Check Point 12200 Appliance | Datasheet
CHECK POINT
12200 APPLIANCE
CHECK POINT
12200 APPLIANCE
Datacenter-grade security
appliances
Product Benefits
Delivers everything you need to
secure your network in one appliance
Simplify administration with a single
integrated management console
Ensures data security by securing
remote access and site-to-site
communications
Extensible with Software Blade
Architecture
Product Features
811 SecurityPower™ units
6.2 Gbps production firewall
throughput
INSIGHTS
Today the enterprise gateway is more than a firewall. It is a security device presented
with an ever-increasing number of sophisticated threats. As an enterprise security
gateway it must use multiple technologies to control network access, detect
sophisticated attacks and provide additional security capabilities like data loss
prevention and protection from web-based threats. The proliferation of mobile devices
like smartphones and Tablets and new streaming, social networking and P2P
applications requires a higher connection capacity and new application cont rol
technologies. Finally, the shift towards enterprise private and public cloud services, in
all its variations, changes the company borders and requires enhanced capacity and
additional security solutions.
SOLUTION
The Check Point 12200 Appliance is a datacenter-grade platform ideally suited for
securing advanced internal networks and large networks as a perimeter gateway. Its
multi-core security technology and high port density provide superior price
performance on key investment criteria such as price-per-port and price-per-GB, all in
a one rack unit (1RU) security appliance.
The 12200 Appliance’s flexible modular interface design supports eight onboard 1
Gigabit copper Ethernet ports and with one expansion slot, an additional four or eight
1 Gigabit copper Ethernet ports, two or four 1 Gigabit fiber Ethernet ports or two or
four 10 Gigabit fiber Ethernet ports.
1.28 Gbps production IPS throughput
High port density with up to 16 ports
Optional power supplies and HDD
Lights-Out-Management
With 811 SecurityPower Units, the 12200 Appliance offers superior performance for its
class with real-world firewall throughput of 6.2 Gbps and real-world IPS throughput of
1.28 Gbps.
©2015 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non -confidential content | April 6, 2015
1
Check Point 12200 Appliance | Datasheet
12200
1
2
3
4
5
6
7
8
Network card expansion slot
1
2
3
4
500 GB hard drive (not shown)
Console port
AC power supplies (not shown)
Lights-Out Management port
8x10/100/1000Base-T ports
USB ports for ISO installation
Graphical LCD display
5
6
7
8
ALL-INCLUSIVE SECURITY SOLUTIONS
INTEGRATED SECURITY MANAGEMENT
The Check Point 12200 Appliances offer a complete and
consolidated security solution available in five Next
Generation Security Software Blade packages.
The appliance can either be managed locally with its
available integrated security management or via central
unified management. Using local management, the appliance
can manage itself and one adjacent appliance for high
availability purposes.
Next Generation Firewall (NGFW): identify and control
applications by user and scan content to stop threats.
Next Generation Secure Web Gateway (SWG): enables
secure use of Web 2.0 with real time protection.
Next Generation Data Protection (NGDP): preemptively
protect sensitive information from unintentional loss and
educate users on proper data handling policy in real-time.
Next Generation Threat Prevention (NGTP): prevent
sophisticated cyber-threats with IPS, Application Control,
Antivirus, Anti-Bot, URL Filtering and Email Security.
Next Generation Threat Extraction (NGTX): advanced
next-gen zero-day threat prevention, NGTP with Threat
Emulation and Threat Extraction.
PREVENT UNKNOWN THREATS
Check Point provides complete zero-day threat prevention
and alerts when under attack. Threat Extraction delivers
zero-malware documents in zero seconds. Threat Emulation
inspects files for malicious content in a virtual sandbox.
When Threat Emulation discovers new threats, a signature is
sent to the Check Point ThreatCloud database which
documents and shares information on the newly identified
malware with other Check Point customers — providing
immediate protection against zero-day threats.
INCLUSIVE HIGH PERFORMANCE PACKAGE
Customers with high connection capacity requirements can
purchase the affordable High Performance Package (HPP)
with the Next Generation security package of their choice.
This includes the appliance plus a 2x10Gb SFP+ interface
card, transceivers, the second optional power supply, 500
GB disk drive and 8 GB of memory for high connection
capacity.
A RELIABLE SERVICEABLE PLATFORM
The Check Point 12200 Appliances deliver business
continuity and serviceability through features such as hotswappable redundant power supplies, hard disk drives and
includes an advanced LOM card for out-of-band
management. Combined together, these features ensure a
greater degree of business continuity and serviceability when
these appliances are deployed in the customer’s networks.
