3com OfficeConnect 3C16771 User manual

Category
Networking
Type
User manual
http://www.3com.com/
OfficeConnect
®
Internet Firewall
User Guide
OfficeConnect Internet Firewall 25 3C16770
OfficeConnect Internet Firewall DMZ 3C16771
OfficeConnect Web Site Filter 3C16772
Part No. DUA1677-0AAA03
Published June 2000
3Com Corporation
5400 Bayfront Plaza
Santa Clara, California
95052-8145
Copyright © 2000, 3Com Technologies. All rights reserved. No part of this documentation may be
reproduced in any form or by any means or used to make any derivative work (such as translation,
transformation, or adaptation) without written permission from 3Com Technologies.
3Com Technologies reserves the right to revise this documentation and to make changes in content
from time to time without obligation on the part of 3Com Technologies to provide notification of such
revision or change.
3Com Technologies provides this documentation without warranty, term, or condition of any kind,
either implied or expressed, including, but not limited to, the implied warranties, terms or conditions of
merchantability, satisfactory quality, and fitness for a particular purpose. 3Com may make
improvements or changes in the product(s) and/or the program(s) described in this documentation at
any time.
If there is any software on removable media described in this documentation, it is furnished under a
license agreement included with the product as a separate document, in the hard copy documentation, or
on the removable media in a directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to
locate a copy, please contact 3Com and a copy will be provided to you.
UNITED STATES GOVERNMENT LEGEND
If you are a United States government agency, then this documentation and the software described
herein are provided to you subject to the following:
All technical data and computer software are commercial in nature and developed solely at private
expense. Software is delivered as “Commercial Computer Software” as defined in DFARS
252.227-7014 (June 1995) or as a “commercial item” as defined in FAR 2.101(a) and as such is
provided with only such rights as are provided in 3Com’s standard commercial license for the Software.
Technical data is provided with limited rights only as provided in DFAR 252.227-7015 (Nov 1995) or FAR
52.227-14 (June 1987), whichever is applicable. You agree not to remove or deface any portion of any
legend provided on any licensed program or documentation contained in, or delivered to you in
conjunction with, this User Guide.
Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or
may not be registered in other countries.
3Com, the 3Com logo, and OfficeConnect are registered trademarks of 3Com Corporation.
Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Netscape
Navigator is a registered trademark of Netscape Communications. Novell and NetWare are registered
trademarks of Novell, Inc. UNIX is a registered trademark in the United States and other countries,
licensed exclusively through X/Open Company, Ltd. CyberNOT is a registered trademark of Learning
Company Properties Inc.
All other company and product names may be trademarks of the respective companies with which they
are associated.
C
ONTENTS
A
BOUT
T
HIS
G
UIDE
How to Use This Guide 10
Conventions 11
Termi nology 12
Year 2000 Compliance 14
Feedback about this User Guide 14
1
I
NTRODUCTION
What is the Internet Firewall? 17
Internet Firewall Security Functions 18
Internet Firewall Features 19
Firewall Security 19
Internet Filtering 21
Logs and Alerts 21
User Remote Access (from the Internet) 22
Automatic IP Address Sharing and Configuration 22
2
I
NSTALLING
THE
H
ARDWARE
Important Safety Information 23
Wichtige Sicherheitshinweise 24
Consignes Importantes de Sécurité 25
Before You Start 26
Stacking the Units Together 27
Securing the Internet Firewall with the Rubber Feet 27
Stacking the Internet Firewall with the Clip 27
Positioning the Internet Firewall 28
Securing the Internet Firewall 28
Internet Firewall Front Panel 29
Internet Firewall Rear Panel 30
Attaching the Internet Firewall to the Network 31
3
Q
UICK
S
ETUP
FOR
THE
I
NTERNET
F
IREWALL
Checklist for Setting up the Internet Firewall 35
Cable Modem Users 35
