Datasheet:
Check Point 2200 Appliance
2200
Branch & small office solution
Check Point 2200 Appliance
Today the Internet gateway is more than a firewall. It is a security device presented
with an ever-increasing number of sophisticated threats. As a security gateway it must
use multiple technologies to control network access, detect sophisticated attacks
and provide additional security capabilities like data loss prevention and protection
from web-based threats. The proliferation of mobile devices like smartphones and
Tablets and new streaming, social networking and P2P applications requires a higher
connection capacity and new application control technologies. Finally, the shift
towards enterprise private and public cloud services, in all its variations, changes the
company borders and requires enhanced capacity and additional security solutions.
Check Point’s new appliances combine fast networking technologies with high
performance multi-core capabilities—providing the highest level of security without
compromising on network speeds to keep your data, network and employees secure.
Optimized for the Software Blades Architecture, each appliance is capable of running
any combination of Software Blades—providing the flexibility and the precise level of
security for any business at every network location by consolidating multiple security
technologies into a single integrated solution.
KEY FEATURES
n
114 SecurityPower™
1.4 Gbps production firewall throughput
n 150 Mbps production IPS throughput
n 6 10/100/1000Base-T ports
n Desktop form factor
n
KEY BENEFITS
n
Trusted by 100% of the Fortune 100
All-inclusive security appliance
n Unified management console
n Ensures data security with VPN
n Extensible Software Blade Architecture
n
GATEWAY SOFTWARE BLADES
FW
NGFW
NGDP
NGTP
Firewall
n
n
n
n
IPsec VPN
n
n
n
n
Mobile
Access
(5 users)
n
n
n
n
Advanced
Networking
& Clustering
n
n
n
n
Identity
Awareness
n
n
n
n
OVERVIEW
IPS
*
n
n
n
The Check Point 2200 Appliance is a compact desktop box using multi-core
technology. The 2200 offers six onboard 1 Gigabit copper Ethernet ports for high
network throughput. Despite its small form factor, this powerful appliance provides
a respectable 114 SecurityPower Units, real-world firewall throughput of 1.4 Gbps
and real-world IPS throughput of 150 Mbps, enabling security for small branch
offices, providing an effective and affordable all-in-one security solution.
Application
Control
*
n
n
n
Data Loss
Prevention
*
*
n
*
URL
Filtering
*
*
*
n
Antivirus
*
*
*
n
Anti-spam
*
*
*
n
Anti-Bot
*
*
*
n
Each Check Point Appliance supports the Check Point 3D security vision of combining
policies, people and enforcement for unbeatable protection. To address evolving
security needs, Check Point offers Next Generation Security packages of Software
Blades focused on specific customer requirements. Threat Prevention, Data Protection,
Web Security and Next Generation Firewall technologies are key foundations for a
robust 3D Security blueprint.
* Optional
©2014 Check Point Software Technologies Ltd. All rights reserved.
Classification: [Protected] - All rights reserved 1
|
Datasheet: Check Point 2200 Appliance
2200
1 Rack mount shelf (optional)
2 6 x 10/100/1000Base-T RJ45 ports
3 Two USB ports for ISO installation
4 Console port RJ45
1
SECURITYPOWER™
Until today security appliance selection has been based
upon selecting specific performance measurements for each
security function, usually under optimal lab testing conditions
and using a security policy that has one rule. Today customers
can select security appliances by their SecurityPower™
ratings which are based on real-world customer traffic,
multiple security functions and a typical security policy.
SecurityPower is a new benchmark that measures the
capability and capacity of an appliance to perform multiple
advanced security functions (Software Blades) such as IPS,
DLP and Application Control in real world traffic conditions.
This provides an effective metric to better predict the current
and future behavior of appliances under security attacks
and in day-to-day operations. Customer SecurityPower Unit
(SPU) requirements, determined using the Check Point
Appliance Selection Tool, can be matched to the SPU ratings
of Check Point Appliances to select the right appliance for
their specific requirements.
2
3
4
• Next Generation Data Protection (NGDP): preemptively
protect sensitive information from unintentional loss, educate
users on proper data handling policies and empower them to
remediate incidents in real-time—with IPS, Application
Control and DLP.
• Next Generation Threat Prevention (NGTP): apply multiple
layers of protection to prevent sophisticated cyber-threats—
with IPS, Application Control, Antivirus, Anti-Bot, URL
Filtering and Email Security.
