Check Point 61000 Appliance
Scalable performance, advanced security

Overview:

Insights

Large data centers have uncompromising needs for performance, uptime and scalability. High end security gateway solutions must perform network access control within the unique requirements of these environments—ultra-high throughput, connection capacity, session and logging rate—while supporting the latest networking standards like IPv6. With the increase in sophisticated attacks, additional security layers such as IPS, Application Control, URL Filtering, Antivirus and others are also required. In addition to their vast performance and security needs, data center environments are characterized by rigid requirements for high reliability of its various systems. All of these requirements drive the need for redundant, serviceable and highly available components and systems.

Solution

The Check Point 41000 and 61000 Security Systems are built for these demanding environments and are based on proven technologies used by Fortune 100 companies and telecommunication vendors all over the world. The Check Point Firewall, IPS, Application Control and Identity Awareness technologies have been awarded the highest 3rd-party certifications possible including NATO Information Product Catalog; US Government penetration testing; Department of Defense Information Systems Agency, ISO-IEC 15408 and more.

The ATCA compliant, carrier grade design offers unsurpassed scalability, availability and serviceability with high performance and high port density. Redundant Security Switch Modules (SSM) provide switching fabric, physical interface, and routing functions. Redundant Chassis Management Modules (CMM) continuously check and monitor the health of the chassis including fans, power supplies and Security Gateway Modules (SGM). For optimal reliability, Check Point ClusterXL Load Sharing distributes the load between Security Gateway Modules in one chassis and ClusterXL High Availability operates between chassis. Check Point SyncXL provides for highly efficient synchronization of system and security information between components in order to ensure high system performance. Deploy two chassis in high availability mode to eliminate down-time.

These two platforms improve security, protect business continuity and reduce operational costs in complex, mission critical security environments such as data centers, Managed Service Providers and telecommunication companies. By adding more SGMs companies get more security and performance. Because SGMs are hot-swappable, customers can add SGMs, boosting performance to new or existing 41000 and 61000 systems even when those systems are in production.

Product Benefits

• Scalable platform that grows with your business
• High port density with 40GbE and 10GbE fiber ports
• Full redundancy (N+N, N+1) eliminates down-time
• Designed for ease of management and fast deployment

Product Features

• Scalable security solution from 3,200 up to 33,000 SecurityPower units
• High raw firewall performance of up to 80 Gbps in the 41000 and 400 Gbps in the 61000
• Real-world IPS performance up to 25 Gbps in the 41000 and 70 Gbps in the 61000
• High port density with up to 30x10GbE, 4x40GbE in the 41000 and 60x10GbE, 8x40GbE in the 61000
• Intra/Dual-Chassis redundancy
• Carrier grade ATCA compliant chassis

Key Features:

Secures high-demand networks

• Delivers unbeatable security performance from 40 to 120 Gbps of real-world throughput
• Customers can add modules, boosting performance even when those systems are in production
• Protects the most complex networks by supporting dynamic routing protocols

Increases business continuity

• Increases reliability with redundant hot-swappable components
• Increases availability and load sharing with ClusterXL
• Ensures optimal system synchronization and performance with SyncXL

Enhances and extends security as needed with an extensible platform

• Makes it easy to add Security Gateway Modules for more security or higher performance
• Accommodates any Software Blades to enhance security protections
• Provides high port density and high speed connectivity options with Security Switch module

Breakthrough security performance

The 41000 and 61000 Security Systems employ a highly flexible and modular system architecture that significantly boosts security and performance.

The 41000 Security System:

• Starts at 3,200 SecurityPower Units, with 1 Security Gateway Module (SGM)
• Scales to 11,000 SPUs with 4 SGMs

The 61000 Security System:

• Scales easily from 2 to 12 SGMs
• Delivers up to 33,000 total SecurityPower Units, 400 Gbps of firewall throughput, and up to 130 Gbps IPS protection when fully loaded with 12 SGM260s

Reliability and high serviceability

We designed both systems to meet the uncompromising high availability and serviceability standards of modern data centers and telcos.

• Hot-swappable redundant power supplies, hard disk drives and fans
• Carrier-grade availability and serviceability in a rugged rack-mount chassis
• Redundant Chassis Management Modules continuously check and monitor chassis health, including fans, power supplies and SGMs

Integrated with extensible Software Blade Architecture

Each 41000 and 61000 Security System is packaged with a group of preselected Check Point Software Blades—including Firewall, IPsec VPN, Identity Awareness, Advanced Networking, and Acceleration and Clustering. Additional Software Blade upgrades are available to further extend and customize protection options.

The Check Point Software Blade architecture is the first and only security architecture that delivers complete, flexible and manageable security to companies of any size. With unprecedented flexibility and expandability, Software Blades deliver lower cost of ownership and cost-efficient protection that meet any need, today and in the future.

Full integration into the modular Software Blade Architecture allows for rapid and easy activation on any Check Point security gateway and to provide integrated and comprehensive protection.