REMOTE MANAGEMENT AND MONITORING
A Lights-Out-Management (LOM) card provides out-of-band
remote management to remotely diagnose, start, restart and
manage the appliance from a remote location. Administrators
can also use the LOM web interface to remotely install an OS
image from an ISO file.
GAIA—A UNIFIED SECURE OS
Check Point GAiA™ is the next generation Secure Operating
System for all Check Point appliances, open servers and
virtualized gateways. GAiA secures IPv4 and IPv6 networks
utilizing the Check Point Acceleration & Clustering
technology and it protects the most complex network
environments by supporting dynamic routing protocols like
RIP, OSPF, BGP, PIM (sparse and dense mode) and IGMP.
As a 64-Bit OS, GAiA increases the connection capacity of
select appliances.
GAiA simplifies management with segregation of duties by
enabling role-based administrative access. Furthermore,
GAiA greatly increases operation efficiency by offering
Automatic Software Updates. The intuitive and feature-rich
Web interface allows for instant search of any commands or
properties.
©2015 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non -confidential content | April 6, 2015
2
Check Point 12200 Appliance | Datasheet
SPECIFICATIONS
PERFORMANCE
Production Performance
NETWORK
1
Network Connectivity
811 SecurityPower
IPv4 and IPv6
6.2 Gbps firewall throughput
1024 interfaces or VLANs per system
1.28 Gbps firewall and IPS throughput
4096 interfaces per system (in Virtual System mode)
RFC 3511, 2544, 2647, 1242 PERFORMANCE
(LAB)
802.3ad passive and active link aggregation
Layer 2 (transparent) and Layer 3 (routing) mode
15 Gbps firewall, 1518 byte UDP
High Availability
2.5 Gbps VPN, AES-128
Active/Active - L3 mode
45,000 max IPsec VPN tunnels
Active/Passive - L3 mode
2.5 Gbps IPS, Recommended IPS profile, IMIX traffic blend
Session synchronization for firewall and VPN
1.2/5 million concurrent connections, 64 HTTP response
Session failover for routing change
90,000 connections per second, 64 byte HTTP response
Device failure detection
EXPANSION OPTIONS
Link failure detection
2
Base Configuration
8 x 10/100/1000Base-T RJ45 ports
One network card expansion slot
ClusterXL or VRRP
PHYSICAL
Power Requirements
4 GB memory
AC Input Voltage: 110-240V
1 x 500GB HDD
Frequency: 47-63Hz
One AC power supply
Single Power Supply Rating: 275 W
LOM card
Power Consumption Maximum: 121 W
Slide rails (22" to 32")
Maximum Thermal Output: 412.9 BTU
Network Expansion Slot Options (1 slot)
Dimensions
4 x 10/100/1000Base-T RJ45 ports
Enclosure:1RU
8 x 10/100/1000Base-T RJ45 ports
2 x 1000Base-F SFP ports
4 x 1000Base-F SFP ports
2 x 10GBase-F SFP ports
4 x 10GBase-F SFP ports
Standard: 17.25 x 16.14 x 1.73 in.
Metric: 438 x 410 x 44 mm
Weight: 7.6 kg (16.76 lbs.)
Operating Environmental Conditions
4 x 10/100/1000Base-T Fail-Open NIC
Temperature: 32° to 104°F / 0° to 40°C
4 x 1000Base-F SX or LX Fail-Open NIC
Humidity: 20%-90% (non-condensing)
2 x 10GBase-F SR or LR Fail-Open NIC
Storage Conditions
Max Configuration
Temperature: –4° to 158°F / –20° to 70°C
16 x 10/100/1000Base-T RJ45 ports
Humidity: 5% to 95% @60°C
8 x 10/100/1000Base-T RJ45 + 4 x 1000Base-F SFP ports
Certifications
8 x 10/100/1000Base-T RJ45 + 4 x 10GBase-F SFP+ ports
2 x 500 GB HDD RAID-1
Safety: CB, UL/cUL, CSA, TUV, NOM, CCC, IRAM,
PCT/GoST
12 GB memory
Emissions: FCC, CE, VCCI, C-Tick, CCC, ANATEL, KCC
Two redundant hot-swappable power supplies
Environmental: RoHS
Virtual Systems
Max VSs: 20 (w/4GB), 50 (w/12GB)
1
Check Point's SecurityPower is a new benchmark metric that allows customers
to select security appliances by their capacity to handle real-world network traffic,
multiple security functions and a typical security policy.
