Check Point Carrier Security
The Check Point Carrier-Grade platforms provide the industry’s most powerful Telco security solution with utmost performance and capacity to protect the continuous growth of 3G and 4G LTE network infrastructures. These unique platforms enable Mobile Network Operators to use a unified platform to secure all interfaces including Radio Access, Internet and Roaming. These scalable platforms come with advanced inspection and security for LTE protocols to protect against sophisticated attacks such as Spoofing, DDoS, Signaling Storm, Over-billing attacks and Malware.
Securing the Entire Carrier Infrastructure
- Single platform to secure all LTE Interfaces including Internet Gi Connection, S1 LTE Radio Access, roaming connectivity and Packet Controller
- Secure communication between thousands of radio stations (eNodeBs)
- Secure internet connectivity with the most scalable Carrier-Grade-NAT firewall
- Secure roaming connectivity according to partners’ business agreements
- Secure communication between thousands of radio stations (eNodeBs)
- Control the infrastructure security with unified policy, monitoring and reporting for all carrier interfaces
- Consolidate gateways and secure multiple networks with Virtual Systems
The Strongest 3G & 4G Security
- The only solution to inspect and secure all LTE protocols including GTP, SCTP and Diameter
- Offer subscriber-based value-added security services including IPS, Antivirus, Web Security and Anti-Bot
World Fastest LTE-Grade Security
- Dedicated 61000 and 21600 carrier platforms offering a scalable solution with optimal price performance for carriers of all sizes
- World fastest platforms with 30Gbps IPSec throughput on 2U 21600-Carrier and up to 56Gbps on 61000-Carrier chassis in real-world traffic
- Securing the largest Telco carriers of the world with 61000 Carrier-Grade-NAT utilizing up to 70M of concurrent connections
Carrier Grade Scalable Platforms with Ground-Breaking Performance
Employing a highly flexible and modular system architecture, the 61000-carrier Security System with its robust multi-bladed hardware architecture delivers a firewall throughput of up to 200 Gbps today and up to 1 Tbps in the future. Furthermore, its ability to support 70 million concurrent connections and 600,000 sessions per second brings unparalleled performance to the 3G and 4G LTE environments.
Employing a highly flexible and modular system architecture, the 61000-carrier Security System with its robust multi-bladed hardware architecture delivers a firewall throughput of up to 200 Gbps today and up to 1 Tbps in the future. Furthermore, its ability to support 70 million concurrent connections and 600,000 sessions per second brings unparalleled performance to the 3G and 4G LTE environments.
The 21600-carrier 2 rack-unit Appliance deliver the industry's best Telco mobile security performance in its class and offer unmatched scalability, serviceability and port density.
Carrier Grade NAT
Allow Internet access control to millions of mobile subscribers with Check Point Large Scale NAT. Securely connect mobile devices using both IPv4 and IPv6 addresses to the Internet. Protect the Mobile Packet Core network from DDoS attacks, signaling storm, port scan, sweep scan, spoofing , over billing attacks and advanced application malwares and threats.
Allow Internet access control to millions of mobile subscribers with Check Point Large Scale NAT. Securely connect mobile devices using both IPv4 and IPv6 addresses to the Internet. Protect the Mobile Packet Core network from DDoS attacks, signaling storm, port scan, sweep scan, spoofing , over billing attacks and advanced application malwares and threats.
Radio Access IPsec Security
Securely connect thousands of 4G LTE Radio Stations (eNodeBs) to the Evolve Packet Core network. Use IPSec to authorize Radio Stations’ connectivity and to encrypt user data traffic. Easily provision the IPSec connectivity when adding more radio Stations. Ensure service availability with backend services using Dead-Pear-Detection and fully redundant hardware platform. Support ESP and IKEv2 to deliver data traffic confidentiality and integrity with AES, SHA-1 or TripleDES encryption algorithms. Protects against eavesdropping and data tampering on the control plane and user traffic.
