13800 Appliance Datasheet

 

Datasheet: Check Point 13800 Appliance

13800 Blazing fast data center cyber-security

KEY FEATURES

Check Point 13800 Appliance

  3,800 SecurityPower™ Units

n

  Maximum security and performance performance

n

 YOUR CHALLENG CHALLENGE E

  High availability and serviceability serviceability

n

Large data centers have uncompromising needs for performance, uptime and scalability.. High end security gateway solutions must perform network access control scalability within the unique requirements of these environments while supporting the latest networking standards like IPv6. With the increase in sophisticated attacks, additional security layers such as Identity Awareness, IPS, Application Control, URL Filtering,  Antivirus and others are required.

  Lights-Out-Management

n

n

  Optimized for Next Generation security

KEY BENEFITS

  Security of data data center assets

n

  Modular Modular,, serviceable platform platform fits easily into complex networking environments

n

In addition to their vast performance and security needs, data center environments are characterized by rigid requirements for high reliability of its various systems. All of these requirements drive the need for redundant, serviceable and highly available components and systems.

  High availability and redundant redundant components eliminates down time

n

  Centralize control with unified security management and LOM

n

OUR SOLUTION

The 13800 Appliance delivers exceptional Next Generation Firewall performance perform ance in its class and offers unmatched scalability, serviceability and port density. Benefiting from Check Point's advanced SecureXL, CoreXL and ClusterXL technologies, the 13800  Applianc  Appl iance e is capa capable ble of del deliveri ivering ng stun stunning ning perf performa ormance nce in a comp compact act 2 rack rack-uni -unitt physi physical cal

  Ideal for applications applications that require require Next Generation security

n

GATEWAY GA TEWAY SOFTWARE BLADES BLA DES

1

N GF GFW

N GD GD P

N GT GTP

S WG WG

Firewall

n

n

n

n

IPsec VPN

n

n

n

n

n

n

n

*

n

n

n

n

Identity Awareness

n

n

n

n

IPS

n

n

n

*

n

n

n

n

n

*

*

footprint. up to 27.2  Gbps firewall throughput 6.4 Gbpsnetwork of IPS throughput the 13800With Appliance is designed to secure the mostand demanding environment. OVERVIEW

The 13800 Appliance is designed from the ground up for unmatched flexibility for even the most demanding enterprise and data center network environments. The 13800  Appliance has 3 expansion expansion slots supporting supporting a wide wide range of network network options. The standard configuration includes two onboard 1 Gigabit copper ports for Management and Sync and twelve 1 Gigabit Ethernet copper ports. A maximally configured 13800  Appliance provides up to twenty-six 1 Gigabit Gigabit copper ports, up to twelve 1 Gigabit fiber ports or up to twelve 10 Gigabit fiber ports. The 13800 Appliances also have hot-swappable redundant disk drives, fans and power supply units. Lights-OutManagement (LOM) provides remote support and maintenance capabilities. Order the appliance with an AC or DC power option to meet your datacenter requirements.  SecurityPower Benchmark traffic mix and policy.

1

Mobile Access (5 users)

 

 Advanced Networking & Clustering

 Application Control Data Loss Prevention

*

URL Filtering

*

*

 

n

n

 Antivirus

*

*

 

n

n

 Anti-spam

*

*

 

n

*

 Anti-Bot

*

*

 

n

*

 

* Optional ©2014 Check Point Software Technologies Technologies Ltd. All rights reserved. Classification: [Protected] - All rights reserved   1

|

 

Datasheet: Check Point 13800 Appliance

5

 13800

6

8

7

9

10

  1  Graphic LCD display for IP address address and image management   2  8 x 10/100/1000Base-T RJ45 port card   3  4 x 10/100/1000Base-T RJ45 port card   4  Third network card expansion slot   5  Two hot-swappable 500GB RAID-1 hard drives   6  Lights Out Management port 7  Management 10/100/1000Base-T RJ45 port

1

8  Sync 10/100/1000Base-T RJ45 port

2

3

4

  9  Console RJ45 port  10 10   USB port(s) for ISO installation  11 11   Two redundant hot-swappable AC or DC power supplies  12 12   Replaceable fans  13 13   Slide rails rails (not shown)

