Check Point 21000 Appliances

The 21000 Appliances are designed for data centers with the most demanding requirements for performance and high availability. They are ideal for low-latency transactions, with sub 5 micro-second latency, and they deliver excellent serviceability features for cost-efficient operation.

Benefits

Delivers the best performance in its class

  • Up to 44.5 Gbps of real-world firewall throughput
  • Up to 6.9 Gbps of real-world IPS throughput
  • Supports sub 5 micro-second low-latency transactions

Supports high availability and serviceability

  • Offers a variety of network options to work in any network environment
  • Offers Lights-Out-Management option for remote out-of-band management
  • Enables service without downtime thanks to hot-swap and redundant components

Reduces costs through security consolidation

  • Extends easily to add more security features without adding a new appliance
  • Available in four complete and Software Blade packages that meet any security need
  • Available in a low-cost, high-performance package with extended memory for maximum connection capacity

Features

Maximum security and performance

The Check Point 21000 Appliances offer maximum availability of business-critical applications and the best performance available in their class.

  • High port density with up to 37x1GbE ports for network segmentation
  • 110 Gbps firewall throughput and sub-5µs latency for mission-critical applications
  • Comes in compact 2-rack unit chassis
  • Comes with acceleration and clustering technologies

Security acceleration module for greater performance confidence

With the optional Security Acceleration Module, you can confidently increase firewall and VPN bandwidth through your 21000 Appliance without performance degradation. Check Point’s innovative, purpose-built SecurityCore™ technology uses parallel and security processing power to accelerate security performance.

  • Offloads security processing from the general purpose appliance CPU
  • Available as a bundle for significant savings right out of the box

Reliability and high serviceability

Meet the uncompromising high availability standards of modern data centers; the 21000 Appliances are designed to be highly serviceable, even when deployed in customer networks.

  • Hot-swappable redundant power supplies, hard disk drives and fans
  • An advanced Lights-Out-Management card provides out-of-band remote management to remotely diagnose, start, restart and manage the appliance from a remote location

High network capacity

Deploy the Check Point 21000 Appliances in any network environment.

  • Up to 37 10/100/1000Base-T ports
  • Up to 36 1000base-F SFP, or up to 13 10GBase-F SFP+ ports
  • Three front-facing expansion slots
  • Up to 1,024 VLANs for higher network segmentation

Prevent unknown threats

Check Point provides complete zero-day threat prevention and alerts when under attack. Threat Extraction delivers zero-malware documents in zero seconds. Threat Emulation inspects files for malicious content in a virtual sandbox. When Threat Emulation discovers new threats, a signature is sent to the Check Point ThreatCloud database which documents and shares information on the newly identified malware with other Check Point customers — providing immediate protection against zero-day threats.

Pre-configured with Next Generation Software Blade packages

Pre-configured with Next Generation Software Blade packages The Check Point 21000 Appliances offer a complete and consolidated security solution available in five Next Generation Security Software Blade packages.

  • Next Generation Firewall—identify and control applications by user and scan content to stop threats (included Blades: IPS and Application Control)
  • Next Generation Secure Web Gateway—enable secure use of Web 2.0 with real-time multilayer protection against web-borne malware (included Blades: Application Control, URL Filtering, Antivirus and SmartEvent)
  • Next Generation Data Protection—preemptively protect sensitive information from unintentional loss, educate users on proper data-handling policies and empower them to remediate incidents in real-time (included Blades: IPS, Application Control and Data-Loss Prevention).
  • Next Generation Threat Prevention—apply multiple layers of protection to prevent sophisticated cyber-threats (included Blades: IPS, Application Control, Antivirus, Anti-Bot, URL Filtering and Email Security)
  • Next Generation Threat Extraction—(NGTX): advanced next-gen zero-day threat prevention, NGTP with Threat Emulation and Threat Extraction.
  • Additional Software Blade upgrades are available to further extend and customize protection options


