3Com 3CR990 Administration Manual
  1. Manuals
  2. Brands
  3. 3Com Manuals
  4. Network Card
  5. 3CR990
  6. Administration manual

3Com 3CR990 Administration Manual

Embedded firewall software for the network interface card (nic) family
Hide thumbs Also See for 3CR990:
Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual
®
3Com
Embedded Firewall
Software for the 3CR990
Network Interface Card (NIC) Family
http://www.3com.com/
http://support.3com.com/registration/frontpg.pl
Published December 2001
Administration guide version 1.0.0
Administration Guide

Advertisement

Table of Contents
loading

Related Manuals for 3Com 3CR990

Summary of Contents for 3Com 3CR990

  • Page 1 Administration Guide ® 3Com Embedded Firewall Software for the 3CR990 Network Interface Card (NIC) Family http://www.3com.com/ http://support.3com.com/registration/frontpg.pl Published December 2001 Administration guide version 1.0.0...
  • Page 2 U.S.A. Copyright © 2001 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation.

  • Page 3: Table Of Contents

    Who Should Read this Guide How this Guide is Organized Viewing and Printing this Document Online Finding Information Planning and Overview What is the 3Com Embedded Firewall (EFW)? EFW Architectural Components and Concepts EFW Management Console MMC Management Console EFW Policy Servers...
  • Page 4 Contents Installing and Initially Configuring EFW System Requirements Overview of EFW Software Installing and Uninstalling EFW Software Installing the Policy Server Software Installing the Management Console Using Java Web Start Uninstalling EFW Uninstalling an EFW NIC Uninstalling the Policy Server and Management Console Starting and Stopping System Components Joining a New Policy Server to a Domain Starting and Logging in to the Management Console...
  • Page 5 Managing Policies Policy Overview Changing a Policy Without Distributing the Change Pre-defined Policies Importing Pre-defined Policies and Rule Sets Policy Settings Rules Organizing Rules for Optimum Performance Within a Policy Determining the Size of a Policy Creating Policies and Rules Creating a New Policy Creating Rules Setting up TCP SYN Filtering...
  • Page 6 Contents Using ZENworks to Install EFW Technical Support Online Technical Services World Wide Web Site 3Com Knowledgebase Web Services 3Com FTP Site Support from Your Network Supplier Support from 3Com Returning Products for Repair...

  • Page 7: Preface: Using This Guide

    Who Should Read this Guide This guide is intended for the person responsible for installing, configuring, and managing the 3Com EFW environment. Typically, this person’s job title is “network administrator.” It is assumed that the administrator is familiar with networks and network terminology, and with the Internet and its associated terms and applications.

  • Page 8: Viewing And Printing This Document Online

    Preface: Using This Guide Viewing and Printing this Document Online You may find when you view this document online in PDF format that the screen images are blurry. If you need to see the image more clearly, you can either enlarge it (which may not eliminate the blurriness) or you can print it.

  • Page 9: Planning And Overview

    Planning and Overview This chapter provides an overview of the 3Com Embedded Firewall (EFW) and its basic components, concepts, and operations. It also provides general information to assist you in planning the best configuration for your site. This chapter contains the following topics: “What is the 3Com Embedded Firewall (EFW)?”...
  • Page 10 For more detailed information on policies and rules, see Chapter 4, "Managing Policies." A device set is a group of EFW devices (3CR990 NICs) that enforce a specific policy. Each device set in the EFW system must have a policy assigned to it. A single policy may be assigned to more than one device set.

  • Page 11: Efw Architectural Components And Concepts

    EFW Architectural Components and Concepts EFW consists of the following major architectural components and concepts: EFW Management Console EFW Policy Servers EFW devices EFW domain(s) Each of the components and concepts listed above is shown in the figure below and discussed in the following subsections.

