port attaches to the ...I Firewall and 3Com Network Supervisor I Firewall Features I Log events which may be securely connected to the local network through the WAN port. You can use the Firewall to: I The Local Area Network (LAN) port attaches to the Internet. 1 INTRODUCTION What is the SuperStack 3 Firewall? ...
... (LAN) to be important to the Internet access device, for unsafe or objectionable content. I Filter incoming data for example, Router or Cable Modem. I What is the SuperStack 3 Firewall? This chapter contains the following: I The Wide Area Network (WAN) port attaches to the ...I Firewall and 3Com Network Supervisor I Firewall Features I Log events which may be securely connected to the local network through the WAN port. You can use the Firewall to: I The Local Area Network (LAN) port attaches to the Internet. 1 INTRODUCTION What is the SuperStack 3 Firewall? ...
User Guide
Page 32
... 6 Network Connection Diagram Showing Sample Network S N F S R C SLB W LAN Key: DMZ WAN F C SLB R SuperStack 3 Firewall Webcache Server Load Balancer Router S WN Client PC 10/100 Mbps Switch Web and Network Servers Never connect two ports on the Firewall to the Network I and 60W RPS Power Module - (3C16072) Figure 6 illustrates one possible network configuration. For example, never...
... 6 Network Connection Diagram Showing Sample Network S N F S R C SLB W LAN Key: DMZ WAN F C SLB R SuperStack 3 Firewall Webcache Server Load Balancer Router S WN Client PC 10/100 Mbps Switch Web and Network Servers Never connect two ports on the Firewall to the Network I and 60W RPS Power Module - (3C16072) Figure 6 illustrates one possible network configuration. For example, never...
User Guide
Page 42
...modem or other device and must be displayed as the WAN IP address of the Firewall. 3 Enter any DNS servers external to your network in the WAN/DMZ Subnet Mask field. 2 In the WAN Gateway (Router) Address field enter the address of your internet access device. See "Configuring LAN ...screen will enable Network Address Translation allowing you to use NAT - 42 CHAPTER 3: QUICK SETUP FOR THE FIREWALL To configure the WAN networking of your Firewall enter the following 1 In the Firewall WAN IP Address field enter the single address which has been allocated to your query. 4 Click the Next...
...modem or other device and must be displayed as the WAN IP address of the Firewall. 3 Enter any DNS servers external to your network in the WAN/DMZ Subnet Mask field. 2 In the WAN Gateway (Router) Address field enter the address of your internet access device. See "Configuring LAN ...screen will enable Network Address Translation allowing you to use NAT - 42 CHAPTER 3: QUICK SETUP FOR THE FIREWALL To configure the WAN networking of your Firewall enter the following 1 In the Firewall WAN IP Address field enter the single address which has been allocated to your query. 4 Click the Next...
User Guide
Page 43
...mask that defines the IP address range supplied by your ISP. 3 WAN Gateway (Router) Address - If you have access to the Internet screen contains the following fields: 1 Firewall WAN IP Address - Figure 14 Setting the Firewall WAN configuration The Getting to additional DNS Servers, enter them in this field. Enter... not respond or if it has no record of your route or internet access device. These will be used for communication across the Firewall and to IP addresses. Configuring WAN Settings 43 Click the Next button to proceed to the Getting to the final part of the ...
...mask that defines the IP address range supplied by your ISP. 3 WAN Gateway (Router) Address - If you have access to the Internet screen contains the following fields: 1 Firewall WAN IP Address - Figure 14 Setting the Firewall WAN configuration The Getting to additional DNS Servers, enter them in this field. Enter... not respond or if it has no record of your route or internet access device. These will be used for communication across the Firewall and to IP addresses. Configuring WAN Settings 43 Click the Next button to proceed to the Getting to the final part of the ...
User Guide
Page 52
... in the Advanced menu of the Web interface. These functions allow you to set up a second SuperStack 3 Firewall as a live backup should your Firewall. A window similar to provide some of the functionality of the Web interface. "Setting a Policy" describes...Web interface. These functions enable you to your Firewall fail. These functions enable you encrypt and authenticate external access to configure your Firewall for your network. "Configuring High Availability" describes the functions available in the Policy menu of a router within your Firewall: I Firewall...
... in the Advanced menu of the Web interface. These functions allow you to set up a second SuperStack 3 Firewall as a live backup should your Firewall. A window similar to provide some of the functionality of the Web interface. "Setting a Policy" describes...Web interface. These functions enable you to your Firewall fail. These functions enable you encrypt and authenticate external access to configure your Firewall for your network. "Configuring High Availability" describes the functions available in the Policy menu of a router within your Firewall: I Firewall...
User Guide
Page 53
... 162. If you are listed in red text. For example, if the Internet router was not contacted, or the default password was not changed, this would be recovered if it is lost , you must reset the Firewall. Items listed in Figure 22 displays. CAUTION: If the password is "password".... General operation status messages, such as enabled hacker attack protection, filter list status, and log settings are setting the password for the first time,...
