Home » 3Com Manuals » Networking » 3Com 3CR16110-95-US » Manual Viewer

3Com 3CR16110-95-US User Guide - Page 115

Installing the Firewall to Protect the Intranet

UPC - 662705415543

View all 3Com 3CR16110-95-US manuals

Add to My Manuals
Save this manual to your list of manuals

Page 115 highlights

Specifying Intranet Settings 115 Figure 51 Connecting the Firewall to protect an internal part of the network Unrestricted Area Optionally Firewalled from the external networks. F1 R Restricted Area Firewalled from the rest of your network. Key: F1 External Firewall F2 F2 Internal Firewall Unsecured Network or Internet R Router Installing the Firewall The following describes how to install and configure the Firewall to to Protect the provide intranet firewalling. Intranet 1 Connect the Ethernet port labeled LAN on the front of the Firewall to the network segment that will be protected against unauthorized access. 2 Connect the Ethernet port labeled WAN on the front of the Firewall to the rest of the network. Devices connected to the WAN port do not have firewall or Web Site Filter protection. It is advised that you use another Firewall to protect these computers. 3 Connect the power cord to the back of the Firewall and then connect to an AC power outlet. Configuring the Click Advanced, and then select the Intranet tab. A window similar to Firewall to Protect that in Figure 52 displays. the Intranet

