3com X506 Unified Security Platform US 3CRX506-96-US Data Sheet

3COM

®

X5 AND X506 UNIFIED SECURITY PLATFORMS

The 3Com X5 and X506 platforms perform the necessary prioritization for real-time applications such as IP
telephony and video conferencing with an innovative tunneling approach that secures the traffic in both
directions inside and outside VPN tunnels. 

Organizations can use this capability to deliver next-generation services such as distance learning and multi-
media conferencing across the network using IP multicast in conjunction with VPN—two technologies which
up until now have been mutually exclusive. Prioritized traffic shaping within a VPN tunnel can provide cost
savings on long distance phone calls and leverages centralized business applications.

Support for Protocol Independent Multicast - Dense Mode (PIM-DM) routing between sites over an IPSec VPN
enables next generation applications such as distance-based learning and real-time training and conferencing
to be realized.

The platforms enforce usage policies by blocking or rate limiting applications such as instant messaging
(IM) and peer-to-peer file sharing that are not essential to business and can waste bandwidth.

3Com offers an optional integrated Web content filter subscription service that limits employee access to
objectionable or unacceptable websites that could lower productivity or cause legal problems. This protection
is kept current because content is filtered through a continually updated database.

The flexible architecture of the 3Com X5 and X506 Unified Security Platforms allows the creation of multiple
security zones—wired/wireless and student/teacher LANs and DMZs, for example—for greater IPS and fire-
wall control of resources and networks. Traffic between these security zones can then be fully inspected and
prioritized using stateful packet inspection for access control and IPS for security control.

3Com X5 and X506 platforms are equipped with a stateful packet inspection firewall which provides access
control and also recognizes prioritized packet flows and helps maintain QoS. This firewall function replaces
router- or switch-based access control lists that can lower performance in those devices.

In situations where there are multiple X5, X506 and other 3Com TippingPoint-based devices, the optional
3Com TippingPoint Security Management System (SMS) offers comprehensive management capabilities.

Delivered as a rack-mount appliance, SMS enables administrators to monitor, configure, diagnose and create
reports for TippingPoint installations. With SMS, administrators can create IPS and firewall profiles, implement
VPNs, manage bandwidth, set content filters and perform other tasks from a central location. SMS comes with
factory-installed software for simple installation, and is the only management system that provides high-avail-
ability HA/failover capabilities.

Often the most dangerous security threats emanate from within the corporate network. These threats may
include worms from traveling laptops and visitor/guest PCs, or installation of unapproved applications such
as peer-to-peer file sharing that can carry spyware.

X5 and X506 devices configured with SMS can automatically remove an infected PC from the network, or
“move” the PC into quarantine VLAN where it can be safely repaired before being allowed back on the net-
work. Quarantine protection will isolate infected devices from the network without the need for PC software
agents, and transparently redirect web requests so users know they are infected or running applications
which do not conform to corporate policies. 

3