13 SECURITYPOWER

Until today security appliance selection has been based upon selecting specific performance measurements for each security function, usually under optimal lab testing conditions and using a security policy that has one rule. Today Today customers can select security appliances by their SecurityPower ratings which are based on real-world customer traffic, multiple security functions and a typical security policy policy.. SecurityPower is a benchmark that measures the capability and capacity of an appliance to perform multiple advanced security functions (Software Blades) such as IPS, DLP and  Application real world traffic provides an effective Control metric toinbetter predict theconditions. current andThis future behavior of appliances under security attacks and in day-to-day operations. Customer SecurityPower Unit (SPU) requirements, determined using the Check Point Appliance Selection Tool, Tool, can be matched to the SPU ratings r atings of Check Point Appliances to select the right appliance for their specific requirements.

NEXT GENERATION SECURITY SOLUTIONS

The Check Point 13800 Appliance offers a complete and

12 •

•

•

•

11

Next Generation Firewall (NGFW): identify and control applications by user and scan content to stop threats— with IPS and Application Control. Next Generation Threat Prevention (NGTP): apply multiple layers of protection to prevent sophisticated cyber-threats— cyber-threats— with IPS, Application Control, Antivirus, Anti-Bot, URL Filtering and Email Security Security.. Next Generation Secure Web Gateway (SWG): enables secure use of Web 2.0 with real time multi-layered protection against web-borne malware—with Application Control, URL Filtering, Antivirus and SmartEvent. Next Generation Data Protection (NGDP): preemptively

protect sensitive information from unintentional loss, educate users on proper data handling policies and empower them to remediate incidents in real-time—with IPS, Application Control and DLP. DLP. PREVENT UNKNOWN THREATS WITH THREATCLOUD EMULATION

Check Point Appliances are a key component in the ThreatCloud Ecosystem providing excellent protection from undiscovered exploits, zero-day and targeted attacks. Appliances inspect and send suspicious files to the ThreatCloud Emulation Service which runs them in a virtual sandbox to discover disco ver malicious behavior. Discovered malware is prevented from entering the network. A signature is created and sent to the ThreatCloud which shares information on the newly identified threat to protect other Check Point customers.

consolidated security solution in architecture, a 2U form factor. Based onis the Check Point Software Blade the appliance available in four Software Blade packages and extensible to include additional Software Blades for further security protection. Technologies Ltd. All rights reserved. ©2014 Check Point Software Technologies Classification: [Protected] - All rights reserved   2

|

 

Datasheet: Check Point 13800 Appliance

INTEGRATED SECURITY MANAGEMENT

The appliance can either be managed locally with its available integrated security management or via central unified management. Using local management, the appliance can manage itself and one adjacent appliance for high availability purposes. INCLUSIVE HIGH PERFORMANCE PACKAGE

Customers with high connection capacity requirements can purchase the affordable High Performance Package with the Next Generation security package of their choice. This includes the appliance plus a 4x10Gb SFP+ interface card, transceivers and 64 GB of memory for high connection capacity. capacity.  A RELIABLE SERV SERVICEABLE ICEABLE PLA PLATFORM TFORM

The Check Point 13800 Appliances deliver business continuity and serviceability through features such as hot-swappable redundant power supplies, hard disk drives and fans and includes an advanced LOM card for out-of-band management. Combined together, together, these features ensure a greater degree of business continuity and serviceability when these appliances are deployed in the customer’s networks. REMOTE MANAGEMENT AND MONITORING

 A Lights-Out-Management Lights-Out-Management (LOM) card card provides out-of-band remote management to remotely diagnose, start, restart and manage the appliance from a remote location. Administrators can also use the LOM web interface to remotely install an OS image from an ISO file.

