Check Point 23900 Security Appliance
Check Point 23900 Security Appliance
Large enterprise and data center networks demand uncompromising performance combined with high-reliability and flexible connectivity options. The Check Point 23000 Security Appliances combine the most comprehensive protections with data center-grade hardware to maximize uptime and performance for securing the most demanding large enterprise and data center environments.
Benefits
The most advanced threat prevention security
- Comprehensive protections including firewall, IPS, Application Control, Anti-Bot, AntiVirus, URL Filtering and the award-winning sandboxing technology in Check Point SandBlast
- Next Generation Threat Prevention package provides uncompromising protection against known threats
- SandBlast Threat Prevention provides the most advanced protections against unknown threats, vulnerabilities and zero-day attacks
Complete protection without compromising performance
- Hardware and software optimized to deliver full advanced threat prevention security, including inspecting SSL encrypted traffic
- Up to 3.6 Gbps of real-world threat prevention throughput
- Up to 43 Gbps of real-world firewall throughput
Data center-grade chassis design
- Redundant components such as power supplies, fans and hard drives eliminates downtime
- Centralized control with Lights-Out-Management (LOM) for enhanced serviceability
- High performance package optimizes platform performance
- Flexible I/O including 40 Gigabit Enternet (GbE) port options
Specification
STT | Tính năng | Checkpoint 23900 |
1 | Performance | |
Enterprise Testing Conditions | ||
Threat Prevention throughput | 20 Gbps | |
NGFW throughput | 24 Gbps | |
IPS throughput | 26 Gbps | |
Firewall throughput | 77.9 Gbps | |
Ideal Testing Conditions | ||
Firewall throughput (UDP 1518 byte packet) | 128 Gbps | |
VPN throughput AES-128 | 26 Gbps | |
Connections per second (64 byte response) | 400,000 | |
Concurrent connections (64 byte response) | 18.3/25.6/51.2 M | |
2 | Additional Features | |
Highlights | ||
Sync 10/100/1000Base-T RJ45 port | 1 | |
Management port | 1 x 10/100/1000Base-T RJ45 port | |
USB Port | 2 x USB 3.0 ports for ISO installation | |
Console port | 1 x RJ45, 1 x Micro USB | |
Network Card Expansion Slots | 5 | |
Lights-Out-Management port | 1 | |
Graphic LCD display | 1 | |
CPU | 2 x CPUs, 36 x physical cores, 72 x virtual cores (total) | |
Disk Drives | 2x 1TB HDD or 480GB SSD RAID1 storage | |
RAM | 48, 64 and 128 GB memory options | |
Lights-Out-Management card | Included | |
Virtual Systems (base/HPP/max mem) | 125/250/250 | |
Network Expansion Slot Options (3 of 5 slots open) | ||
1x 10/100/1000Base-T RJ45 port card, up to 42 ports | Optional | |
4x 1000Base-F SFP port card, up to 20 ports | Optional | |
4x 10GBase-F SFP+ port card, up to 20 ports | Optional | |
2x 40G QSFP+ port card, up to 6 ports | Optional | |
2x 100/25G QSFP28 port card, up to 6 ports | Optional | |
Fail-Open/Bypass Network Options | ||
4x 10/100/1000Base-T RJ45 port card | Optional | |
2x 10GBase-F SFP+ port card | Optional | |
3 | Content Security | |
First Time Prevention Capabilities | ||
CPU-level, OS-level and static file analysis | Yes | |
File disarm and reconstruction via Threat Extraction | Yes | |
Average emulation time for unknown files that require full sandbox evaluation is under 100 seconds | Yes | |
Maximal file size for Emulation | 100 MB | |
Emulation OS Support | Windows XP, 7, 8.1, 10 | |
Applications | ||
Use 8,000+ pre-defined or customize your own applications | Yes | |
Accept, prevent, schedule, and apply traffic-shaping | Yes | |
Data Lost Prevention | ||
Classify 700+ pre-defined data types | Yes | |
End user and data owner incident handling | Yes | |
Dynamic User-based Policy | ||
Integrates with Microsoft AD, LDAP, RADIUS, Cisco pxGrid, Terminal Servers and with 3rd parties via a Web API | Yes | |
Enforce consistent policy for local and remote users on Windows, macOS, Linux, Android and Apple iOS platforms | Yes | |
