3com SuperStack 3 Release Notes

Brand: 3com

Model: SuperStack 3

Category: Routers

Type: Release Notes

This manual is also suitable for

3com SUPERSTACK 3CR16110-95 is a high-performance firewall that provides comprehensive protection for your network. With its advanced security features, it can safeguard your network from a wide range of threats, including viruses, malware, and hackers.

Key features of the 3com SUPERSTACK 3CR16110-95 include:

Stateful packet inspection firewall
Intrusion prevention system (IPS)
Anti-virus and anti-malware protection
Content filtering
Virtual private network (VPN) support
High availability with failover support

The 3com SUPERSTACK 3CR16110-95 is easy to install and manage. It comes with a user-friendly web interface that makes it easy to configure and monitor the firewall. The firewall also supports SNMP, so you can manage it remotely using a network management system.

Key features of the 3com SUPERSTACK 3CR16110-95 include:

Stateful packet inspection firewall
Intrusion prevention system (IPS)
Anti-virus and anti-malware protection
Content filtering
Virtual private network (VPN) support
High availability with failover support

Part No. DNA1611-0AAA01

Published August 2001

UPER

TACK

3 F

IREWALL

IRMWARE

ERSION

6.0.2

ELEASE

OTES

Please use these notes in conjunction with the following

documents:

■

“

SuperStack 3 Firewall User Guide

”

Part number: DUA1611-0AAA02

■

“

SuperStack 3 Firewall Quick Reference Guide

”

Part number: DQA1611-0AAA01

Software License Agreements

Before you use the firmware on the SuperStack 3

Firewall, please ensure that you read the license

agreement text. This text is supplied in the file

license.txt

on the CD-ROM.

Upgrading the Firmware to Version 6.0.2

If you are upgrading from a previous release of firm-

ware, please note that you cannot import the configu-

ration from firmware version 5.0.7 of the SuperStack 3

Firewall. Take a note of the current configuration before

upgrading.

To upgrade the firmware to version 6.0.2, do the

following:

Access the Management Interface as described in the

User Guide.

Click

Tools

and then select the

Upgrade

tab.

Click

Upload Firmware Now

Click

Yes

if you have saved the settings.

Click

Browse...

and select the software file you have

downloaded from the 3Com ftp site to a local hard

drive or server on the LAN.

Click

Upload

to begin the upload. Make sure that your

Web browser supports HTTP uploads.

When uploading the firmware to a SuperStack 3

Firewall, it is important not to interrupt the Web

browser by closing the window, clicking a link, loading

a new page, or removing the power to the Firewall. If

the Firewall is interrupted this way, it may result in the

Firewall not responding to attempts to log in.

Restart the SuperStack 3 Firewall for the changes to

take effect.

DNA1611-0AAA01.fm Page 1 Tuesday, September 4, 2001 10:10 AM

2 S

UPER

TACK

3 F

IREWALL

IRMWARE

ERSION

6.0.2 R

ELEASE

OTES

After Upgrading to Version 6.0.2

After upgrading to version 6.0.2 of the firmware,

3Com recommends that you configure the unit as

follows:

Note: This procedure must be performed from a

machine on the Firewall’s LAN.

Reset admin password to "password". Click the

general label and then the

Set Password

tab to set the

password. Resetting the password allows you to use

the new install wizard for initial configuration.

Restore factory default settings. Click the

Tools

label,

the

Configuration

tab and then the

Restore

button.

Restart the unit.

The unit will display the Firewall Installation Wizard.

Perform initial configuration.

After the unit has restarted, enter any additional

configuration using the Web interface.

Failure to follow this procedure may result in an

invalid configuration.

New Features in This Release

Version 6.0.2 provides support for the following:

■

SuperStack 3 Firewall (3CR16110-95).

■

SuperStack 3 Firewall (3CR16110-97)

■

SuperStack 3 Firewall Web Site Filter (3C16111)

This section lists new features and enhancements

between firmware version 5.0.7 and firmware version

6.0.2.

■

A new Installation Wizard can be used to set up

the Firewall quickly.

■

A Group VPN feature for simplified VPN client

deployment has been added.

■

A new VPN Routing feature allows easy setup of

secure traffic in a "hub and spoke" configuration

between remote offices.

