Clients / Partners
|
Overview
3Com® Unified Security Platforms deliver
unprecedented threat protection— safeguarding the network from
attacks and misuse, and helping prevent business disruptions,
revenue loss and damage to an organisation's reputation caused by
security breaches.
Built on best-of-breed technology including the award-winning 3Com
TippingPoint™ Intrusion Protection System (IPS) architecture,
Websense content filtering and Commtouch anti-spam, these Unified
Security Platforms combine industry-leading capabilities with
virtual private network (VPN) support, stateful packet inspection
firewall, application bandwidth management and IP multicast routing
for real-time and business critical application support in
multi-site and distributed organisations.
 Standard Feature
 Optional Upgrade
 Feature Required
| TIPPINGPOINT THREAT
SUPPRESSION ENGINE |
X5 (25 user license) |
X5 (Unlimited license) |
X506 (unlimited license) |
| IPS performance |
20 Mbps |
20 Mbps |
60 Mbps |
| Automated Digital Vaccine Attack Filter Update Service |
|
|
|
| Recommended settings for IPS filters |
|
|
|
| Zero-day filters |
|
|
|
| Level 4-7 rate limiting |
|
|
|
| Automatic quarantine |
|
|
|
| 2300+ attack filters |
|
|
|
| VIRTUAL PRIVATE NETWORK |
X5 (25 user license) |
X5 (Unlimited license) |
X506 (unlimited license) |
| VPN performance (168-bit DES) |
40 Mbps |
40 Mbps |
95 Mbps |
| Concurrent VPN client sessions |
50 |
128 |
1,000 |
| Security Associations |
50 |
50 |
512 |
| Keyring modes: Manual key, IKE-PSK, IKE-X509 |
|
|
|
| Encryption: DES, 3DES, AES128, AES192, AES256 |
|
|
|
| VPN client support: native IPSec, L2TP/IPSec, PPTP/MPPE |
|
|
|
| FIREWALL |
X5 (25 user license) |
X5 (Unlimited license) |
X506 (unlimited license) |
| Firewall performance |
70 Mbps |
70 Mbps |
100 Mbps |
| Firewall policies |
50 |
100 |
500 |
| Security Zones |
160 |
16 |
32 |
| Virtual Servers |
25 |
25 |
100 |
| Time-based schedules |
|
|
|
| User authentication |
|
|
|
| CERTIFICATIONS |
X5 (25 user license) |
X5 (Unlimited license) |
X506 (unlimited license) |
| UL 60950-1 |
|
|
|
| IEC 60950-1 |
|
|
|
| EN 60950-1 |
|
|
|
| CAN/CSA-C22.2 No. 60950-1-03 |
|
|
|
| WEB CONTENT FILTERING |
X5 (25 user license) |
X5 (Unlimited license) |
X506 (unlimited license) |
| Annual subscription service |
|
|
|
| URLs filtered |
15+ million |
15+ million |
15+ million |
| Content filter categories |
40 |
40 |
40 |
| Custom URL black/white lists |
|
|
|
| User-based content filtering via LDAP |
|
|
|
| Keyword, wildcard, regular URL matching |
|
|
|
| ANTI-SPAM |
X5 (25 user license) |
X5 (Unlimited license) |
X506 (unlimited license) |
| GlobalView Mail Reputation Service |
|
|
|
| Automated SMTP email Spam rating service |
|
|
|
| Greater than 80% detection rate |
|
|
|
| Industry's lowest false positives |
|
|
|
| NETWORKING |
X5 (25 user license) |
X5 (Unlimited license) |
X506 (unlimited license) |
| Deployment modes: IP transparent, route, NAT |
|
|
|
| IP router interfaces |
6 |
6 |
32 |
| IP address groups |
25 |
25 |
200 |
| Static routes |
100 |
100 |
500 |
| Dynamic routing RIP v1 and 2, OSPF v2 including NSSA |
|
|
|
| OSPF routes |
50,000 |
50,000 |
200,000 |
| PPPoE, L2TP, PPTP IP assignment |
|
|
|
| DHCP client |
|
|
|
| IEEE 802.1Q VLAN support |
|
|
|
| Internal multi-scope DHCP server |
|
|
|
| DHCP relay over VPN |
|
|
|
| GRE tunneling |
|
|
|
| IP multicast routing PIM-DM |
|
|
|
| IGMP v1 and 2 |
|
