Appliance Highlights
Performance
|
IP295
|
IP395
|
IP565
|
IP695
|
IP1285
|
IP2455
|
---|---|---|---|---|---|---|
Firewall Throughput | 1.5 Gbps | 3.0 Gbps | 7 Gbps |
7.2 Gbps 11.7 Gbps1 |
10.3 Gbps 17.5 Gbps1 |
11 Gbps 30 Gbps1 |
VPN Throughput | 1.0 Gbps | 677 Mbps | 1.7 Gbps |
1.9 Gbps 3.3 Gbps1 |
1.9 Gbps 8.3 Gbps1 |
1.9 Gbps 8.3 Gbps1 |
IPS Throughput | 1.4 Gbps | 2.9 Gbps | 2.9 Gbps | 4 Gbps | 7 Gbps | 9 Gbps |
Concurrent Sessions | 900,000 | 1M | 1M | 1M | 1M | 1M |
VLANS | 10242 | 10242 | 10242 | 10242 | 10242 | 10242 |
ADP Module | - | - | - | Optional | Optional | Optional |
VPN Acceleration | Optional | Included | Included | Included | Included | Included |
1 - Performance
without ADP and with ADP
2 - Maximum of 256 VLANs per
interface
Hardware Technical Specifications
¡@
|
IP295
|
IP395
|
IP565
|
IP695
|
IP1285
|
IP2455
|
---|---|---|---|---|---|---|
10/100/1000 Ports | 6/8 | 4/8 | 4/12 | 4/16 | 4/28 | 4/32 |
10 GbE Ports | - | - | - | 61 | 101 | 101 |
Storage | 40 GB | 80 GB | 80 GB | 80 GB | 80 GB | 80 GB |
Disk-Based or Flash | Disk or Flash | Disk or Flash | Disk or Flash | Disk or Flash | Disk or Flash | Disk or Flash |
Enclosure | 1U/half rack | 1U | 1U | 1U | 2U | 2U |
Dimensions (standard) | 8.52 x 18 x 1.71 in. | 17 x 16 x 1.71 in. | 17.23 x 22 x 1.71 in. | 17.23 x 24 x 1.71 in. | 17.23 x 24.11 x 3.46 in. | 17.23 x 24.11 x 3.46 in. |
Dimensions (metric) | 216 x 457 x 44 mm | 432 x 406 x 44 mm | 438 x 559 x 44 mm | 438 x 610 x 44 mm | 438 x 613 x 88 mm | 438 x 613 x 88 mm |
Weight |
5.1kg (11.25 lbs) |
7.71kg (17.0 lbs) |
11.84kg (26.1 lbs) |
12.38kg (27.3 lbs) |
19.6kg (43.2 lbs) |
20.57kg (45.35 lbs) |
Operating Environment |
Temperature: 0¢X to 40¢X C2,
Humidity: 5% - 95%
non-condensing, Altitude: 3048m |
|||||
Power Input | 100-240V 50-60Hz | |||||
Power Supply Spec (Max) | 133W | 150W | 225W | 250W | 700W | 700W |
Power Consumption (Max) | ¡@ | 100W | 165W | ¡@ | ¡@ | ¡@ |
DC Power Supply | - | - | - | - | Optional | Optional |
Compliance |
Safety:
UL60950-1, First Edition: 2003,
CAN/CSAC22.2, No 60950:2000,
IEC60950-1: 2001,
EN60950-1:2001+A11 with Japanese
National Deviations /
Emission Compliance:
FCC Part 15, Subpart B, Class A,
EN50024,EN55022A: 1998, CISPR 22
Class A: 1985, EN61000-3-2,
EN61000-3-3 / Immunity: EN55024: 1998 |
1 Optional
2 IP395 can go to 50¢X C
Security Specifications
Protection Details
|
|
---|---|
Firewall Software Blade | |
Protocol/application support | Secures more than 200 applications and protocols |
VoIP protection | SIP, H.323, MGCP, and SCCP with NAT support |
Instant messaging control | MSN, Yahoo, ICQ, Skype, GoogleTalk, and QQ Instant Messenger |
Peer-to-peer blocking | Kazaa, Gnutella, BitTorrent, eMule, DirectConnect, Soulseek, Thunder, and Winny |
Network address translation | Static/hide NAT support with manual and automatic rules |
Layer-2 bridge support | Transparently integrates into existing network |
IPsec VPN Software Blade | |
Encryption support | AES 128-256 bit, 3DES 56-168 bit |
Authentication
methods
|
Password, RADIUS, TACACS, X.509, SecurID, LDAP |
Certificate
authority
|
Integrated certificate authority (X.509) |
VPN communities | Automatically sets up site-to-site connections as objects are created |
Topology support | Star and mesh |
Route-based VPN | Utilizes virtual tunnel interfaces; numbered/unnumbered interfaces |
VPN agent support | Complete Endpoint security with VPN, desktop firewall |
SSL-based remote access | Fully integrated SSL VPN gateway provides on-demand SSL-based access |
SSL-based endpoint scanning | Scans endpoint for compliance/malware prior to admission to the network |
IPS Software Blade | |
Network-layer protection | Blocks attacks such as DoS, port scanning, IP/ICMP/TCP-related |
Application-layer protection | Blocks attacks such as DNS cache poisoning, FTP bounce, improper commands |
Detection methods | Signature-based, behavioral, and protocol anomaly |
Advanced Networking Software Blade | |
ISP redundancy | Load sharing or primary/backup |
Leading Edge Routing support | Unicast IPv4 and IPv6 routing including OSPF and BGP, advanced multicast with PIM-SSM/IGMPv3 |
Quality of Service | Provides granular QoS control |
Acceleration and Clustering Software Blade | |
CoreXL1 | Balances security decisions across multiple cores |
SecureXL
|
Offloading of security inspection to a performance-optimized software module |
SecureXL firewall
security features
|
Access control, encryption, NAT, accounting and logging, connection/session rate, general security checks, IPS features, CIFs resources, TCP sequence verification, dynamic VPN |
High availability | Choice of IP Clustering anf VRRP:(Active/passive and active/active failover options) |
State synchronization (clustering) | Ensures stateful failover of connections |
Sync members supported (clustering) | Up to 4 members |
Load balancing | IP Clustering provides near linear scaling |
Link Aggregation | Load balancing and high availability the interfaces |
Critical device notifications | Network interfaces, synchronization status, hardware monitor, firewall policy status, load balancing process status, and firewall process status |
Management and reporting | |
Centralized management | Managed by Check Point centralized Security Management and Provider-1 |
Monitoring/logging | SmartView Tracker™ provides advanced monitoring and logging |
Reporting | Fully integrated with the Monitoring, Reporter, and Event Correlation Software Blades |
Command line interface | CLI for device and cluster |
IPSO Platform | |
CoreXL1 | Pre-hardened, optimized operating system |
USB Modem and Aux support | Provides for Out of Band Management |
Traffic Monitoring & NetFlow Support | Understand, Optimize, capacity planning for your network traffic |
Web based
administration
|
Enables quick, easy, and secure administration from anywhere in the network |
Backup and restore
|
For disaster recovery planning |
Centralized administrative rights | RADIUS authentication and RADIUS groups |
DHCP support | DHCP server and relay |