Check Point 23500 Appliance
| Datasheet
CHECK POINT
23500 APPLIANCE
CHECK POINT 23500
APPLIANCE
OVERVIEW
Data center grade security,
performance and reliability
Product Benefits
 Enable the most advanced threat
prevention security
The Check Point 23500 security appliance is ideal for large enterprise networks and
data center environments where flexible I/O, high performance and high-reliability are
required. The 23500 is a 2U appliance with five I/O expansion slots for high port
capacity, redundant power supplies, a 2x 1TB RAID1 disk array, and Lights-Out
Management (LOM) for remote management. This powerful security appliance is
optimized to deliver real-world threat prevention throughput of 2.9 Gbps to secure your
large enterprise networks and data centers.
 Centralized control and LOM
improves serviceability
The 23500 appliance combines the most comprehensive security protections with data
center grade hardware to maximize uptime while safeguarding enterprise and data
center networks. With redundant fans, hard disk drives and power supplies, support
for 40 GbE connectivity as well as Lights-Out-Management for complete serviceability
and control, the Check Point 23500 appliance is designed to satisfy your enterprise
security needs while future-proofing your security foundation to address tomorrow’s
trends and threats today.
 High performance package optimizes
platform performance
COMPREHENSIVE THREAT PREVENTION
 Full SSL encrypted traffic inspection
without compromising performance
 Future-proofed technology
safeguards against tomorrow’s risks
 Modular, expandable chassis with
flexible I/O options
Product Features
 4,900 SecurityPower™ Units
 33 Gbps real-world firewall
throughput
 2.9 Gbps real-world threat prevention
throughput
 Simple deployment and management
The rapid growth of malware, growing attacker sophistication and the rise of new
unknown zero-day threats requires a different approach to keep enterprise networks
and data secure. Check Point delivers fully integrated, comprehensive Thre at
Prevention to combat these emerging threats while reducing complexities and
increasing operational efficiencies. The Check Point Threat Prevention solution
includes powerful security features such as firewall, IPS, Anti -Bot, Antivirus,
Application Control, and URL Filtering to combat known cyber-attacks and threats –
now enhanced with the award-winning SandBlast™ Threat Emulation and Threat
Extraction for complete protection against the most sophisticated threats and zero -day
vulnerabilities.
 Virtual Systems consolidates security
onto one device
 High port density with 40 GbE option
 Redundant power supplies, fans and
hard disk drives eliminate single point
of failure
©2016 Check Point Software Technologies Ltd. All rights reserved. [Restricted] ONLY for designated groups and individuals | January 22, 2016 | Page 1
Check Point 23500 Appliance
| Datasheet
ALL-INCLUSIVE SECURITY SOLUTIONS
INCLUSIVE HIGH PERFORMANCE PACKAGE
Check Point 23500 Appliances offer a complete and
consolidated security solution available in two complete
packages:

NGTP: prevent sophisticated cyber-threats with IPS,
Application Control, Antivirus, Anti-Bot, URL
Filtering and Email Security.

NGTX: NGTP with SandBlast Zero-Day Protection,
which includes Threat Emulation and Threat
Extraction.
Customers with high connection capacity requirements can
purchase the affordable High Performance Package (HPP).
This includes the appliance plus two 4x 10Gb SFP+ interface
cards, transceivers and 32 GB of memory for high
connection capacity.
PREVENT KNOWN AND ZERO-DAY THREATS
The 23500 Appliance protects organizations from both known
and unknown threats with Antivirus, Anti-Bot, SandBlast
Threat Emulation (sandboxing), and SandBlast Threat
Extraction technologies.
As part of the Check Point SandBlast Zero-Day Protection
solution, the cloud-based Threat Emulation engine detects
malware at the exploit phase, even before hackers can apply
evasion techniques attempting to bypass the sandbox. Files
are quickly quarantined and inspected, running in a virtual
sandbox to discover malicious behavior before it enters your
network. This innovative solution combines cloud-based
CPU-level inspection and OS-level sandboxing to prevent
infection from the most dangerous exploits, and zero-day and
targeted attacks.
Furthermore, SandBlast Threat Extraction removes
exploitable content, including active content and embedded
objects, reconstructs files to eliminate potential threats, and
promptly delivers sanitized content to users to maintain
business flow.
Firewall
VPN (IPSec)
IPS
Application Control
Anti-Bot
Anti-Virus
URL Filtering
SandBlast Threat Emulation
SandBlast Threat Extraction
NGTP
NGTX
Prevent known
threats
Prevent known
and zero-day
attacks


















