Check Point 21000 Appliances
The 21000 Appliances deliver the industry's best security performance in their class and offer unmatched scalability, serviceability and port density. Benefiting from Check Point's advanced SecureXL, CoreXL and SecurityCore technologies, the 21000 Appliances are capable of delivering stunning performances while maintaining a compact 2 rack-unit physical footprint. With the support of the Software Blade Architecture, up to 110 Gbps firewall throughput and sub 5 micro second latency, the 21000 Appliances are designed to secure the most demanding network environment.
Maximum Security and Performance
- Best performance in their class, delivering over 3,550 SecurityPowerTM Units
- High port density with up to 37x1GbE ports & VLAN capacity for network segmentation
- Optimized for the Software Blades Architecture
- 110 Gbps firewall throughput and sub-5µs latency for mission-critical applications
High Availability and Serviceability
- Modular and multiple network options easily fit into complex network environments
- Redundant and hot-swappable components eliminate downtime
- Expand security functions by enabling additional Software Blades without adding a new appliance
Simple Deployment and Management
- Turn-key solution with pre-loaded Software Blade bundles
- Support both local and central management
- Remote maintenance and support with included Lights-Out-Management
Maximum Security and Performance
Utilizing superior processing power provided by CoreXL and SecureXL technologies and high throughput hardware, the 21000 Appliances are optimized to run multiple Software Blades with maximum performance. You can confidently deploy additional security features on this appliance to provide comprehensive and integrated security for your critical business assets.
* With Security Acceleration Module
Boost Performance with the Security Acceleration Module
The optional Security Acceleration Module improves performance and extends security in high-performance network environments.
The optional Security Acceleration Module improves performance and extends security in high-performance network environments.
The Security Acceleration Module features Check Point's innovative, purpose-built SecurityCore™ technology that uses parallel and security processing power to accelerate security performance. With 108 security cores, security processing of network traffic can be offloaded from the general purpose appliance CPU to the Security Acceleration Module. Leveraging SecurityCore technology, the Security Acceleration Module enables customers to scale and run many security functions in highly demanding and low-latency network environments with improved overall system performance.
The Security Acceleration Module may be ordered pre-bundled with the 21000 Appliances to boost performance right out of the box and at significant savings.
High Network Capacity
High Availability and Serviceability
The 21000 Appliances are equipped with hot-swappable redundant power supplies and disk drives, ensuring business continuity while service is performed.
The 21000 Appliances are equipped with hot-swappable redundant power supplies and disk drives, ensuring business continuity while service is performed.
Optional clustering and serviceable components enables maintenance updates through workload redistribution. Administrators can perform transparent "rolling upgrades" in which nodes are gracefully removed from the cluster, upgraded, and reinserted, all without any disruption to services.
The Light-Out-Management (LOM) module provides out-of-band remote management abilities such as remote diagnostic and remote reboot of the appliance. It ensures the appliance can be quickly brought back online should there be an unforeseen event that disrupted the service.
Integrated with Extensible Software Blade Architecture
The 21000 Appliances are packaged with a set of pre-selected Check Point Software Blades – including Firewall, IPsec VPN, IPS, Anti-Bot, Mobile Access and more – to provide a turn-key security solution for quick deployment. Additional Software Blade upgrades are available to further extend and customize protection options.
The Check Point Software Blade Architecture is the first and only security architecture that delivers complete, flexible and manageable security to companies of any size. With unprecedented flexibility and expandability, Software Blades deliver lower cost of ownership and cost-efficient protection that meet any need, today and in the future.
Full integration into the modular Software Blade Architecture allows for rapid and easy activation on any Check Point security gateway and to provide integrated and comprehensive protection.
All-Inclusive Turn-Key Security Solutions
- Next Generation Firewall (NGFW): identify and control applications by user and scan content to stop threats—with IPS and Application Control.
- Next Generation Data Protection (NGDP): preemptively protect sensitive information from unintentional loss, educate users on proper data handling policies and empower them to remediate incidents in real-time—with IPS, Application Control and DLP.
- Next Generation Threat Prevention (NGTP): apply multiple layers of protection to prevent sophisticated cyber-threats—with IPS, Application Control, Antivirus, Anti-Bot, URL Filtering and Email Security.
