HP TippingPoint, TippingPoint 110, TippingPoint 10, TippingPoint 330 Hardware Installation And Safety Manual

HP TippingPoint
TippingPoint 10/110/330 Hardware Installation

and Safety Guide

Abstract

This document describes safety guidelines and procedures for hardware installation for the TippingPoint 10,
TippingPoint 110, and TippingPoint 330.

*5998-2868*

5998-2868

Part number: 5998-2868
Edition: October 2013

Legal and notice information

© Copyright 2010-2013 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of
merchantability and fitness for a particular purpose. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential
damages in connection with the furnishing, performance, or use of this material.

This document contains proprietary information, which is protected by copyright. No part of this document may be photocopied, reproduced, or
translated into another language without the prior written consent of Hewlett-Packard. The information is provided “as is” without warranty of any
kind and is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements
accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for
technical or editorial errors or omissions contained herein.

TippingPoint® , the TippingPoint logo, and Digital Vaccine® are registered trademarks of Hewlett-Packard. All other company and product names
may be trademarks of their respective holders. All rights reserved. This document contains confidential information, trade secrets or both, which are
the property of Hewlett-Packard No part of this documentation may be reproduced in any form or by any means or used to make any derivative
work (such as translation, transformation, or adaptation) without written permission from Hewlett-Packard or one of its subsidiaries.

Adobe® and Acrobat® are trademarks of Adobe Systems Incorporated.

Intel and Itanium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

Microsoft, Windows, Windows NT, and Windows XP are U.S. registered trademarks of Microsoft Corporation.

Oracle® is a registered U.S. trademark of Oracle Corporation, Redwood City, California.

UNIX® is a registered trademark of The Open Group.

Printed in the US.

TippingPoint 10/110/330 Hardware Installation and Safety Guide

Table of Contents

About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Target Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Typefaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Document Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Product Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Customer Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Contact Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

1 System Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

TippingPoint Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Security Management System (SMS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

SMS Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

SMS Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Intrusion Prevention System Devices (IPS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

IPS Local Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Core Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

High Availability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Threat Suppression Engine. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Threat Management Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

2 TippingPoint Hardware Safety and Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Safety and Compliance Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Safety Guidelines and Warnings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Cautions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Warnings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Rack and Clearance Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Ventilation and Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Environmental Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Reliable Earthing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

ESD Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Hot Swapping Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Unpack the Product . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

3 TippingPoint 10 Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Chassis Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

LEDs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Technical Specifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Hardware Specifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Software Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Hardware Installation and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Install the Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Connect cables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Connect the Power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

USB Update and Restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

4 TippingPoint 110/330 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Chassis Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

TippingPoint 10/110/330 Hardware Installation and Safety Guide 3

LEDs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Technical Specifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Hardware Specifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Software Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Hardware Installation and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Install the Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Connect cables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Connect the Power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

USB Update and Restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

A Connector and Pinout Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

RJ-45 (COM) Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

RJ-45 Ethernet Connectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

<Manual Title> <Manual Subtitle> <manual type> 4

About This Guide

Explains intended audience, where related information is located, and how to obtain
customer support.

Overview

Welcome to the HP TippingPoint N-Platform Hardware Installation and Safety Guide.

This section includes the following items:

• ”Target Audience” on page 5

• ”Conventions” on page 5

• ”Product Documentation” on page 7

• ”Customer Support” on page 7

Target Audience

The intended audience includes technicians and maintenance personnel responsible for installing,
configuring, and maintaining TippingPoint security systems and associated devices. Users should be
familiar with networking concepts and the following standards and protocols:

• TCP/IP

• UDP

• ICMP

• Ethernet

• Simple Network Time Protocol (SNTP)

• Simple Mail Transport Protocol (SNMP)

• Simple Network management Protocol (SNMP)

Conventions

This guide uses the following document conventions.

• Typefaces, page 5

• Document Messages, page 6

Typefaces

TippingPoint publications use the following typographic conventions for structuring information:

TippingPoint 10/110/330 Hardware Installation and Safety Guide 5

Table 1 Document Typographic conventions

Convention Element

Medium blue text: Figure 1

Medium blue, underlined text

(http://www.hp.com)

Bold font • Key names

Italics font Text emphasis, important terms, variables, and publication titles.

