3Com 3CRFW102, User Manual

Page 1: ...3Com Firewall PC Card with 10 100 LAN Models 3CRFW102 and 3CRFW103 User Guide http www 3com com http www 3com com productreg Published August 2002 User guide version 2 0 ...

Page 2: ...cumentation and the software described herein are provided to you subject to the following All technical data and computer software are commercial in nature and developed solely at private expense Software is delivered as Commercial Computer Software as defined in DFARS 252 227 7014 June 1995 or as a commercial item as defined in FAR 2 101 a and as such is provided with only such rights as are pro...

Page 3: ...erating Systems 8 INSTALLING THE FIREWALL CLIENT Architecture of Embedded Firewalls 11 Firewall PC Card 12 ADDITIONAL PC CARD FEATURES Firewall Filtering 15 Advanced Security Processor 15 Data Encryption 15 Windows 2000 and Windows XP Offload Features 15 Hot Swapping 16 Offline Diagnostics 16 ADDITIONAL 3COM SOFTWARE 3Com Mobile Connection Manager 17 3Com Diagnostics 17 3Com Connection Assistant 2...

Page 4: ... Services 25 Support from Your Network Supplier 26 Support from 3Com 27 Returning Products for Repair 27 CONFIGURING IPSEC Configuring IPSec in Windows 2000 and Windows XP 29 Example Creating a Security Policy 29 REGULATORY INFORMATION ...

Page 5: ...l protection This unique solution consists of the 3Com Embedded Firewall Policy Server and Management Console and a Firewall Client which resides on the 3Com Firewall PC Card In addition to providing firewall protection the 3Com Firewall PC Card with 10 100 LAN connects a notebook computer securely to an Ethernet or Fast Ethernet network The 3Com Firewall PC Card models are shown below The 3CRFW10...

Page 6: ... it is firmly seated 2 Connect the network cable to the 3CRFW103 PC Card 1 3 Connect the network cable to the network port 2 3CRFW102 Type II PC Card Follow these steps to connect your 3CRFW102 Firewall PC Card 1 Insert the PC Card into the PC Card slot Slide it in until it is firmly seated 2 Connect the PC Card cable to the 3CRFW102 PC Card 1 3 Connect the PC Card cable to the network cable 2 NOT...

Page 7: ...nstallation CD If so use D where D is your CD ROM drive 5 During the installation process you may receive prompts for your Windows operating system installation CD Insert the operating system installation CD and indicate the correct path 6 Your computer goes through a brief installation process during which it displays several windows indicating what is currently installing This takes several minu...

Page 8: ... speed Use My Computer Control Panel System Hardware Device Manager Network Adapters to inspect the status of your PC Card If you see a red X enable the PC Card by checking the appropriate box under Properties If you see a yellow exclamation mark click the icon to see what the conflict is Verify there are adequate system resources Free system resources for example disable the infrared port remove ...

Page 9: ...e Network Setup Wizard If this message does not appear go to Windows NT With Networking Installed and follow the instructions 6 Check Wired to the network and click Next 7 When the system prompts to have setup start searching for a network adapter click Select from List 8 Click Have Disk 9 Insert the 3Com Firewall PC Card with 10 100 LAN Installation CD in the CD ROM drive Type the path to drivers...

Page 10: ...ard with 10 100 LAN Installation CD from the CD ROM drive and click Yes If you had a Windows service pack installed prior to setting up the PC Card reinstall it now Confirming Installation To confirm installation 1 Double click My Computer double click Control Panel and then double click Network 2 Select the Adapters tab 3Com Firewall PC Card with 10 100 LAN appears on the list Windows NT with Net...

Page 11: ...opied to your notebook 12 In the Network Settings window accept the default settings and click Continue The default settings work in most instances However you may specify network link settings auto polarity and IRQ and I O values 13 Click OK to save 14 If prompted enter IP information and click OK 15 When prompted whether you are using DHCP click Yes if you are using DHCP or No if you are not usi...

