Check Point Power-1 Appliances
Security for high-performance environments
Overview
Check Point Power-1™ appliances enable organizations to maximize security in high-performance environments such as large campuses or data centers. They combine Check Point firewall, IPsec VPN, and intrusion prevention Software Blades with advanced acceleration and networking technologies that deliver a high-performance security platform for multi-Gbps environments.
Security Gateway Software Blades
Power-1 appliances include the most proven security technologies available, examining hundreds of applications, protocols, and services out of the box. As new applications and network-layer threats appear, Power-1 appliances can be updated with the latest protections and expanded with additional Software Blades to add more security capabilities. Power-1 is managed from the Check Point management servers, enabling you to centrally manage security policy for all sites through a single management console.
Key Benefits
- Ensures availability of business-critical applications with up to 30 Gbps of firewall throughput and total system performance (Firewall + IPS) of up to 15 Gbps
- Field upgradeable for maximum performance flexibility (Power-1 11000 Series). See How & Why
- Provides a comprehensive set of security Software Blades that is extensible on demand to include Web security, antivirus, anti-spyware, and anti-spam
- Simplifies administration with a single management console for all sites
- Protects against emerging threats with Software Blade update services
Features
- Maximum security and performance for data centers and large sites
- Manageability, modularity and serviceability
- Streamlined deployment and management
- Software Blade Architecture
- Centralized, automatic updates
Maximum security and performance
Ensures availability of business-critical applications with up to 30 Gbps of firewall throughput and total system for both firewall and IPS of up to 15 Gbps. Field upgradable for maximum performance flexibility (Power-1 11000 series). This means additional performance is on-line quickly and easily without any additional hardware or impact to network traffic. The upgrade process could be achieved dynamically without interrupting system or any down time.
Manageability, modularity and serviceability
Power-1 Appliances support Lights-Out Management (Out-of-Band Management) allowing users to remotely monitor and control the appliance, including device maintenance and administration. Several add-on options are available including 10 GbE modules, redundant, hot swappable power supply and hard drive.
- Redundant hot-swappable hard drives
- LCD display
- LCD control buttons
- Air intake
- Management & Sync ports
- Console port
- USB ports
- Eight 1 GbE ports
- Field swappable expansion modules
- 1 GbE SX Fiber (multi mode) (4 ports)
- 1 GbE LX Fiber (single, multi mode) (4 ports)
- 10 GbE SR Fiber (multi mode) (2 ports)
- 10 GbE LR Fiber (single mode) (2 ports)
- LOM (Out-of-Band Management) card
Streamlined deployment and management
Customers get a single hardware and software solution in Power-1 appliance which include a configuration wizard to facilitate the initial configuration, web based administration and central management using Check Point Security Management Software Blades. This ensures quick, easy, and secure administration from anywhere in the network.
Flexible Software Blade Architecture
Power-1 includes Check Point's Software Blade Architecture. The Check Point Software Blade architecture is the first and only security architecture that delivers total, flexible and manageable security to companies of any size. With this unprecedented capability to flexibly and quickly expand security capabilities, Check Point Software Blades deliver lower cost of ownership and cost-efficient protection that meet any need, today and in the future.
Firewall Software Blade
The Firewall Software Blade provides the highest level of security, with access control, application security, authentication, and Network Address Translation (NAT) available to block unauthorized network users and protect enterprise users and data.
IPsec VPN Software Blade
The IPsec VPN Software Blade provides secure connectivity to corporate networks, remote and mobile users, branch offices and business partners. The blade integrates access control, authentication, and encryption to guarantee the security of network connections over the public Internet.
IPS Software Blade
The IPS Blade is a multi-method threat detection engine that provides complete threat coverage for clients, servers, OS and other vulnerabilities, malware/worm infections, and more.
Acceleration & Clustering Software Blade
The Check Point Acceleration & Clustering Software Blade delivers a set of advanced technologies, SecureXL and ClusterXL, that work together to maximize performance and security in high-performance environments. These work with CoreXL, which is included with the blade containers, to form the foundation of the Open Performance Architecture.
Advanced Networking Software Blade
The Advanced Networking Software Blade includes a number of advanced networking features such as dynamic routing, multicast support, Quality of Service (QoS) prioritization and application load balancing.
Extensible with additional Check Point Software Blades: Quickly meet new security threats
Power-1 comes with a pre-configured set of software blades. Power-1 can be quickly and easily extended to meet new and evolving security requirements with additional Check Point Software Blades.
Centralized, automatic updates
Update Services enable you to configure Power-1 into an active security solution, capable of ensuring your networks are safe from new attacks via ongoing and automatic defense updates.