2
With GAiA OS and 12 GB memory upgrade
©2015 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non -confidential content | April 6, 2015
3
Check Point 12200 Appliance
|
Datasheet
APPLIANCE PACKAGES
BASE CONFIGURATION
1,2
12200 Next-Gen Firewall (with FW, VPN, ADNC, IA, MOB-5, IPS and APCL) bundled with local
management for up to 2 gateways
CPAP-SG12200-NGFW
12200 Secure Web Gateway (with FW, VPN, ADNC, IA, APCL, AV and URLF) bundled with
local management and SmartEvent for up to 2 gateways
CPAP-SWG12200
12200 Next-Gen Data Protection (with FW, VPN, ADNC, IA, MOB-5, IPS, APCL, and DLP)
bundled with local management for up to 2 gateways
CPAP-SG12200-NGDP
12200 Next-Gen Threat Prevention (with FW, VPN, ADNC, IA, MOB-5, IPS, APCL, URLF, AV,
ABOT and ASPM) bundled with local management for up to 2 gateways
CPAP-SG12200-NGTP
12200 Next-Gen Threat Extraction (with FW, VPN, ADNC, IA, MOB-5, IPS, APCL, URLF, AV,
ABOT, ASPM, TE and TEX) bundled with local management for up to 2 gateways
CPAP-SG12200-NGTX
12200 Next-Gen Firewall with 10 Virtual Systems
CPAP-SG12200-NGFW-VS10
12200 Next-Gen Firewall Bundle, one primary and one HA, with 10 VS
CPAP-SG12200-NGFW-VS10-2
1,2
HIGH PERFORMANCE PACKAGES
12200 Next-Gen Firewall High Performance Package with built-in 8x10/100/1000Base-T
interfaces, 2x10Gb SFP+ interface card, 2xSR transceivers, 8 GB of memory for high
connection capacity, additional 500 GB HDD and additional power supply
CPAP-SG12200-NGFW-HPP
12200 Secure Web Gateway High Performance Package with built-in 8x10/100/1000Base-T
interfaces, 2x10Gb SFP+ interface card, 2xSR transceivers, 8 GB of memory for high
connection capacity, additional 500 GB HDD and additional power supply.
CPAP-SWG12200-HPP
12200 Next-Gen Data Protection High Performance Package with built-in 8x10/100/1000BaseT interfaces, 2x10Gb SFP+ interface card, 2xSR transceivers, 8 GB of memory for high
connection capacity, additional 500 GB HDD and additional power supply.
CPAP-SG12200-NGDP-HPP
12200 Next-Gen Threat Prevention High Performance Package with built-in
8x10/100/1000Base-T interfaces, 2x10Gb SFP+ interface card, 2xSR transceivers, 8 GB of
memory for high connection capacity, additional 500 GB HDD and additional power supply.
CPAP-SG12200-NGTP-HPP
12200 Next-Gen Threat Extraction High Performance Package with built-in
8x10/100/1000Base-T interfaces, 2x10Gb SFP+ interface card, 2xSR transceivers, 8 GB of
memory for high connection capacity, additional 500 GB HDD and additional power supply.
CPAP-SG12200-NGTX-HPP
12200 Next-Gen Firewall with 10 Virtual Systems and the High Performance Package
CPAP-SG12200-NGFW-VS10HPP
12200 Next-Gen Firewall Bundle, one primary and one HA, with 10 Virtual Systems and the
High Performance Package
CPAP-SG12200-NGFW-VS10HPP-2
1
2
SKUs for 2 and 3 years are available, see the online Product Catalog
DC power SKUs are also available
SOFTWARE BLADE PACKAGES
1
SOFTWARE BLADE PACKAGES
12200 NGFW Software Blade package for 1 year (IPS and APCL)
CPSB-NGFW-12200-1Y
12200 Secure Web Gateway Software Blade package for 1 year (APCL, AV and URLF)
CPSB-SWG-12200-1Y
12200 NGDP Software Blade package for 1 year (IPS, APCL, and DLP)
CPSB-NGDP-12200-1Y
12200 NGTP Software Blade package for 1 year (IPS, APCL, URLF, AV, ABOT and ASPM)
CPSB-NGTP-12200-1Y
12200 NGTX Software Blade package for 1 year (IPS, APCL, URLF, AV, ABOT, ASPM, TE
and TEX)
CPSB-NGTX-12200-1Y