Initial Configuration 35
Required Information for the Internet Firewall Wizard 36
Setting up the Internet Firewall 38
4
C
OMMAND
R
EFERENCE
Status Messages 46
Setting the Clock 47
Setting the Administrator Password 49
Network Settings 50
Network Addressing Mode 50
Specifying DMZ Addresses (Internet Firewall DMZ only) 58
Setting up the DHCP Server 60
Viewing the DHCP Server Status 63
Diagnostic Tools 63
DNS Name Lookup 64
Find Network Path 65
Ping 66
Packet Trace 67
Technical Support Report 68
Filter Settings 69
Restricting the Web Features Available 70
Blocking Options 71
The OfficeConnect Web Site Filter 71
Specifying When Filtering Applies 72
Update Filter 73
Keywords 75
Custom List 76
Setting up Trusted and Forbidden Domains 77
Setting Other Custom List Options 77
Consent 79
Logs and Alerts 82
Viewing the Log 82
Log/Alert Settings 85
Reports 90
Restarting the Internet Firewall 92
Saving and Restoring Configuration Settings 93
Specifying the Export File 94
Reloading the Settings 94
Restore Factory Defaults 95
Upgrading the Software 96
Policy 99
Services 99
Adding a Service 101
Policy Rules 103
Network Access Rule Logic List 104
Understanding the Network Access Rule Hierarchy 106
Examples of Network Access Rules 107
User Privileges 108
User Settings 108
Establishing an Authenticated Session 110
Automatic Proxy Forwarding 111
Example of Installing a Proxy Server 112
Specifying Intranet Settings 113
Installing the Internet Firewall to Protect the Intranet 114
Configuring the Internet Firewall to Protect the
Intranet 115
Intranet Window Boxes and Controls 116
Static Routes 117
Static Routes Window Boxes and Controls 117
Setting up One-to-One NAT 118
5
T
HE
O
FFICE
C
ONNECT
W
EB
S
ITE
F
ILTER
A
CTIVATION
What is the Web Site Filter? 121
Activating the Web Site Filter 124
6
T
ROUBLESHOOTING
G
UIDE
Introduction 127
Potential Problems 127
Power LED Not Lit 127
Power LED Flashes Continuously 128
Power and Alert LED Lit Continuously 128
Link LED is Off 128
Ethernet Connection is Not Functioning 128
Cannot Access the Management Interface 128
LAN Users Cannot Access the Internet 129
Internet Firewall Does Not Save Changes 130
Duplicate IP Address Errors Are Occurring 130
Machines on the WAN Are Not Reachable 130
A
C
ABLE
S
PECIFICATIONS
AND
P
INOUT
D
IAGRAM
Cable Specifications 131
Pinout Diagrams 131
B
T
ECHNICAL
S
PECIFICATIONS
AND
S
TANDARDS
C
O
PTIONAL
D
IRECT
C
ONNECTION
Introduction 135
Direct Connection Instructions 135
D
IP P
ORT
N
UMBERS
Introduction 137
Well Known Port Numbers 137
Registered Port Numbers 137
E
E
XAMPLE
C
ONFIGURATIONS
Introduction 139
Protecting an Existing Network with the Internet
Firewall 25 140
Increasing the number of IP addresses available using NAT 146
Setting up the Internet Firewall 25 with an OfficeConnect 56K
LAN Modem 152
F
I
NTRODUCTION
TO
IP A
DDRESSING
Network Protocols 159
IP and TCP 159
IP Addressing 159
IP Address 160
Subnet Mask 161
Default Gateway 162
G
R
ESETTING
THE
I
NTERNET
F
IREWALL
Introduction 163
Resetting the Internet Firewall 163
Reloading the Firmware 164
H
T
ECHNICAL
S
UPPORT
Online Technical Services 167
World Wide Web Site 167
3Com Knowledgebase Web Services 168
3Com FTP Site 168
3Com Facts Automated Fax Service 168
Support from Your Network Supplier 168
Support from 3Com 169
Returning Products for Repair 170
I
NDEX
3C
OM
C
ORPORATION
L
IMITED
W
ARRANTY
E
LECTROMAGNETIC
C
OMPATIBILITY
A
BOUT
T
HIS
G
UIDE
This guide describes the following products:
The two variants of the OfficeConnect
®
Internet
Firewall:
OfficeConnect Internet Firewall 25 3C16770
OfficeConnect Internet Firewall DMZ 3C16771
OfficeConnect Web Site Filter 3C16772 software for
use with either variant of the Internet Firewall, available
as an optional extra.
Introduction
The OfficeConnect Internet Firewall acts as a secure barrier
to protect a private LAN from hacker attacks from the
Internet. It can also be used to control the access that LAN
users have to the Internet.
The OfficeConnect Internet Firewall 25 supports up to 25
users on the LAN.
The OfficeConnect Internet Firewall DMZ supports up to
100 users on the LAN. In addition, the OfficeConnect
Internet Firewall DMZ has a
Demilitarized Zone
(DMZ) port.
