Check Point 5600 Appliance | Datasheet
CHECK POINT
5600 NEXT GENERATION SECURITY GATEWAY
FOR THE MID-SIZE ENTERPRISE
CHECK POINT 5600 NEXT
GENERATION SECURITY
GATEWAY
Mid-size enterprise security
Product Benefits
 High performance protection against
the most advanced cyber attacks
 Unique “first time prevention” for the
most sophisticated zero day attack
 Optimized for inspecting SSL
encrypted traffic
 Future-proofed technology
safeguards against tomorrow’s risks
 Centralized control and LOM
improves serviceability
 Modular, expandable chassis with
flexible I/O options
Product Features
 Simple deployment and management
 Virtual Systems consolidates security
onto one device
 One network expansion slots to add
port density, fiber, 10 GbE and failopen IO card options
 Redundant power supplies, fans and
appliance clustering technologies
eliminate single point of failure
OVERVIEW
The Check Point 5600 Next Generation Security Gateway combines the most
comprehensive security protections to safeguard your mid-size enterprise. The 5600 is
a 1U Next Generation Security Gateway with one I/O expansion slot for higher port
capacity, redundant fans and a redundant power supply option, a 500GB (HDD) or
240GB (SSD) disk, and optional Lights-Out Management (LOM) for remote
management. This powerful Next Generation Security Gateway is optimized to deliver
real-world threat prevention to secure your critical assets and environments.
COMPREHENSIVE THREAT PREVENTION
The rapid growth of malware, growing attacker sophistication and the rise of new
unknown zero-day threats require a different approach to keep enterprise networks
and data secure. Check Point delivers fully integrated, comprehensive Threat
Prevention with award-winning SandBlast™ Threat Emulation and Threat Extraction
for complete protection against the most sophisticated threats and zero -day
vulnerabilities.
Unlike traditional solutions that are subject to evasion techniques, introduce
unacceptable delays, or let potential threats through while evaluating files, Check
Point SandBlast stops more malware from entering your network. With our solution
your employees can work safely no matter where they are and doesn’t compromise
their productivity.
PERFORMANCE HIGHLIGHTS
1
Firewall
IPS
NGFW
25 Gbps
7.8 Gbps
5.8 Gbps
Threat Prevention
2
1.45 Gbps
Performance measured under ideal testing conditions. Additional performance detailed on page 4.
1 Includes Firewall, Application Control, and IPS Software Blades.
2 Includes Firewall, Application Control, URL Filtering, IPS, Antivirus, Anti -Bot and SandBlast Zero-Day Protection Software
Blades.
©2016 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non -confidential content | November 22, 2016 | Page 1
Check Point 5600 Appliance | Datasheet
ALL-INCLUSIVE SECURITY SOLUTIONS
INSPECT ENCRYPTED CONNECTIONS
Check Point 5600 Next Generation Security Gateways offer a
complete and consolidated security solution available in two
complete packages:

NGTP: prevent sophisticated cyber-threats with
Application Control, URL Filtering, IPS, Antivirus,
Anti-Bot and Email Security.

NGTX: NGTP with SandBlast Zero-Day Protection,
which includes Threat Emulation and Threat
Extraction.
There is a shift towards more use of HTTPS, SSL and TLS
encryption to increase Internet security. At the same time
files delivered into the organization over SSL and TLS
represent a stealthy attack vector that bypasses traditional
security implementations. Check Point Threat Prevention
looks inside encrypted SSL and TLS tunnels to detect
threats, ensuring users remain in compliance with company
policies while surfing the Internet and using corporate data.
PREVENT KNOWN AND ZERO-DAY THREATS
The 5600 Next Generation Security Gateway protects
organizations from both known and unknown threats with
Antivirus, Anti-Bot, SandBlast Threat Emulation
(sandboxing), and SandBlast Threat Extraction technologies.
As part of the Check Point SandBlast Zero-Day Protection
solution, the cloud-based Threat Emulation engine detects
malware at the exploit phase, even before hackers can apply
evasion techniques attempting to bypass the sandbox. Files
are quickly quarantined and inspected, running in a virtual
sandbox to discover malicious behavior before it enters your
network. This innovative solution combines cloud-based
CPU-level inspection and OS-level sandboxing to prevent
infection from the most dangerous exploits, and zero-day and
targeted attacks.