Page 12: ... in the BIOS Make sure you have the latest BIOS for your notebook or upgrade your software from Microsoft Card not functioning Open Windows NT Diagnostics From the Start menu select Programs Admin Tools Windows NT Diagnostics Check for resource conflicts and make sure the settings for the PC Card are valid Need to force speed and duplex settings In most cases the automatic settings work fine To fo...

Page 13: ...ible problems may be indicated if The PC Card is not working Windows NT is not detecting the PC Card The system issues a warning tone at startup If you are having any of these problems 1 From the Control Panel Network Adapters select 3Com Firewall PC Card with 10 100 LAN and click Remove 2 Remove the PC Card from the PC Card slot 3 Restart the computer and reinstall the PC Card This procedure remo...

Page 14: ...10 CHAPTER 1 INSTALLING THE PC CARD AND DRIVERS ...

Page 15: ...programs Manageable enforcement that allows you to define security through user policies Software based security such as personal firewalls interact with and protect a PC s operating system This dependency on the host makes them inherently susceptible to malicious code and security holes found in many well known operating systems Once the OS has been compromised it is easy to disable the host base...

Page 16: ...sktop or server The Firewall Client Device provides transparent packet filtering in accordance with the rules that are setup by a security administrator The rules are defined through a centralized management console and are communicated to the firewall client devices via the policy server Like traditional perimeter firewalls the 3Com Embedded Firewall solution is capable of classifying and acting ...

Page 17: ...med 1 When the Policy Server is installed it generates an RSA 1024 Public Private keypair The public key is written to the Firewall Client Device flash memory 2 When the Firewall Client Device boots up it generates a random 3DES session key encrypts that key with the policy server s public key and then sends that information to the policy server 3 The policy server decrypts the message using its p...

Page 18: ...k interface card installation install them first from the 3Com EtherCD before installing the 3Com Firewall Client Installing them over the Firewall Client may make the card inoperable Procedure 3 Do not attempt installation of non firewall firmware over an Firewall PC Card Instruct users and administrators that after installation of the Firewall Client on a card installing any non firewall firmwar...

Page 19: ...ficing performance Until encryption is enabled the 3Com Firewall PC Card with 10 100 LAN functions as a standard 10 100 CardBus LAN card Windows 2000 and Windows XP Offload Features The 3Com Firewall PC Card with 10 100 LAN supports Windows 2000 and Windows XP IPSec offload features in an IP environment The offload features are designed to enhance the operating system capabilities by offloading ke...

Page 20: ...ng the computer out of service It makes troubleshooting faster and easier because you do not need to wait for the computer to restart Offline Diagnostics The 3Com Firewall PC Card includes offline diagnostics programs for configuring testing and troubleshooting PC Cards The configuration program within the DOS diagnostics program is used for a notebook running DOS or NetWare The LAN diagnostics pr...

Page 21: ...vate or Connect to start the connection process If no mobile configuration has been created MCM lets you create a new one by importing configurations developed by your system administrator or creating a new configuration 3Com Diagnostics The 3Com Firewall PC Card with 10 100 LAN uses two types of network card diagnostics programs a Windows based diagnostics program and a DOS based diagnostics prog...

Page 22: ...s client running on the same network This client must have a successfully installed Windows diagnostics program that is currently not running A NetWare server running on the same network A DHCP server running on the same network NOTE Click Help to obtain general information about the function of a screen To obtain specific information about any topic on a screen click the question mark in the uppe...

Page 23: ...rd Test to check the physical components connectors and circuitry on the network card 1 On the Diagnostics screen click Run NIC Test The NIC Test screen appears 2 Click Perform NIC Test While the test is running a progress bar indicates test progress If the test passes the network card is functioning correctly If the test fails a message indicates the error type Click Help in the error message scr...

Page 24: ...nu 3 Select Programs and then 3Com NIC Utilities 4 Click 3Com NIC Doctor The 3Com network card Diagnostics General screen appears 5 Click the Statistics tab The Statistics screen appears The information is updated by the card driver every 5 seconds For a description of each statistic click the question mark in the upper right corner of the screen drag it over a statistic and click once A pop up bo...