Section	Page
About This Guide	11
Introduction	11
How to Use This Guide	12
Conventions	12
Terminology	13
Feedback about this User Guide	15
Registration	16
Introduction	19
What is the SuperStack 3 Firewall?	19
Firewall and 3Com Network Supervisor	20
Firewall Features	21
Firewall Security	21
Web URL Filtering	23
High Availability	24
Logs and Alerts	24
User Remote Access (from the Internet)	24
Automatic IP Address Sharing and Configuration	24
Introduction to Virtual Private Networking (VPN)	25
Virtual Private Networking	25
Installing the Hardware	27
Before You Start	27
Positioning the Firewall	28
Rack Mounting the Units	28
Securing the Firewall with the Rubber Feet	29
Firewall Front Panel	29
Firewall Rear Panel	31
Redundant Power System (RPS)	31
Attaching the Firewall to the Network	32
Quick Setup for the Firewall	35
Introduction	35
Setting up a Management Station	36
Configuring Basic Settings	36
Setting the Password	37
Setting the Time Zone	38
Configuring WAN Settings	39
Automatic WAN Settings	39
Manual WAN Settings	40
Using a Single Static IP Address	41
Using Multiple Static IP Addresses	42
Using an IP Address provided by a PPPoE Server	44
Using a Static IP address provided by a DHCP Server	44
Configuring LAN Settings	44
Automatic LAN Settings	44
Entering information about your LAN	45
Configuring the DHCP Server	45
Confirming Firewall Settings	46
Basic Settings of the Firewall	51
Examining the Unit Status	52
Setting the Administrator Password	53
Setting the Inactivity Timeout	54
Setting the Time	54
Time Zone	54
Use NTP (Network Time Protocol) to set time automatically	54
Automatically adjust clock for daylight savings changes	55
Display UTC (Universal Time) in logs instead of local time	55
Manual Time Set	55
Changing the Basic Network Settings	56
Setting the Network Addressing Mode	56
Standard	56
NAT Enabled	56
NAT with DHCP Client	57
NAT with PPPoE Client	57
Specifying the LAN Settings	57
Firewall LAN IP Address.	57
LAN Subnet Mask	57
Connect/Disconnect	58
Specifying the WAN/DMZ Settings	58
WAN Gateway (router) Address	58
Firewall WAN IP Address	58
WAN/DMZ Subnet Mask	58
User Name	58
Password	58
Gateway (Router) Address:	58
Specifying the DNS Settings	59
Specifying DMZ Addresses	59
Setting up the DHCP Server	60
Global Options	61
Enable DHCP Server	61
Lease Time	61
Client Default Gateway	61
Subnet Mask	62
Domain Name	62
DNS Servers	62
Dynamic Ranges	62
Allow BootP clients to use range	62
Delete Range	63
Static Entries	63
Delete Static	63
Viewing the DHCP Server Status	63
Using the Network Diagnostic Tools	64
Choosing a Diagnostic Tool	64
DNS Name Lookup	64
Find Network Path	65
Ping	65
Packet Trace	65
Technical Support Report	66
Setting up Web Filtering	67
Changing the Filter Settings	67
Restricting the Web Features Available	68
ActiveX	68
Java	68
Cookies	69
Web Proxy	69
Setting Blocking Options	69
Log and Block Access	69
Log Only	69
Specifying the Categories to Filter	69
Specifying When Filtering Applies	70
Always Block	70
Block Between	70
Filtering Web Sites using a Custom List	70
Setting up Trusted and Forbidden Domains	71
Enable Filtering on Custom List	72
Disable all Web traffic except for Trusted Domains	72
Don’t block Java/ActiveX/Cookies to Trusted Domains	72
Changing the Message to display when a site is blocked	72
Updating the Web Filter	73
Checking the Web Filter Status	73
Downloading an Updated Filter List	74
Download Now	74
Automatic Download	74
Setting Actions if no Filter List is Loaded	74
Block traffic to all websites except for Trusted Domains	74
Allow traffic to all websites	74
Blocking Websites by using Keywords	75
Filtering by User Consent	75
Configuring User Consent Settings	76
Require Consent	76
Maximum web usage is	76
User idle timeout	76
Consent page URL (Optional Filtering)	77
“Consent Accepted” URL (Filtering Off)	77
“Consent Accepted” URL (Filtering On)	77
Mandatory Filtered IP addresses	77
Consent Page URL (Mandatory Filtering)	78
Add New Address	78
Using the Firewall Diagnostic Tools	79
Logs and Alerts	79
Viewing the Log	80
TCP, UDP, or ICMP packets dropped	81
Web, FTP, Gopher, or Newsgroup blocked	81
ActiveX, Java, or Code Archive blocked	81
Cookie blocked	82
Ping of Death, IP Spoof, and SYN Flood Attacks	82
Changing Log and Alert Settings	82
Sending the Log	83
Mail Server	83
Send Log To	83
Send Alerts To	83
Firewall Name	83
Syslog Server	83
E-mail Log Now	84
Clear Log Now	84
Changing the Log Automation Settings	84
Send Log	84
When log overflows	85
Selecting the Categories to Log	85
System Maintenance	85
System Errors	85
Blocked Web Sites	85
Blocked Java, ActiveX, and Cookies	85
User Activity	85
Attacks	86
Dropped TCP	86
Dropped UDP	86
Dropped ICMP	86
Network Debug	86
Alert Categories	86
Attacks	86
System Errors	86
Blocked Web Sites	87
Generating Reports	87
Collecting Report Data	87
Start Data Collection	87
Reset Data	88
Current Sample Period	88
Viewing Report Data	88
Web Site Hits	88
Bandwidth Usage by IP Address	88
Bandwidth Usage by Service	88
Restarting the Firewall	89
Managing the Firewall Configuration File	90
Importing the Settings File	91
Exporting the Settings File	92
Restoring Factory Default Settings	92
Using the Installation Wizard to reconfigure the Firewall	92
Upgrading the Firewall Firmware	92
Setting a Policy	97
Changing Policy Services	97
Amending Network Policy Rules	98
LAN Out Checkbox	98
LAN In Checkbox	98
DMZ In Checkbox	99
Public LAN Server Address	99
Changing NetBIOS Broadcast Settings	99
From LAN to DMZ	99
From LAN to WAN	99
Enabling Stealth Mode	100
Allowing Fragmented Packets	100
Allow Fragmented Packets over PPTP/IPSec	100
Setting the Network Connection Inactivity Timeout	100
Adding and Deleting Services	101
Adding Support for a Known Service	101
Adding a Custom Service	102
Disabling Screen Logs	102