GAIA—A UNIFIED SECURE OS

Check Point GAiA ™ is the next generation Secure Operating System for all Check Point appliances, open servers and virtualized gateways. GAiA combines the best features from IPSO and SecurePlatform into a single unified OS providing greater efficiency and robust performance. By upgrading to GAiA, customers will benefit from improved appliance connection capacity and reduced operating costs. With GAiA customers will gain the ability to leverage the full breadth and power of all Check Point Software Blades. GAiA secures IPv4 and IPv6 networks utilizing the Check Point  Acceleration & Clustering Clustering technology and it protects the most complex network environments by supporting dynamic routing protocols protocol s like RIP, RIP, OSPF, OSPF, BGP, BGP, PIM (sparse (sp arse and dense den se mode) and IGMP. IGMP. As a 64-Bit OS, GAiA increases the connection capacity of select appliances. GAiA simplifies management with segregation of duties by enabling role-based administrative access. Furthermore, GAiA greatly increases operation efficiency by offering  Automatic Software Updates. The intuitive and feature-rich Web interface allows for instant search of any commands or properties. GAiA offers full compatibility with IPSO and SecurePlatform command line interfaces, making it an easy transition for existing Check Point customers.

TECHNICAL SPECIFICA SPECIFIC ATIONS Base Configuration

Production Performance1

2 onboard 10/100/1000Base-T RJ45 ports

3,800 SecurityPower

4 x 10/100/1000Base-T RJ45 interface card (1 of the 3 expansion slots)

27.2 Gbps firewall throughput

8 x 10/100/1000Base-T RJ45 interface card (1 of the 3 expansion slots)

6.4 Gbps firewall and IPS throughput

16 GB memory

RFC 3511, 2544, 2647, 1242 Performance Tests Tests (LAB)

Redundant dual AC or DC hot-swappable power supplies

77 Gbps of firewall throughput, 1518 byte UDP

Redundant dual hot-swappable 500GB HDD RAID1 LOM card

18.3 Gbps of VPN throughput, AES-128

Slide rails (22” to 32”)

7/282 million concurrent connections

Network Expansion Slot Options (3 slots)

190,000 connections per second, 64 byte HTTP response

4 x 10/100/1000Bas 10/100/1000Base-T e-T RJ45 interface card

Network Connectivity 

8 x 10/100/1000Bas 10/100/1000Base-T e-T RJ45 interface card

IPv4 and IPv6

2 x 1000Base-F interface card

1024 interfaces or VLANs per system

4 x 1000Base-F interface card

4096 interfaces per system (in Virtual System mode)

2 x 10GBase-F SFP+ interface card

802.3ad passive and active link aggregation

4 x 10GBase-F SFP+ interface card

Layer 2 (transparent) and Layer 3 (routing) mode

4 x 10/100/1000Bas 10/100/1000Base-T e-T Fail-Open NIC

9.6 Gbps of IPS throughput, Recommended IPS profile, IMIX traffic blend

High Availability 

4 x 1000Base-F SX or LX Fail-Open NIC

 Active/Active - L3 mode

2 x 10GBase-F SR or LR Fail-Open Fail-Ope n NIC

 Active/Passive - L3 L3 mode mode

Max Configuration

Session synchronization for firewall and VPN

Up to 26 x 10/100/1000Base10/100/1000Base-T T RJ45 ports

Session failover for routing change

Up to 12 x 1000Base-F SFP ports

Device failure detection

Up to 12 x 10GBase-F SFP+ ports

Link failure detection

64 GB memory

ClusterXL or VRRP

Technologies Ltd. All rights reserved. ©2014 Check Point Software Technologies Classification: [Protected] - All rights reserved   3

|

 

Datasheet: Check Point 13800 Appliance

 Virtual Systems Systems

Operating Environmental Conditions

Max VSs: 150 (w/16GB), 250 (w/32GB)

Temperature: 32° 32 ° to 104°F / 0° to 40°C

Dimensions

Humidity: 5%-90% (non-condensing)

Enclosure: 2RU

Storage Conditions

Standard (W x D x H): 17.4 x 23.6 x 3.5 in.

Temperature: -40° to 158°F 158 °F,, -40° to 70°C 7 0°C

Metric (W x D x H): 442 x 600 60 0 x 88 mm Weight:: 17.5 kg (38.6 lbs.) Weight

Humidity: 5%-95% (non-condensing) Certifications

Power Requirements

Safety: CB, UL/cUL, CSA, TUV

Input Voltage: 90 - 264VAC (47-63HZ), -36 to -72 -7 2 VDC

Emissions: FCC. CE. VCCI. C-Tick

Inrush Current: 35A/70A@115VAC, 70A@230VAC, 35A@-48VDC Single Power Supply Rating: 600W Power Consumption Maximum: 431W Maximum thermal output: 1,730 BTU

Environmental: RoHS 1

 Maximum R77 production performance based upon the SecurityPower  Maximum benchmark. Real-world traffic. Multiple Software Blades. Typical rule base. NAT and Logging enabled. Check Point recommends 50% SPU utilization to provide room for additional Software Blades and future traffic growth. Find the right appliance for your performance and security requirements requiremen ts using the Appliance Selection Tool.  With GAiA OS and 64GB memory upgrade.