Power-1 Appliance Models
Power-1 11000 Series: Solutions for large enterprises and data centers. Includes 3 models:
- Power-1 11065: Provides firewall throughput up to 15 Gbps and IPS up to 10 Gbps. Field upgradable to Power-1 11075 or Power-1 11085
- Power-1 11075: Provides firewall throughput up to 20 Gbps and IPS up to 12 Gbps. Field upgradable to Power-1 11085
- Power-1 11085: Provides firewall throughput up to 30 Gbps and IPS up to 15 Gbps.
Power-1 5075: Solution for enterprises and head quarters.
Hardware Specifications
| Appliance | Power-1 5075 |
Power-1 9075 |
Power-1 11000 Series |
||
|---|---|---|---|---|---|
11065 |
11075 |
11085 |
|||
| Software Edition | R65 R70 R71 |
R65 R70 R71 |
R70 R71 |
R70 R71 |
R70 R71 |
| Operating System | Secure Platform |
Secure Platform |
Secure Platform |
Secure Platform |
Secure Platform |
| 10/100/1000 Ports | 10/14 | 14/18 | 14/18 | 14/18 | 14/18 |
| 10Gb ports | 2 optional | 4 optional | 4 optional | 4 optional | 4 optional |
| Firewall Throughput1 | 9 Gbps | 16 Gbps | 15 Gbps | 20 Gbps | 30 Gbps |
| VPN Throughput1 | 2.4 Gbps | 3.7 Gbps | 3.7 Gbps | 4 Gbps | 4.5 Gbps |
| Concurrent Sessions | 1.2 Million | 1.2 Million | 1.2 Million | 1.2 Million | 1.2 Million |
| IPS Throughput1 | 7.5 Gbps2 | 10 Gbps2 | 10 Gbps2 | 12 Gbps2 | 15 Gbps2 |
| Licensed Users | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited |
| VLANs | 10243 | 10243 | 10243 | 10243 | 10243 |
| UTM out of the box | Optional | Optional | Optional | Optional | Optional |
| Security Acceleration | Yes | Yes | Yes | Yes | Yes |
| Storage | 160 GB | 2 x 160 GB | 2 x 250 GB | 2 x 250 GB | 2 x 250 GB |
| Enclosure | 2U | 2U | 2U | 2U | 2U |
| Dimensions (standard) | 17 x 20 x 3.46 in. | 17 x 20 x 3.46 in. | 17 x 22.8 x 3.46 in. | 17 x 22.8 x 3.46 in. | 17 x 22.8 x 3.46 in. |
| Dimensions (metric) | 431 x 509.5 x 88mm | 431 x 509.5 x 88mm | 431 x 580 x 88mm | 431 x 580 x 88mm | 431 x 580 x 88mm |
| Weight | 14.5kg (31.9lbs) | 16.5kg (36.3lbs) | 23.4kg (51.6lbs) | 23.4kg (51.6lbs) | 23.4kg (51.6lbs) |
| Operating Environment | Temperature: 5° to 40° C, Humidity: 10%-85% non-condensing, Altitude: 2,500m | ||||
| Power Input | 100~240V, 50~60Hz4 | ||||
| Power Supply Spec (Max) | 250W | 400W | 500W | 500W | 500W |
| Power Consumption (Max) | 164.1W | 200.7W | 253.2W | 253.2W | 253.2W |
| Compliance | UL 60950; FCC Part 15, Subpart B, Class A; EN 55024; EN 55022; VCCI V-3AS/NZS 3548:1995; CNS 13438 Class A (test passed; country approval pending); KN22KN61000-4 Series, TTA; IC-950; ROHS | ||||
1 Performance data represent the maximum capabilities of the systems as measured under optimal testing conditions. Deployment and policy considerations may impact performance result.