Furthermore, SandBlast Threat Extraction removes
exploitable content, including active content and embedded
objects, reconstructs files to eliminate potential threats, and
promptly delivers sanitized content to users to maintain
business flow.
NGTP
Prevent known
threats
Firewall
VPN (IPsec)
IPS
Application Control
URL Filtering
Anti-Bot
Anti-Virus
Anti-Spam
SandBlast Threat Emulation
SandBlast Threat Extraction










NGTX
(SandBlast)
Prevent known
and zero-day
attacks










INCLUSIVE HIGH PERFORMANCE PACKAGE
Customers with high connection capacity requirements can
purchase the affordable High Performance Package (HPP).
This includes the base system plus one 4x 1Gb SFP
interface card, transceivers, redundant power supplies,
Lights-Out-Management and 16 GB of memory for high
connection capacity.
Base
HPP
Max
1 GbE ports (Copper)
10
10
18
1 GbE ports (Fiber)
0
4
4
10 GbE ports (Fiber)
0
0
4
Transceivers (SR)
0
4
4
8GB
16GB
32GB
1
2
2
Optional
Included
Included
RAM
Power Supply Units
Lights Out Management
REMOTE MANAGEMENT AND MONITORING
A Lights-Out-Management (LOM) card provides out-of-band
remote management to remotely diagnose, start, restart and
manage the appliance from a remote location. Administrators
can also use the LOM web interface to remotely install an OS
image from an ISO file.
10 GbE CONNECTIVITY
High speed connections are essential in modern enterprise
and data center environments, especially those with highdensity virtualized servers. If you’re ready to move from 1 to
10 GbE, so is the 5600 Next Generation Security Gateway.
The Check Point 5600 lets you connect your 1 GbE server
uplinks to your 10 GbE core network with up to 4x 10 GbE
ports.
TAP THE POWER OF VIRTUALIZATION
Check Point Virtual Systems enable organizations to
consolidate infrastructure by creating multiple virtualized
security gateways on a single hardware device, offering
significant cost savings with seamless security and
infrastructure consolidation.
©2016 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non -confidential content | November 22, 2016 | Page 2
Check Point 5600 Appliance | Datasheet
1
2
5
6
2
5600 SECURITY APPLIANCE
1 Sync 10/100/1000Base-T RJ45 port
2 RJ45/micro USB console port
3 One network card expansion slot (HPP)
4 8x 10/100/1000Base-T RJ45 ports
5 Management 10/100/1000Base-T RJ45 port
6 2x USB ports for ISO installation
7 Lights-Out Management port
3
4
7
ORDERING INFORMATION
BASE CONFIGURATION 1
5600 Next Generation Security Gateway Base Configuration, includes 10x1GbE copper ports, 8GB RAM,
1 HDD, 1 AC Power Unit, Next Generation Threat Prevention (NGTP) Security Subscription Package for 1
Year.
