Overview:
The Check Point 4400 Appliance offers a complete and consolidated security solution, with leading performance in a 1U form factor.
In addition to eight onboard 1 Gigabit copper Ethernet ports, the 4400 also comes with an available expansion slot for the option of adding four 1 Gigabit copper or 2 or 4 fiber Ethernet ports. With 223 SecurityPower Units, max firewall throughput of over 5 Gbps and IPS performance up to 3.5 Gbps the 4400 is capable of securing any small to mid-size office.
Check Point 4400 Appliance
Today the enterprise gateway is more than a firewall. It is a security device presented with an ever-increasing number of sophisticated threats. As an enterprise security gateway it must use multiple technologies to control network access, detect sophisticated attacks and provide additional security capabilities like data loss prevention and protection from web-based threats. The proliferation of mobile devices like smartphones and Tablets and new streaming, social networking and P2P applications requires a higher connection capacity and new application control technologies. Finally, the shift towards enterprise private and public cloud services, in all its variations, changes the company borders and requires enhanced capacity and additional security solutions.
Check Point’s new appliances combine fast networking technologies with high performance multi-core capabilities—providing the highest level of security without compromising on network speeds to keep your data, network and employees secure. Optimized for the Software Blades Architecture, each appliance is capable of running any combination of Software Blades—providing the flexibility and the precise level of security for any business at every network location by consolidating multiple security technologies into a single integrated solution.
Each Check Point Appliance supports the Check Point 3D security vision of combining policies, people and enforcement for unbeatable protection and is optimized for enabling any combination of the following Software Blades: (1) Firewall, (2) VPN, (3) IPS, (4) Application Control, (5) Mobile Access, (6) DLP, (7) URL Filtering, (8) Antivirus, (9) Anti-spam, (10) Anti-Bot, (11) Identity Awareness and (12) Advanced Networking & Clustering.
Key Features
- 223 SecurityPower™
- 5 Gbps of firewall throughput
- 3.5 Gbps of IPS throughput
- Up to 12 10/100/1000Base-T ports
- Up to 4 1GbE Fiber ports
- 1 rack unit appliance
Key Benefits:
- Entry level, enterprise-grade appliance
- Delivers everything you need to secure your network in one appliance
- Simplifies administration with a single integrated management console
- Ensures data security for remote access and site-to-site communications
- Provides comprehensive security and protects against emerging threats with Extensible Software Blade Architecture
* Optional
Key Features:
SecurityPower
Until today security appliance selection has been based upon selecting specific performance measurements for each security function, usually under optimal lab testing conditions and using a security policy that has one rule. Today customers can select security appliances by their SecurityPower ratings which are based on real-world customer traffic, multiple security functions and a typical security policy.
SecurityPower is a new benchmark that measures the capability and capacity of an appliance to perform multiple advanced security functions (Software Blades) such as IPS, DLP and Application Control in real world traffic conditions. This provides an effective metric to better predict the current and future behavior of appliances under security attacks and in day-to-day operations. Customer SecurityPower Unit (SPU) requirements, determined using the Check Point Appliance Selection Tool, can be matched to the SPU ratings of Check Point Appliances to select the right appliance for their specific requirements.
All-Inclusive Security Solution
The Check Point 4400 Appliance offers a complete and consolidated security solution in a 1U form factor based on the Check Point Software Blade architecture. Available in three software packages of 7, 8 and 10 Blades, the platform provides up-to-date and extensible security protection.
- Next Generation Firewall (NGFW): identify and control applications by user and scan content to stop threats—with IPS and Application Control.
- Secure Web Gateway (SWG): enables secure use of Web 2.0 with real time multi-layered protection against web-borne malware—with Application Control, URL Filtering, Antivirus and SmartEvent.
- Next Generation Data Protection (NGDP): preemptively protect sensitive information from unintentional loss, educate users on proper data handling policies and empower them to remediate incidents in real-time—with IPS, Application Control and DLP.
- Next Generation Threat Prevention (NGTP): apply multiple layers of protection to prevent sophisticated cyber-threats— with IPS, Application Control, Antivirus, Anti-Bot, URL Filtering and Email Security.
Integrated Security Management
The appliance can either be managed locally with its available integrated security management or via central unified management. Using local management, the appliance can manage itself and one adjacent appliance for high availability purposes.
