============================================================================================ 3COM(R) FIRMWARE UPGRADE UTILITY ============================================================================================ This document provides the following information: 1. Release Notes 2. Legal Rights 3. Using the Utility 4. World Wide Web site IMPORTANT NOTE If you are upgrading from a previous release of firmware, please note the following: You cannot import the configuration from earlier firmware versions of the OfficeConnect Internet Firewall. Take a note of the current configuration before upgrading to v5.1.6. After completing the upgrade, it is recommended that the following procedure be followed: 1. Reset admin password to "password". Click the general label and then the Set Password tab to set the password. Resetting the password allows you to use the new install wizard for initial configuration. 2. Restore factory default settings. Click the Tools label, the Configuration tab and then the Restore button. 3. Restart the unit. 4. The unit will display the Firewall Installation Wizard. Perform initial configuration. 5. After the unit has restarted, enter any additional configuration using the web interface. Failure to follow this procedure may result in an invalid configuration. Note that resetting the unit to factory defaults does not change the LAN IP address of the unit. However you will need to initially manage the unit from the same IP subnet as the firewall as any static routes will be deleted. ============================================================================================ To enable VPN in the OfficeConnect Internet Firewalls - 1. The OfficeConnect VPN Upgrade for Internet Firewalls must be purchased (3CR16773-93) 2. Go to http://www.3com.com/internetfirewalls 3. Click on VPN Upgrade Registration 4. Enter the Serial Number of the firewall and the VPN Upgrade Key in the appropriate boxes 5. Click the Enable button 6. Enter the VPN activation key created into the VPN screen of the firewall interface, VPN is now enabled IMPORTANT NOTE At present many small office routers do not support IPSEC passthrough. Consequently the VPN upgrade will not function correctly when the Firewall is used in conjunction with these products. Check your router's documentation for more details. ============================================================================================ 1: 3Com Internet Firewall Firmware Release Notes ============================================================================================ (10th September 2001) v5.16 Update: * Services can now be defined using ranges of ports. * Multiple subnets can now be accessed through VPN tunnels. * Individual rules can now be edited and disabled. Rules can also be enforced by time of day. * Individual rules can now be configured to Allow Fragmented Packets from server or service. * A restart is no longer required after adding, deleting or changing rules. * Changing VPN security associations no longer requires a restart. * The installation wizard has been enhanced to auto detect PPPoE and DHCP servers. * Fragmented IPSEC and PPTP packets can now pass through the Firewall. * WINS server addresses can now be assigned to LAN clients by the firewall DHCP Server. * Hyperlinks displayed in the log now provide definitions of attacks. * A PPPoE inactivity time-out has been added. * The date can now be displayed in an International format (DD/MM/YYYY). * The Syslog Individual Event Rate feature enables control over the time period between similar events being reported to the syslog. * The current status of DHCP leases are now shown on the DHCP/Status page. * A stealth mode option on the POLICY/Services page allows inbound packets to be dropped rather than responding with a closed port. * An option on the POLICY/Services page to allow fragmentation of outbound packets larger than WAN MTU for PPPOE. * To provide compatibility with more ISP's, the PPPoE user name and password can contain up to 63 characters. * Added IMAP, Napster, NetBIOS, and PC Anywhere as known services. -------------------------------------------------------------------------------------------- (21st December 2000) v5.08 Update: * Support for VPN upgrade added. * Bug causing firewall not to realise when ISP terminates PPPoE connection fixed. -------------------------------------------------------------------------------------------- (16th August 2000) v5.07 Update: * Bug causing a management station with IP address 192.168.1.31 to be locked out when used with an OfficeConnect LAN Modem has been fixed. * Error in default policies for DMZ port fixed. * Improvements for Realplayer, ftp and PPTP passthrough traffic. -------------------------------------------------------------------------------------------- (24th July 2000) v5.06 Update: ************************** IMPORTANT INFORMATION FOR DMZ USERS **************************** When upgrading firmware from v4.1.0 to v5.0.6 if you upgrade from a blank setting (you have erased the old firmware before upgrading) ensure that you go to the Policy -> Policy Rules setting and click on the "Restore Default Rules" button at the bottom of the page. Then restart the box. ******************************************************************************************** * Improved Quick Start Wizard auto-starts on first OfficeConnect Internet Firewall configuration. * The OfficeConnect Internet Firewall product family now supports PPPoE allowing use with any DSL service. * ICQ 2000 tested and confirmed to work with OfficeConnect Internet Firewall products. * Packet trace tool on Tools/Diagnostic page now traces IPSec packets. Useful for debugging manual key VPN tunnels. * Added a Firewall Name field to Log/Log Settings page. This field is added to the subject line of log and alert e-mails. * The