3Com device powers up security

3Com last week launched a multifunction security device that combines intrusion detection, firewall, VPN and WAN routing features in one box.

The TippingPoint X505 is the first product jointly developed by 3Com and TippingPoint since 3Com acquired the intrusion-prevention system (IPS) vendor last year. The result is a device that 3Com says can help stop malware, spyware and viruses at the enterprise edge without having to stack multiple router, firewall, VPN and IPS boxes on top of each other.

The device is a single-rack-unit device with four 10/100M bit/sec Ethernet ports, capable of supporting up to 50M bit/sec of IPS, firewall and IPSec VPN throughput, with as many as 1,000 VPN tunnels. Standard routing protocols – RIP Versions 1 and 2 and IP multicast – are supported, as well as network-address translation capabilities.

Advanced security features include URL and content filtering, and support for TippingPoint’s Digital Vaccine service, which regularly updates the device with signatures and definitions for spyware, anti-virus, and other dangerous code and attack methods, allowing users to set up blocking rules for suspicious traffic.

The four ports on the box can be configured in what TippingPoint calls security zones, which can monitor various segments of a network, such as specific virtual LANs (VLAN) and incoming traffic. Users also can use traffic-shaping features on the device to allocate certain amounts of bandwidth to users on specific security zones.

The X505 was tested recently on the network at the East Grand Rapids, Mich., public schools, where it runs as an IPS device, firewall and LAN switch, separating the school’s public wireless LAN from the main network.

“So far, it’s replaced three different devices,” says Jeff Crawford, manager of networking and security for the school district.

Crawford says he’s seen no performance issues with the device, and that managing security policies is easier now because he only has to use one device interface. He says the product brings the advanced security features of TippingPoint together with more affordable 3Com-based network gear.

“TippingPoint was always that piece that you always salivated over, but you could never afford it,” Crawford says. “The thing that’s always been attractive to us about 3Com is that it is affordable for school districts like ours.”

One caveat Crawford sees with the X505 is that he was not able to fine-tune the IPS features to monitor specific sub-segments of his internal network – particularly, the wireless segment, which runs as its own VLAN segment. He says 3Com is working with him on the issue.

The 3Com TippingPoint X505 is scheduled to be available next month starting at $4,000.