checkpoint 700x150

23800 Appliance

Data Center Grade Security, Performance and Reliability 

Product Benefits 

  • Enable the most advanced threat prevention security 
  • Optimal performance even when inspecting SSL encrypted traffic 
  • Future-proofed technology safeguards against tomorrow’s risks 
  • Centralized control and LOM improves serviceability 
  • High performance package optimizes platform performance 
  • Modular, expandable chassis with flexible I/O options 

Product Features 

  • 6,200 SecurityPower™ Units 
  • Simple deployment and management 
  • Virtual Systems consolidates security onto one device 
  • High port density with 40 GbE option 
  • Redundant power supplies, fans and hard disk drives eliminate single point of failure 

OVERVIEW 

The Check Point 23800 appliance combines the most comprehensive security protections with data center grade hardware to maximize uptime while safeguarding enterprise and data center networks. The 23800 is a 2U appliance with five I/O expansion slots for high port capacity, redundant power supplies and fans, a 2x 1TB RAID1 disk array, and Lights-Out Management (LOM) for remote management. If you’re ready to move from 10 to 40 GbE, so is the 23800 Appliance. 

COMPREHENSIVE THREAT PREVENTION 

The rapid growth of malware, growing attacker sophistication and the rise of new unknown zero-day threats require a different approach to keep enterprise networks and data secure. Check Point delivers fully integrated, comprehensive Threat Prevention with award-winning SandBlast™ Threat Emulation and Threat Extraction for complete protection against the most sophisticated threats and zero-day vulnerabilities. 

Production Environment Performance1 

SecurityPower™ Units (SPU) 

6,200 SPU 

Firewall throughput 

43 Gbps 

IPS throughput 

12 Gbps 

NGFW throughput (Firewall, Application Control, IPS) 

7.2 Gbps 

Threat prevention throughput2 

3.6 Mbps 

Ideal Testing Conditions Performance (RFC 3511, 2544, 2647, 1242) 

Firewall throughput, 1518 byte UDP 

128 Gbps 

Connections per second 

200,000 

Concurrent connections 

12.8 to 283 million 

VPN throughput, AES-128 

26 Gbps 

IPS throughput 

30 Gbps 

NGFW throughput (Firewall, Application Control, IPS) 

27 Gbps  

1 Performance measured with real-world traffic blend and content, a typical rule base, updated recommended signatures, NAT and logging enabled, 2 FW, IPS, APPCTRL, AV, AB, URLF, 3 with maximum memory 

ALL-INCLUSIVE SECURITY SOLUTIONS 

Check Point 23800 Appliances offer a complete and consolidated security solution available in two complete packages: 

  • NGTP: prevent sophisticated cyber-threats with IPS, Application Control, Antivirus, Anti-Bot, URL Filtering and Email Security. 
  • NGTX: NGTP with SandBlast Zero-Day Protection, which includes Threat Emulation and Threat Extraction. 

PREVENT KNOWN AND ZERO-DAY THREATS 

The 23800 Appliance protects organizations from both known and unknown threats with Antivirus, Anti-Bot, SandBlast Threat Emulation (sandboxing), and SandBlast Threat Extraction technologies. 

As part of the Check Point SandBlast Zero-Day Protection solution, the cloud-based Threat Emulation engine detects malware at the exploit phase, even before hackers can apply evasion techniques attempting to bypass the sandbox. Files are quickly quarantined and inspected, running in a virtual sandbox to discover malicious behavior before it enters your network. This innovative solution combines cloud-based CPU-level inspection and OS-level sandboxing to prevent infection from the most dangerous exploits, and zero-day and targeted attacks. 

Furthermore, SandBlast Threat Extraction removes exploitable content, including active content and embedded objects, reconstructs files to eliminate potential threats, and promptly delivers sanitized content to users to maintain business flow.

  NGTP NGTX
  Prevent known threats Prevent known and zero-day attacks
Firewall ? ?
VPN (IPSec) ? ?
IPS ? ?
Application Control ? ?
Anti-Bot ? ?
Anti-Virus ? ?
URL Filtering ? ?
SandBlast Threat Emulation ?
SandBlast Threat Extraction ?

INCLUSIVE HIGH PERFORMANCE PACKAGE 

Customers with high connection capacity requirements can purchase the affordable High Performance Package (HPP). This includes the appliance plus two 4x 10Gb SFP+ interface cards, transceivers and 64 GB of memory for high connection capacity. 

