New appliance product line announced by CheckPoint

On the 5th of October, CheckPoint announced new appliances to unify the IP, UTM and Power-series into one product line: The CheckPoint 2012 appliances.

7 new models were released, and started shipping, today;
1 low-end branch-/small office: 2200 series
3 enterprise-grade appliances: 4200, 4600 and 4800 series
3 datacenter appliances: 12200, 12400 and 12600 series

In addition you’ll find the existing 21400 appliance, 61000 security system and VSX appliances as a part of the same product line.  VSX are available on the 12200, 12600 and 21400 platforms.

 

The design principles of the new appliance series is
– Performance
– Hardware redundancy
– Flexibility in choosing network connectivity
– LOM (Lights out management)
– Best security

Old models and their successors

UTM-1 130 > 2200 Appliance
UTM-1 270 > 4200 Appliance
UTM-1 570, IP 290 appliance > 4600 Appliance
UTM-1 1070, UTM-1 2070,IP 390 > 4800 Appliance
UTM-1 3070, IP 560 > 12200 Appliance
Power-1 5070, IP 690 > 12400 Appliance
Power-1 9070, IP 1280 > 12600 Appliance
Power-1 11000, IP 2450 > 21400 Appliance



Different packaging

The package model shipped, defining what blades come with the appliances is divided into xx05(only 2200, 4000 and 61000-series), xx07, xx08 xx10.

The 5-blade package, like 4205, comes with FW, Identity Awareness, VPN, Advanced Networking & Clustering and Mobile access*

And the 7-blade package adds IPS and Application control on top of those again.

The 8-blade package adds DLP

The 10-blade package adds Anti-spam, URL-filtering and AV – But not DLP.


CheckPoint throwing in these blades as “basic” is not surprising as Next Generation Firewalls are defined as a security product integrating Firewall, IPS, Application Control and users & group policies (CheckPoints Identity Awareness) into one product.


* Mobile Access for 5 concurrent users, to allow customer to experiment with the software blade. Note, when you add a CPSB-MOB-50 it will override the pre-installed 5 user-license and support a maximum of 50 concurrent users.


Performance 

One of the three main points conveyed by Gil Schwed, was 3x performance boost to the same price as before.

And according to CheckPoints FW/IPS-throughput, SecurityPower, concurrent sessions and port density they have anything from doubled to tripled their numbers while the price is roughly the same.

If the appliances can indeed deliver what they promise – we should be very pleased with the new series.


Hardware redundancy and flexibility 

The new appliances, depending on the models, allow you to tailor your appliance into a satisfactory level of performance, port density, port connectivity and redundancy.


    

  • Hot-swappable redundant power supplies are optional from the 4800-model and up, and included from the 12400-series and up.
    • 

  • Hard drive redundancy from the 12200-series and up.
    • 



 Memory

While not mentioned specifically in the presentation, the datasheets reveal that memory can be expanded up to 8 GB for 4800-model and 12 GB for the 12000-series.


 Expansion slots and interface cards 

All models, except the 2200-series, have expansion slots. There is one slot from 4200 and up to 12200 and three slots from 12400 and up.

These slots can be used to install interface cards, and the following ones are found on CheckPoints website


4 Port 10/100/100 Base-T RJ45 interface card (CPAC-4-1C-INSTALL / $2,500)

8 Port 10/100/100 Base-T RJ45 interface card (CPAC-8-1C-INSTALL / $6,000)


4 Port 1000Base-F SFP interface card. (CPAC-4-1F-INSTALL / $3,600)

SFP transceiver for 1G fiber ports for CPAC-4-1F – 1000Base-LX (CPAC-TR-1LX / $1,000)

SFP transceiver for 1G fiber ports for CPAC-4-1F – 1000Base-SX (CPAC-TR-1SX / $500)


2 Port 10GBase-F SFP+ interface card (CPAC-2-10F-INSTALL / $10,000)

4 Port 10GBase-F SFP+ interface card (CPAC-4-10F-INSTALL / $19,000)

SFP+ transceiver for 10G fiber ports for CPAC-2/4-10F – 10GBase-LR (CPAC-TR-10LR / $2,500)

SFP+ transceiver for 10G fiber ports for CPAC-2/4-10F – 10GBase-SR (CPAC-TR-10SR / $1,000)


The 4800 model and up support 2x 10GbE-interface cards, SFP+

The 12200 model and up support 4x 10GbE-interface cards, SFP+

The 4800 model and up support 8 Base-T RJ45 interface card


Max ports Base-T

8 – 4200 (4/8 default port numbers)

12 – 4600 (8/12)

16 – 4800/12200 (8/16)

26 – 12400 (10/26) and 12600 (14/26)


Max ports 1000Base-F SFP

4 – 4200, 4600, 4800, 12200

12 – 12400, 12600


Max ports 10Base-F SFP+

2 – 4800

4 – 12200

12 – 12400, 12600


LOM – Lights out management

From the 4800-series and up, you can acquire Lights out management (CPAC-LOM-INSTALL / $2,500).

This module provides out-of-band remote management for remote diagnostic, remote reboot, installation of OS and so on.


Warranty and support

The appliances and come with one year warranty and you are required to buy support for accessories in addition to the appliance itself.


Operating system

The appliances run SPLAT R75, but is optimized for Gaia. So running Gaia on the appliances when it goes GA in 2012 should not be an issue. =)


I’m happy with this new release as CheckPoint, and certainly that they are taking a step closer to releasing only NGFWs. And that without increasing the price significantly.

And hopefully the appliances can deliver what CheckPoint promise.


Download as PDF



	
	


	

		5.00 avg. rating (99% score) - 1 vote	



			

	
			

			

								

					
Author: Gos

					
Have been working in the IT business since 2003 and have had network and security as field of focus since 2008.

				

			

		

	


	

		
Leave a Reply 
Your email address will not be published. Required fields are marked *