|
|
| TRAFFIC SHAPING |
X5 (25 user license) |
X5 (Unlimited license) |
X506 (unlimited license) |
| Inbound and outbound rate limiting |
|
|
|
| Policy-based shaping |
|
|
|
| Traffic shaping inside VPN tunnels |
|
|
|
| HIGH AVAILABILITY |
X5 (25 user license) |
X5 (Unlimited license) |
X506 (unlimited license) |
| Dual-box active-standby pair |
|
|
|
| Dual-box automatic configuration synchronization |
|
|
|
| Dual WAN links in active-standby fail-over pair |
|
|
|
| Dual WAN links in active-active load-balancing pair |
|
|
|
| Primary and secondary VPN peers |
|
|
|
| SYSTEM AND ADMINISTRATION |
X5 (25 user license) |
X5 (Unlimited license) |
X506 (unlimited license) |
| Web interface via HTTPS |
|
|
|
| Command line interface via console, telnet, SSH |
|
|
|
| TippingPoint Security Management System (SMS) support |
|
|
|
| RADIUS server and local database authentication |
|
|
|
| DNS support for dynamic IP allocation |
|
|
|
| Configuration snapshot and restore |
|
|
|
| Software upgrade via web interface or SMS |
|
|
|
| Software rollback |
|
|
|
| SNMP v1, 2 and 3; SNMP Enterprise MIB |
|
|
|
| MISCELLANEOUS |
X5 (25 user license) |
X5 (Unlimited license) |
X506 (unlimited license) |
| Concurrent Sessions |
20,000 |
60,000 |
128,000 |
| 6 auto-negotiating 10BASE-T/100BASE--TX configured as
auto MDI/MDIX |
|
|
|
| 1 serial (RJ-45) |
|
|
|
Features
3Com® Unified Security Platforms deliver unprecedented threat protection for organisations
of all sizes with multiple sites, branch offices or numerous teleworkers— helping prevent business disruptions, revenue loss and
damage to an organisation's reputation caused by security breaches.
Built on the award-winning 3Com TippingPoint™ Intrusion Protection
System (IPS) architecture, Websense content filtering and Commtouch
anti-spam filtering, these Unified Security Platforms combine
industry-leading capabilities with virtual private network (VPN),
stateful packet inspection firewall, application bandwidth
management, and IP multicast routing support.
This comprehensive security solution safeguards the network from
attacks and misuse, and delivers policy-based multisite connectivity
for real-time business-critical applications such as Voice over IP
(VoIP). High-availability features help ensure wirespeed traffic
flow even in the event of network, WAN or power failure.
PROACTIVE INTRUSION PREVENTION
-
Based on award-winning TippingPoint Threat
Supression Engine.
-
Packet flow inspection for Layer 2 through Layer 7.
-
Statistical, protocol and application anomaly protection.
-
Quarantine protection.
-
Digital Vaccine Attack Filter Update Service.
-
Recommended settings supplied with IPS filters in Digital
Vaccine.
-
Traffic noramalization.
-
Elimination of ad hoc patching and alert responses.
ADVANCED VPN
- High-performance, low latency IPSec VPN.
- Ability to apply IPS inside VPN tunnels.
APPLICATION PRIORITIZATION AND OPTIMIZATION
- Single, high-performance, resilient platform.
- Policy-based prioritization.
- SIP/H323 application layer gateway and stateful traffic
shaping.
- Traffic shaping inside VPN tunnels.
- Support for PIM-DM multicast routing between sites over
IPSec VPN.
ENFORCE ACCEPTABLE INTERNET USAGE
- Block instant messages (IM), peer-to-peer file sharing and
streaming applications.
- Web content filtering.
- Anti-Spam filtering.
- Layer 4 through Layer 7 rate limiting.
FLEXIBLE SECURITY ZONE CONTAINMENT
- Support for multiple DMZs.
