How can I help you? Start Chat

US Phone: 1-866-488-6691
International Phone: +44-2036087492

  • E-Mail
  • Facebook
  • LinkedIn
  • Twitter

Carrier Security

The Check Point Carrier-Grade platforms provide the industry’s most powerful Telco security solution with utmost performance and capacity to protect the continuous growth of 3G and 4G LTE network infrastructures. These unique platforms enable Mobile Network Operators to use a unified platform to secure all interfaces including Radio Access, Internet and Roaming. These scalable platforms come with advanced inspection and security for LTE protocols to protect against sophisticated attacks such as Spoofing, DDoS, Signaling Storm, Over-billing attacks and Malware.


Securing the Entire Carrier Infrastructure

  • Single platform to secure all LTE Interfaces including Internet Gi Connection, S1 LTE Radio Access, roaming connectivity and Packet Controller
    • Secure communication between thousands of radio stations (eNodeBs)
    • Secure internet connectivity with the most scalable Carrier-Grade-NAT firewall
    • Secure roaming connectivity according to partners’ business agreements
  • Control the infrastructure security with unified policy, monitoring and reporting for all carrier interfaces
  • Consolidate gateways and secure multiple networks with Virtual Systems

The Strongest 3G & 4G Security

  • The only solution to inspect and secure all LTE protocols including GTP, SCTP and Diameter
  • Offer subscriber-based value-added security services including IPS, Antivirus, Web Security and Anti-Bot

World Fastest LTE-Grade Security

  • Dedicated carrier platforms offering a scalable solution with optimal price performance for carriers of all sizes
  • World's fastest platforms with 30Gbps IPSec throughput on the 2U 21700-Carrier appliances and up to 70Gbps on 61000-Carrier chassis in real-world traffic
  • Securing the largest Telco carriers of the world with 61000 Carrier-Grade-NAT utilizing up to 210M of concurrent connections


Carrier Grade Scalable Platforms with Ground-Breaking Performance

Employs a highly flexible and modular system architecture that significantly boosts security and performance. The 41000-carrier Security System SecurityPower starts at 3,200 SPU with 1 SGM and scales to 11,000 SPUs with 4 SGMs. The 61000-carrier Security System can easily scale from 2 to 12 Security Gateway Modules (SGM). A fully-loaded 61000-carrier security system with 12 SGM260s delivers up to 33,000 total SecurityPower Units, 400 Gbps of firewall throughput, and up to 130 Gbps IPS protection (recommended profile). Furthermore, its ability to support 210 million concurrent connections and 3 million sessions per second brings unparalleled performance to the 3G and 4G LTE environments. The 21700-carrier 2 rack-unit Appliance delivers the industry’s best Telco mobile security performance in its class and offer unmatched scalability, serviceability and port density.

Radio Access IPsec Security

Securely connect thousands of 4G LTE Radio Stations (eNodeBs) to the Evolve Packet Core network.  Use IPSec to authorize Radio Stations’ connectivity and to encrypt user data traffic. Easily provision the IPSec connectivity when adding more radio Stations. Ensure service availability with backend services using Dead-Peer-Detection and fully redundant hardware platform.  Support ESP and IKEv2 to deliver data traffic confidentiality and integrity with AES, SHA-1 or 3DES encryption algorithms.  Protects against eavesdropping and data tampering on the control plane and user traffic.


NSS Labs’ top-rated IPS Software Blade delivers complete and proactive intrusion prevention. Ranked #1 in Microsoft and Adobe threat coverage 3 years in-a-row, it secures your network by timely and effectively preventing browser and application vulnerability exploits.

Clean-Pipe Value-Add Services (Optional)

Offer your mobile subscribers secure web access service by leveraging the Check Point enterprise-grade Software Blades security with IPS, Antivirus, URL Filter, Application Control and Anti-Bot. Use the same Internet Gi Carrier-Grade NAT Gateways and Radio Access Gateways to offer additional security services to your mobile subscribers with mobile identity based policy.

