Check Point 21800 Appliance
Datacenter-grade security appliance

Overview:

Insights

Today the Internet gateway is more than a firewall. It is a security device presented with an ever-increasing number of sophisticated threats. As a security gateway it must use multiple technologies to control network access, detect sophisticated attacks and provide additional security capabilities like data loss prevention and protection from web-based threats. The proliferation of mobile devices like smartphones and Tablets and new streaming, social networking and P2P applications requires a higher connection capacity and new application control technologies. Finally, the shift towards enterprise private and public cloud services, in all its variations, changes the company borders and requires enhanced capacity and additional security solutions.

Solution

Leveraging its multi-core and acceleration technologies, with 4300 SecurityPower Units, the Check Point 21800 appliance supports lightning-fast firewall throughput of up to 110 Gbps1 with sub 5μs latency. The 21800 is designed from the ground up for unmatched flexibility for even the most demanding enterprise and data center network environments.

The 21800 appliance has 3 expansion slots supporting a wide range of network options. The standard configuration includes one on-board 10/100/1000 RJ-45 Management port and a twelve 1 Gigabit Ethernet copper port card. In addition the 21800 appliance includes an on-board 10GbE Sync port (SR transceiver included). A maximally configured 21800 provides up to 37 Gigabit Ethernet copper ports or 36 fiber ports or thirteen 10 Gigabit Ethernet fiber ports.

The 21800 appliance chassis is highly serviceable. Access to all components is available from the front and the back of the unit when mounted in the rack. There is one slot for an optional Security Acceleration Module to boost performance of the appliance. In addition to hot-swappable redundant disk drives and power supply units, the 21800 appliance also supports Lights-Out-Management (LOM) for remote support and maintenance capabilities.

Product Benefits

• Fits easily into complex networks
• Redundancy eliminates downtime
• Centralized control with LOM
• Ideal for low latency transactions
• Extensible Software Blade Architecture

Key Benefits

• 4100/43001 SecurityPower™ Units
• Optimized for low latency
• High port density
• High availability and serviceability
• Simple deployment and management

Key Features:

Security Acceleration Module

The optional Check Point Security Acceleration Module (SAM-108) for the 21000 Appliances is ideal for latencysensitive applications such as financial trading and VoIP communication. With sub 5 micro-seconds firewall latency, this purpose-built acceleration module boasts 108 SecurityCores™ accelerating traffic on all Acceleration- Ready interface ports with a single SAM-108. Performance for the 21800 appliance is boosted to 110 Gbps of firewall throughput, 50 Gbps of VPN throughput and 300,000 connections per second.

Inclusive High Performance Package

Customers with high connection capacity requirements can purchase the affordable High Performance Package (HPP) with the Next Generation security package of their choice. This includes the appliance plus an Acceleration Ready 4x10Gb SFP+ interface card, transceivers and 64 GB of memory for high connection capacity. The SAM-108 High Performance Package also includes transceivers, 64 GB of memory in the appliance and 48 GB of memory in the Security Acceleration Module.

A Reliable Serviceable Platform

The Check Point 21800 appliance delivers business continuity and serviceability through features such as hotswappable redundant power supplies, hot-swappable redundant hard disk drives (RAID), redundant fans and an advanced LOM card for out-of-band management. Combined together, these features ensure a greater degree of business continuity and serviceability when these appliances are deployed in the customer’s networks.

Remote Management And Monitoring

A Lights-Out-Management (LOM) card provides out-of-band remote management to remotely diagnose, start, restart and manage the appliance from a remote location. Administrators can also use the LOM web interface to remotely install an OS image from an ISO file.

All-inclusive Security Solutions

The Check Point 21800 Appliances offer a complete and consolidated security solution available in five Next Generation Security Software Blade packages. Next Generation Firewall (NGFW): identify and control applications by user and scan content to stop threats. Next Generation Secure Web Gateway (SWG): enables secure use of Web 2.0 with real time protection. Next Generation Data Protection (NGDP): preemptively protect sensitive information from unintentional loss and educate users on proper data handling policy in real-time. Next Generation Threat Prevention (NGTP): prevent sophisticated cyber-threats with IPS, Application Control, Antivirus, Anti-Bot, URL Filtering and Email Security. Next Generation Threat Extraction (NGTX): advanced next-gen zero-day threat prevention, NGTP with Threat Emulation and Threat Extraction.