Remote Access Connectivity for Mobile Devices
Each appliance arrives with mobile access connectivity for 5 users, using the Mobile Access Blade. This license provides secure remote access to corporate resources from a wide variety of devices including smartphones, tablets, PCs, Mac and Linux.
GAiA - The Unified Security OS
Check Point GAiA™ is the next generation Secure Operating System for all Check Point appliances, open servers and virtualized gateways. GAiA combines the best features from IPSO and SecurePlatform into a single unified OS providing greater efficiency and robust performance. By upgrading to GAiA, customers will benefit from improved appliance connection capacity and reduced operating costs. With GAiA, customers will gain the ability to leverage the full breadth and power of all Check Point Software Blades. GAiA secures IPv4 and IPv6 networks utilizing the Check Point Acceleration & Clustering technology and it protects the most complex network environments by supporting dynamic routing protocols like RIP, OSPF, BGP, PIM (sparse and dense mode) and IGMP. As a 64-Bit OS, GAiA increases the connection capacity of select appliances.
GAiA simplifies management with segregation of duties by enabling role-based administrative access. Furthermore, GAiA greatly increases operation efficiency by offering Automatic Software Updates. The intuitive and feature-rich Web interface allows for instant search of any commands or properties. GAiA offers full compatibility with IPSO and SecurePlatform command line interfaces, making it an easy transition for existing Check Point customers.
Product Comparison:
Hardware Specifications
| |
4200 |
4400 |
4600 |
4800 |
| SecurityPower1 |
114 |
223 |
374 |
623 |
| Firewall Throughput |
3Gbps |
5Gbps |
9Gbps |
11Gbps |
| VPN Throughput |
0.4Gbps |
1.2Gbps |
1.5Gbps |
2Gbps |
| IPS Throughput (Default / Recommended Profile) |
2Gbps / 0.3Gbps |
3.5Gbps / 0.7Gbps |
4Gbps / 1Gbps |
6Gbps / 1.5Gbps |
| Concurrent Sessions |
1.2M |
1.2M |
1.2M |
3.3M2 |
| Connections per Second |
25K |
40K |
50K |
70K |
| VLANS |
1024 |
1024 |
1024 |
1024 |
| Max VS Supported (Default/Max) |
3 / 3 |
10 / 10 |
10 / 10 |
25 / 25 |
| 10/100/1000Base-T Ports |
4 to 8 |
8 to 12 |
8 to 12 |
8 to 16 |
| 1000Base-F SFP Ports |
0 to 4 |
0 to 4 |
0 to 4 |
0 to 4 |
| 10GBase-F SFP+ Ports |
NA |
NA |
NA |
0 to 2 |
| Memory |
4GB |
4GB |
4GB |
4GB / 8GB |
| Storage |
250GB |
| LOM |
NA |
NA |
NA |
Included |
| Enclosure |
1U |
| Dimensions WxDxH (standard) |
17.25 x 12.56 x 1.73 in. |
17.25 x 16.14 x 1.73 in. |
| Dimensions WxDxH (metric) |
438 x 319 x 44 mm |
438 x 410 x 44 mm |
| Weight |
4.0 kg (8.82 lbs.) |
7.5 kg (16.53 lbs.) |
7.6 kg (16.76 lbs.) |
| Operating Environment |
Temperature: 32° to 104°F / 0° to 40°C; Relative Humidity 20% to 90% (non-condensing) |
| Non-Operating Environment |
Temperature: 14° to 158°F / -20° to 70°C; Relative Humidity 5% to 95% (non-condensing) |
| Redundant Hot-Swap Power Supply |
NA |
NA |
NA |
Optional |
| Power Input |
100~240V, 50~60Hz |
| Power Supply Spec (Max) |
100W |
250W |
275W |
| Power Consumption (Max) |