Carrier Grade NAT

Allow Internet access control to millions of mobile subscribers with Check Point Large Scale NAT. Securely connect mobile devices using both IPv4 and IPv6 addresses to the Internet. Protect the Mobile Packet Core network from DDoS attacks, signaling storm, port scan, sweep scan, spoofing, over billing attacks and advanced application malware and threats.


LTE Protocols Security

Inspect and secure 3G and 4G IP protocols including GTP, SCTP and Diameter. Allow Mobile Operators to securely connect the packet core to untrusted interfaces such the roaming partners or the radio network.  Enforce roaming agreements using Carrier Identity-Based Policy. Provide protections for DDoS,  Overbilling attacks, data leakage and unauthorized access. Use advanced Diameter and GTP protocols policy to protect subscribers’ data in MME and HSS. Use advanced security with Check Point Software Blades including IPS, Anti-Virus, URL Filter, Application Control and Anti-Bot to inspect subscriber traffic within the GTP data plane.

Integrated Security Management & Logging

Unified security management simplifies the monumental task of managing large carrier environment. Our comprehensive, centralized security management system controls all Check Point gateways deployed on all mobile network interfaces. The intuitive graphical user interface enables IT managers to easily manage a wide range of security management functions. Carrier-grade central lawful logging with advanced log analyzer delivers split-second search results providing real-time visibility into billions of log records over multiple time periods and domains.

Learn More


SecurityPower3,300/3,55113200 to 110003200 to 33000
Firewall Throughput (Gbps)Up to 1101Up to 80Up to 400
SCTP Throughput (Gbps)202780
GTP Throughput (Gbps)152780
GTP Concurrent PDP Context (M)32020
VPN IMIX Throughput (Gbps)Up to 301Up to 23Up to 56
IPSec Tunnels10,000 50,00050,000
IPS Recommended Profile - IMIX Blend (Gbps)8Up to 44Up to 130
IPS Recommended Profile - Production SPU Blend (Gbps)5.7Up to 25Up to 70
Concurrent Sessions (M)13Up to 80Up to 210
Connections per Second170/300K1Up to 1.1MUp to 3M
Virtual Systems
Virtual System SupportYesYesYes
# of VS SupportedUp to 250Up to 250Up to 250
Hardware Specifications
40GBase-F Ports (Max)N/A48
10GBase-F SFP+ Ports (Max)133060
1000Base-F SFP Ports (Max)361428
10/100/1000Base-T Ports (Max)371428
Security Acceleration ModuleYesN/AN/A
Enclosure2U6U15U (with AC PSU)
Dimensions Standard (WxDxH)17" x 28" x 3.5" 17.64" x 16.3" x 10.5"17.72" x 16.73" x 26.18"
Dimensions Metric (WxDxH)431 x 710 x 88 mm448 x 413.4 x 266.7 mm450 x 425 x 665 mm
Max Weight26 kg (57.4 lbs.)38.6 kg (84.9 lbs.) (Chassis, 3 PSUs, fans, 2 CCM, 4 SGM, 2 SSM)97.24 kg (214.4 lbs.) (Chassis, 5 PSUs, fans, 2 CCM, 12 SGM, 2 SSM)
AC Power Supplies100~240VAC, 47~63HzNo. of modules: 3 (max) Input: 100-240VAC, 50-60Hz Single module output: 1200W @ 110V, 1500W @ 230VNo. of modules: 5 (max) Input: 100-240VAC, 47-63Hz Single module output: 1200W @ 110V, 1600W @ 220V
Power Consumption (Max)489W/784W12300W5500W
CertificationsSafety: UL, cUL Emissions: CE, FCC Class A Environmental: RoHSSafety: UL Emissions: CE, FCC part 15 Environmental: Designed to be compatible with NEBS level 3, ETSI and RoHSSafety: CB, UL/cUL/SCA, TUV Emissions: FCC, CE, VCCI, C-Tick Environmental: Designed to be compatible with NEBS level 3, ETSI and RoHS
1 With Security Acceleration Module
2 With memory upgrade and GAiA OS
3 With AC power supplies