iXBT Labs - Computer Hardware in Detail






OfficeConnect Secure Router and OfficeConnect VPN Firewall - Screening Router and Firewall from 3Com

Settings in 3CR860 and 3CR870

First of all, both devices are shipped with a very convenient utility Discovery Application. When started, it finds all 3Com devices connected to the network (of the reviewed in this article) irregardless of their IP address. When you select the device you need, the utility sets its IP address in the LAN interface belonging to the same subnetwork as the computer from which the utility was started. Thus, to access the web interface of the router, we don't have to painfully try to recollect the default IP address of the device or even to modify our IP. You just run Discovery Application and get access to router settings (of course if you know the password to the web interface).

Now a brief account of the settings in the web interface. It's identical for both devices, but in 3CR860 there is no traffic shaping menu and you cannot set more than two VPN tunnels. And of course the device labels are different.

As usual, the interface has a wizard allowing quick configuration of the router. Or you can walk through all the menus on your own. By the way, I want to note how well-engineered this web interface is, all the options are grouped logically. In short, it's very convenient to control the device via the web interface.

Besides, the interface possesses a detailed menu system. The Help button can be found in all main sections of the interface.

In Network Setting you can configure IP addressing and operation modes in WAN...

... and LAN interfaces. The built-in DHCP server is also configured here.

The Advanced Networking section allows to configure NAT modes (you cannot turn it off completely). Here you can also configure the static routing table...

... and activate the dynamic routing protocols.

In this section you can also set up the dynamic DNS service support. The list of services is hardcoded and cannot be changed, but it contains a sufficient number of DDNS services.

The next section (Traffic Shaping) is available only in 3CR870 (3Com OfficeConnect VPN Firewall). You can limit the incoming/outgoing traffic completely or partially by certain criteria. Unfortunately the scope of criteria is rather narrow.

The Firewall section, as you can understand from its title, is devoted to the settings of the embedded firewall. The first submenu contains virtual server settings.

The PC Privileges submenu serves to specify firewall rules. You cannot find the place where to specify the rules? Yes, I was also surprised not to find the usual interface to specify the rules. The only option allowed is to set a global (single) rule for all local IP addresses and to add rules for a selected IP address where you can set only the outgoing port. And that's all! No protocol management, no rich features of the SPI firewall. Nothing... However, the SPI mode is used in the next submenu, but it has nothing to do with filtering rules.

This subsection allows to configure specific protocols, which require several open sessions (simultaneously) or critical to packet headers modified by NAT procedures.

The last subsection allows to activate responses to ICMP Ping of the switch from the Internet side and to disable SPI in the firewall.

The Content Filtering section allows to filter access to web sites using url-filters, which can be specified manually or by the web content filtering services.

You can also specify IP addresses of the computers, which will be subject to filtering or vice versa will not be filtered (unlike all the other IP addresses).

In the VPN section you can configure IPSec/PPTP/L2TP modes.

And here is the second difference between 3CR860 and 3CR870: in 3CR860 you cannot specify more than two VPN tunnels.

In case of IPSec you can set the server-server mode (tunnel between the networks) as well as the server-client mode (connecting remote users to the network). For L2TP you can set only the latter mode.

There is a separate subsection for IPSec, which allows to configure the dedicated routing table for each tunnel.

In the next section (System Tools) you can specify the time zone of the router, save/load configurations and update the firmware. NTP client, which synchronizes the clock in the device, cannot be redirected to another NTP server - this device can be synchronized only with a preset list of servers over Internet.

This menu also contains diagnostic utilities, which allow to ping or traceroute a remote host as well as to resolve a host name or an IP address.

The last section, as it's clear from its title, displays the current status of the router subsystems and is also responsible for viewing and configuring the logging subsystem.

This device can keep detailed logs. You can always specify what is to be logged. The device also logs all network attack attempts.

Here you can see a screenshot of a sample log of establishing an IPSec tunnel. Of course, you cannot enable the "debug" mode, but even this level of logging details can be very helpful :)


Eugene Zaitsev (eightn@ixbt.com)

Write a comment below. No registration needed!

Article navigation:

blog comments powered by Disqus

  Most Popular Reviews More    RSS  

AMD Phenom II X4 955, Phenom II X4 960T, Phenom II X6 1075T, and Intel Pentium G2120, Core i3-3220, Core i5-3330 Processors

Comparing old, cheap solutions from AMD with new, budget offerings from Intel.
February 1, 2013 · Processor Roundups

Inno3D GeForce GTX 670 iChill, Inno3D GeForce GTX 660 Ti Graphics Cards

A couple of mid-range adapters with original cooling systems.
January 30, 2013 · Video cards: NVIDIA GPUs

Creative Sound Blaster X-Fi Surround 5.1

An external X-Fi solution in tests.
September 9, 2008 · Sound Cards

AMD FX-8350 Processor

The first worthwhile Piledriver CPU.
September 11, 2012 · Processors: AMD

Consumed Power, Energy Consumption: Ivy Bridge vs. Sandy Bridge

Trying out the new method.
September 18, 2012 · Processors: Intel
  Latest Reviews More    RSS  

i3DSpeed, September 2013

Retested all graphics cards with the new drivers.
Oct 18, 2013 · 3Digests

i3DSpeed, August 2013

Added new benchmarks: BioShock Infinite and Metro: Last Light.
Sep 06, 2013 · 3Digests

i3DSpeed, July 2013

Added the test results of NVIDIA GeForce GTX 760 and AMD Radeon HD 7730.
Aug 05, 2013 · 3Digests

Gainward GeForce GTX 650 Ti BOOST 2GB Golden Sample Graphics Card

An excellent hybrid of GeForce GTX 650 Ti and GeForce GTX 660.
Jun 24, 2013 · Video cards: NVIDIA GPUs

i3DSpeed, May 2013

Added the test results of NVIDIA GeForce GTX 770/780.
Jun 03, 2013 · 3Digests
  Latest News More    RSS  

Platform  ·  Video  ·  Multimedia  ·  Mobile  ·  Other  ||  About us & Privacy policy  ·  Twitter  ·  Facebook

Copyright © Byrds Research & Publishing, Ltd., 1997–2011. All rights reserved.