IP Security Appliances

Overview

Proven for years in complex networking and performance demanding environments Check Point IP security appliances - formerly Nokia IP appliances offer customers turnkey security functionality such as Firewall, VPN and Intrusion Prevention (IPS) across a wide range of models.

Now offered as one solution, the IP appliances are integrated with Check Point latest software blades and include the revolutionary IPS software blade in their standard configuration. The IP appliances offer unsurpassed scalability, high performance, reliability and high port density that reduce operational costs while performing in demanding mission-critical security environments.

Key Benefits

• Integrated security appliance combining hardware and latest software blades from Check Point
• Highly modular and scalable to achieve high performance across a broad spectrum of traffic types
• Carrier-grade serviceability and redundancy driving low mean time to service and ensuring reliability

Features

• Software Blade Architecture
  • Firewall
  • IPsec VPN
  • IPS
  • Acceleration & Clustering
  • Advanced Networking
  • Extensibility with optional software blades
• Accelerated Data Path (ADP) Service Modules
• Advanced routing and Networking
• High performance and high availability clustering
• Voyager web-based configuration, monitoring and management
• Large Portfolio of Interface Options
• Carrier Grade Serviceability and Redundancy

Flexible Software Blade Architecture
Check Point IP Appliances are based on Check Point's Software Blade Architecture. Check Point Software Blade architecture is the first and only architecture that delivers total, flexible and manageable security to companies of any size. With unprecedented flexibility and expandability, Check Point Software Blades deliver lower cost of ownership and cost-efficient protection that meet any need, today and in the future.

IP appliances include the following software blades:

• Firewall Software Blade
• IPsec VPN Software Blade
• SmartEvent Software Blade
• Acceleration & Clustering Software Blade
• Advanced Networking Software Blade

Extensible with additional Check Point Software Blades: Quickly meet new security threats
IP Appliances come with a pre-configured set of software blades. IP Appliance can be quickly and easily extended to meet new and evolving security requirements with additional Check Point Software Blades such as: Web Security and VoIP.

Accelerated Data Path (ADP) Modules
Check Point Accelerated Data (ADP) modules are hardware options that can be inserted into IP Appliances to improve traffic performance and extend appliance utilization. With ADP, CPU workloads can be shared between the main processor and the ADP module processor to increase performance without having to completely replace existing hardware.

Advanced Routing and Networking
IP Appliances incorporate advanced routing protocols that support a broad range of traffic types including PIM, RIP, OSFP and BGP. It also supports traffic monitoring and error handling to enable remote troubleshooting, capacity planning and configuration management.

High Performance and High Availability Clustering
To help ensure business continuity and balanced performance, several high availability solutions are available for IP appliances. Virtual Router Redundancy Protocol (VRRP) and patented IP Appliance clustering technology provide robust and scalable high availability for IP appliances. These technologies allow several independent IP appliances to join together for a common security goal as one virtual machine.

Network Voyager
Check Point Network Voyager offers web-based configuration, monitoring and management, allowing network administrators to manage IP Appliances remotely through a feature rich GUI. From the Network Voyager interface, administrators can easily manage hardware, OS and application deployment, networking, routing, troubleshoot systems or optimize a configuration, manage high availability, set role-based administration and monitor network traffic and IP appliance health.

Interface Options
Check Point IP Appliances come with a large portfolio of interface options including copper and fiber Ethernet with a range of port density and performance options up to 10Gbps and T1 WAN. They also come with storage options: HDD, flash or hybrid.

Carrier Grade Serviceability and Redundancy
Optionally available IP appliance clustering enables maintenance updates through workload redistribution. Administrators can perform transparent "rolling upgrades," in which nodes are gracefully removed from the cluster, upgraded, and reinserted, all without any disruption to end-user operations.

Other features include:

• Hot swappable hard drives, fans, and power supplies available in some models
• Easy access design (slide out trays, slide in cards)
• Retrofit ADP modules to extend the appliance's performance
• DC power supplies available in some models

IP Appliance Models

IP1285 & IP2455:	Solution for large business and service provider. Provide Firewall, VPN, IPS, Advanced Networking and Acceleration and Clustering. Support optional ADP service modules.
IP695:	Solution for medium to large business and service provider. Provide Firewall, VPN, IPS, Advanced Networking and Acceleration and Clustering. Support optional ADP service modules.
IP565:	Solution for medium to large business. Provide Firewall, VPN, and IPS, Advanced Networking and Acceleration and Clustering.
IP395:	Solution for small to medium business and large branch office. Provide Firewall, VPN, and IPS, Advanced Networking and Acceleration and Clustering.
IP295:	Solution for small office, branch office and extended business. Provide business-class Firewall, VPN, and IPS, Advanced Networking and Acceleration and Clustering.
IP282:	Solution for small office, branch office and extended business. Provide business-class Firewall and VPN.