57W |
90W |
140W |
| Compliance |
CB/UL/cUL/CE/FCC/TUV/VCCI/C-Tick |
1 Check Point's SecurityPower is a new benchmark metric that allows customers to select security appliances by their capacity to handle real-world network traffic, multiple security functions and a typical security policy. 2With memory upgrade and GAiA OS
Software Specifications
| Software Blade |
NGFW |
NGDP |
NGSWG |
NGTP |
NGTX |
| Firewall |
|
|
|
|
|
| Identity Awareness |
|
|
|
|
|
| IPSec VPN |
|
|
|
|
|
| Advanced Networking & Clustering |
|
|
|
|
|
| Mobile Access 1 |
|
|
* |
|
|
| IPS |
|
|
* |
|
|
| Application Control |
|
|
|
|
|
| DLP |
* |
|
* |
* |
* |
| URL Filtering |
* |
* |
|
|
|
| Antivirus |
* |
* |
|
|
|
| Anti-Spam & Email Security |
* |
* |
* |
|
|
| Anti-Bot |
* |
* |
* |
|
|
| Threat Extraction |
* |
* |
* |
* |
|
| http://wcms.us.checkpoint.com/products/21000-appliances/ |
* |
* |
* |
* |
|
| Network Policy Management |
|
|
|
|
|
| Logging and Status |
|
|
|
|
|
| SmartEvent |
* |
* |
|
* |
* |
| SmartWorkflow |
* |
* |
* |
* |
* |
| Monitoring |
* |
* |
* |
* |
* |
| Management Portal |
* |
* |
* |
* |
* |
| User Directory |
* |
* |
* |
* |
* |
| SmartProvisioning |
* |
* |
* |
* |
* |
| SmartReporter |
* |
* |
* |
* |
* |
| Endpoint Policy Management |
* |
* |
* |
* |
* |
| Compliance |
* |
* |
* |
* |
* |
NGFW = Next Generation Firewall; NGDP = Next Generation Data Protection; NGTP = Next Generation Threat Prevention; NGSWG = Next Generation Secure Web Gateway
- Included
* - Optional
1 Five users are included in default package |
Technical Specifications:
Base Configuration
- 8 x 10/100/1000Base-T RJ45 ports
- 250 GB hard disk drive
- One AC power supply
- Standard rack mount
Network Expansion Slot Options (1 slot)
- 4 x 10/100/1000Base-T RJ45 ports
- 2 x 1000Base-F SFP ports 1
- 4 x 1000Base-F SFP ports
- 4 x 10/100/1000Base-T Fail-Open NIC
- 4 x 1000Base-F SX or LX Fail-Open NIC
Max Configuration
- 12 x 10/100/1000Base-T RJ45 ports
- 8 x 10/100/1000Base-T RJ45 + 4 x 1000Base-F SFP ports
Production Performance1
- 223 SecurityPower
- 2.2 Gbps firewall throughput
- 300 Mbps firewall and IPS throughput
RFC 3511, 2544, 2647, 1242 Performance Tests (LAB)
- 5 Gbps of firewall throughput, 1518 byte UDP
- 1.2 Gbps of VPN throughput, AES-128
- 3.5 Gbps of IPS throughput, Default IPS profile, IMIX traffic blend
- 700 Mbps of IPS throughput, Recommended IPS profile, IMIX traffic blend
- 1.2 million concurrent connections, 64 byte HTTP response
- 40,000 connections per second, 64 byte HTTP response
Network Connectivity
- IPv4 and IPv6
- 1024 VLANs
- 256 VLANs per interface
- 802.3ad passive and active link aggregation
- Layer 2 (transparent) and Layer 3 (routing) mode
|
High Availability
- Active/Active - L3 mode
- Active/Passive - L3 mode
- Session synchronization for firewall and VPN
- Session failover for routing change
- Device failure detection
- Link failure detection
- ClusterXL or VRRP
Virtual Systems
Dimensions
- Enclosure: 1U
- Standard (W x D x H): 17.25 x 12.56 x 1.73 in.
- Metric (W x D x H): 438 x 320 x 44 mm
- Weight: 7.5 kg (16.53 lbs.)
Power Requirements
- AC Input Voltage: 100 - 240V
- Frequency: 50 - 60 Hz
- Single Power Supply Rating: 250 W
- Power Consum ption Maximum: 90 W
- Maximum thermal output: 240.1 BTU
Operating Environmental Conditions
- Temperature: 32° to 104°F / 0° to 40°C
- Humidity: 20% to 90% (non-condensing)
Storage Conditions
- Temperature: –4° to 158°F / –20° to 70°C
- Humidity: 5% - 95% @ 60°C (non-condensing)
Certifications
- Safety: CB, UL/cUL, CSA, TUV, NOM, CCC, IRAM, PCT/GoST
- Emissions: FCC, CE, VCCI, C-Tick, CCC, ANATEL, KCC
- Environmental: RoHS
|
1Maximum production performance based upon the SecurityPower benchmark. Real-world traffic, Multiple Software Blades, Typical rule-base, NAT and Logging enabled. Check Point recommends 50% SPU utilization to provide room for additional Software Blades and future traffic growth. Find the right appliance for your performance and security requirements using the Appliance Selection Tool.
Virtual Systems:
Check Point Virtual Systems taps the power of virtualization to consolidate and simplify security for private clouds while delivering a lower total cost of ownership. It enables customized security against evolving network threats with the extensible Software Blade Architecture. Virtual Systems is supported on Check Point Appliances, including the 61000 Security System as well as open servers.
Benefits
Simplify and consolidate network security with Virtual Systems
- Add Virtual Systems to any gateway or leverage pre-configured Virtual System Appliances to secure multiple network segments
- Simplify enterprise-wide policy by creating tailored policies for each Virtual System
- Resource monitoring for each Virtual System; easily add, provision and upgrade without downtime
Deploy any Software Blades on any virtual system for customized protection
- Advanced protections now include: Firewall, VPN, IPS, Application Control, URL Filtering, Antivirus, Anti-Bot, Identity Awareness and Mobile Access
- Flexibility to enable Software Blades uniquely for each Virtual System with customized protections
- Enable separation of IT duties with dedicated Virtual Systems for Web Security, Threat Prevention, Firewall and Remote Access
Boost performance using the latest Check Point technologies
- Over eight times more concurrent connections with 64-Bit GAiA OS
- Increased throughput by utilizing multi-core processors with CoreXL technology
- Cluster up to eight gateways using patented VSLS technology for unmatched scalability
Features
Security Consolidation
For years, Check Point’s Virtual Systems technology has been providing value and protection for enterprises and service providers. This proven technology enables organizations to consolidate up to 250 gateways into a hardware platform providing savings on both capital equipment investments and ongoing support and maintenance. The streamlined management of the virtualized gateways further improves the operational efficiency of a resource-challenged IT department, bringing the needed simplicity to network security.
Flexible Software Blade Security
Supporting the latest Check Point Software Blade Architecture on every Virtual System, this solution delivers comprehensive and customized protection to multiple networks or virtual LANs (VLANs) within complex network infrastructures. Supporting Software Blades including Firewall, VPN, Intrusion Prevention (IPS), Identity Awareness, Application Control, URL Filtering, Antivirus and Anti-bot, administrators have the flexibility to configure any Software Blades with any security policy to any Virtual System.
Customizable Security Policies per Virtual System
The ability to tailor security policies for each Virtual System enable administrators to break down large complex network security policies into smaller more granular and more manageable policies. Customizing security policy base on business requirements minimize the complexity and create better security practice to meet the business needs.
Simple Deployment and Streamlined Central Management
Easily deploy Virtual Systems with pre-configured appliances or upgrading existing gateways using One-Click Conversion, effectively manage these Virtual Systems with simplified and central management using Check Point Security Management and Multi-Domain Security Management.
- One-Click Conversion
Enabling Virtual Systems from a physical system is simple and fast with a single click to launch the Virtual System Conversion Wizard.
- Centralized Management and Provisioning
- Integration with Check Point Security Management and Multi-Domain Security Management solutions
- One-click conversion with Virtual SystemsWizard
- Simple provisioning using the creation templates
- Separate per virtual system management and data segregation enable cloud-based security-as-a-service offerings
High Performance Security
Combining the latest security solutions with the patented CoreXL technology and the 64-bit GAiA OS, performance for virtualized security deployments is greatly enhanced. Up to eight times more concurrent connection capacity and the multi-gigabit-per-second performance for firewall and IPS throughputs are just a few examples of the outstanding performance the solution will deliver. The new Check Point Virtual Systems are designed to meet the requirements for the most demanding network environments.