  • Page 12: Mmc Management Console

    Planning and Overview The Management Console window is divided into two separate areas: Tree-view frame —The left-hand portion of the window that displays the tree structure of the available Policy Servers, policies, or device sets. (See the sample window shown on the next page.) The drag-and-drop capability is available in the tree-view frame.

  • Page 13: Efw Policy Servers

    Each EFW device must be associated with a device set. A device set is a group of EFW devices (3CR990 NICs) that are associated with a specific policy. You can define any number of device sets and assign EFW devices to any one of those device sets. However, an EFW device cannot be placed in more than one device set.

  • Page 14: Efw Domain

    Planning and Overview EFW Domain An EFW domain is a collection of Policy Server and EFW device components that can share EFW-related data, such as the following policy and EFW device information: A policy defined within an EFW domain can be assigned to any EFW device in that domain.

  • Page 15: Overview Of Efw Operations

    Overview of EFW Operations Overview of EFW Operations After initial installation of an EFW Policy Server and a Management Console, you may add additional Policy Servers and NICs to an EFW domain at any time. When an EFW NIC is installed, it makes first contact with a Policy Server upon first boot-up of its host computer.

  • Page 16: Efw And Your Network

    Planning and Overview EFW and Your Network Addressing Constraints EFW supports the deployment of embedded firewalls on computers that either are configured for DHCP or have an address that is mapped by network address translation (NAT) from the viewpoint of the Policy Server. All Policy Servers in a domain must be able to use the same IP address to contact a particular NIC.

  • Page 17: Proxying Efw Traffic Through A Perimeter Firewall

    Using IPSEC Under Windows 2000 Windows 2000 supports host-to-host IPSEC (IP Security). As an added benefit, the 3CR990 NIC off loads IPSEC cryptographic processing from the operating system, which enhances IPSEC performance. EFW treats IPSEC like any other protocol: it can permit or deny it.
  • Page 18 Planning and Overview File security EFW data includes both policy information and audit records that contain raw contents of packets. These packets may include login names and passwords that could be transmitted over your network. As long as the disk partition on which you install the Policy Server is formatted with NTFS (NT File System), files used by the Policy Server can be accessed only by a user with Windows administrative privileges.

  • Page 19: Operational Security

    NIC on your Policy Server using the diskette-keyed method, you may install the EFW NIC component using the 3Com Embedded Firewall Installation CD when you install the Policy Server and Management Console, or at a later time by selecting the Modify installation option.

  • Page 20: Planning Your Configuration

    Planning and Overview Planning Your Configuration A number of issues need to be considered and resolved before you actually install and configure EFW in your network. This section walks you through each planning stage to help ensure smooth integration of EFW into your network. Determine Your Security Goals Every organization has different security needs.

  • Page 21: Determine Where You Want To Deploy Individual Efw Devices

    For example, if an application on the human resources server uses a protocol for which EFW has provided a pre-defined rule set, you may augment this rule set with the source IP address of each computer allowed access to the human resources server, and then paste these rule sets together to create a policy for the human resources server.

  • Page 22: Efw Flexible Implementation

    Diskette-keyed process for adding an EFW device Diskette-keyed distribution is the most secure method to distribute the EFW firmware to the NICs. First, you install the EFW NIC using the 3Com Embedded Firewall Installation CD. Then you use the Management Console to create information relevant to the eventual secured computer (that is, Policy Server address and cryptographic keys) to store on a diskette.
  • Page 23 For more information about network-based distribution, see “Adding and Registering EFW NICs Over the Network” on page 33. NOTE: Appendix C provides a procedure for installing a 3Com EFW NIC using Novell’s ZENworks. Planning Your Configuration...

  • Page 25: Installing And Initially Configuring Efw

    Installing and Initially Configuring EFW This chapter provides the information needed to install and deploy 3Com Embedded Firewall (EFW) software on your system. It contains the following topics: “System Requirements” on page 20 “Overview of EFW Software” on page 21 “Installing and Uninstalling EFW Software”...

