User Guide
Page 6
... File 91 Exporting the Settings File 92 Restoring Factory Default Settings 92 Using the Installation Wizard to reconfigure the Firewall 92 Upgrading the Firewall Firmware 92 7 SETTING A POLICY Changing Policy Services 97 Amending Network Policy Rules 98 Changing NetBIOS Broadcast Settings 99 ...8 ADVANCED SETTINGS Automatic Proxy/Web Cache Forwarding 111 Deploying the SuperStack 3 Webcache as a Proxy of the Firewall 112 Specifying Intranet Settings 114 Installing the Firewall to Protect the Intranet 115 Configuring the Firewall to Protect the Intranet 115 Setting Static Routes 117 Setting up...
... File 91 Exporting the Settings File 92 Restoring Factory Default Settings 92 Using the Installation Wizard to reconfigure the Firewall 92 Upgrading the Firewall Firmware 92 7 SETTING A POLICY Changing Policy Services 97 Amending Network Policy Rules 98 Changing NetBIOS Broadcast Settings 99 ...8 ADVANCED SETTINGS Automatic Proxy/Web Cache Forwarding 111 Deploying the SuperStack 3 Webcache as a Proxy of the Firewall 112 Specifying Intranet Settings 114 Installing the Firewall to Protect the Intranet 115 Configuring the Firewall to Protect the Intranet 115 Setting Static Routes 117 Setting up...
User Guide
Page 8
Examples of Network Access Policies 159 Resetting the Firewall 162 Resetting the Firewall 163 Reloading the Firmware 163 Direct Cable Connection 164 Direct Connection Instructions 165 12 TROUBLESHOOTING GUIDE Introduction 167 Potential Problems and Solutions 167 Power LED Not Lit 167 Power ... File 171 Import the VPN Client Security Policy File 171 Uninstall the VPN Client 171 Frequently Asked Questions about PPPoE 172 IV FIREWALL AND NETWORKING CONCEPTS 13 TYPES OF ATTACK AND FIREWALL DEFENCES Denial of Service Attacks 175 Ping of Death 175 Smurf Attack 175 SYN Flood Attack 176 Land Attack 176
Examples of Network Access Policies 159 Resetting the Firewall 162 Resetting the Firewall 163 Reloading the Firmware 163 Direct Cable Connection 164 Direct Connection Instructions 165 12 TROUBLESHOOTING GUIDE Introduction 167 Potential Problems and Solutions 167 Power LED Not Lit 167 Power ... File 171 Import the VPN Client Security Policy File 171 Uninstall the VPN Client 171 Frequently Asked Questions about PPPoE 172 IV FIREWALL AND NETWORKING CONCEPTS 13 TYPES OF ATTACK AND FIREWALL DEFENCES Denial of Service Attacks 175 Ping of Death 175 Smurf Attack 175 SYN Flood Attack 176 Land Attack 176
User Guide
Page 11
... Internet. I Knowledge of the following products: I SuperStack 3 Firewall 3CR16110-95 I SuperStack 3 Firewall 3CR16110-97 upgraded to v6.x firmware I Basic familiarity with your product and the information there differs from the Internet. Sites can also be blocked on the 3Com World Wide Web site: http://www.3com.com/ This guide is intended for use the SuperStack 3 Web Site Filter. Most user guides...
... Internet. I Knowledge of the following products: I SuperStack 3 Firewall 3CR16110-95 I SuperStack 3 Firewall 3CR16110-97 upgraded to v6.x firmware I Basic familiarity with your product and the information there differs from the Internet. Sites can also be blocked on the 3Com World Wide Web site: http://www.3com.com/ This guide is intended for use the SuperStack 3 Web Site Filter. Most user guides...
User Guide
Page 30
... of each have a Packet LED that indicates the following : I A hacker attack or access to the Network" on this port to connect the Firewall to any Internet access device that has a 10BASE-T or 100BASE-TX port. 2 DMZ Port - Connect this port in full-duplex mode. I... Off indicates that no traffic is currently loaded. I No operational firmware is being transmitted/received on page 32 for more information about setting these switches determines the operation of the following components: 1 LAN Port - Use ...
... of each have a Packet LED that indicates the following : I A hacker attack or access to the Network" on this port to connect the Firewall to any Internet access device that has a 10BASE-T or 100BASE-TX port. 2 DMZ Port - Connect this port in full-duplex mode. I... Off indicates that no traffic is currently loaded. I No operational firmware is being transmitted/received on page 32 for more information about setting these switches determines the operation of the following components: 1 LAN Port - Use ...