2 Test based on real-world traffic blend using the default profile.
3 Maximum of 256 VLANs per interface.
4 Redundant Power Supply.
Software Specifications
Power-1 Appliances |
5075 |
9075 |
11065 |
11075 |
11085 |
|---|---|---|---|---|---|
| Software Edition | R70 R71 |
R70 R71 |
R70 R71 |
R70 R71 |
R70 R71 |
| Firewall Software Blade |  |
|
|
|
|
| IPsec VPN Software Blade | |
|
|
|
|
| IPS Software Blade | |
|
|
|
|
| Acceleration & Clustering | |
|
|
|
|
| Advanced Networking | |
|
|
|
|
| URL Filtering | * | * | * | * | * |
| Antivirus & Anti-Malware | * | * | * | * | * |
| Anti-Spam & Email Security | * | * | * | * | * |
| Web Security | * | * | * | * | * |
| Voice over IP | * | * | * | * | * |
- Included
* - Optional
Security Specifications |
Protection Details |
|---|---|
Firewall Software Blade |
|
| Protocol/application support | Secures more than 200 applications and protocols |
| VoIP protection | SIP, H.323, MGCP, and SCCP with NAT support |
| Instant messaging control | MSN, Yahoo, ICQ, Skype, GoogleTalk, and QQ Instant Messenger |
| Peer-to-peer blocking | Kazaa, Gnutella, BitTorrent, eMule, DirectConnect, Soulseek, Thunder, and Winny |
| Network address translation | Static/hide NAT support with manual and automatic rules |
| Layer-2 bridge support | Transparently integrates into existing network |
IPsec VPN Software Blade |
|
| Encryption support | AES 128-256 bit, 3DES 56-168 bit |
| Authentication methods | Password, RADIUS, TACACS, X.509, SecurID, LDAP |
| Certificate authority | Integrated certificate authority (X.509) |
| VPN communities | Automatically sets up site-to-site connections as objects are created |
| Topology support | Star and mesh |
| Route-based VPN | Utilizes virtual tunnel interfaces; numbered/unnumbered interfaces |
| VPN agent support | Complete Endpoint security with VPN, desktop firewall |
| SSL-based remote access | Fully integrated SSL VPN gateway provides on-demand SSL-based access |
| SSL-based endpoint scanning | Scans endpoint for compliance/malware prior to admission to the network |
IPS Software Blade |
|
| Network-layer protection | Blocks attacks such as DoS, port scanning, IP/ICMP/TCP-related |
| Application-layer protection | Blocks attacks such as DNS cache poisoning, FTP bounce, improper commands |
| Detection methods | Signature-based, behavioral, and protocol anomaly |
Advanced Networking Software Blade |
|
| ISP redundancy | Protocol-based, source/destination and port route decisions |
| Routing support | OSPF, BGP, RIP v1/2, IGMP, PIM-DM, PIM-SM |
| Quality of Service | Floodgate-1® provides granular QoS control |
| Server load balancing | ConnectControl distributes connection requests using one of five load balancing algorithms |
Acceleration and Clustering Software Blade |
|
| CoreXL1 | Balances security decisions across multiple cores |
| SecureXL | Offloading of security inspection to a performance-optimized software module |
| SecureXL firewall security features | Access control, encryption, NAT, accounting and logging, connection/session rate, general security checks, IPS features, CIFs resources, TCP sequence verification, dynamic VPN |
| High availability | Active/passive and active/active failover options |
| State synchronization | Ensures stateful failover of connections |
| Sync members supported | Up to 5 members |
| Load balancing | ClusterXL provides near linear scaling |
| Link Aggregation | Load balancing and high availability the interfaces |
| Critical device notifications | Network interfaces, synchronization status, firewall policy status, ClusterXL process status, and firewall process status |
Management and reporting |
|
| Centralized management | Managed by Check Point centralized Security Management and Provider-1 |
| Monitoring/logging | SmartView Tracker™ provides advanced monitoring and logging |
| Reporting | Fully integrated with the Monitoring, SmartReporter, and SmartEvent Software Blades |
| Command line interface | SSH |
SecurePlatform |
|
| Secure OS | Pre-hardened, optimized operating system |
| Web based administration | Enables quick, easy, and secure administration from anywhere in the network |
| Backup and restore | For disaster recovery planning |
| Centralized administrative rights | RADIUS authentication and RADIUS groups |
| DHCP support | SecurePlatform™ DHCP server and relay |
1 Included in the Security Gateway Container
Support and Warranty
Check Point offers a range of support programs for customers using our appliances covering both software and hardware issues.
Check Point offers support online, by phone and onsite directly or via its network of partners. Opening a ticket online with Check Point Support via Check Point User Center.
Support Programs for Appliances
Check Point's Appliance Support programs provide technical support, software updates and upgrades, and the replacement of faulty hardware.
Please visit our Support Programs for more information or Compare Programs for a summary of features.
Hardware Warranty
Check Point warrants that hardware components of its appliances shall be free from material defects and will function according to the documentation provided for a period of one year from the date of appliance activation by Check Point. If the unit has a hardware failure during this warranty period, customer can begin a RMA process. Please visit Hardware Warranty for more information.
Check Point Enterprise Support Lifecycle Policy
Check Point Enterprise Support Lifecycle Policy outlines the product support guidelines for a product's lifecycle. The objective of this policy is to standardize and normalize product lifecycle practices, thereby enabling Check Point customers to make more informed purchase, support and upgrade decisions.
All Check Point products (except third-party products sold by Check Point) are covered by this policy. Customers who are operating Check Point products under a valid Support & Maintenance Agreement are entitled to the benefits associated with this policy.
Next Steps
- Contact Us
- Call US Sales
1-866-488-6691 - Find a Reseller
Resources
- Frequently Asked Questions [PDF]
- The Power-1 Performance Architecture [PDF]
- Top 5 reasons to Deploy Modular Security
Architecture [PDF] - Scaling Throughput with Check Point Appliances [On Demand]
- Check Point Appliances Brochure [PDF]
- Appliances Comparison Chart [PDF]
- Certifications
- Environmental Relations
- Success Stories
- What's Next for SecurePlatform and IPSO
Related Products