  • Page 26: System Requirements

    The Policy Server system must not be running a copy of MySql. To host an embedded firewall, Windows 95 must be updated for Windows Socket 2 and year-2000 compliance. These updates can be found at: http://www.microsoft.com/windows95/downloads/contents/wuadmintools/s_wunetworkingtools/w95sockets2/default.asp.

  • Page 27: Overview Of Efw Software

    Installing the Policy Server Software To install the Policy Server software, follow the steps below: 1 Insert the 3Com Embedded Firewall Installation CD in the appropriate drive; the Installation wizard launches automatically, and a Welcome window appears. 2 Click Next. The License Agreement window appears.

  • Page 28: Installing The Management Console Using Java Web Start

    Installing and Initially Configuring EFW NOTE: If you have Microsoft Management Console (MMC) on your system, the Typical Centralized Management installation option installs the EFW Management Console as an MMC snap-in. If you do not have MMC on your system, this installation option installs the Management Console as a standard Java application.

  • Page 29: Uninstalling Efw

    4 Click OK. The NIC is removed from the EFW system and a command that disables the Firewall functionality on the NIC is sent to the NIC. 5 Remove the EFW agent from the machine using the Windows Add/Remove program (Start ->...

  • Page 30: Uninstalling The Policy Server And Management Console

    1 From the Start menu, select Settings -> Control Panel -> Services. 2 Select 3Com Embedded Firewall Policy Server, and click Start or Stop. 3 Click Close to exit this window. 4 If you are starting this Policy Server for the first time, refer to “Joining a New Policy Server to a Domain”...

  • Page 31: Joining A New Policy Server To A Domain

    Joining a New Policy Server to a Domain To join a new Policy Server to a domain, follow the steps below. 1 If you are starting the Policy Server for the first time, the Join Existing EFW Domain or Create EFW Domain window appears. In this window, you may revise the domain choices you made during the installation, if desired.

  • Page 32: Starting And Logging In To The Management Console

    Management Console. The 3Com Embedded Firewall Login window appears. To start the MMC Management Console, from the Windows Start menu, select Programs -> 3Com Embedded Firewall Management ->3 Com MMC Embedded Firewall Management Console. The 3Com Embedded Firewall MMC Management Console window appears.

  • Page 33: Licensing Overview

    To connect to a new Policy Server, enter the server host name or IP address. 4 Click Connect. The 3Com Embedded Firewall Management Console appears, and the Policy Server to which you are connected is listed in the tree-view frame.

  • Page 34: Managing Licenses In The Management Console

    Installing and Initially Configuring EFW Managing Licenses in the Management Console You can monitor the status of licenses and configure various licensing options using the Management Console. To view licensing data, select License Manager from the Tools menu. The License Summary window appears displaying the following information: Licensing Data Type...

  • Page 35: Adding An Activation Key

    2 Save the public.key and server.keystore files to diskette. (These files are located in Program Files -> 3Com Corporation -> 3Com EFW.) 3 Remove and label the recovery diskette and store it in a secure location for as long as any EFW NIC remains in the domain for this Policy Server.

  • Page 36: Registering Efw Nics Manually

    6 Click OK to register the EFW NIC manually. Distributing and Installing the EFW NIC Firmware Before installing the EFW firmware and agent software, a 3Com interface network card that supports EFW should be physically installed, and networking should be operational using the factory drivers for this card.

  • Page 37: Installing And Registering Efw Devices Using The Diskette-Keyed Process

    To distribute and install the EFW firmware and EFW agent via the diskette-keyed process, you need to create a keying diskette from the Management Console, install the EFW NIC from the 3Com Embedded Firewall Installation CD, and apply the keying diskette to the computer that will host the embedded firewall.

  • Page 38: Creating A Keying Diskette

    NICs. Installing the EFW NIC from the Installation CD 1 Insert the 3Com Embedded Firewall Installation CD in the appropriate drive of the computer that you want to secure; the Installation wizard launches automatically, and a Welcome window appears.