Securely connect thousands of 4G LTE Radio Stations (eNodeBs) to the Evolve Packet Core network. Use IPSec to authorize Radio Stations’ connectivity and to encrypt user data traffic. Easily provision the IPSec connectivity when adding more radio Stations. Ensure service availability with backend services using Dead-Pear-Detection and fully redundant hardware platform. Support ESP and IKEv2 to deliver data traffic confidentiality and integrity with AES, SHA-1 or TripleDES encryption algorithms. Protects against eavesdropping and data tampering on the control plane and user traffic.
LTE Protocols Security
Inspect and secure 3G and 4G IP protocols including GTP, SCTP and Diameter. Allow Mobile Operators to securely connect the packet core to untrusted interfaces such the roaming partners or the radio network. Enforce roaming agreements using Carrier Identity-Based Policy. Provide protections for DDoS, Overbilling attacks, data leakage and unauthorized access. Use advanced Diameter and GTP protocols policy to protect subscribers’ data in MME and HSS.
Use advanced security with Check Point Software Blades including IPS, Anti-Virus, URL Filter, Application Control and Anti-Bot to inspect subscriber traffic within the GTP data plane.
Inspect and secure 3G and 4G IP protocols including GTP, SCTP and Diameter. Allow Mobile Operators to securely connect the packet core to untrusted interfaces such the roaming partners or the radio network. Enforce roaming agreements using Carrier Identity-Based Policy. Provide protections for DDoS, Overbilling attacks, data leakage and unauthorized access. Use advanced Diameter and GTP protocols policy to protect subscribers’ data in MME and HSS.
Use advanced security with Check Point Software Blades including IPS, Anti-Virus, URL Filter, Application Control and Anti-Bot to inspect subscriber traffic within the GTP data plane.
IPS
NSS Labs’ top-rated IPS Software Blade delivers complete and proactive intrusion prevention. Ranked #1 in Microsoft and Adobe threat coverage 3 years in-a-row, it secures your network by timely and effectively preventing browser and application vulnerability exploits.
NSS Labs’ top-rated IPS Software Blade delivers complete and proactive intrusion prevention. Ranked #1 in Microsoft and Adobe threat coverage 3 years in-a-row, it secures your network by timely and effectively preventing browser and application vulnerability exploits.
Integrated Security Management & Logging
Unified security management simplifies the monumental task of managing large carrier environment. Our comprehensive, centralized security management system controls all Check Point gateways deployed on all mobile network interfaces. The intuitive graphical user interface enables IT managers to easily manage a wide range of security management functions. Carrier-grade central lawful logging with advanced log analyzer delivers split-second search results providing real-time visibility into billions of log records over multiple time periods and domains.
Unified security management simplifies the monumental task of managing large carrier environment. Our comprehensive, centralized security management system controls all Check Point gateways deployed on all mobile network interfaces. The intuitive graphical user interface enables IT managers to easily manage a wide range of security management functions. Carrier-grade central lawful logging with advanced log analyzer delivers split-second search results providing real-time visibility into billions of log records over multiple time periods and domains
Clean-Pipe Value-Add Services (Optional)
Offer your mobile subscribers secure web access service by leveraging the Check Point enterprise-grade Software Blades security with IPS, Antivirus, URL Filter, Application Control and Anti-Bot. Use the same Internet Gi Carrier-Grade NAT Gateways and Radio Access Gateways to offer additional security services to your mobile subscribers with mobile identity based policy.
Offer your mobile subscribers secure web access service by leveraging the Check Point enterprise-grade Software Blades security with IPS, Antivirus, URL Filter, Application Control and Anti-Bot. Use the same Internet Gi Carrier-Grade NAT Gateways and Radio Access Gateways to offer additional security services to your mobile subscribers with mobile identity based policy.