■

A new High Availability feature eliminates network

downtime by enabling the use of a backup Firewall

for failover.

■

It is now possible to perform one touch VPN client

configuration file creation using the GroupVPN

export function.

■

The Firewall is shipped with 56-bit encryption for

wider distribution; this can be web-upgraded to

168-bit.

■

Changing VPN security associations no longer

requires a restart.

■

Enhanced logging of VPN IKE negotiations is now

available.

■

TFTP LAN clients behind the Firewall are now

supported.

■

Netscape 6.0 can now be used to access the Web

interface.

■

To provide compatibility with more ISPs, the PPPoE

user name and password can contain up to 63

characters.

■

IMAP, NetBIOS, and PC Anywhere have been

added as known services.

DNA1611-0AAA01.fm Page 2 Tuesday, September 4, 2001 10:10 AM

Known Problems with this Release 3

■

A new logging category - Denied LAN IP - has been

added to the Log Settings page. When enabled, all

access attempts to the Firewall LAN IP address

which are not allowed by the firewall configuration

are logged.

■

A log message for fragmented packets dropped

has been added.

■

TCP FIN, XMAS and NULL scans are now logged.

■

A new menu selection allows users to select either

WebTrends or Default formats on the Log Settings

page. The default Syslog data now contains port

information in addition to standard WebTrends

formatted data.

■

Services can now be defined using ranges of ports.

■

Multiple subnets can now be accessed through

VPN tunnels.

■

Individual rules can now be edited and disabled.

Rules can also be enforced by time of day.

■

A restart is no longer required after adding,

deleting or changing rules.

■

Fragmented IPSEC and PPTP packets can now pass

through the Firewall.

■

WINS server addresses can now be assigned to

LAN clients by the Firewall DHCP Server.

■

Hyperlinks displayed in the log now provide

definitions of attacks.

■

A PPPoE inactivity time-out has been added.

■

The date can now be displayed in an International

format (DD/MM/YYYY).

■

The Syslog Individual Event Rate feature enables

control over the time period between similar

events being reported to the Syslog.

■

Napster is now a pre-defined service.

■

The current status of DHCP leases are now shown

on the DHCP/Status page.

Known Problems with this Release

VPN Operation

■

You may need to reconfigure VPN clients to use

the new GroupVPN feature. The GroupVPN

security association must be used for multiple VPN

clients.

■

When configuring a VPN security association, the

encryption method must be specified. The

“AH-MD5” encryption method does not function

correctly when interoperating with version 5.0.7 of

SuperStack 3 Firewall or version 5.0.8 of

OfficeConnect Firewall.

■

Note the following if you have configured the

Firewall to be a PPPoE client and wish to establish a

VPN tunnel through the firewall using PPTP

protocol. When using Microsoft Dial up

Networking V1.3 on Windows 95/98, the client PC

must have the IP packet size set to “medium” in

Dial up Networking.

Windows 2000 is not affected as it automatically

adjusts the packet size.

DNA1611-0AAA01.fm Page 3 Tuesday, September 4, 2001 10:10 AM

4 S

UPER

TACK

3 F

IREWALL

IRMWARE

ERSION

6.0.2 R

ELEASE

OTES

NETBIOS Pass Through Facility

The NETBIOS pass through facility does not function

correctly, so it is not possible to find computers on the

DMZ port from the LAN using

Network

Neighborhood

Find Computer

Policy Creation

If you create a policy that allows traffic into specific IP

addresses on the LAN, the Firewall should show a "!"

in the Network Policy Rules screen to indicate a

potential security hole. The Firewall does not display

the "!".

Using Microsoft Exchange Server

For users of Microsoft Exchange Server, 3Com

recommends that Exchange Server is deployed on the

LAN and not the DMZ.

Bugs Fixed in this Release

This section lists the major bug fixes between

firmware version 5.0.7 and firmware version 6.02.

■

A bug that caused VPN problems when 100 SA's

were entered has been fixed.

■

An interoperability issue with the Lucent Brick has

been addressed.

■

In rare instances, flash corruption occurred and

caused the unit to resort to factory default

settings. This bug has been fixed.

■

A bug which caused cache full errors was fixed.

■

TFTP traffic now passes correctly from the WAN to

the LAN.