CPAP-SG5600-NGTP
5600 SandBlast Next Generation Security Gateway Base Configuration, includes 10x1GbE copper ports,
8GB RAM, 1 HDD, 1 AC Power Unit, SandBlast (NGTX) Security Subscription Package for 1 Year
CPAP-SG5600-NGTX
HIGH PERFORMANCE PACKAGES 1
5600 Next Generation Security Gateway with High Performance Package, includes10x1GbE copper ports,
4x1Gb SFP ports, 4 SR transceivers, 16 GB RAM, 1 HDD, 1 AC Power Unit, Lights Out Management
(LOM), Next Generation Threat Prevention (NGTP) Security Subscription Package for 1 Year
CPAP-SG5600-NGTP-HPP
5600 Next Generation Security Gateway with High Performance Package, includes10x1GbE copper ports,
4x1Gb SFP ports, 4 SR transceivers, 16 GB RAM, 1 HDD, 1 AC Power Unit, Next Generation Threat
Extraction (SandBlast) Security Subscription Package for 1 Year
CPAP-SG5600-NGTX-HPP
VIRTUAL SYSTEM PACKAGES
1
5600 Next Generation Security Gateway with High Performance Package, includes 10x1GbE copper
ports, 4x1GbE SFP ports + 4 SR transceivers, 16GB RAM, 1 HDD, 1 AC Power Unit, Lights Out
Management (LOM), Next Generation Threat Prevention (NGTP) Security Subscription Package for 1 Year
and 5 Virtual Systems
CPAP-SG5600-NGTP-HPP-VS5
Two 5600 Next Generation Security Gateways with High Performance Package, includes 10x1GbE copper
ports, 4x10GbE SFP ports + 4 SR transceivers, 16GB RAM, 1 HDD, 1 AC Power Unit, Lights Out
Management (LOM), Next Generation Threat Prevention (NGTP) Security Subscription Package for 1 Year
and 5 Virtual Systems
CPAP-SG5600-NGTP-HPP-VS5-2
5600 Next Generation Security Gateways with High Performance Package, includes 10x1GbE copper
ports, 4x1GbE SFP ports + 4 SR transceivers, 16GB RAM, 1 HDD, 1 AC Power Unit, Lights Out
Management (LOM), Next Generation Threat Extraction (SandBlast) Security Subscription Package for 1
Year and 5 Virtual Systems
CPAP-SG5600-NGTX-HPP-VS5
Two 5600 Next Generation Security Gateways with High Performance Package, includes 10x1GbE copper
ports, 4x1GbE SFP ports + 4 SR transceivers, 16GB RAM, 1 HDD, 1 AC Power Units, Lights Out
Management (LOM), Next Generation Threat Extraction (SandBlast) Security Subscription Package for 1
Year and 5 Virtual Systems
CPAP-SG5600-NGTX-HPP-VS5-2
1
SKUs for 2 and 3 years, for High Availability and Appliances with an SSD option are also available, see the online Product Catalog
©2016 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non -confidential content | November 22, 2016 | Page 3
Check Point 5600 Appliance | Datasheet
1
2
5600 SECURITY APPLIANCE
1 Redundant power supplies (HPP option)
2 Cooling fans
ACCESSORIES
INTERFACE CARDS AND TRANSCEIVERS
8 Port 10/100/1000 Base-T RJ45 interface card
CPAC-8-1C-B
4 Port 1000Base-F SFP interface card; requires additional 1000Base SFP transceivers
CPAC-4-1F-B
SFP transceiver module for 1G fiber ports - long range (1000Base-LX)
CPAC-TR-1LX-B
SFP transceiver module for 1G fiber ports - short range (1000Base-SX)
CPAC-TR-1SX-B
SFP transceiver to 1000 Base-T RJ45 (Copper)
CPAC-TR-1T-B
4 Port 10GBase-F SFP+ interface card
CPAC-4-10F-B
SFP+ transceiver module for 10G fiber ports - long range (10GBase-LR)
CPAC-TR-10LR-B
SFP+ transceiver module for 10G fiber ports - short range (10GBase-SR)
CPAC-TR-10SR-B
4 Port 1GE copper Bypass (Fail-Open) network interface card (10/100/1000 Base-T)
CPAC-4-1C-BP-B
2 Port 10GE short-range Fiber Bypass (Fail-Open) network interface card (10GBase-SR)
CPAC-2-10FSR-BP-B
SPARES AND MISCELLANEOUS
Memory upgrade kit from 8GB to 16GB for 5600 appliance
CPAC-RAM8GB-5000
Memory upgrade kit from 8GB to 32GB for 5600 appliance