OfficeConnect Internet Firewall no longer requires a restart when it acquires a new IP address using NAT with DHCP client or NAT with PPPoE. * An alert is now sent whenever the OfficeConnect Internet Firewall WAN IP address changed when using either NAT with DHCP client or NAT with PPPoE. * Moved DHCP logging and alerting to Network Debug category from System Errors category. * The reliability of the firmware and content filter list download processes have been improved by verifying in RAM before loading into flash memory. * The log has been enhanced to allow sorting by column heading. * Several log messages have been added for DHCP events. * Fixed problems associated with upgrading from previous firmware versions. * Fixed a bug which, in rare cases, could cause the OfficeConnect Internet Firewall to hang temporarily when attempting to assign IP licenses to clients. * Bug which caused false IP spoof logging and alerting was fixed. * Fixed bug which did not allow PPTP unless using One-to-One NAT. * Bug which caused the OfficeConnect Internet Firewall to reboot after obtaining a dynamic IP address for the first time has been fixed. * Bug that caused multiple new firmware notifications to be sent has been fixed. * Addressed incompatibility between OfficeConnect Internet Firewall web interface and Macintosh Internet Explorer 5.0. * A problem with multiple inbound PPTP sessions when running one-to-one NAT has been fixed. * A bug has been fixed which caused the box to restart with the following log message: Diagnostic Code A tmainlogtask:42E7C6. * Support for 3rd party IPSEC client pass-through has been added. * The return address was removed from the LOG>Log Settings page. The "Send Log To" address will be used by default as the return address. -------------------------------------------------------------------------------------------- v 4.1.0 Update: * The OfficeConnect Internet Firewall product family now supports WebTrends for Firewalls and VPNs for more comprehensive reporting. * New filtering options have been added for content filter list expiration. Reliability improvements have also been made in the list download process. * An administrator inactivity timeout field and an administrator logout button have been added. * IP addresses on the LAN can be denied Internet access to avoid using OfficeConnect Internet Firewall node licenses. * An option has been added to restore firewall rules to defaults. * OfficeConnect Internet Firewall will now automatically clear ISP router ARP cache at power up to eliminate Internet access delays in some cases. * A bug that prevented use of the DMZ port in some hardware versions has been fixed. * Several bugs that contributed to hanging in some cases have been addressed. * A proxy-forwarding bug has been fixed. * A bug causing PPTP connections to be dropped has been fixed. * The correct error message is now displayed when the user timeout is set for less than 5 minutes. * A bug preventing IPSEC pass through has been fixed. * User license violations will no longer be caused by PPTP and AOL client software leaking IP addresses onto the LAN. * The "Site Blocked" message and keyword list is now updated immediately with no restart required. ============================================================================================ 2: Legal Rights ============================================================================================ ____________________________________________________________________________________________ IMPORTANT: READ BEFORE INSTALLING OR USING THIS SOFTWARE ____________________________________________________________________________________________ You should carefully read the terms and conditions of the Software License Agreement. The text is contained in a file called license.txt in the root directory of your CD or !license.txt if downloaded from the 3Com Bulletin Board. Your legal rights are defined therein. USE OF THIS SOFTWARE INDICATES THAT YOU ACCEPT SUCH TERMS AND CONDITIONS. If you do not agree with such terms and conditions, do not use this Software. ============================================================================================ 3: Using The Utility ============================================================================================ 1 Access the Management Interface as described the manual 2. Click Tools and then select the Upgrade tab. 3. Click Upload Firmware Now. 4. Click Yes if you have saved the settings. 5. Click Browse... and select the software file you have downloaded from the 3Com ftp site to a local hard drive or server on the LAN. 6. Click Upload to begin the upload. 7. Make sure that your Web browser supports HTTP uploads. 8. When uploading the firmware to an Internet Firewall, it is important not to interrupt the Web browser by closing the window, clicking a link, loading a new page, or removing the power to the Internet Firewall. If the Internet Firewall is interrupted this way, it may result in the Internet Firewall not responding to attempts to log in. 9. Restart the Internet Firewall for the changes to take effect. ============================================================================================ 4: World Wide Web Site ============================================================================================ Access the latest networking information on the 3Com Corporation World Wide Web site by entering our URL into your Internet browser: http://www.3com.com/ ____________________________________________________________________________________________ (R) means registered trademark. (TM) means trademark. 3Com and OfficeConnect are registered trademarks of 3Com Corporation. Other trademarks are the property of their respective owners. Document Number:DRA1677-1AAA04 Revision: 04 Issued: September 2001 Copyright 2001 3Com Technologies.