Datasheet:
Check Point 4400 Appliance
4400
Enterprise-grade security
appliance (223 SPU/5Gbps)—
fast networking and fiber and
copper connectivity options
Check Point 4400 Appliance
Today the enterprise gateway is more than a firewall. It is a security device presented
with an ever-increasing number of sophisticated threats. As an enterprise security
gateway it must use multiple technologies to control network access, detect
sophisticated attacks and provide additional security capabilities like data loss
prevention and protection from web-based threats. The proliferation of mobile
devices like smartphones and Tablets and new streaming, social networking and
P2P applications requires a higher connection capacity and new application control
technologies. Finally, the shift towards enterprise private and public cloud services,
in all its variations, changes the company borders and requires enhanced capacity
and additional security solutions.
Check Point’s new appliances combine fast networking technologies with high
performance multi-core capabilities—providing the highest level of security without
compromising on network speeds to keep your data, network and employees secure.
Optimized for the Software Blades Architecture, each appliance is capable of running
any combination of Software Blades—providing the flexibility and the precise level of
security for any business at every network location by consolidating multiple security
technologies into a single integrated solution.
Each Check Point Appliance supports the Check Point 3D security vision of
combining policies, people and enforcement for unbeatable protection and is
optimized for enabling any combination of the following Software Blades: (1) Firewall,
(2) VPN, (3) IPS, (4) Application Control, (5) Mobile Access, (6) DLP, (7) URL Filtering,
(8) Antivirus, (9) Anti-spam, (10) Anti-Bot, (11) Identity Awareness and (12) Advanced
Networking & Clustering.
OVERVIEW
The Check Point 4400 Appliance offers a complete and consolidated security
solution, with leading performance in a 1U form factor.
In addition to eight onboard 1 Gigabit copper Ethernet ports, the 4400 also comes
with an available expansion slot for the option of adding four 1 Gigabit copper or 2 or 4
fiber Ethernet ports. With 223 SecurityPower Units, max firewall throughput of over 5
Gbps and IPS performance up to 3.5 Gbps the 4400 is capable of securing any small
to mid-size office.
KEY FEATURES
n
223 SecurityPower™
5 Gbps of firewall throughput
n 3.5 Gbps of IPS throughput
n Up to 12 10/100/1000Base-T ports
n Up to 4 1GbE Fiber ports
n
n
1 rack unit appliance
KEY BENEFITS
n
Entry level, enterprise-grade appliance
Delivers everything you need to secure
your network in one appliance
n Simplifies administration with a single
integrated management console
n Ensures data security for remote access
and site-to-site communications
n Provides comprehensive security and
protects against emerging threats with
Extensible Software Blade Architecture
n
GATEWAY SOFTWARE BLADES
4407
4408
4410
Firewall
n
n
n
IPsec VPN
n
n
n
Mobile Access
(5 users)
n
n
n
Advanced Networking
& Clustering
n
n
n
Identity Awareness
n
n
n
IPS
n
n
n
Application Control
n
n
n
Data Loss Prevention
*
n
*
URL Filtering
*
*
n
Antivirus
*
*
n
Anti-spam
*
*
n
Anti-Bot
*
*
*
* Optional
©2012 Check Point Software Technologies Ltd. All rights reserved.
Classification: [Protected] - All rights reserved 1
|
Datasheet: Check Point 4400 Appliance
4400
1 Standard rack mount (Slide rails optional)
2 One network expansion slot
3 8 x 10/100/1000Base-T RJ45 ports
4 Two USB ports for ISO installation
5 Console port RJ45
6 Graphic LCD display for management
IP address and image management
1
2
SECURITYPOWER
Until today security appliance selection has been based upon
selecting specific performance measurements for each security
function, usually under optimal lab testing conditions and using
a security policy that has one rule. Today customers can select
security appliances by their SecurityPower ratings which are
based on real-world customer traffic, multiple security functions
and a typical security policy.