  • Page 39: Applying A Keying Diskette

    Distributing and Installing the EFW NIC Firmware 12 Click Install. A progress window appears as the program installs the EFW NIC. The Installation Completed window appears. 13 Click Finish. To complete installation of the EFW NIC, you must now apply the keying diskette as described below.

  • Page 40: Special Considerations For Multi-Nic Systems

    Installing and Initially Configuring EFW 6 Distribute and install the EFW firmware and EFW agent via the network by updating your Windows login script or other standard installation utility to run the installation software when the user next logs in. You may also move the installation folder you created in step 4 manually to the computer on which you want to perform the installation, and execute the setup.exe file.

  • Page 41: Managing Efw Devices Using The Policy Servers

    Managing EFW Devices Using the Policy Servers This chapter provides detailed information about managing EFW devices using the Policy Servers. It contains the following topics: “What is a Policy Server?” below “Configuring Policy Servers for Redundancy” on page 36 “Organizing Policy Servers and EFW Devices” on page 37 “Setting up Device Sets”...

  • Page 42: Configuring Policy Servers For Redundancy

    Managing EFW Devices Using the Policy Servers Audit and heartbeat and audit information is sent to the server from which the NIC has last heard, which means that no audit or heartbeats are sent until a server responds to a wake-up. These messages could be lost if the server is not available or reachable due to network problems.

  • Page 43: Organizing Policy Servers And Efw Devices

    Organizing Policy Servers and EFW Devices You can organize Policy Servers and EFW devices however you want, subject to the following constraints: No more than three Policy Servers can be in any one EFW domain. The backup Policy Servers specified for a primary Policy Server must be in the same EFW domain as the primary Policy Server.

  • Page 44: Setting Up Device Sets

    Managing EFW Devices Using the Policy Servers Setting up Device Sets Each EFW device must belong to a device set. Each device set is assigned to a policy. An example of how policies and device sets work together is shown in the figure below. Creating a Device Set A device set is a collection of EFW devices that are associated with a specific policy.
  • Page 45 To create device sets, follow the steps below. 1 From the menu, select New -> Device Set. The New Device Set window appears. Main 2 Enter the name of the new device set in the Device Set Name field. The maximum number of characters that can be entered in the name field is 64. Valid characters for a name field include all alphanumeric characters (non-case-sensitive), underscore, hyphen, space, period, colon, parentheses, comma, and forward slash.

  • Page 46: Moving Efw Devices To A Different Device Set

    Managing EFW Devices Using the Policy Servers Moving EFW Devices to a Different Device Set To move one or more EFW devices to a different device set, follow the steps below. 1 In the Management Console, click on the Device Sets tab in the tree-view frame. 2 Click on the device set that contains the EFW device(s) you want to move.

  • Page 47: Monitoring Efw Device Status And Missed Heartbeats

    Typical situations that require manual synchronization include: Restarting a Policy Server—If a Policy Server is offline and you bring it back online, the Policy Server should automatically re-synchronize with its domain. If it cannot, a dialog window appears asking which Policy Server to use as the “master” for re- synchronization (that is, the Policy Servers both accept one of the databases as the correct one).

  • Page 48: Monitoring Nic Connectivity And Policy Status

    If NIC diagnostics are desired, install them before EFW. If diagnostics are desired for a NIC installation, install them first from the 3Com EtherCD before installing EFW. Installing NIC diagnostics over EFW may make the card inoperable. NOTE: If the policy is not up-to-date or not running the policy you expect, you can click the Distribute Policy button to immediately send the policy and option settings (turn off Enforcement or Block All Traffic) to the NIC.
  • Page 49 If you install diagnostics on the computer after EFW installation, the installation appears to succeed, but the NIC becomes inoperable. In this case, to gain diagnostic capability on an EFW NIC once the NIC is operational again: a Uninstall EFW from this NIC (see “Uninstalling EFW” on page 23). b Install the diagnostics.

