3Com TECHD-0000000122 manual Optimized VPN Connectivity, Policy Enforcement, TippingPoint IPS

Page 21

TippingPoint X-Series Environment

Series and IPS devices across your TippingPoint environment for administration, configuration, and monitoring. Most importantly, the SMS includes enterprise-wide reporting and trend analysis.

From the SMS, you must set an overall profile of settings for each X-Series. The profile controls how the device responds to traffic that matches filters. The X-Series is always in Active mode, and reacts to traffic as specified by the appropriate filter.

The LSM and X-Series maintain a connection to the Threat Management Center (TMC) which is located at TippingPoint headquarters. The TMC monitors 10,000 sensors around the world for the latest attack information. As a result, your network can be continually inoculated.

Each component of the TippingPoint X-Series X-Series environment is discussed in more detail in the following sections. Additional information about the TippingPoint X-Series is available in the TippingPoint X-Series Concepts Guide.

Optimized VPN Connectivity

The X-Series VPN supports IPSec, L2TP, and PPTP tunneling protocols, as well as DES, 3DES, AES- 128/192/256, MD5, and SHA-1 encryption standards, and manual keyring, IKE with pre-shared keys, and IKE with X.509 certificates. The device provides intrusion prevention inspection within VPN tunnels, and can also prioritize traffic bi-directionally, both inside and outside of the VPN tunnels. The VPN is hardware-accelerated, with an ASIC designed specifically for encrypting and decrypting packets. To increase network security, you can configure VPN traffic to terminate in a security zone that is separate from your internal LAN security zones. The X-Series also supports NAT deployment within VPN tunnels.

Policy Enforcement

Policy enforcement includes the X-Series firewall, content filtering, and the TippingPoint IPS. The TippingPoint X-Series has a stateful inspection firewall with a top-down rule evaluation engine. The firewall can be used to rate-limit both security zones and applications, preventing excess bandwidth consumption. TippingPoint offers a Content Filtering subscription service, which allows or denies web sites by category. You can also manually allow or block URLs as exceptions to the defined rules. Content Filtering is applied through firewall rules.

Security Zones and Network Interfaces

Security Zones enable you to define multiple Layer 2 VLANs. A security zone can be associated with a single physical port, or can exist virtually by logical definition. Policy enforcement is applied to traffic that moves between security zones. Network interfaces enable you to define Layer 3, and can represent two or more security zones. Security zones can be defined through 802.1q VLAN tags.

TippingPoint IPS

TippingPoint X-Series devices use the TippingPoint IPS to protect your network by scanning, detecting, and responding to network traffic according to the filters, action sets, and global settings maintained on each device by a client. Each device provides intrusion prevention for your network according to the amount of network connections and hardware capabilities.

X-Series Hardware Installation and Safety Guide V 2.5

3

Page 20 Page 22
Image 21
Page 20 Page 22
Contents Version Series Installation Safety GuideCopyright 2006 3Com Corporation. All rights reserved Table of Contents TippingPoint X505 Overview Prepare the SiteIndex Page Front Panel List of FiguresPage List of Tables List of Tables About This Guide OverviewTarget Audience About the Guide OrganizationHeadings ConventionsTypeface Cross ReferencesTip Tmc.tippingpoint.com Related DocumentationSecurity Management System Online Help Table About 1 TippingPoint DocumentsCustomer Support Contact InformationTable About 2 Customer Support Information Location Xvi TippingPoint X-Series Overview OverviewCore Functionality TippingPoint X-Series EnvironmentPolicy Enforcement Optimized VPN ConnectivitySecurity Zones and Network Interfaces TippingPoint IPSLocal Security Manager Threat Suppression EngineSeries System Performance Model Ethernet Concurrent Firewall Triple DES Interfaces Sessions PerformanceThreat Management Center Security Management SystemOverview Series Hardware Installation and Safety Guide V Prepare the Site Class a Notices Safety RequirementsGeneral Guidelines Prepare the Site Safety Requirements Ventilation and Location Rack and Clearance RequirementsEnvironmental Requirements Reliable EarthingTo unpack the TippingPoint X-Series system Unpack the TippingPoint SystemPage TippingPoint X505 Overview Chassis Overview Chassis FeaturesPort USB PortLED Descriptions LEDsColor State Description Management Port LED DescriptionsTechnical Specifications Hardware SpecificationsTippingPoint X-Series X505 Specifications Description Hardware Installation and Configuration Technical SpecificationsSoftware Specifications Install the TippingPoint Chassis Rack Space RequirementsMin/Max Number of Chassis Complete Initial Setup Configuration Connect the powerRegister the TippingPoint Connect the X505 to the InternetTippingPoint X506 Overview Port Status LEDs Port PortSegment Port LED Descriptions TippingPoint X-Series X506 Specifications DescriptionTippingPoint X506 Hardware Specifications Detail Description Or = 42 RUs. Each TippingPoint X-Series X506 requires 1RU Connect the power Connect the X506 to the Internet Register the TippingPoint Figure a 1 RJ-45 Connector Port ConnectorsTable a 3 DB-9 Connector Pinouts Pin Number Signal Name DB-9 Connector PinoutPort Connectors Page Index Index Series Hardware Installation and Safety Guide V
Top Page Image Contents