Home > Consumer Reviews > 3Com Officeconnect Internet Firewall 25

I got this one after seeing someone breaking into my network, and while it is hard to outrule any firewall that does its job, this one has a few fundamental limits I would like to warn potential buyers about.

First, it does not allow you to specify the source port. This might not sound like a big deal at first, but it makes configuring the firewall for e.g. ICQ more difficult than it would have to be. Secondly, it only supports ICMP, TCP and UDP - you cannot define protocols on your own. This isn't much of a limitation though, since these cover 99.9% or more of the traffic you can expect. Third thing, which I consider to be a major nuisance as a network administrator, is the fact that the web based administration interface only lets you enter rules based on previously created "services", which is one - I say one - combination of protocol and destination port. You can group several combinations together (like the preconfigured DNS service which covers 53/udp and 53/tcp), but you have to enter every combination of port and protocol manually. It doesn't matter if you are allowing SSH, HTTP, SMTP or some other simple protocol - but if you wish to allow active FTP, you really should look into the alternatives as most systems could potentially use 3976 different target ports for that one (some even use all ports up to 65535, making for 64511 ports to enter manually). Of course you can specify the source and destination IP addresses for the rules, and the action (let packet through or drop it) - I wouldn't call any firewall without such a possibility with that word.

This is a firewall that does its job for anyone who just want to provide basic services like web hosting, mail and things like that, but when it comes to a little bit more advanced features like specified source ports, IP flag handling (especially SYN flags) and so on, it was a major downgrade from what I was used to. I am going to keep my ipchains firewalling as well, at least until 3Com adds source port specification and port ranges, and starts distributing their firmware updates as uncompressed files instead of .exe self-extracting archives. That is something that makes upgrading the firewall from my Linux boxes much harder, and the size/download time hit would not be too hard for many of their users to take, I guess. After all, they don't release new firmware EVERY day (even though the firewall can check their web site for updates automatically once a week).

Just one more thing. Why should you have to restart the firewall, dropping all active connections and all connectivity for 45-60 seconds, just because you added a rule to the set? There has got to be a better way, but 3Com has failed to see it. A firewall isn't static; it's dynamic. You set it up once, then fine tune it over a long period of time to meet the needs of your users, the organization and perhaps added services or new threats. Why disconnect everyone on your network from the Internet and cut everyone on the Internet off from your network for such a long period of time, just to add one rule?

BAD, 3Com!

I bought a 3Com OfficeConnect firewall and I was immediately impressed. The set-up wizard worked first time and got me up and running in minutes. Solution to my security probelms in minutes. I couldn't ask for more

I have some experience in firewalls and 3Com - I chose this product due to my past positive experience with 3Com products. This one was no different. I plugged it in, followed the simple set up procedures and let it go. No muss no fuss. My Internet performance has increased dramatically.

Great Product!