User Guide
Page 31
... the Firewall will erase the operational firmware and return the device to warn you. This LED flashes for your SuperStack devices in the Unit Status screen on . If you power on page 187. Once the fault on page 167. 8 Power/Self Test LED - CAUTION: Holding the Reset Switch when you have installed a 3Com RPS...
... the Firewall will erase the operational firmware and return the device to warn you. This LED flashes for your SuperStack devices in the Unit Status screen on . If you power on page 187. Once the fault on page 167. 8 Power/Self Test LED - CAUTION: Holding the Reset Switch when you have installed a 3Com RPS...
User Guide
Page 53
...Set Password. Change the administrator password to save the new password. Items listed in red text. If you must reset the Firewall. General operation status messages, such as enabled hacker attack protection, filter list status, and log settings are setting the password for ...are listed in Figure 22 displays. The password cannot be listed. Setting the Administrator Password Setting the Administrator Password 53 I ROM Version I Firmware Version I Device Up-time in days, hours, minutes, and seconds Problems appear in red require immediate, corrective action. CAUTION: If ...
...Set Password. Change the administrator password to save the new password. Items listed in red text. If you must reset the Firewall. General operation status messages, such as enabled hacker attack protection, filter list status, and log settings are setting the password for ...are listed in Figure 22 displays. The password cannot be listed. Setting the Administrator Password Setting the Administrator Password 53 I ROM Version I Firmware Version I Device Up-time in days, hours, minutes, and seconds Problems appear in red require immediate, corrective action. CAUTION: If ...
User Guide
Page 79
...log, or to a different address, such as a paging service. If you want to be security concerns. 6 USING THE FIREWALL DIAGNOSTIC TOOLS Logs and Alerts This chapter describes the commands and options available in this information is broken up a tab-delimited text... chapter: I Logs and Alerts I Viewing the Log I Changing Log and Alert Settings I Generating Reports I Restarting the Firewall I Managing the Firewall Configuration File I Upgrading the Firewall Firmware The Firewall maintains an event log, which contains events that may be alerted of high-priority information, such as tabs.
...log, or to a different address, such as a paging service. If you want to be security concerns. 6 USING THE FIREWALL DIAGNOSTIC TOOLS Logs and Alerts This chapter describes the commands and options available in this information is broken up a tab-delimited text... chapter: I Logs and Alerts I Viewing the Log I Changing Log and Alert Settings I Generating Reports I Restarting the Firewall I Managing the Firewall Configuration File I Upgrading the Firewall Firmware The Firewall maintains an event log, which contains events that may be alerted of high-priority information, such as tabs.
User Guide
Page 83
... A unique name for new entries. Send Log To This is immediately sent to an e-mail account or e-mail pager. See "Upgrading the Firewall Firmware" on a network. Send Alerts To Alerts are events, such as an attack, which alert messages are sent in this box blank, alert ... Service Provider that the log file always has space for the Firewall. Syslog Server In addition to the standard screen log, the Firewall can configure the Firewall to check on a weekly basis if new software is available for example, username@3Com.com, to which may be a fully qualified address, for example...
... A unique name for new entries. Send Log To This is immediately sent to an e-mail account or e-mail pager. See "Upgrading the Firewall Firmware" on a network. Send Alerts To Alerts are events, such as an attack, which alert messages are sent in this box blank, alert ... Service Provider that the log file always has space for the Firewall. Syslog Server In addition to the standard screen log, the Firewall can configure the Firewall to check on a weekly basis if new software is available for example, username@3Com.com, to which may be a fully qualified address, for example...
User Guide
Page 84
...randomized. Clear Log Now Deletes the contents of the browser window. To ease traffic on the tab labelled Log Settings just underneath the 3Com banner. If the weekly or daily option is selected and the log fills up menu is to take effect. Syslog is automatically e-...the WebTrends server in the Syslog Server box. 84 CHAPTER 6: USING THE FIREWALL DIAGNOSTIC TOOLS every connection's source and destination IP addresses, IP service, and number of the firewall. The Firewall supports WebTrends Firewall Suite for new firmware. E-mail Log Now Immediately sends the log to the Send Log To ...
...randomized. Clear Log Now Deletes the contents of the browser window. To ease traffic on the tab labelled Log Settings just underneath the 3Com banner. If the weekly or daily option is selected and the log fills up menu is to take effect. Syslog is automatically e-...the WebTrends server in the Syslog Server box. 84 CHAPTER 6: USING THE FIREWALL DIAGNOSTIC TOOLS every connection's source and destination IP addresses, IP service, and number of the firewall. The Firewall supports WebTrends Firewall Suite for new firmware. E-mail Log Now Immediately sends the log to the Send Log To ...