2

SOFTWARE BLADE PACKAGE SPECIFICA SPECIF ICATIONS TIONS Base System1, 2

SKU

13800 Next Generation Firewall Appliance (with FW, VPN, ADNC, IA, MOB-5, IPS and APCL Blades); bundled with local management for up to 2 gateways

CPAP-SG13800-NGFW

13800 Next Generation Data Protection Appliance (with FW, VPN, ADNC, IA, MOB-5, IPS, APCL, and DLP Blades); bundled with local management for up to 2 gateways

CPAP-SG 13800-NGDP

13800 Next Generation Threat Prevention Appliance (with FW, VPN, ADNC, IA, MOB-5, IPS, APCL, URLF, AV,  ABOT and ASPM ASPM Blades); bundled with local management for up to 2 gateways

CPAP-SG 13800-NGTP

13800 Next Generation Secure Web Gateway Appliance (with FW, VPN, ADNC, IA, APCL, AV and URLF Blades); bundled with local management and SmartEvent for up to 2 gateways

CPAP-SWG 13800

High Performance Packages1, 2

SKU

13800 Next Generation Firewall Appliance High Performance Package with 4x10Gb SFP+ interface card, transceivers and extended memory for high connection capacity.

CPAP-SG 13800-NGFW-HPP

13800 Secure Web Gateway Appliance High Performance Package with 4x10Gb SFP+ interface card, transceivers and extended memory for high connection capacity.

CPAP-SWG 13800-HPP

13800 Next Generation Data Protection Appliance High Performance Package with 4x10Gb SFP+ interface card, transceivers and extended memory for high connection capacity.

CPAP-SG 13800-NGDP-HPP

13800 Next Generation Threat Prevention Appliance High Performance Package with 4x10Gb SFP+ interface card, transceivers and extended memory for high connection capacity.

CPAP-SG 13800-NGTP-HPP

Software Blades Packages1

SKU

Next Generation Firewall 13800 Appliance Software Blade package for 1 year

CPSB-NGFW-13800-1Y

(with FW, VPN, ADNC, IA, MOB-5, IPS and APCL Blades) Next Generation Data Protection 13800 Appliance Software Blade package for 1 year (with FW, VPN, ADNC, IA, MOB-5, IPS, APCL, and DLP Blades)

CPSB-NGDP-13800-1Y

Next Generation Threat Prevention 13800 Appliance Software Blade package for 1 year (with FW, VPN, ADNC, IA, IA , MOB-5, IPS, APCL, A PCL, URLF, AV AV, ABOT and ASPM A SPM Blades) Blade s)

CPSB-NGTP-13800-1Y

Next Generation Secure Web Gateway 13800 Appliance Software Blade package for 1 year (with FW, VPN, ADNC, IA, APCL, AV and URLF Blades)

CPSB-SWG-13800-1Y

 Additional Software Software Blades1

SKU

Check Point Mobile Access Blade for unlimited concurrent connections

CPSB-MOB-U

Data Loss Prevention Blade for 1 year (for 1,500 users and above, up to 250,000 mails per hour and max throughput of 2.5 Gbps)

CPSB-DLP-U-1Y

Check Point IPS blade for 1 year

CPSB-IPS-XL-1Y

Check Point Application Control blade for 1 year

CPSB-APCL-XL-1Y

Check Point URL Filtering blade for 1 year

CPSB-URLF-XL-1Y

Check Point Antivirus Blade for 1 year

CPSB-AV-XL-1Y

Check Point Anti-Spam & Email Security Blade for 1 year

CPSB-ASPM-1Y

Check Point Anti-Bot blade for 1 year - for ultra high-end appliances and pre-defined systems

CPSB-ABOT-XL-1Y

1 2

SKUs for 2 and 3 years are available, see the online Product Catalog. DC power SKUs are also available