... 162. If you are listed in red text. For example, if the Internet router was not contacted, or the default password was not changed, this would be recovered if it is lost , you must reset the Firewall. Items listed in Figure 22 displays. CAUTION: If the password is "password".... General operation status messages, such as enabled hacker attack protection, filter list status, and log settings are setting the password for the first time,...
User Guide
Page 58
... LAN Subnet Mask for your PPPoE account in this section. Password Enter the Password for the Firewall unless PPPoE is selected. If PPPoE is the address of your service provider. Gateway (Router) Address: This address will connect to the LAN IP Address for your PPPoE account in this...This value is automatically set the following: User Name Enter the User Name for the Firewall unless PPPoE is selected. Specifying the For the WAN/DMZ settings, specify: WAN/DMZ Settings WAN Gateway (router) Address The WAN gateway address, also called the default gateway, is selected, you also...
... LAN Subnet Mask for your PPPoE account in this section. Password Enter the Password for the Firewall unless PPPoE is selected. If PPPoE is the address of your service provider. Gateway (Router) Address: This address will connect to the LAN IP Address for your PPPoE account in this...This value is automatically set the following: User Name Enter the User Name for the Firewall unless PPPoE is selected. Specifying the For the WAN/DMZ settings, specify: WAN/DMZ Settings WAN Gateway (router) Address The WAN gateway address, also called the default gateway, is selected, you also...
User Guide
Page 61
... the IP address is used this check box to 255 static or dynamic IP addresses. 3Com recommends you use of that IP address for the same amount of the Firewall. The default value is being used on the Firewall click Network, and then select the DHCP Server tab. If NAT is 60 minutes... the use a dedicated DHCP server if more addresses are required. If the client still requires the use of the WAN router used again. Setting up the DHCP Server 61 The Firewall can allocate up the DHCP server on the LAN computers. If the client no longer requires the IP address, the address...
... the IP address is used this check box to 255 static or dynamic IP addresses. 3Com recommends you use of that IP address for the same amount of the Firewall. The default value is being used on the Firewall click Network, and then select the DHCP Server tab. If NAT is 60 minutes... the use a dedicated DHCP server if more addresses are required. If the client still requires the use of the WAN router used again. Setting up the DHCP Server 61 The Firewall can allocate up the DHCP server on the LAN computers. If the client no longer requires the IP address, the address...
User Guide
Page 65
...network or intranet settings. If this test is successful, try pinging the DNS server, or other machine at the Firewall, or is able to find the IP address of the target node or router. Use the Firewall's DNS Name Lookup tool to contact the remote host. This test shows if the... Internet. Ping requires an IP address. For example, if the Firewall thinks that a machine known to determine if the Firewall is a problem with the ISP's connection. 1 Select Ping from source to the sender. If the network path is behind a router, and the Ethernet address of a host. This is helpful to...
...network or intranet settings. If this test is successful, try pinging the DNS server, or other machine at the Firewall, or is able to find the IP address of the target node or router. Use the Firewall's DNS Name Lookup tool to contact the remote host. This test shows if the... Internet. Ping requires an IP address. For example, if the Firewall thinks that a machine known to determine if the Firewall is a problem with the ISP's connection. 1 Select Ping from source to the sender. If the network path is behind a router, and the Ethernet address of a host. This is helpful to...
User Guide
Page 113
Use the LAN port of the Webcache for this is able to use the 3Com Web Site Filter (3C16111). 2 Install the Firewall according to the Superstack 3 Firewall User Guide (this guide) taking into account any safety information. Network Address ...Web Cache Forwarding 113 Figure 50 Deploying the Firewall and Webcache together InfLrAasNtructure F S R C Key: F C S R SuperStack 3 Firewall Superstack 3 Webcache 10/100 Mbps Switch Router Client PC 1 Install the Webcache as the Firewall has more advanced filtering abilities and is the default value). d Do not configure Web Site...
Use the LAN port of the Webcache for this is able to use the 3Com Web Site Filter (3C16111). 2 Install the Firewall according to the Superstack 3 Firewall User Guide (this guide) taking into account any safety information. Network Address ...Web Cache Forwarding 113 Figure 50 Deploying the Firewall and Webcache together InfLrAasNtructure F S R C Key: F C S R SuperStack 3 Firewall Superstack 3 Webcache 10/100 Mbps Switch Router Client PC 1 Install the Webcache as the Firewall has more advanced filtering abilities and is the default value). d Do not configure Web Site...
User Guide
Page 115
... to the WAN port do not have firewall or Web Site Filter protection. Key: F1 External Firewall F2 F2 Internal Firewall Unsecured Network or Internet R Router Installing the Firewall The following describes how to install and configure the Firewall to to Protect the provide intranet firewalling. Specifying Intranet Settings 115 Figure 51 Connecting the Firewall to protect an internal part of...
... to the WAN port do not have firewall or Web Site Filter protection. Key: F1 External Firewall F2 F2 Internal Firewall Unsecured Network or Internet R Router Installing the Firewall The following describes how to install and configure the Firewall to to Protect the provide intranet firewalling. Specifying Intranet Settings 115 Figure 51 Connecting the Firewall to protect an internal part of...
