Call a Specialist Today! 888-785-4407

Check Point 21800 Appliance
Datacenter-grade security appliance

Check Point 21800 Appliance

Sorry, this unit has been discontinued. Please, contact us for a replacement product!

Click here to jump to more pricing!

Overview:

Insights

Today the Internet gateway is more than a firewall. It is a security device presented with an ever-increasing number of sophisticated threats. As a security gateway it must use multiple technologies to control network access, detect sophisticated attacks and provide additional security capabilities like data loss prevention and protection from web-based threats. The proliferation of mobile devices like smartphones and Tablets and new streaming, social networking and P2P applications requires a higher connection capacity and new application control technologies. Finally, the shift towards enterprise private and public cloud services, in all its variations, changes the company borders and requires enhanced capacity and additional security solutions.

Solution

Leveraging its multi-core and acceleration technologies, with 4300 SecurityPower Units, the Check Point 21800 appliance supports lightning-fast firewall throughput of up to 110 Gbps1 with sub 5μs latency. The 21800 is designed from the ground up for unmatched flexibility for even the most demanding enterprise and data center network environments.

The 21800 appliance has 3 expansion slots supporting a wide range of network options. The standard configuration includes one on-board 10/100/1000 RJ-45 Management port and a twelve 1 Gigabit Ethernet copper port card. In addition the 21800 appliance includes an on-board 10GbE Sync port (SR transceiver included). A maximally configured 21800 provides up to 37 Gigabit Ethernet copper ports or 36 fiber ports or thirteen 10 Gigabit Ethernet fiber ports.

The 21800 appliance chassis is highly serviceable. Access to all components is available from the front and the back of the unit when mounted in the rack. There is one slot for an optional Security Acceleration Module to boost performance of the appliance. In addition to hot-swappable redundant disk drives and power supply units, the 21800 appliance also supports Lights-Out-Management (LOM) for remote support and maintenance capabilities.

Product Benefits

  • Fits easily into complex networks
  • Redundancy eliminates downtime
  • Centralized control with LOM
  • Ideal for low latency transactions
  • Extensible Software Blade Architecture

Key Benefits

  • 4100/43001 SecurityPower™ Units
  • Optimized for low latency
  • High port density
  • High availability and serviceability
  • Simple deployment and management

Key Features:

Security Acceleration Module

The optional Check Point Security Acceleration Module (SAM-108) for the 21000 Appliances is ideal for latencysensitive applications such as financial trading and VoIP communication. With sub 5 micro-seconds firewall latency, this purpose-built acceleration module boasts 108 SecurityCores™ accelerating traffic on all Acceleration- Ready interface ports with a single SAM-108. Performance for the 21800 appliance is boosted to 110 Gbps of firewall throughput, 50 Gbps of VPN throughput and 300,000 connections per second.

Inclusive High Performance Package

Customers with high connection capacity requirements can purchase the affordable High Performance Package (HPP) with the Next Generation security package of their choice. This includes the appliance plus an Acceleration Ready 4x10Gb SFP+ interface card, transceivers and 64 GB of memory for high connection capacity. The SAM-108 High Performance Package also includes transceivers, 64 GB of memory in the appliance and 48 GB of memory in the Security Acceleration Module.

A Reliable Serviceable Platform

The Check Point 21800 appliance delivers business continuity and serviceability through features such as hotswappable redundant power supplies, hot-swappable redundant hard disk drives (RAID), redundant fans and an advanced LOM card for out-of-band management. Combined together, these features ensure a greater degree of business continuity and serviceability when these appliances are deployed in the customer’s networks.

Remote Management And Monitoring

A Lights-Out-Management (LOM) card provides out-of-band remote management to remotely diagnose, start, restart and manage the appliance from a remote location. Administrators can also use the LOM web interface to remotely install an OS image from an ISO file.

All-inclusive Security Solutions

The Check Point 21800 Appliances offer a complete and consolidated security solution available in five Next Generation Security Software Blade packages. Next Generation Firewall (NGFW): identify and control applications by user and scan content to stop threats. Next Generation Secure Web Gateway (SWG): enables secure use of Web 2.0 with real time protection. Next Generation Data Protection (NGDP): preemptively protect sensitive information from unintentional loss and educate users on proper data handling policy in real-time. Next Generation Threat Prevention (NGTP): prevent sophisticated cyber-threats with IPS, Application Control, Antivirus, Anti-Bot, URL Filtering and Email Security. Next Generation Threat Extraction (NGTX): advanced next-gen zero-day threat prevention, NGTP with Threat Emulation and Threat Extraction.