Linear Scalability
Today’s networks require flexibility and expandability to support the fast-evolving business needs. To meet this demanding business environment, Virtual Systems can be deployed on multiple gateways using Check Point’ high-performance technologies, ensuring secure, resilient, multi-gigabit throughput. Virtual Systems leverage the following features and technologies to maximize performance, capacity and system scalability:
- Virtual System Load Sharing (VSLS) distributes traffic load within a cluster, providing the ability to distribute virtual systems across multiple cluster members. Additional cluster members effectively share the virtual system traffic loads within the cluster, providing improved throughputs, connection capacity, high availability, simplified management and linear scalability
- Resource Control allows administrators to manage the processing load by guaranteeing that each virtual system will receive only the memory and CPU allocation it needs to deliver its functions. Resources not needed by one virtual system are automatically made available to other virtual systems. Administrators can also limit the CPU resource available to a lower-priority virtual system and assign more capacity to mission-critical virtual systems.
Integrated Virtual Routers and Switches
Simplify deployment, configuration and save costs of external network routers and switches. The integrated virtual routers and switches direct inter-Virtual System traffics to their intended destinations with higher efficiency.
Per Virtual System Resource Utilization Monitoring
Need to understand how your Virtual Systems are used to better plan your security resources, or want to create billable customer services based on their usage? Granular resource monitoring of CPU and memory for each virtual system gives you the necessary insights to effectively plan for your network security resources, or to provide usage-based services to your customers.
Flexible Packaging Options
Check Point Virtual Systems are offered either as a software-only option or in pre-configured bundles with Check Point Security Appliances and Software Blades, providing the flexibility and convenience for different deployment situations.The software only option allows customers to upgrade their existing Check Point Appliances and open servers to a Virtual System environment, or to build a customized Virtual System for their specific network security needs. The pre-configured bundles offer a quick turn-key solution that is easy to purchase and deploy.
Specifications
| Operating System Release |
GAiA (R75.40VS) or later |
| Supported Gateways |
Check Point Appliances and Open Servers |
| Minimum Memory |
2GB |
| Supported Technologies |
ClusterXL, CoreXL, SSL inspection |
| Monitoring |
Resource monitoring (CPU & Memory), per Virtual System SNMP monitoring |
| Maximum Virtual Systems |
| 2200 |
2 / 2 GB |
3 / 3 |
| 4200 |
4 / 4 GB |
3 / 3 |
| 4400 |
4 / 4 GB |
10 / 10 |
| 4600 |
4 / 4 GB |
10 / 10 |
| 4800 |
4 / 8 GB |
20 / 25 |
| 12200 |
4 / 12 GB |
20 / 50 |
| 12400 |
4 / 12 GB |
25 / 75 |
| 12600 |
6 / 12 GB |
75 / 150 |
| 13500 |
16 / 32 GB |
150 / 250 |
| 21400 |
12 / 24 GB |
125 / 250 |
| 21600 |
16 / 32 GB |
150 / 250 |
| 21700 |
16 / 32 GB |
150 / 250 |
| 41000 |
64 / 64 GB |
250 / 250 |
| 61000 |
12 / 64 GB |
125 / 250 |
| UTM-1 3070 |
4 / 4 GB |
10 / 10 |
| Power-1 9070 |
4 / 8 GB |
50 / 75 |
| Power-1 11000 |
6 / 12 GB |
75 / 125 |
| IP 1280 |
4 / 8 GB |
10 / 50 |
| IP 2450 |
4 / 8 GB |
50 / 75 |
Virtual System Appliances
Pre-configured Virtual Systems bundled with Check Point Security Appliance, Virtual Systems and Software Blades. The Virtual System Appliances are available in single system and high-availability (VSLS) configurations.