User Guide
Page 92
...Figure 40 Export Window 2 Choose the location to a minute. The process may take up to save the Firewall configuration settings to that in this process. Upgrading the Firewall Firmware The Upgrade tool allows you to its factory state. Clicking Restore will not change the...WAN Gateway Address and Password. The Firewall has flash memory and can save the settings file. See Chapter 3, the Firewall "Quick Setup for a new location or role. This defaults to upgrade the operational firmware of the Firewall. 92 CHAPTER 6: USING THE FIREWALL DIAGNOSTIC TOOLS Exporting the You can...
...Figure 40 Export Window 2 Choose the location to a minute. The process may take up to save the Firewall configuration settings to that in this process. Upgrading the Firewall Firmware The Upgrade tool allows you to its factory state. Clicking Restore will not change the...WAN Gateway Address and Password. The Firewall has flash memory and can save the settings file. See Chapter 3, the Firewall "Quick Setup for a new location or role. This defaults to upgrade the operational firmware of the Firewall. 92 CHAPTER 6: USING THE FIREWALL DIAGNOSTIC TOOLS Exporting the You can...
User Guide
Page 93
... see if new firmware is available check box. 2 Click Update. A window similar to that in Figure 41 displays. A window similar to that you can configure the Firewall to send an e-mail notification to the address in the Send log to http://www.3com.com/ssfirewall and follow...Tools and then select the Upgrade tab. To be reset to factory default. 3Com recommends that in Figure 42 displays. If there is a new firmware release, you export the Firewall's configuration settings before uploading new firmware and then import them again after the upgrade has been completed. To download...
... see if new firmware is available check box. 2 Click Update. A window similar to that in Figure 41 displays. A window similar to that you can configure the Firewall to send an e-mail notification to the address in the Send log to http://www.3com.com/ssfirewall and follow...Tools and then select the Upgrade tab. To be reset to factory default. 3Com recommends that in Figure 42 displays. If there is a new firmware release, you export the Firewall's configuration settings before uploading new firmware and then import them again after the upgrade has been completed. To download...
User Guide
Page 94
... Window 3 Click Browse... and select the firmware file you have downloaded from the 3Com FTP site to a local hard drive or server on the LAN. 4 Click Upload to begin the upload. 94 CHAPTER 6: USING THE FIREWALL DIAGNOSTIC TOOLS Figure 42 Save Settings Window 2 Click Yes if you have saved the... settings. When uploading the firmware to an Firewall, it is A...
... Window 3 Click Browse... and select the firmware file you have downloaded from the 3Com FTP site to a local hard drive or server on the LAN. 4 Click Upload to begin the upload. 94 CHAPTER 6: USING THE FIREWALL DIAGNOSTIC TOOLS Figure 42 Save Settings Window 2 Click Yes if you have saved the... settings. When uploading the firmware to an Firewall, it is A...
User Guide
Page 95
Upgrading the Firewall Firmware 95 interrupted this way, it may result in . If your Firewall does not respond, see Chapter 12, "Troubleshooting Guide". 5 Restart the Firewall for the changes to log in the Firewall not responding to attempts to take effect.
Upgrading the Firewall Firmware 95 interrupted this way, it may result in . If your Firewall does not respond, see Chapter 12, "Troubleshooting Guide". 5 Restart the Firewall for the changes to log in the Firewall not responding to attempts to take effect.
User Guide
Page 141
...Superstack 3 Firewalls available. Although only one static IP address available from the first in this chapter: I Getting Started I Configuring High Availability I Making Configuration Changes I Checking High Availability Status I You have at least one Firewall... same version of firmware. If you to connect two Firewalls together as a pair. The Firewalls must be running the same version of firmware which must be ... broken up into sections shown in the High Availability menu. The 3Com Firewalls 3CR16110-95 and 3CR16110-97 use identical hardware and can be version 6.0 or above. To...
...Superstack 3 Firewalls available. Although only one static IP address available from the first in this chapter: I Getting Started I Configuring High Availability I Making Configuration Changes I Checking High Availability Status I You have at least one Firewall... same version of firmware. If you to connect two Firewalls together as a pair. The Firewalls must be running the same version of firmware which must be ... broken up into sections shown in the High Availability menu. The 3Com Firewalls 3CR16110-95 and 3CR16110-97 use identical hardware and can be version 6.0 or above. To...
User Guide
Page 145
...left side of the browser window, and then click the Configuration tab at the top of the window. See "Upgrading the Firewall Firmware" on page 92 for instructions on upgrading firmware. Next, click the Import button. 5 Click the Browse button and select the file that was previously saved using the ...left side of the browser window and then click the Status tab at the top of a failure in firmware versions, it will take effect. Both the firmware version and the Firewall serial number are displayed at the top of the window. All configuration changes for the High Availability pair must...