4 | Network | |
Network Connectivity | ||
Total physical and virtual (VLAN) interfaces per appliance: 1024/4096 (single gateway/with virtual systems) | Yes | |
802.3ad passive and active link aggregation | Yes | |
Layer 2 (transparent) and Layer 3 (routing) mode | Yes | |
High Availability | ||
Active/Active L2, Active/Passive L2 and L3 | Yes | |
Session failover for routing change, device and link failure | Yes | |
ClusterXL or VRRP | Yes | |
IPv6 | ||
NAT66, NAT64, NAT46 | ||
CoreXL, SecureXL, HA with VRRPv3 | ||
Unicast and Multicast Routing (see SK98226) | ||
OSPFv2 and v3, BGP, RIP | Yes | |
Static routes, Multicast routes | Yes | |
Policy-based routing | Yes | |
PIM-SM, PIM-SSM, PIM-DM, IGMP v2, and v3 | Yes | |
5 | Physical | |
Power Requirements | ||
Single Power Supply rating | 800W | |
AC power input | 90 to 264V (47-63Hz) | |
DC input current | -40.5V/24A -48V/19.2A, -60V/16.0A | |
Power consumption avg/max | AC253/399W, DC343.6/394W | |
Maximum thermal output | 1361.4 BTU/hr | |
Dimensions | ||
Enclosure | 2RU | |
Dimensions (WxDxH) | 17.4×20.84×3.5 in. (442x529x88mm) | |
Weight | 34.8 lbs. (15.8 kg) | |
Environmental Conditions | ||
Operating | 0° to 40°C, humidity 5% to 95% | |
Storage | –20° to 70°C, humidity 5% to 95% at 60°C | |
Certifications | ||
Safety | UL, CB, CE, TUV GS | |
Emissions | FCC, CE, VCCI, RCM/C-Tick | |
Environmental | RoHS, WEEE, REACH1, ISO140011 | |
Subscriptions
Support Service | Software Subscription | Standard | Premium | Elite | Diamond |
Check Point PRO Availability | N/A | Yes | Yes | Yes | Yes |
Basic SLA | N/A | 5 x 9 Business Day | 7 x 24 Every Day | 7 x 24 Every Day | 7 x 24 Every Day |
Check Point Engineer On Site for Critical SRs | No | No | No | Yes** | Based on the Support level |
TAC Access | |||||
Support Focal Point | N/A | Desk Support Engineer | Premium Support Engineer | Premium Support Engineer | Designated Diamond Engineer |
Unlimited Service Requests | N/A | Yes | Yes | Yes | Yes |
Committed Response time to Severity-1 issues* | N/A | 30 Minutes | 30 Minutes | 30 Minutes | 30 Minutes |
Committed Response time to Severity 2,3 & 4 issues* | N/A | 4 Hours | Sev 2 – 2 Hours | Sev 2 – 30 Minutes | Based on the Support level |
Sev 3 & 4 – 4 Hours | Sev 3 & 4 – 4 Hours | Sev 3 & 4 – 4 Hours | |||
Allowed number of designated support contact per account | N/A | 5 | 10 | 10 | 10 |
Support Tools | |||||
Latest Hot Fixes & Service Packs | Yes | Yes | Yes | Yes | Yes |
Major Upgrades & Enhancements | Yes | Yes | Yes | Yes | Yes |
Access to Check Point Products Forums | Read | Full Access | Full Access | Full Access | Full Access |
Access to Online Support Knowledgebase | N/A | Advanced | Expert | Expert | Expert |
Hardware Support | |||||
Return Material Authorization (RMA) determination | TAC | TAC | TAC | TAC | Customer |
Specs
System Performance
Firewall throughput | 77.9 Gbps |
Concurrent connections | 18.300.000 / 51.200.000 |
New connections/sec | 400.000 |
IPS throughput | 26 Gbps |
NGFW Throughput | 24 Gbps |
Threat Protection Throughput | 20 Gbps |
Firewall Policies | 128 Gbps of UDP 1518 byte packet firewall throughput |
VPN AES-128 Throughput | 26 Gbps |
Physical interfaces
GE RJ45 Ports | 1x 10/100/1000Base-T RJ45 port |
GE RJ45 WAN Ports | 2x 40G QSFP+ port, 2x 100/25G QSFP28 |
GE SFP Slots | 4x 1000Base-F SFP port, 4x 10GBase-F SFP+ port |
SD Card Slot | Micro SDHC Slot |
USB Port | Yes |
Console Port | Yes |
Storage | 2x 1TB HDD or 480GB SSD RAID1 |
3G/4G Modem Support | Yes |
Dimensions & Enviroment
Mounting | 2 RU |
Dimensions Width x Depth x Height (inches) | 17.4 x 20.84 x 3.5 |
Dimensions Height x Width x Length (mm) | 442 x 529 x 88 |
Weight | 34.8 lbs (15.8 kg) |
Power supply | 90-264 VAC |
Maximum Current | 1361.4 BTU/h |
Power Consumption | AC253/399W, DC343.6/394W |
Operating Temperature | 0-40 C |
Storage Temperature | -20-70 C |
Humidity | 5-95% non-condensing |
Certifications | UL/cUL, IEC 60950 CB / EMC: EN55022 Class B, FCC: Part 15 Class B / RoHS, REACH, WEEE |