1200R Appliance: Industrial Control Systems

Industrial Control Systems (ICS) used in critical infrastructure and manufacturing industries are targets of sophisticated cyberattacks. The Check Point 1200R rugged appliance line delivers proven, integrated security for deployment in harsh environments as part of a complete end-to-end ICS security solution.


Deploy SCADA networking security in harsh environments and remote locations

  • Full featured security gateway with 6 x 1GbE ports and raw firewall throughput of 2 Gbps
  • Operates in extreme temperatures from -40°C to 75°C in a compact fan-less design with no moving parts
  • Complies with industrial specifications IEEE 1613 and IEC 61850-3 and certified for maritime operation per IEC-60945 and IACS E10, complies with DNV 2.4

Full visibility and granular control of SCADA traffic

  • Our Next-Generation Firewall enables granular functional control of SCADA protocols
  • Log SCADA protocols, including commands and parameters, for forensic analysis of incidents in your operation networks
  • Monitor your compliance to major regulations such as NERC CIP v5 using the Compliance Software Blade

Comprehensive security with SCADA-aware threat detection and prevention

  • Deploy the industry’s most extensive support of ICS/SCADA-specific protocols including BACNet, DNP3, IEC-60870-5-104, IEC 60870-6 (ICCP), IEC 61850, MMS, Modbus, OPC, Profinet, S7 (Siemens) and many others
  • Detect and prevent exploits of ICS vulnerabilities with SCADA IPS signatures, closing the window of exposure between vulnerable and patched systems
  • Leverage our full range of threat prevention capabilities including firewall, IPS and anti-malware to detect and prevent inbound threats to SCADA networks
  • Our complete IT-OT security solution protects the corporate perimeter, the bridge between IT and OT networks and operator workstations and SCADA devices within the OT network
  • Quickly analyze risk through specialized threat reports in our Next Generation SmartEvent

Check Point offers protection to our wide ranging assets by providing the capability to securely connect assets located over a large geographic area in less than ideal locations. We’re very pleased Check Point is taking this initiative with a SCADA solution to ensure our critical assets are protected. The addition of the new 1200R Industrial Control Systems as an example of this innovation.

Shawn Kearley

Infrastructure Analyst

Newfoundland Power


Wide range of appliances for IT and OT networks

The 1200R Rugged Appliance complements our extensive appliance family to support a diverse range of deployment environments and meet specialized requirements in ICS security. The 1200R complies with industrial specifications such as IEEE 1613 and IEC 61850-3 for heat, vibration and immunity to electromagnetic interference (EMI). In addition, the 1200R is certified for maritime operation per IEC-60945 and IACS E10 and complies with DNV 2.4. The 1200R Appliances can also be used in commercial deployments.

Inspect Encrypted Connections

There is a shift towards more use of HTTPS, SSL and TLS encryption to increase Internet security. At the same time files delivered into the organization over SSL and TLS represent a stealthy attack vector that bypasses traditional security implementations. Check Point Threat Prevention looks inside encrypted SSL and TLS tunnels to detect threats, ensuring users remain in compliance with company policies while surfing the Internet and using corporate data.

Next-Generation Firewall

Check Point Application Control has broad support for specialized Industrial Control System and SCADA protocols with granularity for over 800 SCADA specific commands. This enables protocol-specific visibility and controls with directional awareness.

For instance, administrators are able to create a policy to prevent monitoring and reporting systems from performing write operations to control systems. Furthermore, our protocol decoder enables granular control at the command level, such as read/write/get for specific units, function codes and address ranges.

Protocol Support Includes:

  • BACNet
  • CIP
  • DNP3
  • IEC-60870-5-104
  • IEC 60870-6 (ICCP)
  • IEC 61850

  • MMS
  • Modbus
  • OPC
  • Profinet
  • S7 (Siemens)

Support for additional protocols is available on request. For the latest protocols, see the AppWiki.

Integrated threat detection and prevention

Detect and prevent targeted attacks against ICS/SCADA components in Operational Technology (OT) environments with specific protections for these highly vulnerable, unpatched, legacy embedded systems. Our threat prevention technologies have the best catch rate in the industry and can be deployed in detect-mode to minimize the disruption of operational processes.

Best-in-class management

Administrators can define security policy for the entire network — including internal security, main sites, and remote sites — from a single, centrally located Check Point Security Management server. With SmartProvisioning™, a profile-based management approach designed for large- scale deployments, administrators can define a single security and device profile and apply it simultaneously to thousands of appliances — dramatically reducing deployment time and administrative overhead.

With compliance built-in, you can meet and exceed emerging regulatory and other ICS cyber security requirements cyber security requirements such as NERC-CIP. We constantly monitor the compliance status of the organization with hundreds of best practices, enabling network security managers to quickly assess the strength of the current policy settings and where improvements are needed

Learn More




Production Performance(Real-World Traffic Blend) 1


Firewall (Mbps)


Firewall and IPS (Mbps)


Ideal Testing Conditions Performance (RFC 3511, 2544, 2647, 1242)
Firewall Throughput (Gbps)


Connections per Second (K)


Concurrent Sessions (K)


VPN Throughput (Mbps)


1 Performance with a real-world traffic blend, a typical rule-base, NAT and logging enabled and the most secure threat prevention


10/100/1000Base-T (Max)


1000Base-F (Max)


Additional Features


Serial Console Port


Mount Options

DIN Rail


IEC 61850-3, IEEE 1613


IEC-60945 B, IACS-E10 (Test Clause IEC-60945-8.12, IACS-E10-12 Not Performed)

Operating Environment

-40°to167°F / -40° to 75°C


20%-90% (Non-Condensing)




1.2 kg (2.65 lbs)


100-240V, 50 – 60 Hz


12V-72V, -48V DC

Power Consumption (Max)


Software Blade




Identity Awareness


Advanced Networking & Clustering

Mobile Access1


Application Control

URL Filtering




Anti-Spam & Email Security




NGFW  = Next Generation Firewall;  NGTP = Next Generation Threat Prevention plus SandBlast
✔ - Included
* - Optional
1 SSL VPN Portal is not supported



This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO