Industrial Control Systems (ICS) used in critical infrastructure and manufacturing industries are targets of sophisticated cyberattacks. The Check Point 1200R rugged appliance line delivers proven, integrated security for deployment in harsh environments as part of a complete end-to-end ICS security solution.
Deploy SCADA security in harsh environments and remote locations
Full visibility and granular control of SCADA traffic
Comprehensive security with SCADA-aware threat detection and prevention
Check Point offers protection to our wide ranging assets by providing the capability to securely connect assets located over a large geographic area in less than ideal locations. We’re very pleased Check Point is taking this initiative with a SCADA solution to ensure our critical assets are protected. The addition of the new 1200R as an example of this innovation.
Shawn Kearley
Infrastructure Analyst
Newfoundland Power
The 1200R Rugged Appliance complements our extensive appliance family to support a diverse range of deployment environments and meet specialized requirements. The 1200R complies with industrial specifications such as IEEE 1613 and IEC 61850-3 for heat, vibration and immunity to electromagnetic interference (EMI). In addition, the 1200R is certified for maritime operation per IEC-60945 and IACS E10 and complies with DNV 2.4. The 1200R Appliances can also be used in commercial deployments.
Check Point Application Control has broad support for specialized Industrial Control System and SCADA protocols with granularity for over 800 SCADA specific commands. This enables protocol-specific visibility and controls with directional awareness.
For instance, administrators are able to create a policy to prevent monitoring and reporting systems from performing write operations to control systems. Furthermore, our protocol decoder enables granular control at the command level, such as read/write/get for specific units, function codes and address ranges.
Protocol Support Includes:
Support for additional protocols is available on request. For the latest protocols, see the AppWiki.
Detect and prevent targeted attacks against ICS/SCADA components in Operational Technology (OT) environments with specific protections for these highly vulnerable, unpatched, legacy embedded systems. Our threat prevention technologies have the best catch rate in the industry and can be deployed in detect-mode to minimize the disruption of operational processes.
Administrators can define security policy for the entire network — including internal security, main sites, and remote sites — from a single, centrally located Check Point Security Management server. With SmartProvisioning™, a profile-based management approach designed for large- scale deployments, administrators can define a single security and device profile and apply it simultaneously to thousands of appliances — dramatically reducing deployment time and administrative overhead.
With compliance built-in, you can meet and exceed emerging regulatory and other cyber security requirements such as NERC-CIP. We constantly monitor the compliance status of the organization with hundreds of best practices, enabling network security managers to quickly assess the strength of the current policy settings and where improvements are needed
| Appliance | 1200R |
|---|---|
| Production Performance(Real-World Traffic Blend) 1 | |
| SecurityPower | 49 |
| Firewall (Mbps) | 700 |
| Firewall and IPS (Mbps) | 60 |
| Ideal Testing Conditions Performance (RFC 3511, 2544, 2647, 1242) | |
| Firewall Throughput (Gbps) | 2 |
| Connections per Second (K) | 10 |
| Concurrent Sessions (K) | 400 |
| VPN Throughput (Mbps) | 450 |
| 1 Performance with a real-world traffic blend, a typical rule-base, NAT and logging enabled and the most secure threat prevention | |
| Appliance | 1200R |
|---|---|
| Network | |
| 10/100/1000Base-T (Max) | 6 |
| 1000Base-F (Max) | 2 |
| Additional Features | |
| 3G/4G | Yes |
| Serial Console Port | Yes |
| Mount Options | DIN Rail |
| Certifications | |
| Industrial | IEC 61850-3, IEEE 1613 |
| Maritime | IEC-60945 B, IACS-E10 (Test Clause IEC-60945-8.12, IACS-E10-12 Not Performed) |
| Operating Environment | |
| Temperature | -40°to167°F / -40° to 75°C |
| Humidity | 20%-90% (Non-Condensing) |
| Physical | |
| Enclosure | Desktop |
| Weight | 1.2 kg (2.65 lbs) |
| Power | |
| AC | 100-240V, 50 – 60 Hz |
| DC | 12V-72V, -48V DC |
| Power Consumption (Max) | 15W |
| Software Blade | NGFW | NGTP |
|---|---|---|
| Firewall | ✔ | ✔ |
| Identity Awareness | ✔ | ✔ |
| IPSec VPN | ✔ | ✔ |
| Advanced Networking & Clustering | ✔ | ✔ |
| Mobile Access1 | ✔ | ✔ |
| IPS | * | ✔ |
| Application Control | * | ✔ |
| URL Filtering | * | ✔ |
| Antivirus | * | ✔ |
| Anti-Spam & Email Security | * | ✔ |
| Anti-Bot | * | ✔ |
| NGFW = Next Generation Firewall; NGTP = Next Generation Threat Prevention ✔ - Included * - Optional 1 SSL VPN Portal is not supported | ||