- Flexible security zones and enforcement.
- Inter-LAN firewall and IPS.
- Intrinsic high-availability and stateful network redundancy
modes.
NETWORK TRANSPERANCY
- Seamless deployment; no IP or MAC address and no changes
needed to network configuration.
ENTERPRISE-CLASS HIGH AVAILABILITY
- Dual-box failover.
- Dual-WAN failover.
- Dual-WAN load balancing.
Benefits
Built on best-of-breed technology including
the award-winning 3Com TippingPoint™ Intrusion Protection System
(IPS) architecture, Websense content filtering and Commtouch
anti-spam, these Unified Security Platforms combine industry-leading
capabilities with virtual private network (VPN) support, stateful
packet inspection firewall, application bandwidth management and IP
multicast routing for real-time and business critical application
support in multi-site and distributed organisations.
3Com® Unified Security Platforms provide
many benefits such as:
- Provides peace of mind by preventing business disruption,
loss of revenue and damage to the organisation's reputation
caused by security breaches.
- Continuously cleanses Internet and intranet traffic,
eradicating threats and helping to prevent bandwidth hi-jacking.
- Safeguards against traffic surges, buffer overflows, unknown
attacks and unknown vulnerabilities (zero-day threats).
- Isolates infected devices from the network without the need
for PC software agents; transparently redirects web requests so
users know they are infected or running applications which do
not conform to corporate policies.
- Automatically delivers new security filters that
preemptively protect against new exploits; offers updated
protection and prevention on a weekly (or more frequent) basis.
- Ensures that no “good” traffic is blocked and no “bad”
traffic is permitted; no security expertise or fine-tuning of
settings is required.
- Eliminates malformed or illegal packets and performs TCP
reassembly and IP defragmentation to increase bandwidth and
detect evasions.
- Increases IT productivity and saves management costs;
continuously shields the network from application and
infrastructure exploits while patches are being deployed.
- Allows the Internet to be used as a secure connectivity
mechanism for site-to-site connections and remote user
connectivity.
- Offers complete security protection, ensuring that remote
VPN clients or branch offices cannot be used to propagate
threats into the LAN.
- Reduces the number of devices that need to be managed and
saves management costs; provides greater flexibility by
integrating multiple functions (e.g., IPS in VPN tunnels).
- Ensures QoS for business-critical applications and
latency-sensitive services such as VoIP; makes sure network
traffic adheres to policies set by management; improves users’
productivity.
- Provides ability to identify and prioritize mission-critical
VoIP applications.
- Prioritizes site-to-site voice traffic across VPN tunnels,
saving costs on long-distance phone calls and leveraging
centralized business applications.
- Enables next-generation applications such as distance-based
learning, real-time training and conferencing
- Improves employee productivity and preserves bandwidth by
restricting and access to unauthorized applications.
- Reduces legal liability and security threats related to
offensive or harmful web content; boosts employee productivity
by restricting access to non-business content.
- Reduces legal liability, security threats and the strain on
IT infrastructure related to unsolicited emails containing
offensive content, viruses or phishing attacks; boosts employee
productivity by stopping unwanted email from reaching inboxes.
- Provides the ability to limit the data rate of applications
like IM and streaming video to maximize WAN bandwidth.
- Lets administrators deploy one or more DMZs for greater
security of publicly available resources.
- Enables segmentation of the network into multiple zones,
allowing greater IPS and firewall control between resources or
networks; allows creation of wired/wireless, student/teacher,
and similar networks.
- Allows segmentation and inspection between IEEE 802.1Q VLAN
tagged networks.
- Helps ensure maximum uptime and availability.
- Simplifies installation and saves time; eliminates the risk
of hackers discovering devices on the network.
- Protects against loss of connectivity due to hardware
failure, with automatic configuration synchronization to
simplify administration and remove scope for errors.
- Protects against loss of connectivity due to ISP WAN link
failure.
- Enables increased WAN bandwidth for remote sites with the
added benefit of protection against loss of connectivity due to
ISP WAN Link failure.
|
Copyright 2006 Security Brigade
|
