3Com DUA1550-0AAA02

3Com Network Access Manager Overview 13

3Com EFW Policy

Support

3Com Network Access Manager provides support for 3Com EFW Policy

Server v2.5, which adds the concept of user-based Embedded Firewall

(EFW) policies rather than just NIC-based EFW policies. For example, the

policy which is downloaded to the EFW can be specific to the user logged

into the PC and not just the PC itself. 3Com Network Access Manager

enables the network administrator to define an EFW Policy for each user

in Active Directory. The EFW Policy Server then queries Active Directory to

determine the profile for each user and replies to the EFW with the

relevant configuration.

Through 3Com Network Access Manager, the network administrator can

change an EFW policy at the same time as the port security settings,

speeding up the configuration of the network. The EFW policy is not

returned in any RADIUS response.

To ensure that 3Com Network Access Manager and the 3Com EFW Policy

Server operate together, the following steps must be followed using

3Com Network Access Manager:

■Define each EFW policy in 3Com Network Access Manager, see

“Creating A New EFW Policy” in Chapter3. 3Com Network Access

Manager creates the EFW policy as an Active Directory object.

■Associate the EFW policy with rules created in 3Com Network Access

Manager. This can be done during the creation of a new rule, or after

a rule has been created, see “Creating A New Rule” and “Changing

Rule Properties”in Chapter 3.

■Make sure that appropriate users and groups have been associated

with each rule associated with the EFW policy, see “Displaying

Members Of A Rule” in Chapter 3.

Any changes to EFW policy associations must be made through the 3Com

Network Access Manager user interface. 3Com Network Access Manager

will not recognize any externally made changes.

After making any change that might affect the EFW policy of a user, the

EFW group associations must be recalculated for the user, this is done by

clicking the Recalculate EFW membership button on the Tool bar at the

top of the Administration Interface window, see Figure14 in Chapter 3.

Examples of changes that might affect the EFW policy of a user are:

■if a user’s properties are changed, the correct rule association has to

be re-established. Clicking on the Recalculate EFW membership

button will cause 3Com Network Access Manager to find the highest