Check Point 1200R Rugged Appliance
Security for harsh environments

Overview:

Insights

Cyberattacks on critical infrastructures & industrial environments are no longer a myth. Power generation facilities, metropolitan traffic control systems, water treatment systems, and factories are all at risk. Exploits freely available on the Internet make the Industrial Control Systems (ICS) of leading vendors easy targets for attackers.

These ICS environments can be harsh — exposing networking equipment to extreme temperatures, humidity, dust, and vibration. They require a rugged and reliable security gateway solution to detect threats and control access to critical components.

Solution

The Check Point 1200R is a rugged appliance delivering Next Generation Threat Prevention for Critical Infrastructure and Industrial Control Systems. This solid-state appliance secures SCADA (supervisory control and data acquisition) protocols and OT (operational technology) equipment. The 1200R includes Firewall, IPS, Application Control, Antivirus, and Anti-Bot protection. This rugged appliance operates in harsh environmental conditions and complies with industrial specifications IEEE 1613, IEC 61850-3 for heat, vibration, and immunity to electromagnetic interference (EMI). Robust performance and powerful central management provide unmatched value in a simple, all-in-one solution.

Next Generation Firewall

Check Point Application Control offers broad support for specialized SCADA and ICS protocols for over 500 different commands. Additional protocol support is available on request.

Protocol Support1
BACNet DNP3 IEC-60870-5-104 IEC 60870-6 (ICCP)	IEC 61850 MMS Modbus	OPC Profinet S7 (Siemens)

¹ For the latest protocols, see the AppWiki

Product Benefits

• Deploy SCADA security in harsh environments and remote locations
• Operates in extreme temperatures from -40°C to 75°C
• Complies with industrial specifications for heat, vibration and immunity to electromagnetic interference (EMI)
• Enables full visibility and granular control of SCADA traffic

Product Features

• Enterprise-grade access control and threat prevention
• Comprehensive SCADA protocols support
• Specialized hardware for industrial environments
• Standard rack or DIN rail mounts
• High MTBF of 300,000 hours
• AC or DC power

Features:

Wide range of appliances for IT and OT networks

The 1200R Rugged Appliance complements our extensive appliance family to support a diverse range of deployment environments and meet specialized requirements. The 1200R complies with industrial specifications such as IEEE 1613 and IEC 61850-3 for heat, vibration and immunity to electromagnetic interference (EMI). All features are available across all appliances so any appliance can be used in the Industrial Control environments. The 1200R Appliances can also be used in commercial deployments.

Next-Generation Firewall

Check Point Application Control has broad support for specialized Industrial Control System and SCADA protocols with granularity for over 500 different commands. This enables protocol-specific visibility and controls with directional awareness.

For instance, administrators are able to create a policy to prevent monitoring and reporting systems from performing write operations to control systems. Furthermore, our protocol decoder enables granular control at the command level, such as read/write/get for specific units, function codes and address ranges.

Protocol Support Includes:

• BACNet
• DNP3
• IEC-60870-5-104
• IEC 60870-6 (ICCP)
• IEC 61850
• S7 (Siemens)
• MMS
• Modbus
• OPC
• Profinet

Integrated Threat Detection

Detect and prevent targeted attacks against ICS/SCADA components in Operational Technology (OT) environments. With the best catch rate in the industry, our threat prevention technologies minimize the disruption of operational processes when deployed in detect-mode.

3G/4G Support

Included USB ports allow an administrator to plug in compatible third party 3G or 4G modems. This provides an additional WAN connection and a redundant Internet link for maximum reliability.

Best-in-Class Management

Our unified, integrated management platform supports distributed IT and OT deployments, leading to operational consistency and efficiency of end-to-end (E2E) security. Administrators can define security policy for the entire network — including internal security, main sites, and remote sites — from a single, centrally located Check Point Security Management server. With SmartProvisioning™, a profile-based management approach designed for large-scale deployments, administrators can define a single security and device profile and apply it simultaneously to thousands of appliances — dramatically reducing deployment time and administrative overhead.

With built-in compliance, meet and exceed emerging regulatory and other cyber security requirements such as NERC-CIP (US) and EPCIP (EU). We constantly monitor the compliance status of the organization with hundreds of best practices, letting network security managers quickly assess the strength of the current policy settings and find where to improve.