...left side of the browser window, and then click the Configuration tab at the top of the window. See "Upgrading the Firewall Firmware" on page 92 for instructions on upgrading firmware. Next, click the Import button. 5 Click the Browse button and select the file that was previously saved using the ...left side of the browser window and then click the Status tab at the top of a failure in firmware versions, it will take effect. Both the firmware version and the Firewall serial number are displayed at the top of the window. All configuration changes for the High Availability pair must...
User Guide
Page 162
...You cannot retrieve a lost password), then you must completely reset your firewall settings on a regular basis, and that you also have a copy of the latest firmware available locally. If you want to reset your Firewall, but restricting these services completely may seem to pose little threat,...but also erases the current copy of the firmware from yet-to-be too drastic a policy for example, due to a lost administrator password from your Firewall to factory default settings, and can access the Web interface of the Firewall successfully, 3Com recommends that you up and running again....
...You cannot retrieve a lost password), then you must completely reset your firewall settings on a regular basis, and that you also have a copy of the latest firmware available locally. If you want to reset your Firewall, but restricting these services completely may seem to pose little threat,...but also erases the current copy of the firmware from yet-to-be too drastic a policy for example, due to a lost administrator password from your Firewall to factory default settings, and can access the Web interface of the Firewall successfully, 3Com recommends that you up and running again....
User Guide
Page 163
... LED starts flashing. The basic Web interface loads, similar to an IP address in Figure 63. Figure 63 Firmware Upload Window Resetting the Firewall 163 Resetting the Firewall To reset the Firewall: 1 Disconnect the power from the Firewall. 2 Using a blunt pointed object, fully press in the reset button on the management station, and press Enter...
... LED starts flashing. The basic Web interface loads, similar to an IP address in Figure 63. Figure 63 Firmware Upload Window Resetting the Firewall 163 Resetting the Firewall To reset the Firewall: 1 Disconnect the power from the Firewall. 2 Using a blunt pointed object, fully press in the reset button on the management station, and press Enter...
User Guide
Page 164
...secret Administrator Password. Make sure that you want to upload to the unit. The security of the Firewall is displayed. It is used to upload the firmware. Figure 64 Firmware Upload Complete Direct Cable Connection The self-test cycle should now complete successfully. Once you have located ...and path name of the user interface. See Chapter 3 for a quick start guide, Chapter 8 for a complete command reference of the firmware image that you change this password to conceal the new one minute. For example, when the administrator's password is changed, the old password...
...secret Administrator Password. Make sure that you want to upload to the unit. The security of the Firewall is displayed. It is used to upload the firmware. Figure 64 Firmware Upload Complete Direct Cable Connection The self-test cycle should now complete successfully. Once you have located ...and path name of the user interface. See Chapter 3 for a quick start guide, Chapter 8 for a complete command reference of the firmware image that you change this password to conceal the new one minute. For example, when the administrator's password is changed, the old password...
User Guide
Page 172
...for multiple computers in the set up and monthly fees of the existing Dial-up connection. The Firewall is able to manage PPPoE connections eliminating the need to install PPPoE software on your service provider. The ...biggest problem using PPPoE without a Firewall is established allowing the user to the Internet by PPPoE. What are ISPs using PPPoE? The ISP ...one PPPoE account for a username and password. Can I Home networking - Using the PPPoE firmware, it easier for each client machine.
...for multiple computers in the set up and monthly fees of the existing Dial-up connection. The Firewall is able to manage PPPoE connections eliminating the need to install PPPoE software on your service provider. The ...biggest problem using PPPoE without a Firewall is established allowing the user to the Internet by PPPoE. What are ISPs using PPPoE? The ISP ...one PPPoE account for a username and password. Can I Home networking - Using the PPPoE firmware, it easier for each client machine.
User Guide
Page 177
...crashing an individual PC to theft of information and infiltration of time is a common precursor to an attack Firewall Response: None - I Known Trojan Horse attacks are disabled. Firewall Response: The Firewall will log all port scans to see which are active and which are identified and blocked. Attacks vary...the traffic came from showing messages on a piece of ports to aid diagnosis. Using an anti-virus tool and updating the firmware of your Firewall as soon as part of normal traffic the scanning of many ports in use will significantly increase your network prior to keep their...
...crashing an individual PC to theft of information and infiltration of time is a common precursor to an attack Firewall Response: None - I Known Trojan Horse attacks are disabled. Firewall Response: The Firewall will log all port scans to see which are active and which are identified and blocked. Attacks vary...the traffic came from showing messages on a piece of ports to aid diagnosis. Using an anti-virus tool and updating the firmware of your Firewall as soon as part of normal traffic the scanning of many ports in use will significantly increase your network prior to keep their...