Deleting a Service	102
Editing Policy Rules	103
Viewing Network Policy Rules	103
Rule Number (#)	104
Action	104
Service	104
Source	104
Destination	105
Time	105
Day	105
Enable	105
Edit (no column heading)	105
Delete (no column heading)	105
Adding a New Rule	106
Restoring Rules to Defaults	106
Updating User Privileges	106
Changing the Timeout for Privileged Users	107
Adding Users	107
Changing Passwords and Privileges	108
Deleting a User	108
Establishing an Authenticated Session	108
Setting Management Method	109
Manage Using Internet Explorer	109
Selecting Remote Management	110
Using the Firewall with the NBX 100 Business Telephone System	110
Advanced Settings	111
Automatic Proxy/Web Cache Forwarding	111
Deploying the SuperStack3 Webcache as a Proxy of the Firewall	112
Specifying Intranet Settings	114
Installing the Firewall to Protect the Intranet	115
Configuring the Firewall to Protect the Intranet	115
Add Range	117
Setting Static Routes	117
LAN	119
DMZ/WAN	119
Add Route	119
Setting up One-to-One NAT	119
Private Range Begin	121
Public Range Begin	121
Range Length	121
Configuring Virtual Private Network Services	123
Editing VPN Summary Information	123
Changing the Global IPSec Settings	124
Unique Firewall Identifier	124
Enable VPN	124
Disable all Windows Networking (NetBIOS) Broadcasts	124
Enable Fragmented Packet Handling	125
Viewing the Current IPSec Security Associations	125
Configuring a VPN Security Association	125
Adding/Modifying IPSec Security Associations	126
IPSec Keying Mode	126
SA Name	127
Disable This SA	127
IPSec Gateway Address	127
Security Policy	127
Require XAUTH/RADIUS (only allows VPN clients)	127
Enable Windows Networking (NetBIOS) broadcast	127
Enable Perfect Forward Secrecy	128
SA Life time (secs)	128
Incoming SPI and Outgoing SPI	128
Encryption Method	129
Shared Secret	130
Encryption Key	131
Authentication Key	131
Setting the Destination Network for the VPN Tunnel	131
Adding a New Network Range	132
Deleting a Network Range	132
Editing a Network Range	132
Configuring the Firewall to use a RADIUS Server	132
Changing the Global RADIUS Settings	132
RADIUS Server Retries	132
RADIUS Server Timeout in Seconds	133
Changing RADIUS Server Details	133
Name or IP Address	133
Port Number	133
Shared Secret	133
Using the Firewall with Check Point Firewall-1	134
Configuring the IRE VPN Client	134
Configuring the Firewall	137
Configuring the IRE VPN Client for use with the Firewall	137
Setting up the GroupVPN Security Association	138
Installing the IRE VPN Client Software	139
Configuring the IRE VPN Client	139
Configuring High Availability	141
Getting Started	141
Network Configuration for High Availability Pair	142
Configuring High Availability	142
Configuring High Availability on the Primary Firewall	143
Configuring High Availability on the Backup Firewall	144
Making Configuration Changes	145
Checking High Availability Status	146
High Availability Status Window	146
E-Mail Alerts Indicating Status Change	147
View Log	147
Forcing Transitions	148
Administration and Advanced Operations	153
Introducing the Web Site Filter	153
Activating the Web Site Filter	156
Using Network Access Policy Rules	157
Understanding the Rule Hierarchy	158
Examples of Network Access Policies	159
Blocking LAN Access to Specific Protocols	159
Block Access to Specific Users	159
Enabling the ISP to Ping the Firewall	160
Restore the Default Network Access Rules	160
Protocols/Services to Filter	161
Resetting the Firewall	162
Resetting the Firewall	163
Reloading the Firmware	163
Direct Cable Connection	164
Direct Connection Instructions	165
Troubleshooting Guide	167
Introduction	167
Potential Problems and Solutions	167
Power LED Not Lit	167
Power LED Flashes Continuously	168
Power and Alert LED Lit Continuously	168
Link LED is Off	168
Ethernet Connection is Not Functioning	168
Cannot Access the Web interface	168
LAN Users Cannot Access the Internet	169
Firewall Does Not Save Changes	169
Duplicate IP Address Errors Are Occurring	169
Machines on the WAN Are Not Reachable	170
Troubleshooting the Firewall VPN Client	170
Error Message Explanations	170
The IKE Negotiation on the VPN Client	170
Restarting the Firewall with Active VPN Tunnel	171
Export the VPN Client Security Policy File	171
Import the VPN Client Security Policy File	171
Uninstall the VPN Client	171
Frequently Asked Questions about PPPoE	172
Types of Attack and Firewall Defences	175
Denial of Service Attacks	175
Ping of Death	175
Firewall Response:	175
Smurf Attack	175
Firewall Response as Amplifier:	176
Firewall Response as Victim:	176
SYN Flood Attack	176
Firewall Response:	176
Land Attack	176
Firewall Response:	176
Intrusion Attacks	176
External Access	176
Firewall response:	176
Port Scanning	177
Firewall Response:	177
IP Spoofing	177
Firewall Response:	177
Trojan Horse Attacks	177
Networking Concepts	179
Introduction to TCP/IP	179
IP and TCP	179
IP Addressing	179
IP Address	180
Subnet Mask	181
Default Gateway	181
Network Address Translation (NAT)	182
Limitations of Using NAT	182
Dynamic Host Configuration Protocol (DHCP)	183
Port Numbers	184
Well Known Port Numbers	184
Registered Port Numbers	184
Private Port Numbers	184
Virtual Private Network Services	184
Introduction to Virtual Private Networks	185
VPN Applications	185
Basic VPN Terms and Concepts	186
Safety Information	193
Important Safety Information	193
Wichtige Sicherheitshinweise	194
Consignes Importantes de Sécurité	195
Technical Specifications and Standards	197
Cable Specifications	199
Cable Specifications	199
Pinout Diagrams	199
Technical Support	201
Online Technical Services	201
World Wide Web Site	201
3Com Knowledgebase Web Services	201
3Com FTP Site	202
Support from Your Network Supplier	202
Support from 3Com	202
Returning Products forRepair	204