- Secure Web Gateway (SWG): enables secure use of Web 2.0 with real time multi-layered protection against web-borne malware—with Application Control, URL Filtering, Antivirus and SmartEvent.
Streamlined Deployment and Management
Hardware Specifications
| Appliance | 21400 | 21600 | 21700 |
|---|---|---|---|
| Performance | |||
| SecurityPower1 | 2,003 / 2,9002 | 2,501 / 3,3002 | 2,922 / 3,5512 |
| Firewall Throughput | 50Gbps / 110Gbps2 | 75Gbps / 110Gbps2 | 78.6Gbps / 110Gbps2 |
| Firewall Latency | < 5μs2 | < 5μs2 | < 5μs2 |
| VPN Throughput | 7Gbps / 50Gbps2 | 8.5Gbps / 50Gbps2 | 11Gbps / 50Gbps2 |
| IPS Throughput (Default / Recommended Profile) | 21Gbps / 6Gbps | 21Gbps / 6.8Gbps | 25Gbps / 8Gbps |
| Concurrent Sessions | 10M3 | 13M3 | 13M3 |
| Connections per Second | 130K / 300K2 | 140K / 300K2 | 170K / 300K2 |
| VLANS | 1024 | 1024 | 1024 |
| Virtual Systems | |||
| Virtual System Support | Yes | Yes | Yes |
| Max VS Supported (Default/Max) | 125 / 250 | 150 / 250 | 150 / 250 |
| Hardware Specifications | |||
| 10/100/1000Base-T Ports | 13 to 37 | 13 to 37 | 13 to 37 |
| 1000Base-F SFP Ports | up to 36 | up to 36 | up to 36 |
| 10GBase-F SFP+ Ports | up to 12 | up to 13 | up to 13 |
| Memory | 12GB / 24GB | 16GB / 32GB | 16GB / 32GB |
| Storage | 2 x 500GB RAID 1 |
2 x 500GB |
2 x 500GB RAID 1 |
| I/O Expansion Slots | 3 | 3 | 3 |
| Acceleration Card Slot | 1 | 1 | 1 |
| LOM | Included | Included | Included |
| Enclosure | 2U | 2U | 2U |
| Dimensions (standard) | 17" W x 28" D x 3.5" H | 17" W x 28" D x 3.5" H | 17" W x 28" D x 3.5" H |
| Dimensions (metric) | 431 mm W x 710 mm D x 88 mm H | 431 mm W x 710 mm D x 88 mm H | 431 mm W x 710 mm D x 88 mm H |
| Weight | 26 kg (57.4 lbs.) | 26 kg (57.4 lbs.) | 26 kg (57.4 lbs.) |
| Operating Environment | Temperature: 32° to 104°F / 0° to 40°C Relative Humidity 20% to 90% (non-condensing) |
Temperature: 32° to 104°F / 0° to 40°C Relative Humidity 20% to 90% (non-condensing) |
Temperature: 32° to 104°F / 0° to 40°C Relative Humidity 20% to 90% (non-condensing) |
| Non-Operating Environment | Temperature: -4° to 158°F / -20° to 70°C Relative Humidity 5% - 95% (non-condensing) |
Temperature: -4° to 158°F / -20° to 70°C Relative Humidity 5% - 95% (non-condensing) |
Temperature: -4° to 158°F / -20° to 70°C Relative Humidity 5% - 95% (non-condensing) |
| Power Input | 100~240VAC, 47~63Hz | 100~240VAC, 47~63Hz | 100~240VAC, 47~63Hz |
| Power Supply Spec (Max) | 2 x 910W | 2 x 1200W | 2 x 1200W |
| Power Consumption (Max) | 449W / 744W2 | 449W / 744W2 | 489W / 784W2 |
| Certifications | Safety: UL, cUL Emissions: CE, FCC Class A Environmental: RoHS |
Safety: UL, cUL Emissions: CE, FCC Class A Environmental: RoHS |
Safety: UL, cUL Emissions: CE, FCC Class A Environmental: RoHS |
1 Check Point's SecurityPower is a new benchmark metric that allows customers to select security appliances by their capacity to handle real-world network traffic, multiple security functions and a typical security policy.