Benefits

Deploy SCADA security in harsh environments and remote locations

• Full featured security gateway with 6 x 1GbE ports and raw firewall throughput of 2 Gbps
• Operates in extreme temperatures from -40°C to 75°C in a compact fan-less design with no moving parts
• Complies with industrial specifications IEEE 1613 and IEC 61850-3 for heat, vibration and immunity to electromagnetic interference (EMI)

Full visibility and granular control of SCADA traffic

• Our Next-Generation Firewall enables granular functional control of SCADA protocols
• Log SCADA protocols, including commands and parameters, for forensic analysis of incidents in your operation networks
• Monitor your compliance to major regulations such as NERC CIP v5 using the Compliance Software Blade

Comprehensive security with SCADA-aware threat detection and prevention

• Deploy the industry’s most extensive support of ICS/SCADA-specific protocols including BACNet, DNP3, IEC-60870-5-104, IEC 60870-6 (ICCP), IEC 61850, MMS, Modbus, OPC, Profinet, S7 (Siemens) and many others
• Detect and prevent exploits of ICS vulnerabilities with SCADA IPS signatures, closing the window of exposure between vulnerable and patched systems
• Leverage our full range of threat prevention capabilities including firewall, IPS and anti-malwareto detect and prevent inbound threats to SCADA networks
• Our complete IT-OT security solution protects the corporate perimeter, the bridge between IT and OT networks and operator workstations and SCADA devices within the OT network
• Quickly analyze risk through specialized threat reports in our Next Generation SmartEvent

Specifications:

Check Point 1200R Rugged Appliance Specifications
Network Grade	Distributed Networks
Production Performance (SecurityPower Benchmark)
SecurityPower	49
Firewall (Mbps)	700
Firewall and IPS (Mbps)	60
RFC 3511, 2544, 2647, 1242 Performance Tests(LAB)
Firewall Throughput (Gbps)	2
VPN Throughput (Mbps)	450
Connections Per Second (K)	10
Concurrent Sessions (K)	400
Network
10/100/1000Base-T (Max)	6
1000Base-F (Max)	2
Additional Features
3G/4G	Yes
Serial Console Port	Yes
Mount Options	DIN rail
Certifications
Industrial	IEC 61850-3, IEEE 1613, IEC 60068-2
Operating Environment
Temperature	-40°to167°F / -40° to 75°C
Humidity	20%-90% (non-condensing)
Physical
Enclosure	Desktop
Weight	1.2 kg (2.65 lbs.)
Power
AC	100-240V, 50 – 60 Hz
DC	12V-72V, -48V DC
Power Consumption (Max)	15W

Check Point 1200R Rugged Appliance Software Specifications
Software Blade	NGFW	NGTP
Firewall
Identity Awareness
IPSec VPN
Advanced Networking & Clustering
Mobile Access1
IPS	*
Application Control	*
URL Filtering	*
Antivirus	*
Anti-Spam & Email Security	*
Anti-Bot	*

NGFW = Next Generation Firewall; NGTP = Next Generation Threat Prevention
- Included
* - Optional
¹ SSL VPN Portal is not supported

Technical Specifications

Performance 49 SecurityPower1 Units 2 Gbps firewall throughput, UDP 1518 bytes 700 Mbps firewall, SPU1 traffic blend 60 Mbps firewall & IPS, SPU1 traffic blend 450 Mbps VPN throughput 400,000 concurrent sessions Networking & Ports LAN: 4 x 10/100/1000Base-T RJ45 ports DMZ: 1 x 10/100/1000Base-T RJ45 or 1 x 1000BaseF port WAN: 1 x 10/100/1000Base-T RJ45 or 1 x 1000BaseF port Console: 1 x RJ45 USB: 1 x USB 3.0, 1 x USB 2.0 Cellular modem support: 3G/4G SD card slot (for log storage) Mount Options DIN rail and rack mount

Dimensions Standard (W x D x H): 5.24 x 3.94 x 1.37 in. Metric (W x D x H): 16 x 12 x 4.2 cm Weight: 1.2 kg (2.65 lbs.) Operating Environmental Conditions Temperature: -40°to167°F / -40° to 75°C Humidity: 20%-90% (non-condensing) Power AC: 100-240V, 50 – 60 Hz DC: 12V-72V, -48V DC Max power consumption: 15W Certifications IEEE 1613 , IEC 61850-3 CE, EN 55024, EN 55022, EN 61000-3, EN 61000-4 CB, IEC 60950, UL 60950 Environmental Test ETSI EN 300 019-2

¹ Check Point SecurityPower is a new benchmark metric that allows customers to select security appliances by their capacity to handle real-world network traffic, multiple security functions, and a typical security policy.

Documentation:

Download the Check Point 1200R Rugged Appliance Datasheet (PDF).