Servers and workstations attached to this port are publicly
accessible from the Internet, but remain secure from
Denial-of-Service
(
DoS
) hacker attacks from the Internet. If
an Internet Firewall feature described in this guide applies
only to the DMZ version, a note tells you this.
The OfficeConnect Web Site Filter is an optional extra that
can be used with either variant of the Internet Firewall. You
can use it to prevent LAN users accessing Web sites that fit
into categories that are considered inappropriate for
business use. The Web Site Filter updates the Internet
Firewall automatically with the latest URLs matching
selected categories. It is available as a 12-month
10
A
BOUT
T
HIS
G
UIDE
subscription. The Internet Firewall has a one-month free
subscription for the Web Site Filter.
This guide is intended for use by the person responsible for
installing or managing the network. It assumes knowledge
of the following:
Basic familiarity with Ethernet networks and the
Internet Protocol.
Knowledge of how to install and handle electronically
sensitive equipment.
If release notes are shipped with your product and the
information there differs from the information in this
guide, follow the instructions in the release notes.
Most user guides and release notes are available in Adobe
Acrobat Reader Portable Document Format (PDF) or HTML
on the 3Com World Wide Web site:
http://www.3com.com/
How to Use This Guide
Table 1 shows where to look for specific information in this
guide.
Tabl e 1
Where to find specific information
If you are looking for... Turn to...
A description of the Internet Firewalls features and example
applications.
Chapter 1
A description of the Internet Firewalls front and back panel displays
and connectors, and installation information.
Chapter 2
A quick setup guide for the Internet Firewall. Chapter 3
How to configure the Internet Firewall. Chapter 4
Information about installing and setting up the Web Site Filter. Chapter 5
Solutions to commonly encountered problems. Chapter 6
Information about cables and pinout diagrams for all connectors on
the Internet Firewall.
Appendix A
A list of the Internet Firewall technical specifications. Appendix B
Information about how to connect the Internet Firewall directly to a
PC with a Web browser for initial configuration.
Appendix C
(continued)
Conventions
11
Conventions
Tabl e 2 and Tabl e 3 list conventions that are used
throughout this guide.
Information about IP port numbering. Appendix D
Step by step examples of how you can configure your Internet
Firewall.
Appendix E
A non-technical overview of IP addressing. Appendix F
Information on resetting the Internet Firewall. Appendix G
Information about obtaining Technical Support. Appendix H
Table 1
Where to find specific information (continued)
If you are looking for... Turn to...
Table 2
Notice Icons
Icon Notice Type Description
Information note Information that describes important features or
instructions.
Caution Information that alerts you to potential loss of data
or potential damage to an application, system, or
device.
Warning Information that alerts you to potential personal
injury.
12
A
BOUT
T
HIS
G
UIDE
Terminology
This section lists terminology used in this guide.
DHCP
Dynamic Host Configuration Protocol. This is a
protocol that lets network administrators manage centrally
and automate the assignment of Internet Protocol
addresses in an organization's network from a server on
the network.
DMZ
Demilitarized Zone port. The OfficeConnect
Internet Firewall DMZ has an extra port. If you connect
publicly-accessible servers and workstations to this port,
they are accessible from the Internet but still protected
from DoS attacks
Tabl e 3
Text C o nv e ntio ns
Convention Description
Screen displays
This typeface represents information as it appears on the
screen.
Commands
The word command means that you must enter the
command exactly as shown and then press Return or
Enter. Commands appear in bold. Example:
To remove the IP address, enter the following
command:
SETDefault !0 -IP NETaddr = 0.0.0.0
The words enter
and type
When you see the word enter in this guide, you must
type something, and then press Return or Enter. Do not
press Return or Enter when an instruction simply says
type.
Keyboard key names If you must press two or more keys simultaneously, the
key names are linked with a plus sign (+). Example:
Press Ctrl+Alt+Del
Words in italics Italics are used to:
Emphasize a point.
Denote a new term at the place where it is defined in
the text.
Identify menu names, menu commands, and software
button names. Examples:
From the Help menu, select Contents.
Click OK.
Termin ology
13
DoS Attacks
Denial of Service Attacks. An attempt to
stop one of your services running, such as a Web or FTP
server. There are several kinds of DoS attacks.