Page 25: ...Add Remove Programs Wizard in Windows For instructions on using the Add Remove Programs Wizard in Windows see your Windows documentation 3Com Connection Assistant The 3Com Connection Assistant is interactive software that gives you an easy to use diagnostic and repair tool Using this tool makes troubleshooting easier and helps you quickly resolve problems Go to Start Programs 3Com NIC Utilities 3C...

Page 26: ...lso supplies solutions if a problem is detected with your 3Com network interface card List Solutions Contains a list of relevant topics for you reference Network Settings Provides detailed information about your network Search Locate topics and solutions 3Com Launcher The 3Com Launcher is a utility that allows you to start 3Com applications from a single source on your screen When the 3Com Launche...

Page 27: ...ncryption which is a framework of open standards for ensuring secure private communications over IP networks IPSec ensures confidentiality integrity access control and authenticity of data communications across a public IP network Offloading Encryption Processing You can configure two or more computers running Windows 2000 and Windows XP to perform IPSec encryption by changing the local security s...

Page 28: ...24 CHAPTER 5 DATA ENCRYPTION OFFLOAD ...

Page 29: ...vice provides access to online support information such as technical documentation and a software library as well as support options that range from technical education to maintenance and professional services 3Com Knowledgebase Web Services The 3Com Knowledgebase is a database of technical information to help you install upgrade configure or support 3Com products The Knowledgebase is updated dail...

Page 30: ...ch as Netscape Navigator and Internet Explorer you do not need a user name and password 3Com Connection Assistant The 3Com Connection Assistant is interactive software that gives you an easy to use diagnostic and repair tool Using this tool makes troubleshooting easier and helps you quickly resolve problems Go to Start Programs 3Com NIC Utilities 3Com Connection Assistant to find the utility By us...

Page 31: ...ision levels Diagnostic error messages Details about recent configuration changes if applicable Returning Products for Repair Before you send a product directly to 3Com for repair you must first obtain an authorization number Products sent to 3Com without authorization numbers will be returned to the sender unopened at the sender s expense To obtain an authorization number go to the Web site liste...

Page 32: ...A Technical Support 28 ...

Page 33: ...H Medium Authentication only ESP High Authentication and encryption Custom Varies Provides encryption and an extra authentication that includes the IPheader Custom allows you to select options for both AH and ESP such as MD SHA 1 and DES 3DES and you can select the rate at which new keys are negotiated Microsoft uses IKE key exchange to renew keys every x seconds or y bytes You may want to set the...

Page 34: ...IP Security Policies on Local Machine 2 Right click inside the right pane below the list items 3 From the pop up menu select Create IP Security Policy The IP Security Policy Wizard starts 4 Click Next The IP Security Policy Name screen appears 5 Enter a name for the new security policy that you are creating and if you wish a description that identifies the policy 6 Click Next The Requests for Secu...

Page 35: ...sequence attaches the new filter to the policy The IP Filter List screen appears 1 Enable the option for the new filter name and make sure the new filter name is selected 2 Click Next Creating the Filter Action This sequence defines how the filter acts on the policy The Filter Action screen appears 1 Click Add The Filter Action Wizard starts 2 Click Next The Filter Action Name screen appears 3 Ent...

Page 36: ...reated when you save the policy in the previous step Enabling Encryption An encryption policy must exist in the Console Root IP Security Policies on the Local Machine screen before you can enable encryption on the 3Com FIrewall PC Card with 10 100 LAN To enable encryption 1 Right click the desired policy icon in the right pane of the screen 2 Select Assign 3 A green plus symbol appears on the poli...

Page 37: ...ceived including interference that may cause undesired operation INDUSTRY CANADA ICES 003 This Class B digital apparatus meets all requirements of the Canadian Interference Causing Equipment Regulations AVIS DE CONFORMITÉ À LA RÉGLEMENTATION D INDUSTRIE CANADA Cet appareil numérique de la classe B est conform à la norme NMB 003 du Canada SAFETY This equipment has been tested and certified accordin...

Page 38: ... product based on the standard of the Voluntary Control Council for Interference from information Technology Equipment VCCI If this is used near a radio or television receiver in a domestic environment it may cause radio interference Install and use the equipment according to the instruction manual Manual version 2 0 August 15 2002 ...