Prevent Unknown Threats

Check Point provides complete zero-day threat prevention and alerts when under attack. Threat Extraction delivers zero-malware documents in zero seconds. Threat Emulation inspects files for malicious content in a virtual sandbox. When Threat Emulation discovers new threats, a signature is sent to the Check Point ThreatCloud database which documents and shares information on the newly identified malware with other Check Point customers — providing immediate protection against zero-day threats.

Integrated Security Management

The appliance can either be managed locally with its available integrated security management or via central unified management. Using local management, the appliance can manage itself and one adjacent appliance for high availability purposes.

Technical Specifications:

Check Point 21800 Appliance

Performance

Production Performance2

  • 4100/43001 SecurityPower
  • 30.4–44.51 Gbps firewall throughput
  • 6.9 Gbps firewall and IPS throughput

RFC 3511, 2544, 2647, 1242 Performance (LAB)

  • 78–110 1 Gbps of firewall throughput, 1518 byte UDP
  • 23.5–50 1 Gbps of AES-128 VPN throughput
  • 9.9 Gbps of IPS throughput, IPS Recommended profile, IMIX traffic blend
  • 6–28 million concurrent connections, 64 byte response
  • 198,000–300,000 1 connections per second, 64 byte response

EXPANSION OPTIONS

Base Configuration

  • 1 on-board 10/100/1000Base-T RJ45
  • 1 on-board 10GbE SFP+ (SR transceiver included)
  • 12 x 10/100/1000BaseT RJ45 NIC (default)
  • 16 GB memory
  • Redundant dual hot-swappable power supplies
  • Redundant dual hot-swappable 500GB hard drives
  • LOM card
  • Telescopic rails (26"–35")

Network Expansion Slot Options (3 slots)

  • 12 x 10/100/1000Base-T RJ45 ports
  • 12 x 1000Base-F SFP ports
  • 4 x 10GBase-F SFP+ ports

Max Configuration

  • Up to 37 x 10/100/1000Base-T RJ45 ports
  • Up to 36 x 1000Base-F SFP ports
  • Up to 13 x 10GBase-F SFP+ ports
  • 32,64 GB RAM

Virtual Systems

  • Max VSs: 150 (w/16GB), 250 (w/64GB)

Network

Network Connectivity

  • IPv4 and IPv6
  • 1024 interfaces or VLANs per system
  • 4096 interfaces per system (in Virtual System mode)
  • 802.3ad passive and active link aggregation
  • Layer 2 (transparent) and Layer 3 (routing) mode

High Availability

  • Active/Active - L3 mode
  • Active/Passive - L3 mode
  • Session synchronization for firewall and VPN
  • Session failover for routing change
  • Device failure detection
  • Link failure detection
  • ClusterXL or VRRP

Physical

Power Requirements

  • AC Input Voltage: 100-240V
  • Frequency: 47-63Hz
  • Single Power Supply Rating: 1200W
  • Power Consumption Maximum: 489W/784W1
  • Maximum thermal output: 1669.4 BTU/2673.4 BTU1

Dimensions

  • Enclosure: 2RU
  • Standard (W x D x H): 17 x 28 x 3.5 in.
  • Metric (W x D x H): 431 x 710 x 88 mm
  • Weight: 26 kg (57.4 lbs.)

Operating Environmental Conditions

  • Temperature: 32°to104°F / 0° to 40°C
  • Humidity: 20%-90% (non-condensing)

Storage Conditions

  • Temperature: –4° to 158°F / –20° to 70°C
  • Humidity: 5% to 95% at 60°C (non-condensing)

Certifications

  • Safety: UL/cULT
  • Emissions: FCC, CE
  • Environmental: RoHS
1With Security Acceleration Module.
2Maximum R77 production performance based upon the SecurityPower benchmark. Real-world traffic, Multiple Software Blades, Typical rule-base, NAT and Logging enabled. Check Point recommends 50% SPU utilization to provide room for additional Software Blades and future traffic growth. Find the right appliance for your performance and security requirements using the Appliance Selection Tool.