Monospace font • File and directory names

Monospace, italic font • Code variables

Monospace, bold font Emphasis of file and directory names, system output, code, and text

Document Messages

Document messages are special text that is emphasized by font, format, and icons. This <manual type>
contains the following types of messages:

Cross-reference links and e-mail addresses

Web site addresses

• Text typed into a GUI element, such as into a box

• GUI elements that are clicked or selected, such as menu and list

items, buttons, and check boxes. Example: Click

• System output

• Code

• Text typed at the command-line

• Command-line variables

typed at the command line

OK to accept.

• Warning

• Caution

• Note

• Tip

WARNING! Warning notes alert you to potential danger of bodily harm or other potential harmful

consequences.

CAUTION: Caution notes provide information to help minimize risk, for example, when a failure to follow

directions could result in damage to equipment or loss of data.

NOTE: Notes provide additional information to explain a concept or complete a task. Notes of specific

importance in clarifying information or instructions are denoted as such.

IMPORTANT: Another type of note that provides clarifying information or specific instructions.

TIP: Tips provide helpful hints and shortcuts, such as suggestions about how you can perform a task more

easily or more efficiently.

6

Product Documentation

TippingPoint Systems have a full set of documentation. For the most current documentation, check the Threat
Management Center (TMC) Web site at https://tmc.tippingpoint.com

Customer Support

TippingPoint is committed to providing quality customer support to all of its customers. Each customer is
provided with a customized support agreement that provides detailed customer and support contact
information.

For the most efficient resolution of your problem, take a moment to gather some basic information from your
records and from your system before contacting customer support, including your customer number.

Information Location

Your customer number You can find this number on your Customer Support

Your device serial number You can find this information on the bottom of the server

.

Agreement and on the shipping invoice that came with your
TippingPoint system.

chassis. Also, from the TippingPoint CLI, you can run the

show version

command.

Your device version number From the TippingPoint CLI, you can run the show version

Contact Information

For additional information or assistance, contact the HP TippingPoint Technical Assistance Center (TAC):

Telephone

North America: +1 866 681 8324
International: +1 512 681 8324

For a list of international toll-free contact numbers, consult the following web page:

https://tmc.tippingpoint.com/TMC/Content/support/Support_Contacts

Online Support Request

1. Log on to the TippingPoint Threat Management Center (TMC) with your HP Passport credentials.

NOTE: If you don’t have HP Passport (HPP) credentials, access the TMC and on the Login page, select the

New User Registration option to register for login credentials. If you are an existing registered TMC user

and you have not updated your TMC account to an HPP account, you must log on using your email
address registered on the TMC and reset your password. To reset your password, access the TMC and on
the Login page, select Forgot Password and set a new password.

command.

2. In the menu bar click Support > Support Request.

3. Complete the information required in the Support Request form and submit the form.

E-mail

tippingpoint.support@hp.com

TippingPoint 10/110/330 Hardware Installation and Safety Guide 7

8

1System Overview

The TippingPointTM system is a high-speed, comprehensive security system that includes the Intrusion
Prevention System (IPS),
System Appliance

TM

TM

Local Security Manager (LSM), Digital Vaccine™, the Security Management

, and the Core Controller.

Overview

Enterprise security schemes once consisted of a conglomeration of disparate, static devices from multiple
vendors. Today, TippingPoint’s security system provides the advantages of a single, integrated, highly
adaptive security system that includes powerful hardware and an intuitive management interface.

This section includes the following topics:

• ”TippingPoint Architecture” on page 1

• ”Security Management System (SMS)” on page 2

• ”Intrusion Prevention System Devices (IPS)” on page 3

• ”Core Controller” on page 4

• ”High Availability” on page 4

• ”Threat Suppression Engine” on page 5

• ”Threat Management Center” on page 5

TippingPoint Architecture

The TippingPoint System uses a flexible architecture that consists of a Java-based SMS Client, SMS
Management Server, IPS device(s), and Local Clients including the Local Security Manager (LSM) and
Command Line Interface (CLI). The system may also include the Core Controller, a hardware appliance that
balances traffic loads for one or more IPSes. The following diagram provides an overview of the
architecture:

Figure 1-1 TippingPoint Architecture

TippingPoint 10/110/330 Hardware Installation and Safety Guide 1

Security Management System (SMS)

The SMS core components include:

• SMS Secure Server —hardware appliance for managing multiple devices

• SMS Home Page — web-based interface with links to current Client software, documentation, and the

Threat Management Center

• SMS Management Client — Java-based application for Windows or Linux workstations used to manage

your TippingPoint system

• Graphical User Interface (GUI)

• Dashboard

• Command Line Interface (CLI)

The SMS communicates with managed devices that are installed in your network.