  • Page 50: Using The Recovery Diskette

    EFW installed, the following steps determine whether EFW is installed: 1 Place the NIC on a Windows NT, 2000, or XP Professional machine as the only NIC, and then install the EFW NIC using the Custom option on the 3Com Embedded Firewall Installation CD.

  • Page 51: Managing Policies

    Managing Policies This chapter provides detailed information on creating and assigning policies. It contains the following topics: “Policy Overview” below “Creating Policies and Rules” on page 49 “Verifying a Policy Using Test Mode” on page 53 “Distributing a Policy to the Network” on page 55 “Secured EFW Device—Allow Traffic versus Block All Traffic”...

  • Page 52: Pre-Defined Policies

    Importing Pre-defined Policies and Rule Sets During installation, the pre-defined policies and pre-defined rule sets are automatically placed in the Program Files folder on your system in 3Com Corporation -> 3Com EFW -> predefined-policies-rulesets.xml. To import these policies into the EFW system, follow the steps in “Importing Policies and Rule Sets”...

  • Page 53: Policy Settings

    Policy Settings A policy setting is similar to a rule in that it implies a specific criterion and a subsequent action. The following policy settings can be specified for each policy: Policy Setting Select this Policy Setting to No Sniffing Ensure that the NIC does not sniff packets addressed to other NICs.

  • Page 54: Organizing Rules For Optimum Performance Within A Policy

    Managing Policies When a packet arrives at an EFW NIC, the ACL is processed by stepping through the list of rules from first to last until a match is found. Usually, once a match is found and the appropriate action is taken, the process is complete. However, you may configure the policy to ignore specific rules or rule sets, and continue processing for subsequent rule matches using the Test Mode feature.

  • Page 55: Creating Policies And Rules

    Creating Policies and Rules A policy is created and modified using the Management Console. Each policy consists of a name, various policy settings, and an ACL (an ordered list of rules). Creating a New Policy To create a new policy, follow the steps below. 1 In the Management Console Main menu, select New ->...

  • Page 56: Creating Rules

    Managing Policies 4 Type a description of the policy in the Description field. This field is optional and exists solely to assist you in assigning policies. You can include information about what the policy does, or when to use it. 5 Select the policy settings you want to apply to this policy.
  • Page 57 The following rule parameters can be configured when creating or modifying a rule: Rule-Filter Parameter This Parameter Rule Name (Optional) Is the name of the rule. Double-click on the rule name to access the Rule Name Editor. The Rule Name Editor allows you to enter a rule name and include a description of the rule. The maximum number of characters that can be entered in the name field is 64.

  • Page 58: Creating A Rule Set From A Policy

    Managing Policies Rule-Filter Parameter This Parameter Destination Port Matches a specific TCP or UDP application port or range of ports (for example, 20-21, etc.) used by the destination. The default (0) matches any port. IP Protocol Should be TCP or UDP if a source port or destination port was specified in the previous steps. You can also select a specific protocol from the drop-down list.

  • Page 59: Editing A Rule Set Using The Rule Set Manager

    4 (Optional) Provide a description of the rule set in the Description field. 5 Select one or more rules from the ACL. (To select multiple rules to add to the rule set, hold down the Shift key.) 6 Click OK. The new rule set is added to the policy. Editing a Rule Set Using the Rule Set Manager To Edit a rule set using the Rule Set Manager, follow the steps below.
  • Page 60 Managing Policies NOTE: Placing a policy in test mode causes the Audit and Test check boxes for all rules and rule sets listed in that policy’s ACL to be overridden. When an entire policy is in test mode, a large check mark appears in the Audit and Test check boxes for each rule and rule set listed in that policy's ACL.

  • Page 61: Distributing A Policy To The Network

    When you feel comfortable with the policies, you can remove the test mode to fully implement the policies into your system. Distributing a Policy to the Network Distributing a policy consists of sending a policy out to one or more EFW devices. This distribution happens whenever you assign a new device set to a policy or save a policy or a rule set that is used by a policy.

