OfficeConnect
Secure Router and OfficeConnect VPN Firewall - Screening Router and Firewall from
3Com
Settings
in 3CR860 and 3CR870
First
of all, both devices are shipped with a very convenient utility Discovery
Application.
When started, it finds all 3Com devices connected to the network (of the reviewed
in this article) irregardless of their IP address. When you select the device you need,
the utility sets its IP address in the LAN interface belonging to the same subnetwork
as the computer from which the utility was started. Thus, to access the web interface
of the router, we don't have to painfully try to recollect the default IP address
of the device or even to modify our IP. You just run Discovery
Application and
get access to router settings (of course if you know the password to the web interface).
Now
a brief account of the settings in the web interface. It's identical for both devices,
but in 3CR860 there is no traffic
shaping
menu
and you cannot set more than two VPN tunnels. And of course the device labels are
different.
As
usual, the interface has a wizard allowing quick configuration of the router. Or
you can walk through all the menus on your own. By the way, I want to note how well-engineered
this web interface is, all the options are grouped logically. In short, it's very
convenient to control the device via the web interface.
Besides,
the interface possesses a detailed menu system. The Help button can be found in all
main sections of the interface.
In Network
Setting you
can configure IP addressing and operation modes in WAN...
...
and LAN interfaces. The built-in DHCP server is also configured here.
The Advanced
Networking section
allows to configure NAT modes (you cannot turn it off completely). Here you can also
configure the static routing table...
...
and activate the dynamic routing protocols.
In
this section you can also set up the dynamic DNS service support. The list of services
is hardcoded and cannot be changed, but it contains a sufficient number of DDNS services.
The
next section (Traffic Shaping)
is available only in 3CR870 (3Com OfficeConnect VPN Firewall). You can limit the
incoming/outgoing traffic completely or partially by certain criteria. Unfortunately
the scope of criteria is rather narrow.
The Firewall section,
as you can understand from its title, is devoted to the settings of the embedded
firewall. The first submenu contains virtual server settings.
The PC
Privileges submenu
serves to specify firewall rules. You cannot find the place where to specify the
rules? Yes, I was also surprised not to find the usual interface to specify the rules.
The only option allowed is to set a global (single) rule for all local IP addresses
and to add rules for a selected IP address where you can set only the outgoing port.
And that's all! No protocol management, no rich features of the SPI firewall. Nothing...
However, the SPI mode is used in the next submenu, but it has nothing to do with
filtering rules.
This
subsection allows to configure specific protocols, which require several open sessions
(simultaneously) or critical to packet headers modified by NAT procedures.
The
last subsection allows to activate responses to ICMP Ping of the switch from the Internet
side and to disable SPI in the firewall.
The Content
Filtering section
allows to filter access to web sites using url-filters, which can be specified manually
or by the web content filtering services.
You
can also specify IP addresses of the computers, which will be subject to filtering
or vice versa will not be filtered (unlike all the other IP addresses).
In
the VPN section
you can configure IPSec/PPTP/L2TP modes.
And
here is the second difference between 3CR860 and 3CR870: in 3CR860 you cannot specify
more than two VPN tunnels.
In
case of IPSec you can set the server-server mode (tunnel between the networks)
as well as the server-client mode (connecting remote users to the network). For L2TP
you can set only the latter mode.
There
is a separate subsection for IPSec, which allows to configure the dedicated routing
table for each tunnel.
In
the next section (System
Tools)
you can specify the time zone of the router, save/load configurations and update
the firmware. NTP client, which synchronizes the clock in the device, cannot be redirected
to another NTP server - this device can be synchronized only with a preset list of
servers over Internet.
This
menu also contains diagnostic utilities, which allow to ping or traceroute a remote
host as well as to resolve a host name or an IP address.
The
last section, as it's clear from its title, displays the current status of the router
subsystems and is also responsible for viewing and configuring the logging
subsystem.
This device can keep detailed logs. You can always specify what is to be logged.
The device also logs all network attack attempts.
Here
you can see a screenshot of a sample log of establishing an IPSec tunnel. Of course,
you cannot enable the "debug" mode, but even this level of logging details
can be very helpful :)
Navigation:
Your link here