PREVENT UNKNOWN THREATS WITH
THREATCLOUD EMULATION
Check Point Appliances are a key component in the ThreatCloud
Ecosystem providing excellent protection from undiscovered
exploits, zero-day and targeted attacks. Appliances inspect
and send suspicious files to the ThreatCloud Emulation Service
which runs them in a virtual sandbox to discover malicious
behavior. Discovered malware is prevented from entering the
network. A signature is created and sent to the ThreatCloud
which shares information on the newly identified threat to
protect other Check Point customers.
INTEGRATED SECURITY MANAGEMENT
ALL-INCLUSIVE SECURITY SOLUTIONS
The Check Point 2200 Appliance offers a complete and
consolidated security solution in a desktop form factor. Based
on the Check Point Software Blade architecture, this appliance
is available in four Software Blade packages and extensible to
include additional Software Blades for further security protection.
• Firewall (FW): create user-based access control and secure
connections to corporate networks for remote and mobile
users, branch offices and business partners with IPsec VPN.
• Next Generation Firewall (NGFW): identify and control
applications by user and scan content to stop threats—with
IPS and Application Control.
The appliance can either be managed locally with its
available integrated security management or via central
unified management. Using local management, the
appliance can manage itself and one adjacent appliance
for high availability purposes.
GAiA—THE UNIFIED SECURITY OS
Check Point GAiA™ is the next generation Secure Operating
System for all Check Point appliances, open servers and
virtualized gateways. GAiA combines the best features from
IPSO and SecurePlatform into a single unified OS providing
greater efficiency and robust performance. By upgrading
to GAiA, customers will benefit from improved appliance
connection capacity and reduced operating costs. With GAiA,
customers will gain the ability to leverage the full breadth and
power of all Check Point Software Blades. GAiA secures IPv4
and IPv6 networks utilizing the Check Point Acceleration
©2014 Check Point Software Technologies Ltd. All rights reserved.
Classification: [Protected] - All rights reserved 2
|
Datasheet: Check Point 2200 Appliance
& Clustering technology and it protects the most complex
network environments by supporting dynamic routing protocols
like RIP, OSPF, BGP, PIM (sparse and dense mode) and IGMP.
As a 64-Bit OS, GAiA increases the connection capacity of
select appliances.
GAiA simplifies management with segregation of duties by
enabling role-based administrative access. Furthermore,
GAiA greatly increases operation efficiency by offering
Automatic Software Updates. The intuitive and feature-rich
Web interface allows for instant search of any commands
or properties. GAiA offers full compatibility with IPSO and
SecurePlatform command line interfaces, making it an easy
transition for existing Check Point customers.
TECHNICAL SPECIFICATIONS
Base Configuration
Virtual Systems
6 x 10/100/1000Base-T RJ45 ports
Max VSs: 3
250 GB hard disk drive
Dimensions
External AC to DC power adaptor
Enclosure: Desktop
Production Performance1
Standard (W x D x H): 8.27 x 8.25 x 1.65 in.
114 SecurityPower
Metric (W x D x H): 210 x 209.5 x 42 mm
1.4 Gbps firewall throughput
Weight: 2.0 kg (4.4 lbs.)
150 Mbps firewall and IPS throughput
Power Requirements
RFC 3511, 2544, 2647, 1242 Performance Tests (LAB)
AC Input Voltage: 100 - 240V
3 Gbps of firewall throughput, 1518 byte UDP
Frequency: 50 - 60 Hz
400 Mbps of VPN throughput, AES-128
Single Power Supply Rating: 40 W
20,000 max IPsec VPN tunnels
Power Consumption Maximum: 35 W
300 Mbps of IPS throughput, Recommended IPS profile, IMIX traffic blend
Maximum thermal output: 119.4 BTU
1.2 million concurrent connections, 64 byte HTTP response
Operating Environmental Conditions
25,000 connections per second, 64 byte HTTP response
Temperature: 32° to 104°F / 0° to 40°C
Network Connectivity
Humidity: 20% - 90% (non-condensing)
IPv4 and IPv6
Storage Environmental Conditions
1024 interfaces or VLANs per system
Temperature: –4° to 158°F / –20° to 70°C
4096 interfaces per system (in Virtual System mode)
Humidity: 5% - 95% @ 60°C (non-condensing)
802.3ad passive and active link aggregation
Certifications
Layer 2 (transparent) and Layer 3 (routing) mode
Safety: CB, UL/cUL, CSA, TUV, NOM, CCC, IRAM, PCT/GoST
High Availability
Emissions: FCC, CE, VCCI, C-Tick, CCC, ANATEL, KCC
Environmental: RoHS
Active/Active - L3 mode
Active/Passive - L3 mode
Session synchronization for firewall and VPN
Session failover for routing change
Device failure detection
1
Maximum production performance based upon the SecurityPower
benchmark. Real-world traffic, Multiple Software Blades, Typical
rule-base, NAT and Logging enabled. Check Point recommends
50% SPU utilization to provide room for additional Software Blades
and future traffic growth. Find the right appliance for your performance
and security requirements using the Appliance Selection Tool.