| Performance |
| Firewall Throughput (Gbps) |
5 | 9 |
9 | 16 |
11 | 20 |
15 | 27 |
25 | 45 |
| VPN Throughput (Gbps) |
1.2 | 2.1 |
1.5 | 2.7 |
2 | 3.6 |
2.5 | 4.5 |
3.5 | 6 |
| Concurrent Sessions (M) |
1.2 | 1.4 |
1.2 | 1.4 |
3.31 | 41 |
51 | 61 |
51 | 61 |
| Network |
| 10/100/1000Base-T Ports (Def/Max) |
8/12 | 16/24 |
8/12 | 16/24 |
8/16 | 16/32 |
8/16 | 16/32 |
10/26 | 20/52 |
| 1000Base-F SFP Ports (Def/Max) |
0/4 | 0/8 |
0/4 | 0/8 |
0/4 | 0/8 |
0/4 | 0/8 |
0/12 | 0/24 |
| 10GBase-F SFP+ Ports (Def/Max) |
N/A |
N/A |
0/2 | 0/4 |
0/4 | 0/8 |
0/12 | 0/24 |
| Expansion Slots |
1 | 2 |
1 | 2 |
1 | 2 |
1 | 2 |
3 | 6 |
| Additional Features |
| R67 VSX Option |
No |
No |
No |
Yes |
Yes |
| Virtual Systems (Included/Maximum) |
5/10 |
5/10 |
10/25 |
10/50 |
10/75 |
| Physical |
| Enclosure |
1U | 2U |
1U | 2U |
1U | 2U |
1U | 2U |
2U | 4U |
| Weight (lb) |
16.5 | 33.1 |
16.5 | 33.1 |
16.8 | 33.5 |
16.8 | 33.5 |
51.6 | 103.2 |
| Power |
| Dual, Hot-Swap PSU |
No |
No |
Optional |
Yes |
Yes |
| Power Input |
110-240VAC, 47-63Hz |
| Max Power Consumption (W) |
90 | 180 |
90 | 180 |
140 | 280 |
121 | 242 |
132 | 264 |
| DC Power Option2 |
No |
Yes |
Yes |
Yes |
Yes |
| Software Blade |
| Software Blades (Included) |
Firewall, VPN, Identity Awareness, Advanced Networking & Clustering, Mobile Access, IPS, Application Control |
| Performance |
| Firewall Throughput (Gbps) |
30 | 54 |
77 | 138.6 |
50 | 90 |
75 | 135 |
78 | 141 |
| VPN Throughput (Gbps) |
6 | 10.5 |
17 | 30.6 |
7 | 12.5 |
8.5 | 15 |
11 | 27 |
| Concurrent Sessions (M) |
51 | 61 |
281 | 33.61 |
101 | 121 |
131 | 15.61 |
131 | 15.61 |
| Network |
| 10/100/1000Base-T Ports (Def/Max) |
14/26 | 28/52 |
14/26 | 28/52 |
13/37 | 26/74 |
13/37 | 26/74 |
13/37 | 26/74 |
| 1000Base-F SFP Ports (Def/Max) |
0/12 | 0/24 |
0/12 | 0/24 |
0/36 | 0/72 |
0/36 | 0/72 |
0/36 | 0/72 |
| 10GBase-F SFP+ Ports (Def/Max) |
0/12 | 0/24 |
0/12 | 0/24 |
0/12 | 0/24 |
0/13 | 0/26 |
0/13 | 0/26 |
| Expansion Slots |
3 | 6 |
3 | 6 |
3 | 6 |
3 | 6 |
3 | 6 |
| Additional Features |
| R67 VSX Option |
Yes |
No |
Yes |
No |
No |
| Virtual Systems (Included/Maximum) |
20/150 |
20/250 |
20/250 |
20/250 |
20/250 |
| Physical |
| Enclosure |
2U | 4U |
2U | 4U |
2U | 4U |
2U | 4U |
2U | 4U |
| Weight (lb) |
51.6 | 103.2 |
38.6 | 77.2 |
57.4 | 114.8 |
57.4 | 114.8 |
57.4 | 114.8 |
| Power |
| Dual, Hot-Swap PSU |
Yes |
Yes |
Yes |
Yes |
Yes |
| Power Input |
110-240VAC, 47-63Hz |
| Max Power Consumption (W) |
220 | 440 |
431 | 862 |
449 | 898 |
449 | 898 |
489 | 978 |
| DC Power Option2 |
Yes |
Yes |
Yes |
Yes |
Yes |
| Software Blade |
| Software Blades (Included) |
Firewall, VPN, Identity Awareness, Advanced Networking & Clustering, Mobile Access, IPS, Application Control |
1 With memory upgrade and GAiA OS
2 Via a Solution Center Request