SecurityPower is a new benchmark that measures the capability
and capacity of an appliance to perform multiple advanced
security functions (Software Blades) such as IPS, DLP and
Application Control in real world traffic conditions. This provides
an effective metric to better predict the current and future
behavior of appliances under security attacks and in day-to-day
operations. Customer SecurityPower Unit (SPU) requirements,
determined using the Check Point Appliance Selection Tool,
can be matched to the SPU ratings of Check Point Appliances
to select the right appliance for their specific requirements.
ALL-INCLUSIVE SECURITY SOLUTION
The Check Point 4400 Appliance offers a complete and
consolidated security solution in a 1U form factor based on the
Check Point Software Blade architecture. Available in three
software packages of 7, 8 and 10 Blades, the platform provides
up-to-date and extensible security protection.
INTEGRATED SECURITY MANAGEMENT
The appliance can either be managed locally with its available
integrated security management or via central unified
management. Using local management, the appliance
can manage itself and one adjacent appliance for high
availability purposes.
3
4
5
6
REMOTE ACCESS CONNECTIVITY
FOR MOBILE DEVICES
Each appliance arrives with mobile access connectivity for
5 users, using the Mobile Access Blade. This license provides
secure remote access to corporate resources from a wide
variety of devices including smartphones, tablets, PCs,
Mac and Linux.
GAiA—THE UNIFIED SECURITY OS
Check Point GAiA™ is the next generation Secure Operating
System for all Check Point appliances, open servers and
virtualized gateways. GAiA combines the best features from
IPSO and SecurePlatform into a single unified OS providing
greater efficiency and robust performance. By upgrading to GAiA,
customers will benefit from improved appliance connection
capacity and reduced operating costs. With GAiA, customers will
gain the ability to leverage the full breadth and power of all Check
Point Software Blades. GAiA secures IPv4 and IPv6 networks
utilizing the Check Point Acceleration & Clustering technology
and it protects the most complex network environments by
supporting dynamic routing protocols like RIP, OSPF, BGP,
PIM (sparse and dense mode) and IGMP. As a 64-Bit OS, GAiA
increases the connection capacity of select appliances.
GAiA simplifies management with segregation of duties by
enabling role-based administrative access. Furthermore, GAiA
greatly increases operation efficiency by offering Automatic
Software Updates. The intuitive and feature-rich Web interface
allows for instant search of any commands or properties. GAiA
offers full compatibility with IPSO and SecurePlatform command
line interfaces, making it an easy transition for existing Check
Point customers.
©2012 Check Point Software Technologies Ltd. All rights reserved.
Classification: [Protected] - All rights reserved 2
|
Datasheet: Check Point 4400 Appliance
TECHNICAL SPECIFICATIONS
1
Base Configuration
High Availability
8 x 10/100/1000Base-T RJ45 ports
Active/Active - L3 mode
250 GB hard disk drive
Active/Passive - L3 mode
One AC power supply
Session synchronization for firewall and VPN
Standard rack mount
Session failover for routing change
Network Expansion Slot Options
Device failure detection
4 x 10/100/1000Base-T RJ45 ports
Link failure detection
2 x 1000Base-F SFP ports
ClusterXL or VRRP
4 x 1000Base-F SFP ports
Dimensions
Max Configuration
Enclosure: 1U
12 x 10/100/1000Base-T RJ45 ports
Standard (W x D x H): 17.25 x 12.56 x 1.73 in.
8 x 10/100/1000Base-T RJ45 + 4 x 1000Base-F SFP ports
Metric (W x D x H): 438 x 320 x 44 mm
Performance
Weight: 7.5 kg (16.53 lbs.)
223 SecurityPower 1
Power Requirements
5 Gbps of firewall throughput, 1518 byte UDP
AC Input Voltage: 100 - 240V
1.2 Gbps of VPN throughput, AES-128
Frequency: 50 - 60 Hz
3.5 Gbps of IPS throughput Default IPS profile
Single Power Supply Rating: 250 W
700 Mbps of IPS throughput Recommended IPS profile
Power Consumption Maximum: 90 W
1.2 million concurrent connections
Maximum thermal output: 240.1 BTU
40,000 connections per second
Operating Environmental Conditions
Network Connectivity
Temperature: 32° to 104°F / 0° to 40°C
IPv4 and IPv6
Humidity: 20% - 90% (non-condensing)
1024 VLANs
Storage Conditions
256 VLANs per interface
Temperature: –4° to 158°F / –20° to 70°C
802.3ad passive and active link aggregation
Humidity: 5% - 95% @ 60°C (non-condensing)
Layer 2 (transparent) and Layer 3 (routing) mode
Certifications
SecurityPower: A metric to measure appliance performance based on real
world traffic given the deployed software blades. Find the right appliance for
your performance and security needs.
