1. IBM Security Network IPS models, End of Support Dates and Replacement options1

2. Proventia Network IPS GX appliances (subsequently referred to as V1)
Block threats before they impact your network
Reclaim network capacity lost to threats or noise (non-essential traffic: Skype, peer-to-peer, etc.)
Security platform drives convergence
Solutions that scale for every network
Flexible configurations
Active Blocking (IPS), Passive Alerting (IDS),
Simulated Blocking
Network
Remote Segments
Perimeter
Core
Here you can see the wide array of network IPS appliances we carry. We recommend the varying speeds to suit different areas of your network, whether remote segments, the perimeter or the core.
Regardless of capacity, all our network IPS appliances include the PAM technology for deep packet inspection and content analysis, virtual patch capability, application security and network policy enforcement.
Model
GX3002
GX4002
GX4004
GX5008
GX5108
GX5208
GX6116
Throughput
10 Mbps
200 Mbps
200 Mbps
400 Mbps
1.2 Gbps
2 Gbps
15 Gbps
Inspected Throughput
10 Mbps
200 Mbps
200 Mbps
400 Mbps
1.2 Gbps
2 Gbps
8 Gbps
Protected Segments 1 1 2 4 4 4 8

3. IBM Security Network IPS GX-V2 appliances
GX7800 and GX7412
GX4
Block threats before they impact your organization
Uncompromising security backed by X-Force®
Inspected throughput from 200 Mbps to 20Gbps+
Protection for up to 8 network segments
Scale from remote offices to the network core
GX5
GX-V2 series of appliances launched Q1 2010
Hardware improvements include:
Doubled the Performance compared to V1
64 bit processor
Increased memory
Improved motherboard for faster BUS speed
IBM Security Network IPS Models
Remote
Perimeter
Core
Model GX
GX4004
GX5008
GX5108
GX5208
GX7412-5 GX
GX7412
GX7800
Inspected Throughput
200 Mbps
800 Mbps
1.5 Gbps
2.5 Gbps
4 Gbps
5 Gbps
10 Gbps
15 Gbps
20 Gbps+
Protected Segments 2 4 8
NEW
NEW
NEW
NEW
No End of Support dates yet for any V2 models 3

4. IBM IPS Proventia GX (Version 1) – GX Replacement models
Model Names
Protected Segments
Chassis Color
Inspection Rate
Bypass
End of Support
Replacement (differences)
GX3002 1
Blue
10 Mbps
Built-in
Oct 12, 2015
GX4004C-V2-200 (200 Mbps, 2 Segments)
GX4002
200 Mbps
Jan 26, 2015
GX4004 2
GX4004C-V2-200
GX5008 4
400 Mbps
External
Mar 2, 2105
GX4004C-V2 (800 Mbps, 2 Segments, Internal Bypass, Copper only)
GX5008SFP-V2 (1.5 Gbps)
GX5108
1.2 Gbps
Mar 2, 2015
GX5208
2.0 Gbps
GX5108SFP-V2 (2.5 Gbps)
GX7412SFP-5 (5 Gbps, 8 Segments, Gig or 1 Gig and 6-1 Gig)
GX6116 8
8 Gbps
Sept 30, 2105
GX7412SFP-10 (10 Gbps, 8 Segments, Gig or 1 Gig and 6-1 Gig)
All IBM Security IPS appliances are supported for 5 years after the end of sale.
As of Sept 2013, the IBM Security GX-V2 IPS’s have no scheduled EOS dates.
(All IBM Security IPS GX-V2 appliances have BLACK chassis)

5. IBM IPS Proventia GX (Version 1) – XGS Replacement models
Model Names
Protected Segments
Chassis Color
Inspection Rate
Bypass
End of Support
Replacement (differences)
GX3002 1
Blue
10 Mbps
Built-in
Oct 12, 2015
XGS due early Q4
3100 supports 250 or 500Meg, 2 segments Copper w/ bypass, no SSL card, no Modular Interface Bays
GX4002
200 Mbps
Jan 26, 2015
3100 supports 250 or 500Meg, 2 segments Copper only with bypass, no SSL card, no Modular Interface Bays
GX4004 2
GX5008 4
400 Mbps
External
Mar 2, 2105 or
XGS due early Q4
4100 supports 500 Meg or 1 Gig, 2 segments Copper w/ bypass , with SSL card and one Modular Interface Bay
GX5108
1.2 Gbps
Mar 2, 2015
XGS now shipping !!!
5100 supports 2, 3.5 or 4 Gig, 2 segments Copper w/ bypass , with SSL card and two Modular Interface Bay
GX5208
2.0 Gbps
GX6116 8
8 Gbps
Sept 30, 2105
XGS 7100 due mid ~ 20 Gig/sec
All IBM Security IPS appliances are supported for 5 years after the end of sale.
As of Sept 2013, the IBM Security GX-V2 IPS’s have no scheduled EOS dates.
(All IBM Security IPS GX-V2 appliances have BLACK chassis)