The SMS architecture also includes the following components:

• Threat Management Center (TMC) — Centralized service center that monitors global threats and

distributes up-to-date attack filter packages, software updates, and product documentation.

• Digital Vaccine (DV) — Update service that includes up-to-date filter packages for protecting your

network

• Managed Devices — TippingPoint IPS or Core Controller devices that are installed in your network

SMS Server

The SMS Server is an enterprise-class management platform that provides centralized administration,
configuration, monitoring and reporting for well over a hundred TippingPoint IPS devices. The SMS
provides the following functionality:

• Enterprise-wide device status and behavior monitoring — Stores logs and device status

• IPS networking and configuration — Stores device information and configures devices

• Filter customization — Stores filter customizations in profiles as maintained by the SMS client.

• Filter and software distribution — Monitors and maintains the distribution and import of filters,

SMS Client

The TippingPoint Security Management System (SMS) client provides services and functions to monitor,
manage, and configure the entire TippingPoint system. This client is a Java-based application installed and
accessed on a computer running the appropriate operating system. Each user receives a specific user level
with enhanced security measures to protect access and configuration of the system.

information, manages updates, and monitors filter, device, software, and network status.

according to the settings that are modified, imported, or distributed by clients. These settings affect the
flow and detection of traffic according to device, segment, or segment group.

These settings are distributed and imported to devices, which can be reviewed and modified by local
clients. If a device is managed by the SMS Server, the local clients cannot modify settings.

Digital Vaccine packages, and software for the TippingPoint Operating System and SMS Client. The
SMS client and Central Management Server can distribute these packages according to segment group
settings. The Central Management Server maintains a link to the Threat Management Center (TMC) for
downloading and installing package updates.

You can monitor the entire TippingPoint system through the SMS client on a computer with the following
requirements:

• One of the following operating systems:

• Windows 98, 2nd edition

• Windows NT, Service Pack 5 or later

• Windows 2000, Service Pack 3 or later

•Windows XP

•Windows 7

2 System Overview

• Apple

•Red Hat Linux

• One of the following browsers:

• Microsoft Internet Explorer, version 6.0 or higher

•Firefox

• Safari

The SMS features a policy-based operational model for scalable and uniform enterprise management. It
enables behavior and performance analysis with trending reports, correlation and real-time graphs ­including reports on all, specific, and top attacks and their sources and destinations as well as all, specific,
and top peers and filters for misuse and abuse (peer-to-peer piracy) attacks. You can create, save, and
schedule reports using report templates. All reports are run against system and audit logs stored for each
device managed by the system. These logs detail triggered filters. You can modify, update, and control
distribution of these filters according to segment groups for refined intrusion prevention.

The SMS dashboard provides at-a-glance monitors, with launch capabilities into the targeted management
applications that provide global command and control of TippingPoint. It displays the entries for the top 5
filters triggered over the past hour in various categories, a graph of triggered filters over the past 24 hours,
the health status of devices, and update versions for software of the system. Through the Dashboard, you
gain an overview of the current performance of your system, including notifications of updates and
possible issues with devices monitored by the SMS.

Intrusion Prevention System Devices (IPS)

Intrusion Prevention System (IPS) devices protect your network with the Threat Suppression Engine (TSE) by
scanning, detecting, and responding to network traffic according to the filters, action sets, and global
settings maintained on each device by a client.

Each device provides intrusion prevention for your network according to the number of network
connections and hardware capabilities. IPS devices also have built-in intrinsic high-availability features,
guaranteeing that the network keeps running in the event of system failure.

TippingPoint Intrusion Prevention Systems are optimized to provide high resiliency, high availability security
for remote branch offices, small-to-medium and large enterprises and collocation facilities. Each
TippingPoint can protect network segments from both external and internal attacks.