2 With Security Acceleration Module
3 With memory upgrade and GAiA OS
Software Specifications
| Software Blade | NGFW | NGDP | NGTP | SWG | |||
|---|---|---|---|---|---|---|---|
| Software Versions | R71.x, R75.x, R76.x | ||||||
| Firewall | ✔ | ✔ | ✔ | ✔ | |||
| Identity Awareness | ✔ | ✔ | ✔ | ✔ | |||
| IPSec VPN | ✔ | ✔ | ✔ | ✔ | |||
| Advanced Networking & Clustering |
✔ | ✔ | ✔ | ✔ | |||
| Mobile Access1 |
✔ | ✔ | ✔ | * | |||
| IPS | ✔ | ✔ | ✔ | * | |||
| Application Control | ✔ | ✔ | ✔ | ✔ | |||
| DLP | * | ✔ | * | * | |||
| URL Filtering | * | * | ✔ | ✔ | |||
| Antivirus |
* | * | ✔ | ✔ | |||
| Anti-Spam & Email Security | * | * | ✔ | * | |||
| Anti-Bot | * | * | ✔ | * | |||
| Management Blades | |||||||
| Network Policy Management | ✔ | ✔ | ✔ | ✔ | |||
| Logging and Status | ✔ | ✔ | ✔ | ✔ | |||
| SmartEvent | * | * | * | ✔ | |||
| SmartWorkflow | * | * | * | * | |||
| Monitoring | * | * | * | * | |||
| Management Portal | * | * | * | * | |||
| User Directory | * | * | * | * | |||
| SmartProvisioning | * | * | * | * | |||
| SmartReporter | * | * | * | * | |||
| Endpoint Policy Management | * | * | * | * | |||
NGFW = Next Generation Firewall; NGDP = Next Generation Data Protection;
NGTP = Next Generation Threat Prevention; SWG = Secure Web Gateway
✔ - Included
* - Optional
1 Five users are included in default package
The following best practice throughput is based on the SecurityPower benchmark. It assumes a production environment with real-world traffic blend, multiple Security Software Blades, typical rule-base size, NAT & logging enabled and the most secure threat prevention protection.
| Appliance Model | 21400 | 21600 | 21700 |
|---|---|---|---|
| Security Power | 2003/29001 | 2501/33001 | 2922/35511 |
| Production Firewall Throughput (Gbps) | 17.1 | 22 | 25.4 |
| Production Firewall & IPS Throughput (Gbps) | 2.7 | 3.5 | 4.1 |
1 With Security Acceleration Module package
- Products A-Z
- Appliances
- Appliances Overview
- 2200 Appliances
- 4000 Appliances
- 12000 Appliances
- 21000 Appliance
- 61000 Security System
- DDoS Protector Appliances
- SecurityPower
- Secure Web Gateway Appliance
- Threat Prevention Appliance
- Series 80
- UTM-1 Edge
- IP Appliances
- Virtual Systems
- Safe@Office
- Smart-1
- Smart-1 SmartEvent
- Integrated Appliance Solution
- IAS Bladed Hardware
- Software Blades
- Software Blades Overview
- Security Gateway
- Firewall
- IPSec VPN
- IPS
- Mobile Access
- Application Control
- Identity Awareness
- DLP
- Web Security
- URL Filtering
- Anti-Bot
- Antivirus
- Anti-Spam & Email Security
- Advanced Networking & Clustering
- Voice over IP (VoIP)
- Threat Prevention
- ThreatCloud™
- Security Management
- Compliance
- Network Policy Management
- Endpoint Policy Management
- Logging & Status
- SmartWorkflow
- Monitoring
- Management Portal
- User Directory
- SmartProvisioning
- SmartReporter
- SmartEvent
- Multi-Domain Security Management
- Virtualization Security
- Security Gateway Virtual Edition
- Cloud Security
- Virtual Appliance for Amazon Web Services
- Security Systems
- Security Systems Overview
- Endpoint Security
- Endpoint Security
- Full Disk Encryption
- Media Encryption
- Anti-Malware & Program Control
- Remote Access VPN
- Firewall & Compliance
- Check Point WebCheck
- Check Point GO
- Solutions
- Remote Access
- Consumer Products
- ZoneAlarm Antivirus
- ZoneAlarm ForceField
- ZoneAlarm Internet Security Suite