Safety: CB, UL/cUL, CSA, TUV, NOM, CCC, IRAM, PCT/GoST
Emissions: FCC, CE, VCCI, C-Tick, CCC, ANATEL, KCC
Environmental: RoHS
©2012 Check Point Software Technologies Ltd. All rights reserved.
Classification: [Protected] - All rights reserved 3
|
Datasheet: Check Point 4400 Appliance
SOFTWARE PACKAGE SPECIFICATIONS
Base Packages
SKU
4400 Appliance with 7 Security blades (including Firewall, VPN, Advanced Networking & Clustering, Identity Awareness,
Mobile Access for 5 concurrent users, IPS, and Application Control blades); bundled with local management for
up to 2 gateways
CPAP-SG4407
4400 Appliance with 8 Security blades (including Firewall, VPN, Advanced Networking & Clustering, Identity Awareness,
Mobile Access for 5 concurrent users, IPS, Application Control, and DLP blades)
CPAP-SG4408
4400 Appliance with 10 Security blades (including Firewall, VPN, Advanced Networking & Clustering, Identity Awareness,
and Mobile Access for 5 concurrent users, IPS, Application Control, URL Filtering, Antivirus, and Email Security blades);
bundled with local management for up to 2 gateways
CPAP-SG4410
4400 Appliance with 7 Security blades (including Firewall, VPN, Advanced Networking & Clustering, Identity Awareness,
Mobile Access for 5 concurrent users, IPS, and Application Control blades); bundled with local management for up to 2
gateways; for High Availability
CPAP-SG4407-HA
4400 Appliance with 8 Security blades (including Firewall, VPN, Advanced Networking & Clustering, Identity Awareness,
Mobile Access for 5 concurrent users, IPS, Application Control, and DLP blades); bundled with local management for up
to 2 gateways; for High Availability
CPAP-SG4408-HA
4400 Appliance with 10 Security blades (including Firewall, VPN, Advanced Networking & Clustering, Identity Awareness,
and Mobile Access for 5 concurrent users, IPS, Application Control, URL Filtering, Antivirus, and Email Security blades);
bundled with local management for up to 2 gateways; for High Availability
CPAP-SG4410-HA
Software Blades Packages
SKU
Check Point Extended Security Software Blades Package for 1 year for 4400 appliance (including IPS, URL Filtering,
Application Control, Antivirus, Email Security, and DLP blades)
CPSB-ESEC-6B-4400-1Y
Check Point UTM+ Software Blades Package for 1 year for 4400 appliance (including IPS, URL Filtering, Application
Control, Antivirus, and Email Security blades)
CPSB-UTMP-5B-4400-1Y
Check Point DLP+ Software Blades Package for 1 year for 4400 appliance (including IPS, Application Control, and DLP)
CPSB-DLPP-3B-4400-1Y
Check Point Extended Threat Protection Software Blades Package for 1 year for 4400 (including Application Control and
IPS blades)
CPSB-ETPR-2B-4400-1Y
Check Point Web Control Software Blades Package for 1 year for 4400 (including Application Control and
URL Filtering blades)
CPSB-WBCL-2B-4400-1Y
Check Point Anti-Malware Package for 1 year for 4400 (including Anti-Bot and AV blades)
CPSB-ABAV-2B-4400-1Y
Check Point Extended Security Software Blades Package for 1 year for 4400 appliance (including IPS, URL Filtering,
Application Control, Antivirus, Email Security, and DLP blades); for High Availability
CPSB-ESEC-6B-4400-1Y-HA
Check Point UTM+ Software Blades Package for 1 year for 4400 appliance (including IPS, URL Filtering, Application
Control, Antivirus, and Email Security blades); for High Availability
CPSB-UTMP-5B-4400-1Y-HA
Check Point DLP+ Software Blades Package for 1 year for 4400 appliance (including IPS, Application Control, and DLP);
for High Availability
CPSB-DLPP-3B-4400-1Y-HA
Check Point Extended Threat Protection Software Blades Package for 1 year for 4400 (including Application Control and
IPS blades); for High Availability
CPSB-ETPR-2B-4400-1Y-HA
Check Point Web Control Software Blades Package for 1 year for 4400 (including Application Control and URL Filtering
blades); for High Availability
CPSB-WBCL-2B-4400-1Y-HA
Check Point Anti-Malware Package for 1 year for 4400 (including Anti-Bot and AV blades—for High Availability
CPSB-ABAV-2B-4400-1Y-HA
©2012 Check Point Software Technologies Ltd. All rights reserved.
