2. Computers & electronics
  3. Networking
  4. Routers
  5. 3com
  6. SuperStack 3

3com SuperStack 3, SUPERSTACK 3 WEBSITE FILTER, SUPERSTACK 3CR16110-95 Release Notes

  • Hello! I am an AI chatbot trained to assist you with the 3com SuperStack 3 Release Notes. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
Part No. DNA1611-0AAA01
Published August 2001
S
UPER
S
TACK
®
3 F
IREWALL
F
IRMWARE
V
ERSION
6.0.2
R
ELEASE
N
OTES
Please use these notes in conjunction with the following
documents:
SuperStack 3 Firewall User Guide
Part number: DUA1611-0AAA02
SuperStack 3 Firewall Quick Reference Guide
Part number: DQA1611-0AAA01
Software License Agreements
Before you use the firmware on the SuperStack 3
Firewall, please ensure that you read the license
agreement text. This text is supplied in the file
license.txt
on the CD-ROM.
Upgrading the Firmware to Version 6.0.2
If you are upgrading from a previous release of firm-
ware, please note that you cannot import the configu-
ration from firmware version 5.0.7 of the SuperStack 3
Firewall. Take a note of the current configuration before
upgrading.
To upgrade the firmware to version 6.0.2, do the
following:
1
Access the Management Interface as described in the
User Guide.
2
Click
Tools
and then select the
Upgrade
tab.
3
Click
Upload Firmware Now
.
4
Click
Yes
if you have saved the settings.
5
Click
Browse...
and select the software file you have
downloaded from the 3Com ftp site to a local hard
drive or server on the LAN.
6
Click
Upload
to begin the upload. Make sure that your
Web browser supports HTTP uploads.
7
When uploading the firmware to a SuperStack 3
Firewall, it is important not to interrupt the Web
browser by closing the window, clicking a link, loading
a new page, or removing the power to the Firewall. If
the Firewall is interrupted this way, it may result in the
Firewall not responding to attempts to log in.
8
Restart the SuperStack 3 Firewall for the changes to
take effect.
DNA1611-0AAA01.fm Page 1 Tuesday, September 4, 2001 10:10 AM
2 S
UPER
S
TACK
®
3 F
IREWALL
F
IRMWARE
V
ERSION
6.0.2 R
ELEASE
N
OTES
After Upgrading to Version 6.0.2
After upgrading to version 6.0.2 of the firmware,
3Com recommends that you configure the unit as
follows:
Note: This procedure must be performed from a
machine on the Firewalls LAN.
1
Reset admin password to "password". Click the
general label and then the
Set Password
tab to set the
password. Resetting the password allows you to use
the new install wizard for initial configuration.
2
Restore factory default settings. Click the
Tools
label,
the
Configuration
tab and then the
Restore
button.
3
Restart the unit.
4
The unit will display the Firewall Installation Wizard.
Perform initial configuration.
5
After the unit has restarted, enter any additional
configuration using the Web interface.
Failure to follow this procedure may result in an
invalid configuration.
New Features in This Release
Version 6.0.2 provides support for the following:
SuperStack 3 Firewall (3CR16110-95).
SuperStack 3 Firewall (3CR16110-97)
SuperStack 3 Firewall Web Site Filter (3C16111)
This section lists new features and enhancements
between firmware version 5.0.7 and firmware version
6.0.2.
A new Installation Wizard can be used to set up
the Firewall quickly.
A Group VPN feature for simplified VPN client
deployment has been added.
A new VPN Routing feature allows easy setup of
secure traffic in a "hub and spoke" configuration
between remote offices.
A new High Availability feature eliminates network
downtime by enabling the use of a backup Firewall
for failover.
It is now possible to perform one touch VPN client
configuration file creation using the GroupVPN
export function.
The Firewall is shipped with 56-bit encryption for
wider distribution; this can be web-upgraded to
168-bit.
Changing VPN security associations no longer
requires a restart.
Enhanced logging of VPN IKE negotiations is now
available.
TFTP LAN clients behind the Firewall are now
supported.
Netscape 6.0 can now be used to access the Web
interface.
To provide compatibility with more ISPs, the PPPoE
user name and password can contain up to 63
characters.
IMAP, NetBIOS, and PC Anywhere have been
added as known services.
DNA1611-0AAA01.fm Page 2 Tuesday, September 4, 2001 10:10 AM
Known Problems with this Release 3
A new logging category - Denied LAN IP - has been
added to the Log Settings page. When enabled, all
access attempts to the Firewall LAN IP address
which are not allowed by the firewall configuration
are logged.
A log message for fragmented packets dropped
has been added.
TCP FIN, XMAS and NULL scans are now logged.
A new menu selection allows users to select either
WebTrends or Default formats on the Log Settings
page. The default Syslog data now contains port
information in addition to standard WebTrends
formatted data.
Services can now be defined using ranges of ports.
Multiple subnets can now be accessed through
VPN tunnels.
Individual rules can now be edited and disabled.
Rules can also be enforced by time of day.
A restart is no longer required after adding,
deleting or changing rules.
Fragmented IPSEC and PPTP packets can now pass
through the Firewall.
WINS server addresses can now be assigned to
LAN clients by the Firewall DHCP Server.
Hyperlinks displayed in the log now provide
definitions of attacks.
A PPPoE inactivity time-out has been added.
The date can now be displayed in an International
format (DD/MM/YYYY).
The Syslog Individual Event Rate feature enables
control over the time period between similar
events being reported to the Syslog.
Napster is now a pre-defined service.
The current status of DHCP leases are now shown
on the DHCP/Status page.
