3Com offers router, VPN, firewall in one box
- 15 November, 2005 07:48
3Com this week is expected to launch a multi-function device for the enterprise edge, combining intrusion detection, firewall, VPN and WAN routing features in one box.
The TippingPoint X505 is the first co-developed product among 3Com and TippingPoint engineers, since 3Com acquired the IPS vendor last year. The result is a device the company says can help businesses stop more malware, spyware and viruses at the enterprise edge without having to stack multiple router, firewall, VPN and IPS boxes on top of each other.
The device is a single-rack-unit device with four 10/100M bit/sec Ethernet ports, capable of supporting up to 50M bit/sec of IPS, firewall, and IPSec VPN throughput, with up to 1,000 VPN tunnels. Standard routing protocols -- RIPv1 and 2 and IP multicast -- are supported, as well as NAT capabilities.
Advanced security features include URL and content filtering, and support for TippingPoint's Digital Vaccine service, which regularly updates the device with signatures and definitions for spyware, anti-virus and other dangerous code and attack methods, allowing users to set up blocking rules for suspicious traffic.
The four ports on the box can be configured in what TippingPoint calls "security zones" which can monitor various segments of the network, such as specific VLANs, incoming traffic or a DMZ. Users can also use traffic-shaping features on the device to allocate certain amounts of bandwidth to users on specific security zones.
The X505 was tested out recently on the network at the East Grand Rapids, Mich. public schools, where it currently runs as as an IPS device, firewall and LAN switch, separating the school's public wireless LAN from the main network.
"So far, it's replaced three different devices," says Jeff Crawford, manager of networking and security for the school district.
Crawford says he's seen no performance issues with the device, and that managing security polices is easier now, since he only has to touch one device interface.
Crawford says the joint 3Com/TippingPoint product is also exciting to him since it brings the advanced security features of TippingPoint together with more affordable 3Com-based network gear.
"TippingPoint was always that piece of hardware that you always salivated over, but you could never afford it," Crawford says. "The thing that's always been attractive to us about 3Com is that it is affordable for school districts like ours."
One "caveat" Crawford sees with the X505 is that he was not able to fine-tune the IPS features to monitor specific sub-segments of his internal network -- particularly, the wireless segment, which runs as its own VLAN segment. He says 3Com is working with him on the issue, however.
The 3Com TippingPoint X505 will be available in December starting at US$4,000.