Multiple TippingPoint devices can be deployed to extend this unsurpassed protection to hundreds of
enterprise zones. You can monitor and manage the devices by using the local client available on each
device, or by using the SMS client to monitor and manage well over a hundred devices. The TippingPoint
660N/1400N/2500N/5100N support IPv6, tunneling (including GRE and multi-layer tunnels), and
inspection bypass rules for trusted traffic.

IPS Local Clients

The TippingPoint System provides various points of interaction, management, and configuration of the
intrusion prevention system. The clients include graphical user interfaces (GUI) and command line
interfaces (CLI). These clients include the following:

• Local Security Manager (LSM) — Web-based GUI for managing one IPS device. The LSM provides

HTTP and HTTPS (secure management) access. This access requires access from a supported web
browser (Internet Explorer, Mozilla Firefox, and Netscape). Using the LSM, you have a graphical
display for reviewing, searching, and modifying settings. The GUI interface also provides reports to
monitor the device traffic, triggered filters, and packet statistics.

• Command Line Interface (CLI) — Command line interface for reviewing and modifying settings on the

device. The CLI is accessible through Telnet and SSH (secure access).

• LCD Panel — Several IPS TippingPoint devices provide an LCD panel to view, configure and modify

some device settings.

TippingPoint 10/110/330 Hardware Installation and Safety Guide 3

Core Controller

The TippingPoint Core Controller is a hardware-based device that enables inspection of up to 20 Gbps of
traffic by sending the traffic to as many as 24 IPS device segments. The CoreController can control traffic
across its three 10GbE network segment pairs and across multiple TippingPoint E-Series IPS devices. IPS
devices are connected by 1GbE uplinks, and each packet that is received on a 10GbE CoreController
interface passes through a load balancer that then determines the IPS connection to use for transmitting the
packet.

The Core Controller provides:

• 10GbE bidirectional traffic inspection and policy enforcement

• High Availability with an optional Smart ZPHA module

• Central management through the SMS

NOTE: The Core Controller can be used with the 2400E and 5000E IPS devices, and with all N-Platform

and NX-Platform devices.

High Availability

TippingPoint devices are designed to guarantee that your network traffic always flows at wire speeds in the
event of internal device failure. The TippingPoint System provides Network High Availability settings for
Intrinsic Network HA (INHA) and Transparent Network HA (TNHA). These options enact manually or
automatically, according to settings you enter using the clients (LSM and SMS) or LCD panel for IPS
devices. Zero-Power High Availability (ZPHA) is available for the IPS as an external modular device, as
optional bypass I/O modules on NX-Platform devices, and for the Core Controller as an optional Smart
ZPHA module.

The IPS uses INHA for individual device deployment and TNHA for devices deployed in redundant
configurations in which one device takes over for another in the event of system failure. With INHA, a
failure puts the device into Layer-2 Fallback mode and permits or blocks traffic on each segment. In TNHA,
multiple IPS devices are synchronized so that when one device experiences a system failure, traffic is routed
to the other device with no interruption in intrusion prevention services.

SMS high availability provides continuous administration through an active-passive SMS system
configuration. A passive SMS is configured, synchronized with the active system, and waits in standby
mode and monitors the health of the active system. If the health or communications check fails, the passive
SMS will be activated.

The ZPHA modular device can be attached to an IPS to route traffic in the event of power loss. Smart ZPHA
modules, which are wired into the device, and bypass I/O modules, which are installed directly into
NX-Platform devices, perform the same function.

Threat Suppression Engine

The Threat Suppression Engine (TSE) is a line-speed hardware engine that contains all the functions
needed for Intrusion Prevention, including IP defragmentation, TCP flow reassembly, statistical analysis,
traffic shaping, flow blocking, flow state tracking and application-layer parsing of over 170 network
protocols.

The TSE reconstructs and inspects flow payloads by parsing the traffic at the application layer. As each
new packet of the traffic flow arrives, the engine re-evaluates the traffic for malicious content. The instant
the engine detects malicious traffic, it blocks all current and all subsequent packets pertaining to the traffic
flow. The blocking of the traffic and packets ensures that the attack never reaches its destination.

The combination of high-speed network processors and custom chips provide the basis for IPS technology.
These highly specialized traffic classification engines enable the IPS to filter with extreme accuracy at
gigabit speeds and microsecond latencies. Unlike software-based systems whose performance is affected

4 System Overview