Product Comparison

Appliance 21400 21700 21800
Performance
SecurityPower1 2175 / 29002 3300 / 35512 4100 / 43002
Firewall Throughput (Gbps)
 Raw3 50 / 1102 78.6 / 1102 78.6 / 1102
 Production5 17.1 / 44.32 25.4 / 44.52 30.4 / 44.52
Firewall Latency2 < 5μs < 5μs < 5μs
VPN AES-128 Throughput (Gbps) 7 / 502 11 / 502 23.5 / 502
IPS Throughput (Gbps)
Recommended4 6 8 9.9
Production5 3.67 5.7 6.9
Concurrent Connections 10M 13M 28M
Connections per Second 130K / 300K2 170K / 300K2 198K / 300K2
Virtual Systems
Virtual System Support Yes Yes Yes
Max VS Supported (Default/Max) 125 / 250 150 / 250 150 / 250
Hardware Specifications
10/100/1000Base-T Ports 13 to 37 13 to 37 13 to 37
1000Base-F SFP Ports up to 36 up to 36 up to 36
10GBase-F SFP+  Ports up to 12 up to 13 up to 13
Memory 12, 24 GB 16, 32, 64 GB 16, 32, 64 GB
Storage 2 x 500 GB HDD RAID1 2 x 500 GB HDD RAID1 2 x 500 GB HDD RAID1
I/O Expansion Slots 3 3 3
LOM Included Included Included
Dimensions
Enclosure 2U 2U 2U
Dimensions (standard) 17" W x 28" D x 3.5" H
Dimensions (metric) 431 mm W x 710 mm D x 88 mm H
Weight 26 kg (57.4 lbs.)
Environment
Operating Environment Temperature: 32° to 104°F / 0° to 40°C; Relative Humidity 20% to 90% (non-condensing)
Non-Operating Environment Temperature: -4° to 158°F / -20° to 70°C; Relative Humidity 5% - 95% (non-condensing)
Power
Redundant Hot-Swap Power Supply Yes Yes Yes
Power Input 100~240VAC, 47~63Hz
Power Supply Spec (Max) 2 x 910W 2 x 1200W 2 x 1200W
Power Consumption (Max) 449W / 744W2 489W / 784W2 489W / 784W2
Certifications
Safety CB, UL, cUL, CSA, TUV
Emissions CE, FCC VCCI, C-Tick
Environmental RoHS
1 Check Point's SecurityPower is a new benchmark metric that allows customers to select security appliances by their capacity to handle real-world network traffic, multiple security functions and a typical security policy
2 With Security Acceleration Module
3 Raw throughput is based on RFC 3511 with 1518 bytes UDP packets
4 Recommended IPS profile, IMIX traffic blend
5 Assumes maximum production throughput environment with real-world traffic blend, a typical rule-base size, NAT and logging enabled and the most secure threat prevention protection
6 Effective October 31, 2014 Check Point will no longer sell the 21600 Appliance. Visit the Support Lifecycle page to learn about replacement appliances.

Software Specifications

Software Blade NGFW NGDP NGSWG NGTP NGTX
Firewall
Identity Awareness
IPSec VPN
Advanced Networking & Clustering
Mobile Access 1 *
IPS *
Application Control
DLP * * * *
URL Filtering * *
Antivirus  * *
Anti-Spam & Email Security * * *
Anti-Bot * * *
Threat Extraction * * * *
Threat Emulation * * * *
Management Blades
Network Policy Management
Logging and Status
SmartEvent * * * *
SmartWorkflow * * * * *
Monitoring * * * * *
Management Portal * * * * *
User Directory * * * * *
SmartProvisioning * * * * *
SmartReporter * * * * *
Endpoint Policy Management * * * * *
 Compliance * * * * *
NGFW  = Next Generation Firewall;    NGDP  = Next Generation Data Protection;   NGTP = Next Generation Threat Prevention; NGSWG = Next Generation Secure Web Gateway
- Included
* - Optional
1 Five users are included in default package

Documentation:

Download the Check Point 21800 Appliance Datasheet (PDF).

Pricing Notes:

Mobile Access Blade for up to 200 concurrent connections
*The purchase of a Security Gateway container is required per user
#CPSB-MOB-200
Our Price: $4,100.00
Check Point IPS blade for 1 year
#CPSB-IPS-M-1Y
Our Price: $3,300.00
Check Point Anti-Spam & Email Security Blade for 1 year
#CPSB-ASPM-M-1Y
Our Price: $3,300.00