The 21000 Appliances deliver the industry’s best security performance in their class and offer unmatched scalability, serviceability and port density. Benefiting from Check Point’s advanced SecureXL, CoreXL and SecurityCore technologies, the 21000 Appliances are capable of delivering stunning performances while maintaining a compact 2 rack-unit physical footprint. With the support of the Software Blade Architecture, up to 110 Gbps firewall throughput and sub 5 micro second latency, the 21000 Appliances are designed to secure the most demanding network environment.

Benefits

Maximum Security and Performance
  • Best performance in their class, delivering up to 4,300 SecurityPower Units
  • High port density with up to 37x1GbE ports & VLAN capacity for network segmentation
  • Optimized for the Software Blades Architecture
  • 110 Gbps firewall throughput and sub-5µs latency for mission-critical applications
High Availability and Serviceability
  • Modular and multiple network options easily fit into complex network environments
  • Redundant and hot-swappable components eliminate downtime
  • Expand security functions by enabling additional Software Blades without adding a new appliance
Simple Deployment and Management
  • Turn-key solution with pre-loaded Software Blade bundles
  • Support both local and central management
  • Remote maintenance and support with included Lights-Out-Management

Features

The Check Point 21000 Appliances offer maximum availability of business-critical applications with over 4,300 SecurityPower Units, up to 110 Gbps of firewall throughput with sub 5µs latency and VPN throughput of up to 50 Gbps*.

Utilizing superior processing power provided by CoreXL and SecureXL technologies and high throughput hardware, the 21000 Appliances are optimized to run multiple Software Blades with maximum performance. You can confidently deploy additional security features on this appliance to provide comprehensive and integrated security for your critical business assets.

* With Security Acceleration Module

The optional Security Acceleration Module improves performance and extends security in high-performance network environments.

The Security Acceleration Module features Check Point’s innovative, purpose-built SecurityCore™ technology that uses parallel and security processing power to accelerate security performance. With 108 security cores, security processing of network traffic can be offloaded from the general purpose appliance CPU to the Security Acceleration Module. Leveraging SecurityCore technology, the Security Acceleration Module enables customers to scale and run many security functions in highly demanding and low-latency network environments with improved overall system performance.

The Security Acceleration Module may be ordered bundled with the 21000 Appliances to boost performance right out of the box and at significant savings.

Supporting up to 37 10/100/1000Base-T ports, up to 36 1000base-F SFP, or up to 13 10GBase-F SFP+ ports via three front-facing expansion slots, the Check Point 21000 Appliances are designed to be deployed in any network environment. Additionally, 1024 Virtual LANs (VLANs) can be created to further expand the network segmentation capability.

The 21000 Appliances are packaged with a set of preselected Check Point Software Blades – including Firewall, IPsec VPN, IPS, Anti-Bot, Mobile Access and more – to provide a turn-key security solution for quick deployment. Additional Software Blade upgrades are available to further extend and customize protection options.

The Check Point Software Blade Architecture is the first and only security architecture that delivers complete, flexible and manageable security to companies of any size. With unprecedented flexibility and expandability, Software Blades deliver lower cost of ownership and cost-efficient protection that meet any need, today and in the future.

Full integration into the modular Software Blade Architecture allows for rapid and easy activation on any Check Point security gateway and to provide integrated and comprehensive protection.

The Check Point 21000 Appliances offer a complete and consolidated security solution in a 2U form factor based on the Check Point Software Blade architecture. Available in four software packages, the platform provides up-to-date and extensible security protection.

  • Next Generation Firewall (NGFW): identify and control applications by user and scan content to stop threats—with IPS and Application Control.
  • Next Generation Data Protection (NGDP): preemptively protect sensitive information from unintentional loss, educate users on proper data handling policies and empower them to remediate incidents in real-time—with IPS, Application Control and DLP.
  • Next Generation Threat Prevention (NGTP): apply multiple layers of protection to prevent sophisticated cyber-threats—with IPS, Application Control, Antivirus, Anti-Bot, URL Filtering and Email Security.
  • Next Generation Secure Web Gateway (SWG): enables secure use of Web 2.0 with real time multilayer protection against web-borne malware—with Application Control, URL Filtering, Antivirus and SmartEvent.