Known Problems with this Release
VPN Operation
You may need to reconfigure VPN clients to use
the new GroupVPN feature. The GroupVPN
security association must be used for multiple VPN
clients.
When configuring a VPN security association, the
encryption method must be specified. The
AH-MD5 encryption method does not function
correctly when interoperating with version 5.0.7 of
SuperStack 3 Firewall or version 5.0.8 of
OfficeConnect Firewall.
Note the following if you have configured the
Firewall to be a PPPoE client and wish to establish a
VPN tunnel through the firewall using PPTP
protocol. When using Microsoft Dial up
Networking V1.3 on Windows 95/98, the client PC
must have the IP packet size set to medium in
Dial up Networking.
Windows 2000 is not affected as it automatically
adjusts the packet size.
DNA1611-0AAA01.fm Page 3 Tuesday, September 4, 2001 10:10 AM
4 S
UPER
S
TACK
®
3 F
IREWALL
F
IRMWARE
V
ERSION
6.0.2 R
ELEASE
N
OTES
NETBIOS Pass Through Facility
The NETBIOS pass through facility does not function
correctly, so it is not possible to find computers on the
DMZ port from the LAN using
Network
Neighborhood
or
Find Computer
.
Policy Creation
If you create a policy that allows traffic into specific IP
addresses on the LAN, the Firewall should show a "!"
in the Network Policy Rules screen to indicate a
potential security hole. The Firewall does not display
the "!".
Using Microsoft Exchange Server
For users of Microsoft Exchange Server, 3Com
recommends that Exchange Server is deployed on the
LAN and not the DMZ.
Bugs Fixed in this Release
This section lists the major bug fixes between
firmware version 5.0.7 and firmware version 6.02.
A bug that caused VPN problems when 100 SA's
were entered has been fixed.
An interoperability issue with the Lucent Brick has
been addressed.
In rare instances, flash corruption occurred and
caused the unit to resort to factory default
settings. This bug has been fixed.
A bug which caused cache full errors was fixed.
TFTP traffic now passes correctly from the WAN to
the LAN.
A bug that caused VPN tunnels using IKE to remain
disabled until the Firewall was restarted has been
fixed.
A bug that caused the re-negotiate button to
intermittently stop functioning until the Firewall
was restarted has been fixed.
A bug which caused a delay in loading the
management login screen when using Microsoft
Internet Explorer was resolved. To avoid this delay,
check the new "Manage using IE" box on the
Access/Management page.
H.323/NetMeeting support has been enhanced to
allow full audio and video between a SuperStack 3
and non-SuperStack 3 endpoint.
Multicast packets are no longer cached.
A bug which caused automatically created rules to
be lost upon a restore to factory defaults has been
fixed.
A bug which caused IP Spoof alerts to be
generated when using NetBIOS between the LAN
and the DMZ has been fixed.
A bug which caused PPPoE sessions to be
disconnected has been fixed.
A bug which caused the DHCP server to assign
invalid leases to LAN users has been fixed.
Problems which caused fragmented PPTP and
IPSec packets to break the VPN tunnel have been
resolved.
A bug which prevented Stealth mode from
working in standard mode has been fixed.
DNA1611-0AAA01.fm Page 4 Tuesday, September 4, 2001 10:10 AM
Documentation Errors and Omissions 5
The format for e-mails sent by Firewall has been
modified to comply with RFC 822.
Documentation Errors and Omissions
This section should be used in conjunction with the
SuperStack 3 Firewall User Guide
(part number
DUA1611-0AAA02).
Chapter 9 - The section Configuring the IRE VPN
Client is incomplete. After importing the security
policy, the following steps are required:
1
Click the + sign next to Group VPN to reveal two
sections.
2
Select
My Identity
to view the settings.
3
Click
Pre-Shared Key
to enter the Pre-Shared Secret.
Click
OK
.
4
In the
Internet Interface
box, select the adapter used
to access the Internet. Select
PPP Adapter
in the
Name
menu if you have a dial-up Internet account.
Select your Ethernet adapter if you have a dedicated
Cable, ISDN, or DSL line.
5
Click
File
, then
Save Changes
to save the settings to
the security policy.
Chapter 10 - Configuring High Availability
This chapter states that serial numbers are used for
configuring High Availability. This is incorrect - MAC
Addresses are used. Where "serial number" is stated
in the instructions, use "MAC Address" instead.
The MAC Address of the Firewall is printed on its
base. Do not include dashes or spaces when entering
the MAC Address.
3Com Network Supervisor
The CD-ROM contains 3Com Network Supervisor.
3Com Network Supervisor provides powerful yet
easy-to-use network management. Focused on the
needs of small to medium enterprises, it enables you
to manage your network more efficiently.
To download the latest 3Com Network Supervisor
and Service Pack please visit:
http://www.3com.com/tns/
3Com World Wide Web Site
Access the latest information on the 3Com
Corporation World Wide Web site by entering the
following URL into your Web browser:
http://www.3com.com
DNA1611-0AAA01.fm Page 5 Tuesday, September 4, 2001 10:10 AM
6 S
UPER
S
TACK
®
3 F
IREWALL
F
IRMWARE
V
ERSION
6.0.2 R
ELEASE
N
OTES
Copyright © 2001, 3Com Technologies. All rights reserved.
Unless otherwise indicated, 3Com registered trademarks are registered in the United
States and may or may not be registered in other countries.
3Com and SuperStack are registered trademarks of 3Com Corporation. The 3Com logo
and CoreBuilder are trademarks of 3Com Corporation.
Windows is a registered trademark of Microsoft Corporation. Other brand and product
names may be registered trademarks or trademarks of their respective holders.
DNA1611-0AAA01.fm Page 6 Tuesday, September 4, 2001 10:10 AM
/