ClusterXL or VRRP
Link failure detection
©2014 Check Point Software Technologies Ltd. All rights reserved.
Classification: [Protected] - All rights reserved 3
|
Datasheet: Check Point 2200 Appliance
SOFTWARE BLADE PACKAGES SPECIFICATIONS
Base Systems1
SKU
Check Point 2200 Appliance with FW, VPN, IA, ADNC, and MOB-5 Blades;
bundled with local management for up to 2 gateways.
CPAP-SG2205
2200 Next Generation Firewall Appliance (with FW, VPN, ADNC, IA, MOB-5, IPS and APCL Blades);
bundled with local management for up to 2 gateways.
CPAP-SG2200-NGFW
2200 Next Generation Data Protection Appliance (with FW, VPN, ADNC, IA, MOB-5, IPS, APCL, and DLP Blades);
bundled with local management for up to 2 gateways.
CPAP-SG2200-NGDP
2200 Next Generation Threat Prevention Appliance (with FW, VPN, ADNC, IA, MOB-5, IPS, APCL, URLF, AV,
ABOT and ASPM Blades); bundled with local management for up to 2 gateways.
CPAP-SG2200-NGTP
Software Blades Packages1
2200 Next Generation Firewall Appliance Software Blade package for 1 year (IPS and APCL Blades).
CPSB-NGFW-2200-1Y
2200 Next Generation Data Protection Appliance Software Blade package for 1 year (IPS, APCL, and DLP Blades).
CPSB-NGDP-2200-1Y
2200 Next Generation Threat Prevention Appliance Software Blade package for 1 year
(IPS, APCL, URLF, AV, ABOT and ASPM Blades).
CPSB-NGTP-2200-1Y
Additional Software Blades1
1
Check Point Mobile Access Blade for up to 50 concurrent connections
CPSB-MOB-50
Data Loss Prevention Blade for 1 year (for up to 500 users, up to 15,000 mails per hour and max throughput of 700 Mbps)
CPSB-DLP-500-1Y
Check Point IPS blade for 1 year
CPSB-IPS-S-1Y
Check Point Application Control blade for 1 year
CPSB-APCL-S-1Y
Check Point URL Filtering blade for 1 year
CPSB-URLF-S-1Y
Check Point Antivirus Blade for 1 year
CPSB-AV-S-1Y
Check Point Anti-Spam & Email Security Blade for 1 year
CPSB-ASPM-S-1Y
Check Point Anti-Bot Blade for 1 year - for low-end appliances and pre-defined systems
CPSB-ABOT-S-1Y
High Availability (HA) and SKUs for 2 and 3 years are available, see the online Product Catalog.
VIRTUAL SYSTEMS PACKAGES
Description
SKU
3 Virtual Systems package
CPSB-VS-3
3 Virtual Systems package for HA/VSLS
CPSB-VS-3-VSLS
ACCESSORIES
Description
SKU
Replacement DC Power Supply for 2200 appliance
CPAC-PSU-2200
2200 accessory, Single Rack Mount Kit
CPAC-RM-2200
CONTACT CHECK POINT
Worldwide Headquarters
5 Ha’Solelim Street, Tel Aviv 67897, Israel | Tel: 972-3-753-4555 | Fax: 972-3-624-1100 | Email:
[email protected]
U.S. Headquarters
959 Skyway Road, Suite 300, San Carlos, CA 94070 | Tel: 800-429-4391; 650-628-2000 | Fax: 650-654-4233 | www.checkpoint.com
©2014 Check Point Software Technologies Ltd. All rights reserved.
January 8, 2014