Each 21000 Appliance offers Local Management with an intuitive wizard to facilitate initial configuration. Optional Web-based administration and central management capabilities via Check Point Security Management Software Blades are also available to ensure quick, easy and secure administration from anywhere in the network.

Specifications

Appliance

21400

21700

21800

1 Check Point's SecurityPower is a new benchmark metric that allows customers to select security appliances by their capacity to handle real-world network traffic, multiple security functions and a typical security policy
2 With Security Acceleration Module
3 Raw throughput is based on RFC 3511 with 1518 bytes UDP packets
4 Recommended IPS profile, IMIX traffic blend
5 Assumes maximum production throughput environment with real-world traffic blend, a typical rule-base size, NAT and logging enabled and the most secure threat prevention protection
6 Effective October 31, 2014 Check Point will no longer sell the 21600 Appliance. Visit the Support Lifecycle page to learn about replacement appliances.
Performance
SecurityPower1

2175 / 29002

3300 / 35512

4100 / 43002

Firewall Throughput (Gbps)
 Raw3

50 / 1102

78.6 / 1102

78.6 / 1102

 Production5

17.1 / 44.32

25.4 / 44.52

30.4 / 44.52

Firewall Latency2

< 5μs

< 5μs

< 5μs

VPN AES-128 Throughput (Gbps)

7 / 502

11 / 502

23.5 / 502

IPS Throughput (Gbps)
 Recommended4

6

8

9.9

 Production5

3.67

5.7

6.9

Concurrent Connections

10M

13M

28M

Connections per Second

130K / 300K2

170K / 300K2

198K / 300K2

Virtual Systems
Virtual System Support

Yes

Yes

Yes

Max VS Supported (Default/Max)

125 / 250

150 / 250

150 / 250

Hardware Specifications
10/100/1000Base-T Ports

13 to 37

13 to 37

13 to 37

1000Base-F SFP Ports

up to 36

up to 36

up to 36

10GBase-F SFP+  Ports

up to 12

up to 13

up to 13

Memory

12, 24 GB

16, 32, 64 GB

16, 32, 64 GB

Storage

2 x 500 GB HDD RAID1

2 x 500 GB HDD RAID1

2 x 500 GB HDD RAID1

I/O Expansion Slots

3

3

3

LOM

Included

Included

Included

Dimensions
Enclosure

2U

2U

2U

Dimensions (standard)

17" W x 28" D x 3.5" H

Dimensions (metric)

431 mm W x 710 mm D x 88 mm H

Weight

26 kg (57.4 lbs.)

Environment
Operating Environment

Temperature: 32° to 104°F / 0° to 40°C; Relative Humidity 20% to 90% (non-condensing)

Non-Operating Environment

Temperature: -4° to 158°F / -20° to 70°C; Relative Humidity 5% - 95% (non-condensing)

Power
Redundant Hot-Swap Power Supply

Yes

Yes

Yes

Power Input

100~240VAC, 47~63Hz

Power Supply Spec (Max)

2 x 910W

2 x 1200W

2 x 1200W

Power Consumption (Max)

449W / 744W2

489W / 784W2

489W / 784W2

Certifications
Safety

CB, UL, cUL, CSA, TUV

Emissions

CE, FCC VCCI, C-Tick

Environmental

RoHS

Software Blade

NGFW

NGDP

NGTP

NGSWG

NGFW  = Next Generation Firewall;    NGDP  = Next Generation Data Protection;   NGTP = Next Generation Threat Prevention; NGSWG = Next Generation Secure Web Gateway
✔ - Included
* - Optional
1 Five users are included in default package
Firewall

Identity Awareness

IPSec VPN

Advanced Networking & Clustering

Mobile Access 1

*

IPS

*

Application Control

DLP

*

*

*

URL Filtering

*

*

Antivirus 

*

*

Anti-Spam & Email Security

*

*

*

Anti-Bot

*

*

*

Management Blades
Network Policy Management

Logging and Status

SmartEvent

*

*

*

SmartWorkflow

*

*

*

*

Monitoring

*

*

*

*

Management Portal

*

*

*

*

User Directory

*

*

*

*

SmartProvisioning

*

*

*

*

SmartReporter

*

*

*

*

Endpoint Policy Management

*

*

*

*

 Compliance

*

*

*

*