Software Specifications

IP Appliances	IP282	IP295	IP395	IP565	IP695	IP1285	IP2455
Software Edition	R70 R71	R70 R71	R70 R71	R70 R71	R70 R71	R70 R71	R70 R71
Firewall Software Blade
IPsec VPN Software Blade
IPS Software Blade	*
Acceleration & Clustering	*
Advanced Networking	*
Web Security	*	*	*	*	*	*	*
Voice over IP	*	*	*	*	*	*	*

NOTE: Check Point R65 also supported

- Included
* - Optional

Appliance Highlights

Performance	IP282	IP295	IP395	IP565	IP695	IP1285	IP2455
Firewall Throughput	1.5 Gbps	1.5 Gbps	3.0 Gbps	7 Gbps	7.2 Gbps 11.7 Gbps1	10.3 Gbps 17.5 Gbps1	11 Gbps 30 Gbps1
VPN Throughput	1.0 Gbps	1.0 Gbps	677 Mbps	1.7 Gbps	1.9 Gbps 3.3 Gbps1	1.9 Gbps 8.3 Gbps1	1.9 Gbps 8.3 Gbps1
IPS Throughput	1.4 Gbps	1.4 Gbps	2.9 Gbps	2.9 Gbps	4 Gbps	7 Gbps	9 Gbps
Concurrent Sessions	900,000	900,000	1M	1M	1M	1M	1M
VLANS	10242	10242	10242	10242	10242	10242	10242
ADP Module	-	-	-	-	Optional	Optional	Optional
VPN Acceleration	Optional	Optional	Included	Included	Included	Included	Included

¹ - Performance without ADP and with ADP
² - Maximum of 256 VLANs per interface

Hardware Technical Specifications

	IP282	IP295	IP395	IP565	IP695	IP1285	IP2455
10/100/1000 Ports	6	6/8	4/8	4/12	4/16	4/28	4/32
10 GbE Ports	-	-	-	-	61	101	101
Storage	40 GB	40 GB	80 GB	80 GB	80 GB	80 GB	80 GB
Disk-Based or Flash	Disk	Disk or Flash	Disk or Flash	Disk or Flash	Disk or Flash	Disk or Flash	Disk or Flash
Enclosure	1U/half rack	1U/half rack	1U	1U	1U	2U	2U
Dimensions (standard)	8.52 x 18 x 1.71 in.	8.52 x 18 x 1.71 in.	17 x 16 x 1.71 in.	17.23 x 22 x 1.71 in.	17.23 x 24 x 1.71 in.	17.23 x 24.11 x 3.46 in.	17.23 x 24.11 x 3.46 in.
Dimensions (metric)	216 x 457 x 44 mm	216 x 457 x 44 mm	432 x 406 x 44 mm	438 x 559 x 44 mm	438 x 610 x 44 mm	438 x 613 x 88 mm	438 x 613 x 88 mm
Weight	5.1kg (11.25 lbs)	5.1kg (11.25 lbs)	7.71kg (17.0 lbs)	11.84kg (26.1 lbs)	12.38kg (27.3 lbs)	19.6kg (43.2 lbs)	20.57kg (45.35 lbs)
Operating Environment	Temperature: 0° to 40° C2, Humidity: 5% - 95% non-condensing, Altitude: 3048m
Power Input	100-240V 50-60Hz
Power Supply Spec (Max)	133W	133W	150W	225W	250W	700W	700W
Power Consumption (Max)			100W	165W
DC Power Supply	-	-	-	-	-	Optional	Optional
Compliance	UL60950-1, First Edition: 2003, CAN/CSAC22.2, No 60950:2000, IEC60950-1: 2001, EN60950-1:2001+A11 with Japanese National Deviations / Emission Compliance: FCC Part 15, Subpart B, Class A, EN50024,EN55022A: 1998, CISPR 22 Class A: 1985, EN61000-3-2, EN61000-3-3 / Immunity: EN55024: 1998 ROHS