Learn More

Specifications

Appliance

21400

21700

21800

Performance
SecurityPower1

2175 / 29002

3300 / 35512

4100 / 43002

Firewall Throughput (Gbps)
 Raw3

50 / 1102

78.6 / 1102

78.6 / 1102

 Production5

17.1 / 44.32

25.4 / 44.52

30.4 / 44.52

Firewall Latency2

< 5μs

< 5μs

< 5μs

VPN AES-128 Throughput (Gbps)

7 / 502

11 / 502

23.5 / 502

IPS Throughput (Gbps)
 Recommended4

6

8

9.9

 Production5

3.67

5.7

6.9

Concurrent Connections

10M

13M

28M

Connections per Second

130K / 300K2

170K / 300K2

198K / 300K2

Virtual Systems
Virtual System Support

Yes

Yes

Yes

Max VS Supported (Default/Max)

125 / 250

150 / 250

150 / 250

Hardware Specifications
10/100/1000Base-T Ports

13 to 37

13 to 37

13 to 37

1000Base-F SFP Ports

up to 36

up to 36

up to 36

10GBase-F SFP+  Ports

up to 12

up to 13

up to 13

Memory

12, 24 GB

16, 32, 64 GB

16, 32, 64 GB

Storage

2 x 500 GB HDD RAID1

2 x 500 GB HDD RAID1

2 x 500 GB HDD RAID1

I/O Expansion Slots

3

3

3

LOM

Included

Included

Included

Dimensions
Enclosure

2U

2U

2U

Dimensions (standard)

17" W x 28" D x 3.5" H

Dimensions (metric)

431 mm W x 710 mm D x 88 mm H

Weight

26 kg (57.4 lbs.)

Environment
Operating Environment

Temperature: 32° to 104°F / 0° to 40°C; Relative Humidity 20% to 90% (non-condensing)

Non-Operating Environment

Temperature: -4° to 158°F / -20° to 70°C; Relative Humidity 5% - 95% (non-condensing)

Power
Redundant Hot-Swap Power Supply

Yes

Yes

Yes

Power Input

100~240VAC, 47~63Hz

Power Supply Spec (Max)

2 x 910W

2 x 1200W

2 x 1200W

Power Consumption (Max)

449W / 744W2

489W / 784W2

489W / 784W2

Certifications
Safety

CB, UL, cUL, CSA, TUV

Emissions

CE, FCC VCCI, C-Tick

Environmental

RoHS

1 Check Point's SecurityPower is a new benchmark metric that allows customers to select security appliances by their capacity to handle real-world network traffic, multiple security functions and a typical security policy
2 With Security Acceleration Module
3 Raw throughput is based on RFC 3511 with 1518 bytes UDP packets
4 Recommended IPS profile, IMIX traffic blend
5 Assumes maximum production throughput environment with real-world traffic blend, a typical rule-base size, NAT and logging enabled and the most secure threat prevention protection
6 Effective October 31, 2014 Check Point will no longer sell the 21600 Appliance. Visit the Support Lifecycle page to learn about replacement appliances.
Software Blade

NGFW

NGDP

NGSWG

NGTP

NGTX

Firewall

Identity Awareness

IPSec VPN

Advanced Networking & Clustering

Mobile Access 1

*

IPS

*

Application Control

DLP

*

*

*

*

URL Filtering

*

*

Antivirus 

*

*

Anti-Spam & Email Security

*

*

*

Anti-Bot

*

*

*

Threat Extraction

*

*

*

*

/products/21000-appliances/

*

*

*

*

Management Blades
Network Policy Management

Logging and Status

SmartEvent

*

*

*

*

SmartWorkflow

*

*

*

*

*

Monitoring

*

*

*

*

*

Management Portal

*

*

*

*

*

User Directory

*

*

*

*

*

SmartProvisioning

*

*

*

*

*

SmartReporter

*

*

*

*

*

Endpoint Policy Management

*

*

*

*

*

 Compliance

*

*

*

*

*

NGFW  = Next Generation Firewall;    NGDP  = Next Generation Data Protection;   NGTP = Next Generation Threat Prevention; NGSWG = Next Generation Secure Web Gateway
✔ - Included
* - Optional
1 Five users are included in default package