Classification: [Protected] - All rights reserved 4
|
Datasheet: Check Point 4400 Appliance
Additional Software Blades
SKU
Check Point Mobile Access Blade for up to 50 concurrent connections
CPSB-MOB-50
Data Loss Prevention Blade for 1 year (for up to 500 users, up to 15,000 mails per hour and max throughput of 700 Mbps)
CPSB-DLP-500-1Y
Check Point IPS blade for 1 year
CPSB-IPS-S-1Y
Check Point Application Control blade for 1 year
CPSB-APCL-S-1Y
Check Point URL Filtering blade for 1 year
CPSB-URLF-S-1Y
Check Point Antivirus Blade for 1 year
CPSB-AV-S-1Y
Check Point Anti-Spam & Email Security Blade for 1 year
CPSB-ASPM-1Y
Check Point Anti-Bot Blade for 1 year - for low-end appliances and pre-defined system
CPSB-ABOT-S-1Y
Check Point Mobile Access Blade for up to 50 concurrent connections - for High Availability
CPSB-MOB-50-HA
Data Loss Prevention Blade for 1 year (for up to 500 users, up to 15,000 mails per hour and max throughput of 700 Mbps);
for High Availability
CPSB-DLP-500-1Y-HA
Check Point IPS blade for 1 year; for High Availability
CPSB-IPS-S-1Y-HA
Check Point Application Control blade for 1 year; for High Availability
CPSB-APCL-S-1Y-HA
Check Point URL Filtering blade for 1 year; for High Availability
CPSB-URLF-S-1Y-HA
Check Point Antivirus Blade for 1 year; for High Availability
CPSB-AV-S-1Y-HA
Check Point Anti-Spam & Email Security Blade for 1 year - for High Availability
CPSB-ASPM-1Y-HA
Check Point Anti-Bot Blade for 1 year - for low-end appliances and pre-defined systems - for High Availability
CPSB-ABOT-S-1Y-HA
ACCESSORIES
Interface Cards and Transceivers
SKU
4 Port 10/100/100Base-T RJ45 interface card
CPAC-4-1C
4 Port 1000Base-F SFP interface card; requires additional 1000Base SFP transceiver modules per interface port
CPAC-4-1F
SFP transceiver module for 1G fiber ports—long range (1000Base-LX) for CPAC-4-1F
CPAC-TR-1LX
SFP transceiver module for 1G fiber ports—short range (1000Base-SX) for CPAC-4-1F
CPAC-TR-1SX
Spares and Miscellaneous
SKU
Slide RAILS for Check Point Appliances
CPAC-RAILS
CONTACT CHECK POINT
Worldwide Headquarters
5 Ha’Solelim Street, Tel Aviv 67897, Israel | Tel: 972-3-753-4555 | Fax: 972-3-624-1100 | Email:
[email protected]
U.S. Headquarters
800 Bridge Parkway, Redwood City, CA 94065 | Tel: 800-429-4391; 650-628-2000 | Fax: 650-654-4233 | www.checkpoint.com
©2012 Check Point Software Technologies Ltd. All rights reserved.
May 15, 2012