CPAC-RAM24GB-5000
Memory upgrade kit from 16GB to 32GB for 5600 appliance
CPAC-RAM16GB-5000
Additional/Replacement AC Power Supply for 5600 and 5800 appliances
CPAC-PSU-5600/5800
Lights Out Management module
CPAC-LOM-B
Slide rails for 5000 Appliances (22” - 32”)
CPAC-RAIL-5000
Extended slide rails for 5000 Appliances (26” - 36”)
CPAC-RAIL-EXT-5000
©2016 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non -confidential content | November 22, 2016 | Page 4
Check Point 5600 Appliance
|
Datasheet
Performance
Network
Ideal Testing Conditions
Network Connectivity
 25 Gbps of UDP 1518 byte packet firewall throughput
 Total physical and virtual (VLAN) interfaces per appliance:
1024/4096 (single gateway/with virtual systems)
 7.8 Gbps IPS
 5.8 Gbps of NGFW
 802.3ad passive and active link aggregation
1
 1.45 Gbps of Threat Prevention
 Layer 2 (transparent) and Layer 3 (routing) mode
High Availability
2
 6.5 Gbps of AES-128 VPN throughput
 Active/Active and Active/Passive - L3 mode
 185,000 connections per second, 64 byte response
 3.2 to 12.8 million concurrent connections, 64 byte response
3
 Session failover for routing change, device and link failure
Real-World Production Conditions
 ClusterXL or VRRP
 950 SecurityPower Units
IPv6
 17.5 Gbps of firewall throughput
 NAT66, NAT64
 1.9 Gbps IPS
 CoreXL, SecureXL, HA with VRRPv3
 1.18 Gbps of NGFW
1
 540 Mbps of Threat Prevention
Unicast and Multicast Routing (see SK98226)
2
 OSPFv2 and v3, BGP, RIP
Virtual Systems
 Static routes, Multicast routes
 Maximum VS (base/HPP/max memory): 10/20/20
 Policy-based routing
Your performance may vary depending on different factors.
Contact a Check Point Partner to find an appliance that
matches your unique requirements.
 PIM-SM, PIM-SSM, PIM-DM, IGMP v2, and v3
Physical
1. Includes Firewall, Application Control and IPS Software Blades. 2. Includes Firewall, Application
Power Requirements
Control, URL Filtering, IPS, Antivirus, Anti-Bot and SandBlast Zero-Day Protection Software
 Single Power Supply Rating: 275W
Blades. 3. Performance measured with default/maximum memory.
 AC power input: 90-264V, (47-63Hz)
 Power consumption maximum: 103W
Expansion Options
 Maximum thermal output: 351.5 BTU/hr.
Base Configuration
 10 on-board 10/100/1000Base-T RJ-45 ports
 8 GB memory (16 and 32 GB options)
 1 power supply (2 redundant PSU option)
Dimensions
 Enclosure: 1RU
 Dimensions (W x D x H): 17.2x20x1.73 in.(437.9x508x44mm)
 1x 500GB (HDD) or 1x 240GB (SSD) drive
 Weight: 17.53 lbs. (7.95 kg)
 Fixed rails (slide rail option)
Environmental Conditions
 (Lights-Out-Management (LOM) option)
 Operating: 0° to 40°C, humidity 5% to 95%
Network Expansion Slot Options (1 slot available)
 Storage: –40° to 70°C, humidity 5% to 95% at 60°C
 8x 10/100/1000Base-T RJ45 port card, up to 18 ports
Certifications
 4x 1000Base-F SFP port card, up to 4 ports
 Safety: UL, CB, CE, TUV GS
 4x 10GBase-F SFP+ port card, up to 4 ports
 Emissions: FCC, CE, VCCI, RCM/C-Tick
Fail-Open/Bypass Network Options
 Environmental: RoHS, REACH , ISO14001
1
factory certificate
 4x 10/100/1000Base-T RJ45 port card
1
1
 2x 10GBase-F SFP+ port card
CONTACT US
Worldwide Headquarters | 5 Ha’Solelim Street, Tel Aviv 67897, Israel | Tel: 972-3-753-4555 | Fax: 972-3-624-1100 | Email: info@checkpoint.com
U.S. Headquarters | 959 Skyway Road, Suite 300, San Carlos, CA 94070 | Tel: 800-429-4391; 650-628-2000 | Fax: 650-654-4233 | www.checkpoint.com
©2016 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non -confidential content | November 22, 2016 | Page 5
Download PDF
Similar pages