IP address
The Internet Protocol address is the network
layer address of a device assigned by the user or network
administrator of an IP network. An IP address consists of 32
bits divided into two or three fields: a network number and
a host number or a network number, a subnet number, and
a host number.
IP Spoof
A type of DoS attack. An IP spoof uses a fake
IP address to bypass security settings which may bar access
from the real IP address.
IRC
Internet Relay Chat. Provides a way of
communicating in real time with people from all over the
world.
ISP
Internet Service Provider. A business that provides
Internet access to individuals or organizations.
Internet Firewall
Used in this guide to refer to both the
OfficeConnect Internet Firewall 25 and the OfficeConnect
Internet Firewall DMZ.
LAND Attack
A type of DoS attack. In a LAND attack, a
packet is sent that appears to come from the same address
and port that it is sent to. This can hang the machine to
which it is sent.
Management Station
This is the workstation from
which you run the Web-based management interface for
the Internet Firewall.
Management Interface
This is the Web-based
application which you use to set up the Internet Firewall to
protect your network from attack and to control access to
the Internet for LAN users.
NAT
Network Address Translation. NAT refers to the
process of converting the IP addresses used within a private
network to Internet IP addresses.
NNTP
Network News Transfer Protocol. This protocol is
used to distribute Usenet news articles over the Internet.
14
A
BOUT
T
HIS
G
UIDE
Ping of Death
A type of DoS attack. The Internet
Protocol (IP) defines the maximum size for a Ping packet.
However, some Ping programs can send packets that are
larger than this size which can cause some systems to
crash.
PPPoE
Point to Point Protocol over Ethernet. PPP is the
Internet Standard for transmission of IP packets over serial
lines. PPPoE is a version of this protocol that operates over
Ethernet.
SYN FLood
A type of DoS attack. This is where a client
opens a connection with a server but does not complete it.
If the server queue fills up with partially-open connections,
no other clients can make genuine connections to that
server.
UTC
stands for Universal Time Co-ordinated, and is
the standard time common to all places in the world. It is
also commonly referred to as GMT or World Time.
Web Site Filter
Abbreviation for the OfficeConnect
Web Site Filter.
Year 2000 Compliance
For information on Year 2000 compliance and 3Com
products, visit the 3Com Year 2000 Web page:
http://www.3com.com/products/yr2000.html
Feedback about this User Guide
Your suggestions are very important to us. They will help
make our documentation more useful to you. Please e-mail
comments about this document to 3Com at:
pddtechpubs_comments@3com.com
Please include the following information when
commenting:
Document title
Document part number (on the title page)
Page number (if appropriate)
Feedback about this User Guide
15
Example:
OfficeConnect Internet Firewall User Guide
Part Number DUA1677-1AAA02
Page 24
Do not use this e-mail address for technical support
questions. For information about contacting Technical
Support, see Appendix H
.
16
A
BOUT
T
HIS
G
UIDE
1
I
NTRODUCTION
This chapter contains the following:
What is the Internet Firewall?
Internet Firewall Security Functions
Internet Firewall Features
What is the Internet Firewall?
The Internet Firewall is a firewall appliance which is
installed between the LAN and the Internet access device,
such as an OfficeConnect
®
LAN Modem. The Internet
Firewall is a complete network security system with all
hardware and software pre-installed. This allows it to act as
a secure gateway for all data passing between the Internet
and the LAN.
The purpose of the Internet Firewall is to allow a private
Local Area Network (LAN) to be securely connected to the
Internet. You can use the Internet Firewall to:
Prevent theft, destruction, and modification of data.
Filter incoming data for unsafe or objectionable
content.
Log events which may be important to the security of
your network.
The Internet Firewall has either two or three Ethernet ports
(depending on the model) which are used to divide the
network into separate areas.
The
Wide Area Network
(WAN) port attaches to the
Internet access device, for example, OfficeConnect LAN
Modem, Cable Modem or SDSL Router.
The
Local Area Network
(LAN) port attaches to the local
network through hubs and switches. LAN users have
access to Internet services such as e-mail, FTP, and the
World Wide Web. However, all workstations and data
18
C
HAPTER
1: I
NTRODUCTION
on the LAN are protected from hacker attacks that
might come through the WAN port.
On the OfficeConnect Internet Firewall DMZ, there is a
third port. The
Demilitarized Zone
(DMZ) port is used for
public servers, such as Web or FTP servers. Machines
attached to this port are visible from the WAN port, but
are still protected from hacker attacks. Users on the
secure LAN port can also access servers on the DMZ
port.
