PracticallyNetworked.com
Practically Networked Logo
3Com OfficeConnect Cable/DSL Secure Gateway

 Author: Brien M. Posey
 Review Date: 12/12/2002

 Add Your Review
 Read 7 Reviews by Users


The 3Com 3CR856-95 Cable/DSL Secure gateway is a standard product designed to act as an Internet connection sharing device and as a firewall. Although it is lacking some of the more advanced features typically found in such products, it still does a nice job.

Pros:

  • Nice configuration wizard
  • Automatically detects and connects to the Internet when possible

Cons:

  • Very dim lights
  • Finicky with DNS settings
  • Pricey

BASIC FEATURES

The 3Com 3CR856-95 gateway has most of the standard features found on similar devices offered by other companies. Included in these features are a NAT based firewall, a DHCP Server, DMZ support, VPN Support, and a handy Web based interface.

SETUP/INSTALLATION

Setting the unit up involved attaching it to my DSL modem and to my primary switch via Ethernet patch cables. Once powered up, the first thing that I noticed is that the lights on the unit are very dim. I initially connected the unit at about 9:00 AM when the morning sun was beaming into the room, and was unable to even tell whether the unit was receiving power because of how dim the LEDs were.

Like most other Internet connection sharing devices, the unit uses the 192.168.x.x address range. Therefore, I simply configured one of my PCs to act as a DHCP client, opened Internet Explorer, and entered the unit's IP address.

When the unit's Web interface screen appeared, I received the standard password prompt. What happened next though was a surprise -- The unit launched a configuration wizard. This is the first time that I've seen a configuration wizard on an Internet connection sharing device. What I really liked about the wizard is that it asked all of the pertinent questions without any unneeded extras. I simply answered four or five questions and the unit was ready to go.

Shortly before completing the configuration wizard, the unit tried to automatically detect my Internet connection. My connection uses PPPoE, and the unit was unable to connect because it didn't have my password. However, the wizard's very next question asked for my PPPoE username and password. After entering this information, the unit automatically began speaking with my ISP.

Now, it was time to get onto the Internet. Try as I might, I was unable to access a single Web site. I checked the Status and Logs screen, and everything looked to be in order. My ISP had assigned an IP address, DNS Server address, etc. The Internet Settings screen has a spot where you can enter the addresses of your DNS servers, but the screen indicates that these addresses are optional. Just for kicks, I went ahead and manually entered my DNS server addresses. After doing so, the Internet connection began to work.

PERFORMANCE

To check performance, I went to http://www.dslreports.com/stest and ran the speed test. In the area where I live, my ISP only offers DSL speeds of up to 384Kbps (upload and download). The DSL Reports speed test reported an upload speed of 324Kbps and a download speed of 304Kbps. Its like the unit probably performs much better than this though, as my tests were conducted during peak Internet usage hours.

ACCESS CONTROL

The device's primary access control mechanism, aside from password protection, is something called PC Privileges, found on the Firewall screen. It allows you to grant or deny permission to access the Internet based on a PC's IP address. A nice feature of this is that you can configure the device to allow a specific PC to have Internet access, but only for a specific service such as E-mail, Web, FTP, or NNTP. You can even permit or block access to all ports except for a series of ports that you specify.

The PC Privileges feature worked just the way that it was supposed to in my tests, but I did notice one interesting potential problem, because it is based on IP address rather than MAC address. This is fine in an environment that uses static IP addresses, but one of the unit's main features is a DHCP server. Does it really make sense to control access based on addresses that could change tomorrow? The unit also allows you to permanently associate a PC with an IP address assigned by the DHCP server, but it seems like that this defeats the purpose of using.

SECURITY

Other security features on the OfficeConnect include VPN support and a firewall. While I found both of these features to be adequate for most home users, they did seem to be somewhat lacking. For example, it supports PPTP and IPSec-based VPNs, but not L2TP.

Likewise, the firewall was lacking features such as port forwarding. The PC Privileges section that I described earlier was the main mechanism for controlling the firewall. It would have been nice to have a screen allowing you to open or block ports on a global basis. The closest that the unit comes to such a mechanism is support for triggered maps.

One nice feature is automatic hacker detection. It looks for specific patterns of activity. If these patterns are detected, then the hack attempt is automatically blocked. The unit is capable of detecting Denial of Service (DoS) attacks, and some other common types of attacks.

To test the unit's firewall's capabilities, I used the ShieldsUp!! utility found at http://grc.com. The firewall performed exactly as it was supposed to, with no obvious vulnerabilities.

SUMMARY

The 3Com OfficeConnect Cable/DSL Secure Gateway seems like a decent product, and is most appropriate in a home environment, since it's lacking some of the advanced features typically found for offices. Any home user would be very happy with this unit and its performance. But not many home users will be happy with the price when similar products are less than half of what the OfficeConnect costs.

Jupitermedia is publisher of the internet.com and EarthWeb networks.


Copyright 2003 Jupitermedia Corporation All Rights Reserved.
Legal Notices,  Licensing,Reprints, &Permissions,  Privacy Policy.
http://www.internet.com/
http://www.earthweb.com/