High network capacity

These systems are designed to flexibly scale and support the needs of large, dynamic networks.

The 41000 Security System:

• Compact 6u chassis offering
• Up to 4xSGM260, 2xSSM160
• Up to 80 million concurrent connections at 1.1 million connections per second

The 61000 Security System:

• Maximum chassis configuration of 10xSGM260 and 4xSSM160
• Supports up to 60 x 10GbE SFP + ports and up to 8 x 40GBase-QSFP ports
• Supports up to 210 million concurrent connections and 3 million sessions per second

Carrier grade

The Check Point 41000 and 61000 Security Systems meet the stringent operating conditions required by telecommunications companies.

• ATCA-compliant architecture
• Compatible with NEBS Level 3 standards
• Secures IPv4 and IPv6 networks utilizing Check Point Acceleration and Clustering technology
• Supports dynamic routing protocols such as RIP, OSPF, BGP, PIM (spares and dense mode) and IGMP

Fast deployment and centralized management

Using the available local management console and intuitive configuration wizard, the entire system can be deployed in less than 30 minutes. For secure and centralized administration anywhere in the network, these systems also work with the Check Point Security Management Software Blades.

Technical Specifications:

Appliance	41000	61000
Performance
SecurityPower1	3200 to 11000	3200 to 33000
Firewall Throughput (Gbps)
Raw2	Up to 80	Up to 400
Production4	Up to 40	Up to 120
VPN AES-128 Throughput (Gbps)	Up to 40	Up to 110
IPS Throughput (Gbps)
Recommended3	Up to 44	Up to 130
Production4	Up to 25	Up to 70
Concurrent Connections	up to 80 million	up to 210 million
Connections per Second	up to 1,100,000	up to 3,000,000
Virtual Systems
Virtual System Support	Yes	Yes
Max VS Supported (Default/Max)	up to 250	up to 250
Hardware Specifications
10GBase-F SFP+ Ports	Up to 30	Up to 60
40GBase-F QSFP  Ports	Up to 4	Up to 8
Expansion Slots	6	14
Security Switch Modules	1 to 2	2 to 4
Security Gateway Modules	1 to 4	2 to 12
Out-of-band Management	Includes 2 Chassis Management Modules (CMM)
Dimensions
Enclosure	6U	15U
Dimensions (standard)	17.64" W x 16.3" D x 10.5" H	17.63" W x 15.2" D x 26.2" H
Dimensions (metric)	448 W x 413.4 D x 266.7mm H	448mm W x 385.6mm D x 665mm H
Max Weight	38.6 kg (84.9 lbs) (Chassis, 3 PSUs, fans, 2 CMM, 4 SGM, 2 SSM)	65.84 kg (145 lbs.) (Chassis, 4 PSUs, fans, 2 CMM, 12 SGM, 2 SSM)
Environment
Operating Environment	Temperature: 23° to 131°F / -5° to 55°C; Relative Humidity 5% to 90% (non-condensing)
Non-Operating Environment	Temperature: -40° to 158°F / -40° to 70°C; Relative Humidity 5% - 95% (non-condensing)
Power
Redundant, Hot-Swap PSUs	3 AC or 2 DC	4 AC or 2 DC
AC Power Supplies	No. of modules: 3 (max) Input: 100-240VAC, 50-60Hz Single module output: 1200W @ 110V, 1500W @ 220V	No. of modules: 4 (max) Input: 100-240VAC, 47-63Hz Single module output: 2500W @ 208V/230V, 1500W @ 110V (USA), 1300W @ 100V (Japan)
DC Power Supplies	No. of modules: 2 (max) Input: -48VDC to -60 VDC 125A	No. of modules: 2 (max) Input: -48V to -60V, four feeds per module, 50 Amps per feed
Power Consumption (Max)	2300W	4900W
Thermal Output (Max)	7847.9 BTU/hour	16719.5 BTU/hour
Certifications
Safety	UL	CB, UL/cUL/SCA, TUV
Emissions	CE, FCC part 15	CE, FCC part 15, VCCI, C-Tick
Environmental	RoHS	RoHS
1 Check Point's SecurityPower is a new benchmark metric that allows customers to select security appliances by their capacity to handle real-world network traffic, multiple security functions and a typical security policy 2 Raw throughput is based on RFC 3511 with 1518 bytes UDP packets 3 Recommended IPS profile, IMIX traffic blend 4 Assumes maximum production throughput environment with real-world traffic blend, a typical rule-base size, NAT and logging enabled and the most secure threat prevention protection

Software Blade	Gateway Mode	Virtual System Mode
Firewall
IPSec VPN
Identity Awareness
Advanced Networking & Clustering
IPS
Application Control
URL Filtering
Antivirus
Anti-Bot
DLP
Mobile Access
- Supported - Not Supported

Documentation:

Download the Check Point 61000 Appliance Datasheet (PDF).