3Com
|
First we installed the 3CRFW300 Firewall Server PCI card, which is designed to operate with the 3Com embedded firewall policy server application (sold separately). While the policy server is required for configuration and management, this is not a software-based VPN; the processing is handled by the onboard 3XP processor onboard (ARM RISC based) that works in conjunction with the application. As its name suggests, this card is designed primarily as a firewall solution for servers.
When the system is first booted with this card in place, Windows 2000 Server automatically detects that the card has been installed and quickly finds the correct driver on the CD ROM provided; you can load the drivers and 3Com diagnostic software directly from the CD too. Once that is complete, you can install the 3Com Embedded Firewall. This application installs both the Policy Server and the Management Console. Once the application is installed and launched, you can set up a new policy domain or join an existing one. After you select the options specific to your environment, the system starts the policy server running though a brief checklist including database connection, certificate server startup, replication threads, network threads, admin threads, and server synchronisation. You can then launch the main 3Com MMC embedded firewall management console.
From the management console, you can find embedded firewall devices and enter the licencing key information to activate the products. Once activated you can select and setup your firewall security policies.
The management tool is very powerful and you must be careful when you use it; once you have registered any Embedded Firewall Devices (EFD) and set up your policies, the cards themselves are firmware encoded and will only respond to that particular firewall domain and management utility. If the server running the utility crashes, the cards will default to their unmanaged settings.
The second card from 3Com was the 10/100 Secure NIC 3CR990-TX-97. This card is designed to replace your standard desktop PC NIC and provide secure end-to-end VPN tunnelling via your LAN or WAN. The card looks is virtually identical to the 3CRFW300. It even uses the same 125Mhz RISC based 3XP Security processor chip from Agere that offloads the encryption processing from the system hardware to this dedicated chip which 3Com claims is up to 5 times faster than a software solution.
Installation was slightly different to the server card as you need to perform a pre-installation setup before physically installing the device in your system. Once it was installed, the software detected and ran the card correctly. Once the card drivers are installed and running correctly, you can load 3Com Dynamic Access software that comes bundled with this NIC.
The Dynamic Access software integrates very well in the background and basically adds another protocol to the normal Windows networking environment. It is controlled and configured entirely via the dynamic access properties under the Windows network resources. This utility gives you access to creating and managing virtual LANs, load balancing multiple NICs, and also failover for multiple NICs.
The third card we looked at was the PCMCIA Firewall PC Card 3CRFW102. This is a most interesting card providing hardware Firewall and VPN capabilities to notebooks. Primarily this would be used from remote locations or in secure office environments. The 3Com Firewall Policy Server includes options for roaming users and allows you to set up separate policies for these mobile device cards. For example, you could allow office and home access with different security levels at both points, and obviously different IP characteristics.
We installed this card into an Acer notebook running Windows XP Pro. We then loaded the 3Com PC Card software directly from the driver/software CD provided in the package from 3Com. 3Com provides a very handy utility called the Mobile Connection Manager that allows you to setup and select multiple different network configurations for the adaptor. This is extremely useful for workers who are often moving between different locations and physical networks each with their own particular unique settings and requirements.
The card configuration itself via the application is very straightforward, particularly the firewalling allow/deny aspects. Once completed, you are ready then to test your network settings and connect to your chosen network with the firewall and VPN options that you configured. The beauty of this is that you can set up many different connections and have all the data stored for whenever you are connecting to those different networks. You can also change your security levels on the fly simply by switching from one network configuration setting to another with weaker or stronger access rules. So not only would this card suit the secure roaming staff member, it would also be a powerful network tool for technicians within a widespread company with many geographic sites to cover.
As with other 3Com products we have reviewed in the past, 3Com seems to design and manufacture IT devices with a lot of in-built features and flexibility, however the implementation, administration, and usability are far more complex than they really need to be.
Another point to remember is that these devices are mostly proprietary to 3Com and require other 3Com products to operate to their featured potential. Some features that are advertised do not interoperate well, if at all, with some other brands of networking and security products. This is not necessarily a bad thing, as it allows 3Com to build in more features that certainly would not be possible in an open environment. However, if your enterprise already includes other vendors' products and you are looking at introducing some 3Com equipment, ensure beforehand that the features you are implementing are not proprietary to 3Com products only.
| Product: | 3Com 3CR990-TX-97 |
| Price: | US$129 |
| Vendor: | 3Com |
| Phone: | 1800 678 515 |
| Web: | ap.3com.com |
| Interoperability: |
Some features only work with proprietary software. |
| Futureproofing: |
Gigabit support would have been nice. |
| ROI: |
½Very good ROI for a NIC with added security features. |
| Service: |
½Lifetime warranty is good. |
| Rating: |
|
| Product: | 3Com 3CRFW300 |
| Price: | US$329 |
| Vendor: | 3Com |
| Phone: | 1800 678 515 |
| Web: | ap.3com.com |
| Interoperability: |
Some features only work with proprietary software. |
| Futureproofing: |
Gigabit support would have been nice. |
| ROI: |
Value not great, considering additional software is required. |
| Service: |
½ 3-year warranty. |
| Rating: |
½ |
| Product: | 3Com 3CRFW102 |
| Price: | US$219 |
| Vendor: | 3Com |
| Phone: | 1800 678 515 |
| Web: | ap.3com.com |
| Interoperability: |
Some features only work with proprietary software. |
| Futureproofing: |
Gigabit support would have been nice. |
| ROI: |
½ Excellent considering the added capabilities of this card and the price of standard PC Card NICs. |
| Service: |
½ 3-year warranty. |
| Rating: |
|