SOFTWARE BLADES
1
Check Point Mobile Access Blade for 200 concurrent connections
CPSB-MOB-200
Data Loss Prevention Blade for 1 year (for 500 to 1,500 users and above, up to 50,000 mails
per hour and max throughput of 1.5 Gbps)
CPSB-DLP-1500-1Y
©2015 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non -confidential content | April 6, 2015
4
Check Point 12200 Appliance
|
Check Point IPS blade for 1 year
CPSB-IPS-M-1Y
Check Point Application Control blade for 1 year
CPSB-APCL-M-1Y
Check Point URL Filtering blade for 1 year
CPSB-URLF-M-1Y
Check Point Antivirus Blade for 1 year
CPSB-AV-M-1Y
Check Point Anti-Spam & Email Security Blade for 1 year
CPSB-ASPM-M-1Y
Check Point Anti-Bot blade for 1 year - for ultra-high-end appliances and pre-defined systems
1
SKUs for 2 and 3 years are available, see the online Product Catalog
CPSB-ABOT-M-1Y
Datasheet
VIRTUAL SYSTEM PACKAGES
50 Virtual Systems package
CPSB-VS-50
50 Virtual Systems package for HA/VSLS
CPSB-VS-50-VSLS
25 Virtual Systems package
CPSB-VS-25
25 Virtual Systems package for HA/VSLS
CPSB-VS-25-VSLS
10 Virtual Systems package
CPSB-VS-10
10 Virtual Systems package for HA/VSLS
CPSB-VS-10-VSLS
ACCESSORIES
INTERFACE CARDS AND TRANSCEIVERS
4 Port 10/100/1000 Base-T RJ45 interface card
CPAC-4-1C
8 Port 10/100/100 Base-T RJ45 interface card
CPAC-8-1C
2 Port 1000Base-F SFP interface card; requires SFP transceivers per port
CPAC-2-1F
4 Port 1000Base-F SFP interface card; requires 1000Base SFP transceivers per port
CPAC-4-1F
SFP transceiver module for 1G fiber ports - long range (1000Base-LX)
CPAC-TR-1LX
SFP transceiver module for 1G fiber ports - short range (1000Base-SX)
CPAC-TR-1SX
SFP transceiver to 1000 Base-T RJ45 (Copper)
CPAC-TR-1T
2 Port 10GBase-F SFP+ interface card; requires 10GBase SFP+ transceivers per port
CPAC-2-10F
4 Port 10GBase-F SFP+ interface card; requires 10GBase SFP+ transceivers per port
CPAC-4-10F
SFP+ transceiver module for 10G fiber ports - long range ( 10GBase-LR)
CPAC-TR-10LR
SFP+ transceiver module for 10G fiber ports - short range ( 10GBase-SR)
CPAC-TR-10SR
BYPASS CARD
2 Port 10GE short-range Fiber Bypass (Fail-Open) interface card (1000Base-SR)
CPAC-2-10FSR-BP
2 Port 10GE long-range Fiber Bypass (Fail-Open) interface card (1000Base-LR)
CPAC-2-10FLR-BP
4 Port 1GE short-range Fiber Bypass (Fail-Open) interface card (1000Base-SX)
CPAC-4-1FSR-BP
4 Port 1GE long-range Fiber Bypass(Fail-Open) interface card (1000Base-LX)
CPAC-4-1FLR-BP
Port 1GE copper Bypass (Fail-Open) interface card (10/100/1000 Base-T)
CPAC-4-1C-BP
SPARES AND MISCELLANEOUS
4 GB RAM memory upgrade for 12200 appliance
CPAC-RAM4GB
Additional/Replacement AC power supply for 12200 Appliance
CPAC-PSU-12200
Additional/replacement 500G Hard Disk Drive for 12200 appliance
CPAC-HDD-500G-12200
Replacement parts kit (including 1 HDD and one power supply) for 12200 appliance
CPAC-SPARES-12200
Slide rails for 4000 and 12000 Appliances (22”-32”)
CPAC-RAIL
Extended slide rails for 4000 and 12000 Appliances (26”-36”)
CPAC-RAIL-EXT
CONTACT US
Worldwide Headquarters | 5 Ha’Solelim Street, Tel Aviv 67897, Israel | Tel: 972-3-753-4555 | Fax: 972-3-624-1100 | Email:
[email protected]
U.S. Headquarters | 959 Skyway Road, Suite 300, San Carlos, CA 94070 | Tel: 800-429-4391; 650-628-2000 | Fax: 650-654-4233 | www.checkpoint.com
©2015 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non -confidential content | April 6, 2015
5