Prevent Unknown Threats

Check Point provides complete zero-day threat prevention and alerts when under attack. Threat Extraction delivers zero-malware documents in zero seconds. Threat Emulation inspects files for malicious content in a virtual sandbox. When Threat Emulation discovers new threats, a signature is sent to the Check Point ThreatCloud database which documents and shares information on the newly identified malware with other Check Point customers — providing immediate protection against zero-day threats.

Integrated Security Management

The appliance can either be managed locally with its available integrated security management or via central unified management. Using local management, the appliance can manage itself and one adjacent appliance for high availability purposes.

Technical Specifications:

Performance Production Performance2 4100/43001 SecurityPower 30.4–44.51 Gbps firewall throughput 6.9 Gbps firewall and IPS throughput RFC 3511, 2544, 2647, 1242 Performance (LAB) 78–110 1 Gbps of firewall throughput, 1518 byte UDP 23.5–50 1 Gbps of AES-128 VPN throughput 9.9 Gbps of IPS throughput, IPS Recommended profile, IMIX traffic blend 6–28 million concurrent connections, 64 byte response 198,000–300,000 1 connections per second, 64 byte response EXPANSION OPTIONS Base Configuration 1 on-board 10/100/1000Base-T RJ45 1 on-board 10GbE SFP+ (SR transceiver included) 12 x 10/100/1000BaseT RJ45 NIC (default) 16 GB memory Redundant dual hot-swappable power supplies Redundant dual hot-swappable 500GB hard drives LOM card Telescopic rails (26"–35") Network Expansion Slot Options (3 slots) 12 x 10/100/1000Base-T RJ45 ports 12 x 1000Base-F SFP ports 4 x 10GBase-F SFP+ ports Max Configuration Up to 37 x 10/100/1000Base-T RJ45 ports Up to 36 x 1000Base-F SFP ports Up to 13 x 10GBase-F SFP+ ports 32,64 GB RAM Virtual Systems Max VSs: 150 (w/16GB), 250 (w/64GB)

Network Network Connectivity IPv4 and IPv6 1024 interfaces or VLANs per system 4096 interfaces per system (in Virtual System mode) 802.3ad passive and active link aggregation Layer 2 (transparent) and Layer 3 (routing) mode High Availability Active/Active - L3 mode Active/Passive - L3 mode Session synchronization for firewall and VPN Session failover for routing change Device failure detection Link failure detection ClusterXL or VRRP Physical Power Requirements AC Input Voltage: 100-240V Frequency: 47-63Hz Single Power Supply Rating: 1200W Power Consumption Maximum: 489W/784W1 Maximum thermal output: 1669.4 BTU/2673.4 BTU1 Dimensions Enclosure: 2RU Standard (W x D x H): 17 x 28 x 3.5 in. Metric (W x D x H): 431 x 710 x 88 mm Weight: 26 kg (57.4 lbs.) Operating Environmental Conditions Temperature: 32°to104°F / 0° to 40°C Humidity: 20%-90% (non-condensing) Storage Conditions Temperature: –4° to 158°F / –20° to 70°C Humidity: 5% to 95% at 60°C (non-condensing) Certifications Safety: UL/cULT Emissions: FCC, CE Environmental: RoHS

¹With Security Acceleration Module.
²Maximum R77 production performance based upon the SecurityPower benchmark. Real-world traffic, Multiple Software Blades, Typical rule-base, NAT and Logging enabled. Check Point recommends 50% SPU utilization to provide room for additional Software Blades and future traffic growth. Find the right appliance for your performance and security requirements using the Appliance Selection Tool.