  • Page 62: Secured Efw Device-Allow Traffic Versus Block All Traffic

    Managing Policies Secured EFW Device—Allow Traffic versus Block All Traffic When an attack is detected as having originated from an EFW device, the attack can be stopped using the Management Console by selecting the appropriate EFW device, and clicking Block All Traffic at the bottom of the NIC information window. This action changes the security status to Secured-Blocking All Traffic.
  • Page 63 Exporting or Importing Policies or Rule Sets 4 Click Next. A list of the policies and rule sets contained in the file is displayed. 5 Select the items you want to import, and click Next. A summary window appears, showing the policies and rule sets you selected. 6 Click Import.

  • Page 65: Performing Other Administration Tasks

    Performing Other Administration Tasks This chapter provides information on performing general administration tasks, such as searching for specific information in the Management Console and viewing audit information. It contains the following topics: “Finding Information Using the Management Console” below “Administrator Manager Login” below “Audit Information”...

  • Page 66: To Edit An Existing Administrator's User Name Or Password

    Audit events are stored in files that are archived when they reach a certain size. The archived files are compressed as zip files and placed in the Program Files/3Com Corporation/3Com EFW/MySQL/data/audit/logs directory. The archived files are still searched during audit queries and are never automatically deleted by the system.

  • Page 67: Creating Or Editing Audit Queries

    NOTE: Policy distribution failures to a NIC if there is no primary or backup server available, are not audited. This is due to the potentially large number of records that would be generated by this event (one for every NIC). Availability/unavailability of Policy Servers is managed via the Policy Server status on the Policy Server window.

  • Page 68: Displaying Audit Query Results

    By default, the Policy Server allocates 64 MB for audit queries. To allocate more memory, create a string valued registry key as follows: MyComputer\HKEY_LOCAL_MACHINE\SOFTWARE\3Com\EFW\psSize. Setting psSize to 128 allocates 128 MB rather than the default of 64 MB.

  • Page 69: Understanding Audit Query Results

    3 Click the icon. The query results appear in a new window. The audit query results are displayed one page at a time in table format. The audit query results are divided into two categories, indicated by two tabs located at the bottom of the window: Policy and Administrator—Audit events that appear in the Policy and Administrator table are generated by the Policy Server and administrative actions.
  • Page 70 Performing Other Administration Tasks Request ID (Policy and Administrator tab only): This field displays an ID that links all of the audit events that were affected by a specific policy distribution. Therefore, if you sort the audit events by Request ID, all events related to a single policy distribution are grouped together, with the same request ID.

  • Page 71: Backing Up The Database

    ICMP Type (Rule tab only): This field displays a number (or message type) that relates to a particular ICMP message and its definition. For information on ICMP message types, refer to TCP/IP Illustrated, Volume 1: The Protocols (The Addison- Wesley Professional Computing Series) by W. Richard Stevens. ICMP Code (Rule tab only): This field displays a code that contains the integers which further describe the message or packet indicated in the ICMP Type field.

  • Page 72: Restoring The Database

    Performing Other Administration Tasks Restoring the Database You can restore a previously backed up copy of the database using the Management Console. To restore your database, follow the steps below. 1 In the Management Console under the Main menu, select Backup and Restore Database. 2 Select Restore and click Next.

  • Page 73: Pre-Defined Rule Sets

    Allow the host to request typical Internet services, including SMTP, FTP, HTTP, HTTPS, and NNTP. Windows 2000 IPSEC Allow Internet Protocol Security Protocol (IPSEC) services for Microsoft Windows 2000 hosts. 3Com Embedded Firewall Allow the host to perform actions required by an EFW Management Console. Management Console 3Com Embedded Firewall Allow the host to perform actions required by an EFW Policy Server.

