3com Embedded Firewall Policy Server

Embedded Firewall Policy Server, Windows 2003/2000/XP Central Management Server for Embedded-Firewall Clients
3Com® Embedded Firewall Policy Server software works with our 3Com Firewall PCI and PC Cards (sold separately) to extend highly tamper-resistant firewall filtering and auditing capabilities to servers and desktops across the enterprise, both inside and outside the network perimeter. The policy server provides essential management capabilities for your installed base of firewall-enabled systems—including telecommuter PCs, mobile notebooks, VPN gateways, shared servers, DMZ subnets, Web servers, contractor desktops, and "always-on" broadband connections.

The unique combination of central management software and distributed firewall hardware delivers a superior grade of robust reliability and tamper resistance that software-only security can't match. Each firewall card uses an onboard RISC processor to enforce security transparently to end users, local applications, and operating systems. This hardware-enforced protection is practically impervious to Internet attacks, end user actions, or malicious code.

Equally important, only an authenticated policy server can communicate with and configure the distributed firewall cards. Therefore, even if an embedded firewall-enabled system is successfully corrupted, the firewall card continues to work independently—thus preventing its host system from being used as a launching pad for further network invasion.

Once the 3Com Embedded Firewall Policy Server is installed, you can easily and cost-effectively deploy network security when and where it's needed by simply installing firewall cards on a system-by-system basis. Then, use the policy server to update the security policies and push them to your firewall-enabled servers, desktops, and notebooks—across the network and independent of topology.

- Provides superior resistance to user modifications, unauthorized access, and malicious e-mail scripts; firewall cards only accept instructions from authenticated policy servers
- Facilitates assigning security by group role or function and accelerates response to detected network attacks; centrally configured and deployed security policies are pushed to users and hosts independent of routers or traffic streams
- Configures global policies that automate firewall filtering and auditing, enforce no sniffing/no spoofing, block unnecessary ports, and deny "ping" requests
- Secures open Internet connections, such as VPN endpoints and broadband access gateways, located inside or outside the perimeter firewall
- Protects users with multiple levels of protection wherever they work—more relaxed for internal LAN connections and more restricted for shared and Internet-accessible systems
- Hardens web and e-commerce servers, DMZ subnets, and customer databases against Internet attacks and unauthorized access
- Limits system-to-system communications when connecting outside the network perimeter; automatically ignores nonessential protocols, shuts down unnecessary ports, denies "ping" requests, and disables packet sniffing and IP spoofing
- Provides around-the-clock peace of mind; if firewall cards cannot communicate with the policy server, they will default to your maximum security levels
- Complements other 802.3-standard compliant security solutions—including security services switches, firewall/VPNs, antivirus scanners, and intrusion-detection systems (IDSs)
- Lowers IT administration costs with 24/7 intrusion resistance that helps eliminate false alarms generated by IDS monitoring
- Flexibly supports any combination of firewall-enabled desktops, servers, or notebooks up to 8,333 firewall clients