Chapter 2: Overview

IPS

X Family devices use the IPS to protect your network by scanning, detecting, and responding to network traffic according to the filters, action sets, and global settings maintained on each device by a client. Each device provides intrusion prevention for your network according to the amount of network connections and hardware capabilities.

The IPS is designed to handle the extremely high security demands of carriers and high-density data centers. This functionality has been scaled down into the X Family, providing unprecedented attack prevention for smaller deployments. Even while under attack, Intrusion Prevention Systems are extremely low-latency network infrastructure ensuring switch-like network performance.

The IPS is an active network defense component that uses the Threat Suppression Engine (TSE) to detect and respond to attacks. Intrusion Prevention Systems are optimized to provide high-resiliency, high-availability security for remote branch offices, small-to-medium and large enterprises, and collocation facilities. Each system can protect network segments from both external and internal attacks.

X Family devices provide the following Ethernet interfaces and traffic performance:

Table 2 - 1: X Family System Performance

Model

Ethernet

Concurrent

IPS

Firewall

Triple DES

interfaces

sessions

Performance

Performance

 

 

 

 

 

 

 

 

 

 

 

 

 

 

X5, 25-user license

6 x 10/100

20,000

18 Mbps

50 Mbps

40 Mbps

 

 

 

 

 

 

X5, unlimited-user license

6 x 10/100

60,000

18 Mbps

50 Mbps

40 Mbps

 

 

 

 

 

 

X506

6 x 10/100

128,000

50 Mbps

100 Mbps

95 Mbps

 

 

 

 

 

 

Threat Suppression Engine

The Threat Suppression Engine (TSE) is a highly specialized, hardware-based intrusion prevention platform. The TSE is a high-performance software engine that contains all the functions needed for Intrusion Prevention, including IP defragmentation, TCP flow reassembly, statistical analysis, traffic shaping, flow blocking, flow state tracking, and application-layer parsing of over 170 network protocols.

The TSE reconstructs and inspects flow payloads by parsing the traffic at the application layer. As each new packet of the traffic flow arrives, the engine reevaluates the traffic for malicious content. The instant the engine detects malicious traffic, it blocks all current and all subsequent packets pertaining to the traffic flow. The block of the traffic and packets ensures that the attack never reaches its destination.

The highly specialized traffic classification engines enable the IPS to filter with extreme accuracy.

20

X Family Hardware Installation Guide V 2.5.1