Carrier Security Specifications
| 21600-Carrier | 61000-Carrier | |
|---|---|---|
| Performance | ||
| SecurityPower | 2501 / 33001 | 3000 to 14600 |
| Firewall Throughput | Up to 110Gbps1 | Up to 200Gbps |
| VPN IMIX Throughput | Up to 30Gbps1 | Up to 56Gbps |
| IPS Throughput (Default/Recommended Profiles) | 21Gbps / 6.8Gbps | Up to 110Gbps / 40Gbps |
| Concurrent Sessions | 13M2 | Up to 70M |
| Connections per Second | 140K / 300K1 | Up to 600K |
| Virtual Systems | ||
| Virtual System Support | Yes | Yes |
| # of VS Supported | Up to 250 | Up to 250 |
| Hardware Specifications | ||
| 10/100/1000Base-T Ports | 13 to 37 | N/A |
| 1000Base-F SFP Ports | up to 36 | N/A |
| 10GBase-F SFP+ Ports | up to 13 | 16 / 32 |
| 40GBase-F Ports (Max) | N/A | 4 |
| Security Acceleration Module | Yes | N/A |
| Enclosure | 2RU | 14RU / 15RU3 |
| Dimensions (Standard/Metric) | 17" W x 28" D x 3.5" H 431 mm W x 710 mm D x 88 mm H |
17.5" W x 15.16" D x 24.3" H 445 mm W x 385 mm D x 618.3 mm H |
| Max Weight | 26 kg (57.4 lbs.) | 90 kg (198.4 lbs.) (Chassis, 5 PSUs, fans, 2 CCM, 12 SGM, 2 SSM) |
| Operating Environment | Temperature: 32° to 104°F / 0° to 40°C Relative Humidity 20% to 90% (non-condensing) |
Temperature: 23° to 131°F / -5° to 55°C; Humidity 5% to 90% (non-condensing) |
| Non-Operating Environment | Temperature: -4° to 158°F / -20° to 70°C Relative Humidity 5% - 95% (non-condensing) |
Temperature: -40° to 158°F / -40° to 70°C Humidity 5% to 90% (non-condensing) |
| AC Power Supplies | 100~240VAC, 47~63Hz | No. of modules: 5 (max) Input: 100-240VAC, 47-63Hz Single module output: 1200-1500W |
| Power Consumption (Max) | 449W / 744W1 | 5000W |
| Certifications | afety: UL, cUL Emissions: CE, FCC Class A Environmental: RoHS |
Safety: CE, UL, TUV Emissions: CE, FCC part 15 Environmental: Designed to be compatible with NEBS level 3, ETSI and RoHS |
2 With memory upgrade and GAiA OS
3 With AC power supplies
- Products A-Z
- Appliances
- Appliances Overview
- 2200 Appliances
- 4000 Appliances
- 12000 Appliances
- 21000 Appliance
- 61000 Security System
- DDoS Protector Appliances
- SecurityPower
- Secure Web Gateway Appliance
- Threat Prevention Appliance
- Series 80
- UTM-1 Edge
- IP Appliances
- Virtual Systems
- Safe@Office
- Smart-1
- Smart-1 SmartEvent
- Integrated Appliance Solution
- IAS Bladed Hardware
- Software Blades
- Software Blades Overview
- Security Gateway
- Firewall
- IPSec VPN
- IPS
- Mobile Access
- Application Control
- Identity Awareness
- DLP
- Web Security
- URL Filtering
- Anti-Bot
- Antivirus
- Anti-Spam & Email Security
- Advanced Networking & Clustering
- Voice over IP (VoIP)
- Threat Prevention
- ThreatCloud™
- Security Management
- Compliance
- Network Policy Management
- Endpoint Policy Management
- Logging & Status
- SmartWorkflow
- Monitoring
- Management Portal
- User Directory
- SmartProvisioning
- SmartReporter
- SmartEvent
- Multi-Domain Security Management
- Virtualization Security
- Security Gateway Virtual Edition
- Cloud Security
- Virtual Appliance for Amazon Web Services
- Security Systems
- Security Systems Overview
- Endpoint Security
- Endpoint Security
- Full Disk Encryption
- Media Encryption
- Anti-Malware & Program Control
- Remote Access VPN
- Firewall & Compliance
- Check Point WebCheck
- Check Point GO
- Solutions
- Remote Access
- Consumer Products
- ZoneAlarm Antivirus
- ZoneAlarm ForceField
- ZoneAlarm Internet Security Suite