Product Comparison

Appliance	21400	21700	21800
Performance
SecurityPower1	2175 / 29002	3300 / 35512	4100 / 43002
Firewall Throughput (Gbps)
Raw3	50 / 1102	78.6 / 1102	78.6 / 1102
Production5	17.1 / 44.32	25.4 / 44.52	30.4 / 44.52
Firewall Latency2	< 5μs	< 5μs	< 5μs
VPN AES-128 Throughput (Gbps)	7 / 502	11 / 502	23.5 / 502
IPS Throughput (Gbps)
Recommended4	6	8	9.9
Production5	3.67	5.7	6.9
Concurrent Connections	10M	13M	28M
Connections per Second	130K / 300K2	170K / 300K2	198K / 300K2
Virtual Systems
Virtual System Support	Yes	Yes	Yes
Max VS Supported (Default/Max)	125 / 250	150 / 250	150 / 250
Hardware Specifications
10/100/1000Base-T Ports	13 to 37	13 to 37	13 to 37
1000Base-F SFP Ports	up to 36	up to 36	up to 36
10GBase-F SFP+  Ports	up to 12	up to 13	up to 13
Memory	12, 24 GB	16, 32, 64 GB	16, 32, 64 GB
Storage	2 x 500 GB HDD RAID1	2 x 500 GB HDD RAID1	2 x 500 GB HDD RAID1
I/O Expansion Slots	3	3	3
LOM	Included	Included	Included
Dimensions
Enclosure	2U	2U	2U
Dimensions (standard)	17" W x 28" D x 3.5" H
Dimensions (metric)	431 mm W x 710 mm D x 88 mm H
Weight	26 kg (57.4 lbs.)
Environment
Operating Environment	Temperature: 32° to 104°F / 0° to 40°C; Relative Humidity 20% to 90% (non-condensing)
Non-Operating Environment	Temperature: -4° to 158°F / -20° to 70°C; Relative Humidity 5% - 95% (non-condensing)
Power
Redundant Hot-Swap Power Supply	Yes	Yes	Yes
Power Input	100~240VAC, 47~63Hz
Power Supply Spec (Max)	2 x 910W	2 x 1200W	2 x 1200W
Power Consumption (Max)	449W / 744W2	489W / 784W2	489W / 784W2
Certifications
Safety	CB, UL, cUL, CSA, TUV
Emissions	CE, FCC VCCI, C-Tick
Environmental	RoHS
1 Check Point's SecurityPower is a new benchmark metric that allows customers to select security appliances by their capacity to handle real-world network traffic, multiple security functions and a typical security policy 2 With Security Acceleration Module 3 Raw throughput is based on RFC 3511 with 1518 bytes UDP packets 4 Recommended IPS profile, IMIX traffic blend 5 Assumes maximum production throughput environment with real-world traffic blend, a typical rule-base size, NAT and logging enabled and the most secure threat prevention protection 6 Effective October 31, 2014 Check Point will no longer sell the 21600 Appliance. Visit the Support Lifecycle page to learn about replacement appliances.

Software Specifications

Software Blade	NGFW	NGDP	NGSWG	NGTP	NGTX
Firewall
Identity Awareness
IPSec VPN
Advanced Networking & Clustering
Mobile Access 1			*
IPS			*
Application Control
DLP	*		*	*	*
URL Filtering	*	*
Antivirus	*	*
Anti-Spam & Email Security	*	*	*
Anti-Bot	*	*	*
Threat Extraction	*	*	*	*
Threat Emulation	*	*	*	*
Management Blades
Network Policy Management
Logging and Status
SmartEvent	*	*		*	*
SmartWorkflow	*	*	*	*	*
Monitoring	*	*	*	*	*
Management Portal	*	*	*	*	*
User Directory	*	*	*	*	*
SmartProvisioning	*	*	*	*	*
SmartReporter	*	*	*	*	*
Endpoint Policy Management	*	*	*	*	*
Compliance	*	*	*	*	*
NGFW  = Next Generation Firewall;    NGDP  = Next Generation Data Protection;   NGTP = Next Generation Threat Prevention; NGSWG = Next Generation Secure Web Gateway - Included * - Optional 1 Five users are included in default package

Documentation:

Download the Check Point 21800 Appliance Datasheet (PDF).