©2014 Check Point Software Technologies Technologies Ltd. All rights reserved. Classification: [Protected] - All rights reserved   4

|

 

Datasheet: Check Point 13800 Appliance

SKU

 Virtual Systems Systems Packages Packages 50 Virtual Systems package

CPSB-VS-50

50 Virtual Systems package for HA/VSLS

CPSB-VS-50-VSLS

25 Virtual Systems package

CPSB-VS-25

25 Virtual Systems package for HA/VSLS

CPSB-VS-25-VSLS

10 Virtual Systems package 10 Virtual Systems package for HA/VSLS

CPSB-VS-10 CPSB-VS-10-VSLS

 ACCESSORIES  ACCESS ORIES Interface Cards and Transceivers

SKU

4 Port 1000Base-T RJ45 interface card for 13000 and Smart-1 appliances

CPAC-4-1C-L

8 Port 10/100/100 Base-T RJ45 interface card for 13000 and Smart-1 appliances

CPAC-8-1C-L

2 Port 1000Base-F SFP interface card; requires SFP transceivers per port

CPAC-2-1F

4 Port 1000Base-F SFP interface card; requires additional SFP transceivers per port

CPAC-4-1F

SFP transceiver for 1000 Base-T RJ45 (copper)

CPAC-TR-1T

SFP long range transceiver (1000Base-LX)

CPAC-TR-1LX

SFP short range transceiver (1000Base-SX)

CPAC-TR-1SX

2 Port 10GBase-F SFP+ interface card; requires 10GBase SFP+ transceiver per port

CPAC-2-10F

4 Port 10GBase-F SFP+ interface card; requires 10GBase SFP+ transceiver per port SFP+ long range transceiver ( 10GBase-LR)

CPAC-4-10F CPAC-TR-10LR

SFP+ short range transceiver for ( 10GBase-SR)

CPAC-TR-10SR

Bypass Card

SKU

2 Port 10GE short-range Fiber Bypass (Fail-Open) interface card (1000Base-SR)

CPAC-2-10FSR-BP

2 Port 10GE long-range Fiber Bypass (Fail-Open) interface card (1000Base-LR)

CPAC-2-10FLR-BP

4 Port 1GE short-rang short-range e Fiber Bypass (Fail-Ope (Fail-Open) n) interface card (1000Base(1000Base-SX) SX)

CPAC-4-1FSR-BP

4 Port 1GE long-rang long-range e Fiber Bypass(Fai Bypass(Faii-Open) i-Open) interface card (1000Base(1000Base-LX) LX)

CPAC-4-1FLR-BP

4 Port 1GE copper Bypass (Fail-Open) interface card (10/100/1000 Base-T)

CPAC-4-1C-BP

Spares and Miscellaneous

SKU

64 GB RAM memory upgrade for 13000 appliance

CPAC-RAM64GB-13000

Rep epla lac cem emen entt par parts ts ki kitt inc inclu lud din ing g 1 Ha Hard Dis Disk k Dr Driv ive, e, on one e AC AC pow power er sup uppl ply y an and one one f an an for for 130 300 00 App Appli lia anc nce e

CPAC AC--SP SPA ARES ES--13 1300 000 0

Replacement AC power supply for 13000 Appliance

CPAC-PSU-AC-13000

Replacement DC power supply for 13000 Appliance Replacement 500G Hard Disk Drive for 13000 Appliance

CPAC-PSU-DC-13000 CPAC-HDD-500G-13000

Replacement fan for 13000 Appliance

CPAC-FAN-13000

”

CPAC-RAIL-L

”

Slide rails for 13000 Appliances (22 -32  ) ”

”

Extended slide rails for 13000 Appliances (24 -36  )

CONTACT CHECK POINT

Worldwide Headquarters Worldwide 5 Ha’Solelim Street, Tel Tel Aviv 67897, 67897, Israel | Tel: 972-3-753-4555 | Fax: 972-3-624-1100 | Email: [email protected] [email protected] U.S. Headquarters 959 Skyway Road, Suite 300, San Carlos, CA 94070 | 94070  | Tel: 800-429-4391; 650-628-2000 | Fax: 650-654-4233 | www.checkpoint.com

©2014 Check Point Software Technologies Ltd. All rights reserved. November 4, 2014

CPAC-RAIL-EXT-L