The Check Point Carrier-Grade platforms provide the industry’s most powerful Telco security solution with utmost performance and capacity to protect the continuous growth of 3G and 4G LTE network infrastructures. These unique platforms enable Mobile Network Operators to use a unified platform to secure all interfaces including Radio Access, Internet and Roaming. These scalable platforms come with advanced inspection and security for LTE protocols to protect against sophisticated attacks such as Spoofing, DDoS, Signaling Storm, Over-billing attacks and Malware.
Securing the Entire Carrier Infrastructure
The Strongest 3G & 4G Security
World Fastest LTE-Grade Security
Employs a highly flexible and modular system architecture that significantly boosts security and performance. The 41000-carrier Security System SecurityPower starts at 3,200 SPU with 1 SGM and scales to 11,000 SPUs with 4 SGMs. The 61000-carrier Security System can easily scale from 2 to 12 Security Gateway Modules (SGM). A fully-loaded 61000-carrier security system with 12 SGM260s delivers up to 33,000 total SecurityPower Units, 400 Gbps of firewall throughput, and up to 130 Gbps IPS protection (recommended profile). Furthermore, its ability to support 210 million concurrent connections and 3 million sessions per second brings unparalleled performance to the 3G and 4G LTE environments. The 21700-carrier 2 rack-unit Appliance delivers the industry’s best Telco mobile security performance in its class and offer unmatched scalability, serviceability and port density.
Securely connect thousands of 4G LTE Radio Stations (eNodeBs) to the Evolve Packet Core network. Use IPSec to authorize Radio Stations’ connectivity and to encrypt user data traffic. Easily provision the IPSec connectivity when adding more radio Stations. Ensure service availability with backend services using Dead-Peer-Detection and fully redundant hardware platform. Support ESP and IKEv2 to deliver data traffic confidentiality and integrity with AES, SHA-1 or 3DES encryption algorithms. Protects against eavesdropping and data tampering on the control plane and user traffic.
NSS Labs’ top-rated IPS Software Blade delivers complete and proactive intrusion prevention. Ranked #1 in Microsoft and Adobe threat coverage 3 years in-a-row, it secures your network by timely and effectively preventing browser and application vulnerability exploits.
Offer your mobile subscribers secure web access service by leveraging the Check Point enterprise-grade Software Blades security with IPS, Antivirus, URL Filter, Application Control and Anti-Bot. Use the same Internet Gi Carrier-Grade NAT Gateways and Radio Access Gateways to offer additional security services to your mobile subscribers with mobile identity based policy.
Allow Internet access control to millions of mobile subscribers with Check Point Large Scale NAT. Securely connect mobile devices using both IPv4 and IPv6 addresses to the Internet. Protect the Mobile Packet Core network from DDoS attacks, signaling storm, port scan, sweep scan, spoofing, over billing attacks and advanced application malware and threats.
Inspect and secure 3G and 4G IP protocols including GTP, SCTP and Diameter. Allow Mobile Operators to securely connect the packet core to untrusted interfaces such the roaming partners or the radio network. Enforce roaming agreements using Carrier Identity-Based Policy. Provide protections for DDoS, Overbilling attacks, data leakage and unauthorized access. Use advanced Diameter and GTP protocols policy to protect subscribers’ data in MME and HSS. Use advanced security with Check Point Software Blades including IPS, Anti-Virus, URL Filter, Application Control and Anti-Bot to inspect subscriber traffic within the GTP data plane.
Unified security management simplifies the monumental task of managing large carrier environment. Our comprehensive, centralized security management system controls all Check Point gateways deployed on all mobile network interfaces. The intuitive graphical user interface enables IT managers to easily manage a wide range of security management functions. Carrier-grade central lawful logging with advanced log analyzer delivers split-second search results providing real-time visibility into billions of log records over multiple time periods and domains.
|SecurityPower||3,300/3,5511||3200 to 11000||3200 to 33000|
|Firewall Throughput (Gbps)||Up to 1101||Up to 80||Up to 400|
|SCTP Throughput (Gbps)||20||27||80|
|GTP Throughput (Gbps)||15||27||80|
|GTP Concurrent PDP Context (M)||3||20||20|
|VPN IMIX Throughput (Gbps)||Up to 301||Up to 23||Up to 56|
|IPS Recommended Profile - IMIX Blend (Gbps)||8||Up to 44||Up to 130|
|IPS Recommended Profile - Production SPU Blend (Gbps)||5.7||Up to 25||Up to 70|
|Concurrent Sessions (M)||13||Up to 80||Up to 210|
|Connections per Second||170/300K1||Up to 1.1M||Up to 3M|
|Virtual System Support||Yes||Yes||Yes|
|# of VS Supported||Up to 250||Up to 250||Up to 250|
|40GBase-F Ports (Max)||N/A||4||8|
|10GBase-F SFP+ Ports (Max)||13||30||60|
|1000Base-F SFP Ports (Max)||36||14||28|
|10/100/1000Base-T Ports (Max)||37||14||28|
|Security Acceleration Module||Yes||N/A||N/A|
|Enclosure||2U||6U||15U (with AC PSU)|
|Dimensions Standard (WxDxH)||17" x 28" x 3.5"||17.64" x 16.3" x 10.5"||17.72" x 16.73" x 26.18"|
|Dimensions Metric (WxDxH)||431 x 710 x 88 mm||448 x 413.4 x 266.7 mm||450 x 425 x 665 mm|
|Max Weight||26 kg (57.4 lbs.)||38.6 kg (84.9 lbs.) (Chassis, 3 PSUs, fans, 2 CCM, 4 SGM, 2 SSM)||97.24 kg (214.4 lbs.) (Chassis, 5 PSUs, fans, 2 CCM, 12 SGM, 2 SSM)|
|AC Power Supplies||100~240VAC, 47~63Hz||No. of modules: 3 (max) Input: 100-240VAC, 50-60Hz Single module output: 1200W @ 110V, 1500W @ 230V||No. of modules: 5 (max) Input: 100-240VAC, 47-63Hz Single module output: 1200W @ 110V, 1600W @ 220V|
|Power Consumption (Max)||489W/784W1||2300W||5500W|
|Certifications||Safety: UL, cUL Emissions: CE, FCC Class A Environmental: RoHS||Safety: UL Emissions: CE, FCC part 15 Environmental: Designed to be compatible with NEBS level 3, ETSI and RoHS||Safety: CB, UL/cUL/SCA, TUV Emissions: FCC, CE, VCCI, C-Tick Environmental: Designed to be compatible with NEBS level 3, ETSI and RoHS|
|1 With Security Acceleration Module 2 With memory upgrade and GAiA OS 3 With AC power supplies|