Name: Superstack 3 Firewall (Firewalls group test)
- The device is easy to set up and simple to administer.
- No more than 100 rules can be set up.
- This is an effective firewall that can be enhanced by the optional Web Site Filter.
SC Labs Reviews
Reviews from our expert team
This is a 1U rack-mountable unit containing a 233 MHz StrongARM processor with 16 MB of RAM, with ports for WAN, LAN and DMZ connections. There is no need to configure a PC as a management device since all functions can be performed from any Java-capable web browser. The device is supplied with a 60-day evaluation copy of 3Com’s Network Supervisor software, which provides network management facilities and will launch the browser interface when the device is selected.
Setup is performed using a wizard that starts the first time you access the device. This handles the basic set up – setting time zones, detecting WAN connections, configuring IP addresses for gateways and NAT, and enabling DHCP.The management interface is simple, but effective, with all functions accessible from tabbed pages. Content filtering is part of the optional SuperStack 3 Web Site Filter, but the unit offers some built-in facilities like keyword blocking on URLs and lists of trusted and forbidden domains. This is useful and might be sufficient, and offers flexibility over the “all or nothing” approach. If there is a strong requirement for strict control over web access, the optional package offers a more comprehensive control environment.
In its default state after setup, the firewall will protect against denial-of-service attacks. The system offers a number of logging options, many enabled by default (like system errors, system maintenance and attack attempts). A number of log events will also generate email alert messages.
Performance data such as bandwidth usage can be reported. Firewall rules are applied from the most specific to the most general, which means it is possible to have rules that override the defaults.
We enabled stealth mode for our port scanning test, which did not reveal any open ports, but the device did not log or report the scanning process.