  Base HPP Max
1 GbE ports (Copper) 10 10 42
10 GbE ports (Fiber) 2 10 20
Transceivers (SR) 2 10 20
40 GbE ports (Fiber) 0 0 4
RAM 32GB 64GB 64GB
HDD 2 2 2
Power Supply Units 2 2 2
Lights Out Management Included Included Included

A RELIABLE SERVICEABLE PLATFORM 

The Check Point 23800 appliance delivers business continuity and serviceability through features such as hot swappable redundant power supplies, hot-swappable redundant hard disk drives (RAID), redundant fans and an advanced LOM card for out-of-band management. Combined together, these features ensure a greater degree of business continuity and serviceability when these appliances are deployed in the customer’s networks. 

REMOTE MANAGEMENT AND MONITORING 

A Lights-Out-Management (LOM) card provides out-of-band remote management to remotely diagnose, start, restart and manage the appliance from a remote location. Administrators can also use the LOM web interface to remotely install an OS image from an ISO file. 

40 GbE CONNECTIVITY 

High speed connections are essential in modern data center environments, especially those with high-density virtualized servers. If you’re ready to move from 10 to 40 GbE, so is the 23800 Appliance. The Check Point 23800 lets you connect your 10 GbE server uplinks to your 40 GbE core network with up to 4x 40 GbE ports. 

TAP THE POWER OF VIRTUALIZATION 

Check Point Virtual Systems enable organizations to consolidate infrastructure by creating multiple virtualized security gateways on a single hardware device, offering significant cost savings with seamless security and infrastructure consolidation.

Expansion Options

Base Configuration (using 2 of 5 expansion slots) 

  • 2 on-board 10/100/1000Base-T RJ-45 ports 
  • 8x 10/100/1000Base-T RJ-45 IO card 
  • 2x 10GBaseF SFP+ IO card 
  • 32 GB memory 
  • Redundant dual hot-swappable power supplies 
  • Redundant dual hot-swappable 1xTB hard drives 
  • Lights-Out-Management (LOM) 
  • Slide rails (22” – 32”) 

Network Expansion Slot Options 

  • 8x 10/100/1000Base-T RJ45 port card, up to 40 ports 
  • 4x 1000Base-F SFP port card, up to 20 ports 
  • 4x 10GBase-F SFP+ port card, up to 20 ports 
  • 2x 40GBase-F QSFP port card, up to 4 ports 

Fail-Open/Bypass Network Options 

  • 4x 10/100/1000Base-T RJ45 port card 
  • 2x 10GBase-F SFP+ port card 

Virtual Systems 1 

  • Maximum (base/HPP): 125/250 

1 with the memory available in the base or HPP 

Network

Network Connectivity 

  • Total physical and virtual (VLAN) interfaces per appliance: 1024/4096 (single gateway/with virtual systems) 
  • 802.3ad passive and active link aggregation 
  • Layer 2 (transparent) and Layer 3 (routing) mode 

High Availability 

  • Active/Active and Active/Passive - L3 mode 
  • Session synchronization for firewall and VPN 
  • Session failover for routing change 
  • Device and link failure detection 
  • ClusterXL or VRRP 

IPv6 

  • Features: Firewall, Identity Awareness, Mobile Access, App Control, URL Filtering, IPS, Anti-Bot, Antivirus 
  • NAT66, NAT64 
  • CoreXL, SecureXL, HA with VRRPv3 

Unicast and Multicast Routing (see SK98226) 

  • OSPFv2 and v3, BGP, RIP 
  • Static routes, Multicast routes 
  • Policy-based routing 
  • PIM-SM, PIM-SSM, PIM-DM, IGMP v2, and v3 

Physical

Power Requirements 

  • AC Input Voltage: 90-264V 
  • Frequency: 47-63Hz 
  • Single Power Supply Rating: 800W 
  • Power Consumption Maximum: 399W 
  • Power consumption average 110V/230V: 235W/234W 
  • Maximum thermal output: 1361.4 BTU/hr. 

Dimensions 

  • Enclosure: 2RU 
  • Standard (W x D x H): 17.4 x 20.84 x 3.5 in. 
  • Metric (W x D x H): 442 x 529 x 88 mm 
  • Weight: 15.8 kg (34.8 lbs.) 

Operating Environmental Conditions 

  • Temperature: 32° to 104°F / 0° to 40°C 
  • Humidity: 5% to 95% (non-condensing) 

Storage Conditions 

  • Temperature: –4° to 158°F / –20° to 70°C 
  • Humidity: 5% to 95% at 60°C (non-condensing) 

Certifications 

  • Safety: UL60950-1, CB IEC60950-1, CE LVD EN60950-1, TUV GS 
  • Emissions: FCC, CE, VCCI, RCM/C-Tick 
  • Environmental: RoHS, *REACH, *ISO14001