¹ Optional
² IP395 can go to 50° C

Security Specifications

	Protection Details
Firewall Software Blade
Protocol/application support	Secures more than 200 applications and protocols
VoIP protection	SIP, H.323, MGCP, and SCCP with NAT support
Instant messaging control	MSN, Yahoo, ICQ, Skype, GoogleTalk, and QQ Instant Messenger
Peer-to-peer blocking	Kazaa, Gnutella, BitTorrent, eMule, DirectConnect, Soulseek, Thunder, and Winny
Network address translation	Static/hide NAT support with manual and automatic rules
Layer-2 bridge support	Transparently integrates into existing network
IPsec VPN Software Blade
Encryption support	AES 128-256 bit, 3DES 56-168 bit
Authentication methods	Password, RADIUS, TACACS, X.509, SecurID, LDAP
Certificate authority	Integrated certificate authority (X.509)
VPN communities	Automatically sets up site-to-site connections as objects are created
Topology support	Star and mesh
Route-based VPN	Utilizes virtual tunnel interfaces; numbered/unnumbered interfaces
VPN agent support	Complete Endpoint security with VPN, desktop firewall
SSL-based remote access	Fully integrated SSL VPN gateway provides on-demand SSL-based access
SSL-based endpoint scanning	Scans endpoint for compliance/malware prior to admission to the network
IPS Software Blade
Network-layer protection	Blocks attacks such as DoS, port scanning, IP/ICMP/TCP-related
Application-layer protection	Blocks attacks such as DNS cache poisoning, FTP bounce, improper commands
Detection methods	Signature-based, behavioral, and protocol anomaly
Advanced Networking Software Blade
ISP redundancy	Load sharing or primary/backup
Leading Edge Routing support	Unicast IPv4 and IPv6 routing including OSPF and BGP, advanced multicast with PIM-SSM/IGMPv3
Quality of Service	Provides granular QoS control
Acceleration and Clustering Software Blade
CoreXL1	Balances security decisions across multiple cores
SecureXL	Offloading of security inspection to a performance-optimized software module
SecureXL firewall security features	Access control, encryption, NAT, accounting and logging, connection/session rate, general security checks, IPS features, CIFs resources, TCP sequence verification, dynamic VPN
High availability	Choice of IP Clustering anf VRRP:(Active/passive and active/active failover options)
State synchronization (clustering)	Ensures stateful failover of connections
Sync members supported (clustering)	Up to 4 members
Load balancing	IP Clustering provides near linear scaling
Link Aggregation	Load balancing and high availability the interfaces
Critical device notifications	Network interfaces, synchronization status, hardware monitor, firewall policy status, load balancing process status, and firewall process status
Management and reporting
Centralized management	Managed by Check Point centralized Security Management and Provider-1
Monitoring/logging	SmartView Tracker™ provides advanced monitoring and logging
Reporting	Fully integrated with the Monitoring, SmartReporter, and SmartEvent Software Blades
Command line interface	CLI for device and cluster
IPSO Platform
CoreXL1	Pre-hardened, optimized operating system
USB Modem and Aux support	Provides for Out of Band Management
Traffic Monitoring & NetFlow Support	Understand, Optimize, capacity planning for your network traffic
Web based administration	Enables quick, easy, and secure administration from anywhere in the network
Backup and restore	For disaster recovery planning
Centralized administrative rights	RADIUS authentication and RADIUS groups
DHCP support	DHCP server and relay

¹ Included in the Security Gateway Container

Support and Warranty

Check Point offers a range of support programs for customers using our appliances covering both software and hardware issues.

Check Point offers support online, by phone and onsite directly or via its network of partners. Opening a ticket online with Check Point Support via Check Point User Center.

Support Programs for Appliances
Check Point's Appliance Support programs provide technical support, software updates and upgrades, and the replacement of faulty hardware.

Please visit our Support Programs for more information or Compare Programs for a summary of features.

Hardware Warranty
Check Point warrants that hardware components of its appliances shall be free from material defects and will function according to the documentation provided for a period of one year from the date of appliance activation by Check Point. If the unit has a hardware failure during this warranty period, customer can begin a RMA process. Please visit Hardware Warranty for more information.

Check Point Enterprise Support Lifecycle Policy
Check Point Enterprise Support Lifecycle Policy outlines the product support guidelines for a product's lifecycle. The objective of this policy is to standardize and normalize product lifecycle practices, thereby enabling Check Point customers to make more informed purchase, support and upgrade decisions.

All Check Point products (except third-party products sold by Check Point) are covered by this policy. Customers who are operating Check Point products under a valid Support & Maintenance Agreement are entitled to the benefits associated with this policy.