User Guide
Page 117
...information. Select this when it is easier to the LAN link - If a machine's IP address is not specified, all communications through the Firewall for size or practical considerations. I Specified address ranges are blocked. PCs on the core network communicate with PCs on each network is protecting ...which only contains an organization's graphic design shop, isolating it in the To Address box. Traffic on the core network via the Firewall F then the router R2. PCs on the design shop network communicate with PCs on the rest of addresses, such as the 51 IP addresses from...
...information. Select this when it is easier to the LAN link - If a machine's IP address is not specified, all communications through the Firewall for size or practical considerations. I Specified address ranges are blocked. PCs on the core network communicate with PCs on each network is protecting ...which only contains an organization's graphic design shop, isolating it in the To Address box. Traffic on the core network via the Firewall F then the router R2. PCs on the design shop network communicate with PCs on the rest of addresses, such as the 51 IP addresses from...
User Guide
Page 118
Figure 54 Static Routes Window A window similar to that in Figure 54 displays. 118 CHAPTER 8: ADVANCED SETTINGS Figure 53 Isolating a network using a second router S F S R1 Core Network Design Network R2 To configure static routes click Advanced and then select the Static Routes tab.
Figure 54 Static Routes Window A window similar to that in Figure 54 displays. 118 CHAPTER 8: ADVANCED SETTINGS Figure 53 Isolating a network using a second router S F S R1 Core Network Design Network R2 To configure static routes click Advanced and then select the Static Routes tab.
User Guide
Page 119
... settings. Once you have been designated as it appears on the LAN. From the Link drop-down list, select the port on the Firewall, LAN or WAN, that the router is enabled. One-to-One NAT creates a relationship which the ISP has assigned the IP address range from 209.19.28.16... of the LAN routers in the Gateway box. Click Update to send the configuration data to be used as shown in the Dest. To create this information. Setting up One-to-One NAT 119 Setting up One-to-One NAT LAN The IP Address and Subnet on the Firewall's LAN port are...
... settings. Once you have been designated as it appears on the LAN. From the Link drop-down list, select the port on the Firewall, LAN or WAN, that the router is enabled. One-to-One NAT creates a relationship which the ISP has assigned the IP address range from 209.19.28.16... of the LAN routers in the Gateway box. Click Update to send the configuration data to be used as shown in the Dest. To create this information. Setting up One-to-One NAT 119 Setting up One-to-One NAT LAN The IP Address and Subnet on the Firewall's LAN port are...
User Guide
Page 161
... Rsh 514 Risk This protocol can be used to boot diskless workstations, terminal servers and routers, and can be used to read to write files. If this service is shipped in... negotiations. This protocol can be used to redirect packet routing. Protocols/Services to Filter Although the Firewall is not properly configured, it can also be used for unauthorized access. This ...can alter the Policy Rules and potentially cause the Firewall to be vulnerable to attacks. These protocols can leak information from entering or leaving the site. If an IKE VPN Security Association has been...
... Rsh 514 Risk This protocol can be used to boot diskless workstations, terminal servers and routers, and can be used to read to write files. If this service is shipped in... negotiations. This protocol can be used to redirect packet routing. Protocols/Services to Filter Although the Firewall is not properly configured, it can also be used for unauthorized access. This ...can alter the Policy Rules and potentially cause the Firewall to be vulnerable to attacks. These protocols can leak information from entering or leaving the site. If an IKE VPN Security Association has been...
User Guide
Page 169
... on the LAN. I If there are any host devices other DHCP servers are duplicate IP address errors after you have installed the Firewall: I Try restarting the router or LAN machines. I If you are not accessible to the WAN port on the LAN. See Appendix H, "Resetting the... users cannot access the Internet, try to your cable service provider before moving to the Web interface. Potential Problems and Solutions 169 I Remember that Save Changes you click Update before connecting the Internet Firewall to access the Internet. make sure the Caps Lock key is on, make sure the...
... on the LAN. I If there are any host devices other DHCP servers are duplicate IP address errors after you have installed the Firewall: I Try restarting the router or LAN machines. I If you are not accessible to the WAN port on the LAN. See Appendix H, "Resetting the... users cannot access the Internet, try to your cable service provider before moving to the Web interface. Potential Problems and Solutions 169 I Remember that Save Changes you click Update before connecting the Internet Firewall to access the Internet. make sure the Caps Lock key is on, make sure the...
User Guide
Page 180
... notation), for IP addresses worldwide is necessary to always use IP addresses between 128.0.0.0 and 191.0.0.0. IP Address Just as a computer, printer, file server, or router) must be transferred through interchange numbers to an individual's extension number, the different classes of IP addresses provide for varying levels of these components in...
... notation), for IP addresses worldwide is necessary to always use IP addresses between 128.0.0.0 and 191.0.0.0. IP Address Just as a computer, printer, file server, or router) must be transferred through interchange numbers to an individual's extension number, the different classes of IP addresses provide for varying levels of these components in...