Next Generation Firewall

The Check Point Next Generation Firewall extends the power of the firewall beyond stopping unauthorized access by adding IPS and Application Control protection. Next Generation Firewalls come in many sizes and offer throughput of up to 110 Gbps.


Advanced Next Generation Firewall in One Appliance

  • Dedicated Firewall
  • Includes Application Control and IPS protection
  • Integrated management for better and faster understanding of security events

Proven gateway security with industry-leading firewall performance

  • Protects over 170,000 customers and 100% of Fortune 100
  • Includes patented stateful packet inspection
  • Up to 40 Gbps firewall throughput with real-world traffic mix (IMIX)

User and machine identity awareness balance security and business need

  • Enables granular policy definitions per user and group
  • Seamless integration with Active Directory
  • Ideal for protecting environments with social media and Internet applications

Integrated into Check Point Software Blade Architecture

  • Centralized management, logging and reporting via a single console
  • Automatic activation of Firewall Software Blade on security gateway systems


Access Control

The Firewall Software Blade enables network administrators to securely control access to clients, servers and applications. With detailed visibility into the users, groups, applications, machines and connection types, the Check Point Firewall Software Blade enables network administrators to provide superior protection across the entire security gateway.

User and Machine Awareness

User and machine awareness balances security with business needs by enabling granular policy definitions per user and group. Seamless and agent-less integration with Active Directory provides complete user identification, enabling simple application-based policy definition per user or group directly from the firewall. Users’ identification may be acquired in one of three simple methods:

  • Querying the active directory
  • Through a captive portal
  • Installing a one-time, thin client-side agent


To ensure the security of your network, you need to be able to confirm the identity of all users attempting to access it. Authentication assigns access permissions to individuals and groups, based on their level of responsibility and role within the organization. Based on the industry’s most advanced identity awareness, the Firewall Software Blade provides robust authentication capabilities to confirm the identity of all users and establish their rights and privileges. The authentication component of the Firewall Software Blade offers:

  • Multiple and complementary methods for gaining identity awareness
  • Integrated user and machine awareness functionality across the security gateway and management

Network Address Translation (NAT)

Whether computers have routable or non-routable addresses, administrators may want to conceal their real addresses, to ensure that addresses cannot be seen from outside the organization or from other parts of the same organization. A network’s internal address contains the topology of the network and therefore hiding this information greatly enhances security.

Bridge Mode

A security gateway in bridge mode operates as a regular firewall, inspecting traffic and dropping or blocking unauthorized or unsafe traffic, and is invisible to all Layer-3 traffic. When authorized traffic arrives at the gateway, it is passed from one interface to another through a procedure known as bridging. Bridging creates a Layer-2 relationship between two or more interfaces, whereby any traffic that enters one interface always exits the other. This way, the firewall can inspect and forward traffic without interfering with the original IP routing.

Intrusion Prevention System (IPS)

The IPS Software Blade delivers complete and proactive intrusion prevention — all with the deployment and management advantages of a unified and extensible next-generation firewall solution. Complementing Check Point’s firewall protection, the IPS Software Blade further secures your network by inspecting packets traversing through the gateway. It offers full-featured IPS with geo-protections and is constantly updated with new defenses against emerging threats

Application Control

Control access to over 5,200 applications and 240,000 social network widgets with the industry’s largest application coverage. Create granular security policies based on users or groups to identify, block or limit usage of web applications and widgets like instant messaging, social networking, video streaming, VoIP, games and more. Enables companies the ability to balance security and business needs.

Identity Awareness

Provides granular visibility of users, groups and machines, enabling unmatched application and access control through the creation of accurate, identity-based policies.

Logging and Status

Transforms data into security intelligence with SmartLog, an advanced log analyzer that delivers split-second search results providing real-time visibility into billions of log records over multiple time periods and domains.

Integrated Security Management

Unified security management simplifies the monumental task of managing growing threats, devices and users by enabling views, details, and reports through a single pane of glass. Check Point’s comprehensive, centralized security management system controls all Check Point gateways and Software Blades from SmartDashboard. This intuitive graphical user interface enables IT managers to easily manage a wide set of security management functions.

Add Functionality When You Need It

Check Point Next Generation Firewall Appliances can add additional software functionality as your security needs increase. Seamlessly add software blades such as the Data Loss Prevention Software Blade.

Warning: Invalid argument supplied for foreach() in /data/wordpress-ramp/wp-content/themes/checkpoint-theme-v2/includes/acf/products.php on line 170

Learn More


AppliancesEnclosureMax 1 GbEMax 10 GbEFONICSecurityPower
1120 NGFWDesktop10-No28
2200 NGFWDesktop6-No121
4200 NGFW1U8-Yes121
4400 NGFW1U12-Yes230
4600 NGFW1U12-Yes405
4800 NGFW1U162Yes673
12200 NGFW1U164Yes811
12400 NGFW2U2612Yes1185
12600 NGFW2U2612Yes2050
13500 NGFW2U2612Yes3200
13800 NGFW2U2612Yes3800
21400 NGFW2U3712No2175/2900 1
21600 NGFW2U3712No2788/3300 1
21700 NGFW2U3712No3300/3551 1
21800 NGFW2U3712No4100/4300 1
1  With Security Acceleration Module