3com FIREWALL FIBER PCI CARD 3CRFW220B User Manual
Product codes
3CRFW220B
3 C O M
®
E M B E D D E D F I R E WA L L S O L U T I O N D ATA S H E E T
2
Features
Description
SECURITY
Defense in depth
Complements and enhances other security products, including perimeter firewalls, website filters, antivirus
software, intrusion detection systems (IDSs), and VPNs.
software, intrusion detection systems (IDSs), and VPNs.
Hardware-based tamper resistance
Prevents security from being modified or disabled by user action or malicious code; configurable only through
policies issued by authenticated policy servers.
policies issued by authenticated policy servers.
Transparent enforcement
Enforces policies without interacting with host OS, security software, user applications, or system processing;
users can't access or change security settings.
users can't access or change security settings.
Global security policies
Automate security chores such as packet filtering and auditing, no sniffing/no spoofing, block unnecessary
ports, and deny "ping" requests.
ports, and deny "ping" requests.
Intrusion resistance
Stops network attacks before they can start and helps eliminate false alarms generated by IDS monitoring;
provides 24/7 protection for mobile/telecommuting users and "always on" broadband Internet access gateways.
provides 24/7 protection for mobile/telecommuting users and "always on" broadband Internet access gateways.
Inside-the-perimeter protection
Safeguards internal systems such as confidential databases, e-commerce servers, private-access intranets,
guest workstations, and public kiosks.
guest workstations, and public kiosks.
Fiber-compatible firewall
Prevents signal degradation, making it ideal for locations exposed to electrical interference or to optimize the
quality of time-sensitive, converged transmissions, such as voice and video; 3CRFW220B required for
fiber connections.
quality of time-sensitive, converged transmissions, such as voice and video; 3CRFW220B required for
fiber connections.
MOBILITY AND SCALABILITY
Topology independence
Defines policies based on user role or group association, rather than on network infrastructure; enforces
security at the end system, independent of the network to which users are connected.
security at the end system, independent of the network to which users are connected.
Remote awareness
Automatically senses whether connection is internal or external and implements appropriate security policies.
Fallback policy
Automatically enforces a preconfigured, default security policy if mobile or remote systems are unable to
communicate with an authenticated policy server.
communicate with an authenticated policy server.
Beyond-the-perimeter protection
Extends firewall security from the server all the way to the network edge—including telecommuter desktops,
mobile notebooks, broadband Internet access points, and remote systems connected to someone else’s LAN.
mobile notebooks, broadband Internet access points, and remote systems connected to someone else’s LAN.
Cost-effective scalability
Lets you deploy security when and where needed, in cost-justifiable increments; firewall cards can be
installed system-by-system as needed; one policy server can support up to 8,333 desktop, server or
notebook systems
installed system-by-system as needed; one policy server can support up to 8,333 desktop, server or
notebook systems
Shared-system protection
Gives authorized users and strategic partners easy access to shared or open systems without endangering
the rest of your network—such as partner websites, shared servers, VPN gateways, DMZ subnets,
web/e-mail servers.
the rest of your network—such as partner websites, shared servers, VPN gateways, DMZ subnets,
web/e-mail servers.
Flexible deployment
Users and systems can be easily added or removed to fit changing security needs, making it ideal for
temporary or contract workers.
temporary or contract workers.
Upgradable components
Open standards-based software helps ensure future compatibility; firewall cards are firmware upgradable.
MANAGEMENT
Centralized management
Simplifies the configuration, distribution, and enforcement of security policies at all end points across
the enterprise.
the enterprise.
Policy-based enforcement
Helps prevent network security from being disabled or bypassed at the host; firewall cards only accept
instructions from authenticated policy servers.
instructions from authenticated policy servers.
Fast response to network attacks
New policies can be configured and deployed to all systems across the network, inside and outside the
perimeter, in a few minutes.
perimeter, in a few minutes.
Starter policy server
Economical ten-client version lets you install embedded firewalls on a smaller network or as a test-run before
enterprise-wide deployment.
enterprise-wide deployment.
COMPATIBILITY AND PERFORMANCE
Open standards architecture
All components work with IEEE 802.3-/802.1x-compatible hardware; firewall cards use standard PCI-bus or
CardBus interfaces.
CardBus interfaces.
Security processor
Offloads IPSec and policy enforcement processing, enabling host CPU to devote more cycles to user
applications and transmissions; IPSec offloads require Windows 2003, 2000, or XP operating system.
applications and transmissions; IPSec offloads require Windows 2003, 2000, or XP operating system.