Internet Firewall Security Functions
Figure 1 and Figure 2 illustrate security functions on the
Internet Firewall.
Users on the LAN have access to all resources on the
Internet that are not blocked by any of the filters. In
Figure 2
, computers on the LAN also have full access to
devices on the DMZ.
Users on the Internet can access hosts on the DMZ, such as
a Web server, but cannot access any resources on the LAN
unless they are authorized remote users.
Internet Firewall Features
19
Figure 1
Internet Firewall 25 Security Functions
Internet Firewall Features
This section lists the features of the Internet Firewall.
Firewall Security
The OfficeConnect Internet Firewall is preconfigured to
monitor Internet traffic, and detect and thwart
Denial of
Service
(
DoS
) hacker attacks automatically.
DoS attacks include:
Ping of Death
SYN Flood
LAND Attack
IP Spoofing
20
C
HAPTER
1: I
NTRODUCTION
Teardrop a DoS hacker tool which is widely available
on the Internet.
Figure 2
Internet Firewall DMZ Security Functions
The Internet Firewall uses stateful packet inspection to
determine if a data packet from the Internet is allowed
through to the private LAN. This is similar to algorithms
implemented in more costly firewalls commonly used in
large enterprises.
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48
  • Page 49 49
  • Page 50 50
  • Page 51 51
  • Page 52 52
  • Page 53 53
  • Page 54 54
  • Page 55 55
  • Page 56 56
  • Page 57 57
  • Page 58 58
  • Page 59 59
  • Page 60 60
  • Page 61 61
  • Page 62 62
  • Page 63 63
  • Page 64 64
  • Page 65 65
  • Page 66 66
  • Page 67 67
  • Page 68 68
  • Page 69 69
  • Page 70 70
  • Page 71 71
  • Page 72 72
  • Page 73 73
  • Page 74 74
  • Page 75 75
  • Page 76 76
  • Page 77 77
  • Page 78 78
  • Page 79 79
  • Page 80 80
  • Page 81 81
  • Page 82 82
  • Page 83 83
  • Page 84 84
  • Page 85 85
  • Page 86 86
  • Page 87 87
  • Page 88 88
  • Page 89 89
  • Page 90 90
  • Page 91 91
  • Page 92 92
  • Page 93 93
  • Page 94 94
  • Page 95 95
  • Page 96 96
  • Page 97 97
  • Page 98 98
  • Page 99 99
  • Page 100 100
  • Page 101 101
  • Page 102 102
  • Page 103 103
  • Page 104 104
  • Page 105 105
  • Page 106 106
  • Page 107 107
  • Page 108 108
  • Page 109 109
  • Page 110 110
  • Page 111 111
  • Page 112 112
  • Page 113 113
  • Page 114 114
  • Page 115 115
  • Page 116 116
  • Page 117 117
  • Page 118 118
  • Page 119 119
  • Page 120 120
  • Page 121 121
  • Page 122 122
  • Page 123 123
  • Page 124 124
  • Page 125 125
  • Page 126 126
  • Page 127 127
  • Page 128 128
  • Page 129 129
  • Page 130 130
  • Page 131 131
  • Page 132 132
  • Page 133 133
  • Page 134 134
  • Page 135 135
  • Page 136 136
  • Page 137 137
  • Page 138 138
  • Page 139 139
  • Page 140 140
  • Page 141 141
  • Page 142 142
  • Page 143 143
  • Page 144 144
  • Page 145 145
  • Page 146 146
  • Page 147 147
  • Page 148 148
  • Page 149 149
  • Page 150 150
  • Page 151 151
  • Page 152 152
  • Page 153 153
  • Page 154 154
  • Page 155 155
  • Page 156 156
  • Page 157 157
  • Page 158 158
  • Page 159 159
  • Page 160 160
  • Page 161 161
  • Page 162 162
  • Page 163 163
  • Page 164 164
  • Page 165 165
  • Page 166 166
  • Page 167 167
  • Page 168 168
  • Page 169 169
  • Page 170 170
  • Page 171 171
  • Page 172 172
  • Page 173 173
  • Page 174 174
  • Page 175 175
  • Page 176 176
  • Page 177 177
  • Page 178 178
  • Page 179 179
  • Page 180 180
  • Page 181 181
  • Page 182 182

3com OfficeConnect 3C16771 User manual

Category
Networking
Type
User manual

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI