Overview

3Com® Embedded Firewall solution adds a critical layer of centrally managed, tamper-resistant protection against network attacks and unauthorized access. The 3Com® Embedded Firewall solution extends centrally managed, hardware-enforced security to notebooks, desktops, and servers across the organisation—inside and outside the network perimeter. This innovative combination of policy server software and firewall card hardware safeguards network assets with superior tamper-resistance that software-only firewalls can't match.

3Com Embedded Firewall Policy Server and Starter Policy Server software enable timesaving management of security policies and embedded firewall systems.

STREAMLINE AND AUTOMATE ROUTINE SECURITY TASKS
The 3Com Embedded Firewall Policy Server software provides central control through configurable security policies. These security policies can be used to streamline and automate many routine security tasks, such as auditing and filtering or blocking unnecessary ports.

CENTRALLY MANAGE SECURITY POLICIES
3Com Firewall PCI and PC Cards are configurable only through authenticated policy servers, so security policies can be managed centrally. Security can’t be disabled or modified at the system end point.

EASILY IMPROVE CLIENT SYSTEM PERFORMANCE
Security tasks are offloaded to the firewall card’s security processor, helping boost system performance. 3Com Firewall PCI and PC Cards plug into standard PCI or PC Card slots, replacing the conventional Fast Ethernet LAN connection.

INTEGRATE WITH MICROSOFT ACTIVE DIRECTORY
The 3Com Embedded Firewall eases the complexity of configuring particular users or group assignments by assigning firewall rules based on Microsoft Active Directory (AD) users.

Standard Feature
Optional Upgrade
Feature Required

Features

3Com® Embedded Firewall Policy Server software works with our 3Com Firewall PCI and PC Cards (sold separately) to extend highly tamper-resistant firewall filtering and auditing capabilities to servers and desktops across the enterprise, both inside and outside the network perimeter. The policy server provides essential management capabilities for your installed base of firewall-enabled systems—including telecommuter PCs, mobile notebooks, VPN gateways, shared servers, DMZ subnets, Web servers, contractor desktops, and "always-on" broadband connections.

The unique combination of central management software and distributed firewall hardware delivers a superior grade of robust reliability and tamper resistance that software-only security can't match. Each firewall card uses an onboard RISC processor to enforce security transparently to end users, local applications, and operating systems. This hardware-enforced protection is practically impervious to Internet attacks, end user actions, or malicious code.

Equally important, only an authenticated policy server can communicate with and configure the distributed firewall cards. Therefore, even if an embedded firewall-enabled system is successfully corrupted, the firewall card continues to work independently—thus preventing its host system from being used as a launching pad for further network invasion.

Once the 3Com Embedded Firewall Policy Server is installed, you can easily and cost-effectively deploy network security when and where it's needed by simply installing firewall cards on a system-by-system basis. Then, use the policy server to update the security policies and push them to your firewall-enabled servers, desktops, and notebooks—across the network and independent of topology.

• Provides superior resistance to user modifications, unauthorized access, and malicious e-mail scripts; firewall cards only accept instructions from authenticated policy servers.
• Facilitates assigning security by group role or function and accelerates response to detected network attacks; centrally configured and deployed security policies are pushed to users and hosts independent of routers or traffic streams.
• Configures global policies that automate firewall filtering and auditing, enforce no sniffing/no spoofing, block unnecessary ports, and deny "ping" requests.
• Secures open Internet connections, such as VPN endpoints and broadband access gateways, located inside or outside the perimeter firewall.
• Protects users with multiple levels of protection wherever they work—more relaxed for internal LAN connections and more restricted for shared and Internet-accessible systems.
• Hardens web and e-commerce servers, DMZ subnets, and customer databases against Internet attacks and unauthorized access.
• Limits system-to-system communications when connecting outside the network perimeter; automatically ignores nonessential protocols, shuts down unnecessary ports, denies "ping" requests, and disables packet sniffing and IP spoofing.
• Provides around-the-clock peace of mind; if firewall cards cannot communicate with the policy server, they will default to your maximum security levels.
• Complements other 802.3-standard compliant security solutions—including security services switches, firewall/VPNs, antivirus scanners, and intrusion-detection systems (IDSs).
• Lowers IT administration costs with 24/7 intrusion resistance that helps eliminate false alarms generated by IDS monitoring.

SECURITY

• Defense in depth.
• Hardware-based tamper resistance.
• Transparent enforcement.
• Global security policies.
• Intrusion resistance.
• Inside-the-perimeter protection.
• Fiber-compatible firewall.

MOBILITY AND SCALABILITY

• Topology independence.
• Remote awareness.
• Fallback policy.
• Beyond-the-perimeter protection
• Cost-effective scalability.
• Shared-system protection.
• Flexible deployment.
• Upgradable components.

MANAGEMENT

• Centralized management.
• Policy-based enforcement.
• Fast responce to network attacks.
• Starter policy server.
• Syslog support.
• Microsoft Active Directory Support.

COMPATIBILITY

• Open standards architecture.

Benefits

The unique combination of central management software and distributed firewall hardware delivers a superior grade of robust reliability and tamper resistance that software-only security can't match. Each firewall card uses an onboard RISC processor to enforce security transparently to end users, local applications, and operating systems. This hardware-enforced protection is practically impervious to Internet attacks, end user actions, or malicious code.

3Com® Embedded Firewall Policy Server provide many benefits such as:

• Complements and enhances other security products, including perimeter firewalls, website filters, antivirus software, intrusion prevention systems (IPSs), and VPNs.
• Prevents security from being modified or disabled by user action or malicious code; configurable only through policies issued by authenticated policy servers.
• Enforces policies without interacting with host OS, security software, user applications, or system processing; users can't access or change security settings.
• Automates security chores such as packet filtering and auditing, no sniffing/no spoofing, block unnecessary ports, and deny "ping" requests.
• Stops network attacks before they can start and helps eliminate false alarms generated by IDS monitoring; provides 24/7 protection for mobile/telecommuting users and "always on" broadband connections.
• Safeguards internal systems such as confidential databases, e-commerce servers, private-access intranets, guest workstations, and public kiosks.
• Ideal for locations exposed to electrical interference or to optimize the quality of time-sensitive, converged transmissions such as voice and video; (3CRFW220B only).
• Defines policies based on user role or group association, rather than on network infrastructure; enforces security at the end system, independent of the network to which users are connected.
• Automatically senses whether connection is internal or external and implements appropriate security policies.
• Automatically enforces a preconfigured, default security policy if mobile or remote systems are unable to communicate with an authenticated policy server.
• Extends firewall security from the server all the way to the network edge—including telecommuter desktops, mobile notebooks, broadband Internet access points, and remote systems connected to someone else’s LAN.
• Deploy security when and where needed; firewall cards can be installed system by system as needed; one policy server can support up to 8,333 desktop, server or notebook systems and up to three policy servers can be combined to create a domain that can support 25,000 systems.
• Gives authorized users and strategic partners easy access to shared or open systems without endangering the rest of the network.
• Users and systems can be easily added or removed to fit changing security needs, making it ideal for temporary or contract workers.
• Open standards-based software helps ensure future compatibility; firewall cards are firmware upgradable.
• Simplifies the configuration, distribution, and enforcement of security policies at all end points across the enterprise.
• Helps prevent network security from being disabled or bypassed at the host; firewall cards only accept instructions from authenticated policy servers.
• New policies can be configured and deployed to all systems across the network, inside and outside the perimeter, in a few minutes.
• Economical ten-client version allows installation of embedded firewalls on a smaller network or as a test-run before enterprise-wide deployment.
• Network managers can audit the Embedded Firewall and send those audits to a Syslog server.
• The Embedded Firewall and its support of Microsoft Active Directory simplify the complexity of maintaining user groups. User-based policies provide network managers with the flexibility to have multiple users with different firewall policies.
• All components work with IEEE 802.3-/802.1x-compatible hardware; firewall cards use standard PCI-bus or CardBus interfaces.