■

A bug that caused VPN tunnels using IKE to remain

disabled until the Firewall was restarted has been

fixed.

■

A bug that caused the re-negotiate button to

intermittently stop functioning until the Firewall

was restarted has been fixed.

■

A bug which caused a delay in loading the

management login screen when using Microsoft

Internet Explorer was resolved. To avoid this delay,

check the new "Manage using IE" box on the

Access/Management page.

■

H.323/NetMeeting support has been enhanced to

allow full audio and video between a SuperStack 3

and non-SuperStack 3 endpoint.

■

Multicast packets are no longer cached.

■

A bug which caused automatically created rules to

be lost upon a restore to factory defaults has been

fixed.

■

A bug which caused IP Spoof alerts to be

generated when using NetBIOS between the LAN

and the DMZ has been fixed.

■

A bug which caused PPPoE sessions to be

disconnected has been fixed.

■

A bug which caused the DHCP server to assign

invalid leases to LAN users has been fixed.

■

Problems which caused fragmented PPTP and

IPSec packets to break the VPN tunnel have been

resolved.

■

A bug which prevented Stealth mode from

working in standard mode has been fixed.

DNA1611-0AAA01.fm Page 4 Tuesday, September 4, 2001 10:10 AM

Documentation Errors and Omissions 5

■

The format for e-mails sent by Firewall has been

modified to comply with RFC 822.

Documentation Errors and Omissions

This section should be used in conjunction with the

“SuperStack 3 Firewall User Guide”

(part number

DUA1611-0AAA02).

Chapter 9 - The section “Configuring the IRE VPN

Client” is incomplete. After importing the security

policy, the following steps are required:

Click the + sign next to Group VPN to reveal two

sections.

Select

My Identity

to view the settings.

Click

Pre-Shared Key

to enter the Pre-Shared Secret.

Click

In the

Internet Interface

box, select the adapter used

to access the Internet. Select

PPP Adapter

in the

Name

menu if you have a dial-up Internet account.

Select your Ethernet adapter if you have a dedicated

Cable, ISDN, or DSL line.

Click

File

, then

Save Changes

to save the settings to

the security policy.

Chapter 10 - Configuring High Availability

This chapter states that serial numbers are used for

configuring High Availability. This is incorrect - MAC

Addresses are used. Where "serial number" is stated

in the instructions, use "MAC Address" instead.

The MAC Address of the Firewall is printed on its

base. Do not include dashes or spaces when entering

the MAC Address.

3Com Network Supervisor

The CD-ROM contains 3Com Network Supervisor.

3Com Network Supervisor provides powerful yet

easy-to-use network management. Focused on the

needs of small to medium enterprises, it enables you

to manage your network more efficiently.

To download the latest 3Com Network Supervisor

and Service Pack please visit:

http://www.3com.com/tns/

3Com World Wide Web Site

Access the latest information on the 3Com

Corporation World Wide Web site by entering the

following URL into your Web browser:

http://www.3com.com

DNA1611-0AAA01.fm Page 5 Tuesday, September 4, 2001 10:10 AM

6 S

UPER

TACK

3 F

IREWALL

IRMWARE

ERSION

6.0.2 R

ELEASE

OTES

Unless otherwise indicated, 3Com registered trademarks are registered in the United

States and may or may not be registered in other countries.

3Com and SuperStack are registered trademarks of 3Com Corporation. The 3Com logo

and CoreBuilder are trademarks of 3Com Corporation.

Windows is a registered trademark of Microsoft Corporation. Other brand and product

names may be registered trademarks or trademarks of their respective holders.

DNA1611-0AAA01.fm Page 6 Tuesday, September 4, 2001 10:10 AM

3com SuperStack 3 Release Notes

Brand: 3com

Model: SuperStack 3

Category: Routers

Type: Release Notes

This manual is also suitable for

Key features of the 3com SUPERSTACK 3CR16110-95 include:

Stateful packet inspection firewall
Intrusion prevention system (IPS)
Anti-virus and anti-malware protection
Content filtering
Virtual private network (VPN) support
High availability with failover support

Download PDF

report

3com SuperStack 3 Release Notes

This manual is also suitable for

3com SuperStack 3 Release Notes

Related papers

Other documents