Chapter 2: Overview

20 X Family Hardware Installation Guide V 2.5.1

IPS

X Family devices use the IPS to protect your network by scanning, detecting, and responding to

network traffic according to the filters, action sets, and global settings maintained on each device by a

client. Each device provides intrusion prevention for your network according to the amount of network

connections and hardware capabilities.

The IPS is designed to handle the extremely high security demands of carriers and high-density data

centers. This functionality has been scaled down into the X Family, providing unprecedented attack

prevention for smaller deployments. Even while under attack, Intrusion Prevention Systems are

extremely low-latency network infrastructure ensuring switch-like network performance.

The IPS is an active network defense component that uses the Threat Suppression Engine (TSE) to

detect and respond to attacks. Intrusion Prevention Systems are optimized to provide high-resiliency,

high-availability security for remote branch offices, small-to-medium and large enterprises, and

collocation facilities. Each system can protect network segments from both external and internal

attacks.

X Family devices provide the following Ethernet interfaces and traffic performance:

Threat Suppression Engine

The Threat Suppression Engine (TSE) is a highly specialized, hardware-based intrusion prevention

platform. The TSE is a high-performance software engine that contains all the functions needed for

Intrusion Prevention, including IP defragmentation, TCP flow reassembly, statistical analysis, traffic

shaping, flow blocking, flow state tracking, and application-layer parsing of over 170 network

protocols.

The TSE reconstructs and inspects flow payloads by parsing the traffic at the application layer. As each

new packet of the traffic flow arrives, the engine reevaluates the traffic for malicious content. The

instant the engine detects malicious traffic, it blocks all current and all subsequent packets pertaining

to the traffic flow. The block of the traffic and packets ensures that the attack never reaches its

destination.

The highly specialized traffic classification engines enable the IPS to filter with extreme accuracy.

Table 2 - 1: X Family System Performance

Model

Ethernet

interfaces

Concurrent

sessions

IPS

Performance

Firewall

Performance

Triple DES

X5, 25-user license 6 x 10/100 20,000 18 Mbps 50 Mbps 40 Mbps

X5, unlimited-user license 6 x 10/100 60,000 18 Mbps 50 Mbps 40 Mbps

X506 6 x 10/100 128,000 50 Mbps 100 Mbps 95 Mbps