6. XGS 5100 now Shipping !!! Modular Appliance Hardware Platform *NEW
New 1U appliance form factor
Pluggable network interface modules (2 Modular Bays)
Three Performance Levels
Up to 5.0 Gig/Sec, including 10 Gig/Sec Interfaces
2 Modular Bays
SSL Inspection *NEW
This slide is used to explain the basic concept of NextGen.
Key Points.
In today’s security products, the definition of “who” is limited to network constructs like ip addresses, vlans, and similar network objects. This does not work anymore.
A nextgen product must give the net-admin the ability to define “who” using geo, identity, reputation, along with network objects.
In today’s security products, the definition of “what” is limited to using IANA port definitions.constructs. This does not work anymore.
In the web space, port is massively overloaded, with every application using the same 2 ports.
In the non-web space, common p2p applications are using techniques to intentionally evade simple port detection.
A nextgen product must be able to determine application based on what is really happening.
If you don’t know the real who or the real what, you cannot manage it.
Finally, when you know the real who and the real what, this must be combined with the ability to provide rich visibility and layered protection.
See above for sample rules that are possible with nextgen.
Provides visibility into attacks over encrypted channels
Transparent Man-In-The-Middle implementation
Hardware accelerated via on-board Cavium card 6

7. XGS 5100 Modular Network Interfaces
Two modules with seven different options each
allow the XGS 5100 to meet current and future connectivity needs
8-port RJ-45 copper
w/ built-bypass
2-port 10GbE (LR)
w/ built-bypass
4-port Fixed fiber (SX)
w/ built-bypass
4-port SFP
(requires transceivers)
4-port Fixed fiber (LX)
w/ built-bypass
2-port 10GbE SFP+
(requires transceivers)
2-port 10GbE (SR)
w/ built-bypass

8. Pricing Flexibility of the new XGS
1) The Base model includes 4 Ethernet ports (2 IPS Segments) with fail-open bypass.
2) Add any additional optional Interface Modules , up to 2
2) Add any Options, up to 2 Performance Upgrades, SSL Inspection, IP Reputation, and App Control
4) If SFP Interfaces are ordered, then SFP Transceivers Kits need to ordered (not included)

9. XGS 4100 Not Public -- NDA required
Modular Appliance Hardware Platform
1 Modular Bay
New 1U appliance form factor
Pluggable network interface modules (1 Modular Bay)
Two Performance Levels
500 Meg/sec or 1 Gig/Sec Protection, including optional 10 Gig/Sec Interfaces
SSL Inspection *NEW
This slide is used to explain the basic concept of NextGen.
Key Points.
In today’s security products, the definition of “who” is limited to network constructs like ip addresses, vlans, and similar network objects. This does not work anymore.
A nextgen product must give the net-admin the ability to define “who” using geo, identity, reputation, along with network objects.
In today’s security products, the definition of “what” is limited to using IANA port definitions.constructs. This does not work anymore.
In the web space, port is massively overloaded, with every application using the same 2 ports.
In the non-web space, common p2p applications are using techniques to intentionally evade simple port detection.
A nextgen product must be able to determine application based on what is really happening.
If you don’t know the real who or the real what, you cannot manage it.
Finally, when you know the real who and the real what, this must be combined with the ability to provide rich visibility and layered protection.
See above for sample rules that are possible with nextgen.
Provides visibility into attacks over encrypted channels
Transparent Man-In-The-Middle implementation
Hardware accelerated via on-board Cavium card 9

10. XGS 3100 Not Public -- NDA required
Modular Appliance Hardware Platform *coming soon
No Modular Bays
New 1U appliance form factor
Two Performance Levels
250 Meg/Sec or 500 Meg/Sec Copper Ethernet only, built in bypass
0 Modular Interface bays
No SSL Accelerator card
This slide is used to explain the basic concept of NextGen.
Key Points.
In today’s security products, the definition of “who” is limited to network constructs like ip addresses, vlans, and similar network objects. This does not work anymore.
A nextgen product must give the net-admin the ability to define “who” using geo, identity, reputation, along with network objects.
In today’s security products, the definition of “what” is limited to using IANA port definitions.constructs. This does not work anymore.
In the web space, port is massively overloaded, with every application using the same 2 ports.
In the non-web space, common p2p applications are using techniques to intentionally evade simple port detection.
A nextgen product must be able to determine application based on what is really happening.
If you don’t know the real who or the real what, you cannot manage it.
Finally, when you know the real who and the real what, this must be combined with the ability to provide rich visibility and layered protection.
See above for sample rules that are possible with nextgen. 10

11. The XGS offers next-generation solutions to address today’s security headaches
Network IPS
(GX Series)
Network Protection
(XGS Series)
Advanced Threat Protection
Protocol-based intrusion protection 
Web application protection
Virtual Patch
Network Visibility & Control
SSL visibility -
Granular visibility/control of over 20B URLs
Granular visibility/control of over 2,100 application actions
IP reputation
Seamless Deployment & Integration
SiteProtector central management
Advanced QRadar integration
(GX4 and GX5 only)
10GB network interfaces
(GX7 only)
On-Appliance network bypass
(GX4 only)
Pluggable/swappable network interfaces
Flexible performance licensing

12. GX To Comparison