  • Page 74: A Pre-Defined Rule Sets

    Pre-Defined Rule Sets Pre-defined Rule Set Name Description DNS Client Allow the host to request name service using DNS. FTP Server Allow the host to provide file transfers using FTP. FTP Client Allow the host to request file transfers using FTP. HTTP Server Allow the host to provide Web service using HTTP.

  • Page 75: Troubleshooting

    Troubleshooting This appendix lists common problems you may encounter with the Embedded Firewall and offers suggestions for solving these problems. Common problem solutions Many system problems can be traced to connectivity issues between EFW system components. Information regarding system connectivity is included after the table in this appendix.

  • Page 76: B Troubleshooting

    To determine if this is the problem, use the Service Control Manager to stop the Embedded Firewall Policy Server service. Then use the Task Manager to determine whether a mysqld-nt process is still executing. If so, reboot the Policy Server machine to clear this condition. The Policy Server automatically restarts on reboot.
  • Page 77 Policy Server Suggested Solution Backup Policy Servers are not Verify the backup Policy Server is online by confirming that the status displayed in the taking over as expected Management Console Policy Server window is Normal, or by viewing the status of the Policy Server service using the Windows Services interface on the backup Policy Server machine.
  • Page 78 Troubleshooting Server/NIC Connectivity Suggested Solution Secured computer did not For an automatically registered NIC, you can determine that it has not made first contact if it does make first contact with a Policy not appear in the Default device set in the tree-view portion of the Management Console, or if you Server in the domain cannot locate it by entering its IP address using the Find function.
  • Page 79 Policy Enforcement Suggested Solution A NIC is not enforcing a policy Check the rules in your policy to make sure that the Test check box is not selected, and that the Enable check box is selected (otherwise, the Action field is ignored and filtering skips to the next rule).
  • Page 80 NIC” on page 44. EFW NIC is inoperable after Installing the standard 3Com system diagnostics after installing EFW on a NIC makes the NIC installing diagnostics inoperable. For instructions on restoring the NIC, see “Maintaining EFW NICs” on page 42, and then follow the steps below.
  • Page 81 Allow All Traffic, Block All Traffic, or No Sniffing. You may restore the secured computer to a fully functional EFW installation using the 3Com Embedded Firewall Installation CD to re-install EFW on this computer. Install the EFW NIC using the Custom installation option.

  • Page 82: System Connectivity

    Troubleshooting System Connectivity A number of problems with EFW can be solved by checking the system connectivity and the binding between the components of the EFW system. Policy Server-to-NIC Communication Check To determine if Policy Server-to-NIC communication is functioning as expected, follow the steps below.

  • Page 83: Policy Server-To-Policy Server Communication Check

    3 Verify that the NIC can reach its Policy Server. Ping from the secured computer to the Policy Server to verify that the secured computer can reach the Policy Server at an address shown in embdfw.ini file. If it can’t, you may have a network outage or a network routing issue to resolve. Perform the actions in steps 1c and 1d above.

  • Page 85: Using Zenworks To Install Efw

    Using ZENworks to Install EFW To install a 3Com EFW NIC using Novell’s ZENworks, follow the steps below. 1 On your EFW Management Console, select Create NIC Installation from the Tools menu. 2 After creating the network NIC installation, copy the files to your Netware server.
  • Page 86 Using ZENworks to Install EFW 13 Edit the details of your new application. a Identification tab: Check run application once. b Environment tab: Remove existing system requirements and add an operating system with the version (98, NT). c Distribution tab: Check Always Reboot, and you can choose to prompt the user or not.

  • Page 87: Technical Support

    3Com recommends that you access the 3Com Corporation World Wide Web site. Online Technical Services 3Com offers worldwide product support 24 hours a day, 7 days a week, through the following online systems: World Wide Web site 3Com Knowledgebase Web Services...

  • Page 88: D Technical Support

    3Com. Support from 3Com If you are unable to obtain assistance from the 3Com online technical resources or from your network supplier, 3Com offers technical telephone support services. To find out more about your support options, go to the Web site associated with your region of the world shown below.

Table of Contents