Base
HPP
Max
1 GbE ports (Copper)
10
10
42
10 GbE ports (Fiber)
2
10
20
Transceivers (SR)
2
10
20
40 GbE ports (Fiber)
0
0
4
RAM
16GB
64GB
HDD
2
2
Power Supply Units
2
2
Included
Included
Lights Out Management
A RELIABLE SERVICEABLE PLATFORM
The Check Point 23500 appliance delivers business
continuity and serviceability through features such as hot
swappable redundant power supplies, hot-swappable
redundant hard disk drives (RAID), redundant fans and an
advanced LOM card for out-of-band management. Combined
together, these features ensure a greater degree of business
continuity and serviceability when these appliances are
deployed in the customer’s networks.
REMOTE MANAGEMENT AND MONITORING
A Lights-Out-Management (LOM) card provides out-of-band
remote management to remotely diagnose, start, restart and
manage the appliance from a remote location. Administrators
can also use the LOM web interface to remotely install an OS
image from an ISO file.
40 GbE CONNECTIVITY
High speed connections are essential in modern data center
environments, especially those with high-density virtualized
servers. If you’re ready to move from 10 to 40 GbE, so is the
23500 Appliance. The Check Point 23500 lets you connect
your 10 GbE server uplinks to your 40 GbE core network with
up to 4x 40 GbE ports.
TAP THE POWER OF VIRTUALIZATION
Check Point Virtual Systems enable organizations to
consolidate infrastructure by creating multiple virtualized
security gateways on a single hardware device, offering
significant cost savings with seamless security and
infrastructure consolidation.
©2016 Check Point Software Technologies Ltd. All rights reserved. [Restricted] ONLY for designated groups and individuals | January 22, 2016 | Page 2
Check Point 23500 Appliance
1
| Datasheet
2
23500 SECURITY APPLIANCE
1
Graphic LCD display
2
3
4
2 x 1 TB RAID1 HDD
5
Console port
6
Lights-Out Management port
7
Sync 10/100/1000Base-T RJ45
8
Management 10/100/1000Base-T RJ45
Five network card expansion slots
USB ports for ISO installation
4
3
6
5
8
7
ORDERING INFORMATION
BASE CONFIGURATION 1
23500 Next-Gen Threat Prevention bundled with local management for up to 2 gateways
CPAP-SG23500-NGTP
23500 Next-Gen Threat Extraction bundled with local management for up to 2 gateways
CPAP-SG23500-NGTX
HIGH PERFORMANCE PACKAGES
1
23500 Next-Gen Threat Prevention High Performance Package with 10x1GbE copper ports, 10x10Gb
SFP+ ports, 10xSR transceivers and 64 GB of memory
CPAP-SG23500-NGTP-HPP
23500 Next-Gen Threat Extraction High Performance Package with 10x1GbE copper ports, 10x10Gb
SFP+ ports, 10xSR transceivers and 64 GB of memory
CPAP-SG23500-NGTX-HPP
VIRTUAL SYSTEM PACKAGES
23500 NGTP appliance with High Performance Package and 20 Virtual Systems
CPAP-SG23500-NGTP-HPP-VS20
Two 23500 NGTP appliances with High Performance Pack and 20 Virtual Systems
CPAP-SG23500-NGTP-HPP-VS20-2
23500 NGTX appliance with High Performance Package and 20 Virtual Systems
CPAP-SG23500-NGTX-HPP-VS20
Two 23500 NGTX appliances with High Performance Package and 20 Virtual Systems
CPAP-SG23500-NGTX-HPP-VS20-2
1
SKUs for 2 and 3 years are available, see the online Product Catalog
ACCESSORIES
INTERFACE CARDS AND TRANSCEIVERS
8 Port 10/100/1000 Base-T RJ45 interface card
CPAC-8-1C-B
4 Port 1000Base-F SFP interface card; requires additional 1000Base SFP transceivers
CPAC-4-1F-B
SFP transceiver module for 1G fiber ports - long range (1000Base-LX)
CPAC-TR-1LX-B
SFP transceiver module for 1G fiber ports - short range (1000Base-SX)
CPAC-TR-1SX-B
SFP transceiver to 1000 Base-T RJ45 (Copper)
CPAC-TR-1T-B
4 Port 10GBase-F SFP+ interface card
CPAC- 4-10F-B
SFP+ transceiver module for 10G fiber ports - long range (10GBase-LR)
CPAC-TR-10LR-B
SFP+ transceiver module for 10G fiber ports - short range (10GBase-SR)
CPAC-TR-10SR-B
2 Port 40GBase-F QSFP interface card
CPAC-2-40F-B
QSFP transceiver module for 40G fiber ports - short range (40GBase-SR)
CPAC-TR-40SR-QSFP-300m
QSFP transceiver module for 40G fiber ports - long range (40GBase-LR)
CPAC-TR-40LR-QSFP-10K
4 Port 1GE copper Bypass (Fail-Open) network interface card (10/100/1000 Base-T)
CPAC-4-1C-BP-B
2 Port 10GE short-range Fiber Bypass (Fail-Open) network interface card (10GBase-SR)
CPAC-2-10-FSR-B-BP
SPARES AND MISCELLANEOUS
Memory upgrade kit from 16GB to 64GB for 23500 appliance
CPAC-RAM48GB-23500
Additional/Replacement 1 TB hard drive for 15000 and 23000 Appliances
CPAC-HDD-1TB-B
Replacement AC power supply for 23000 Appliances
CPAC-PSU-AC-23000
Replacement fan cartridge for 15000 and 23000 appliances
CPAC-FAN-B
Slide rails for 15000 and 23000 Appliances (22” - 32”)
CPAC-RAIL-L
Extended slide rails for 15000 and 23000 Appliances (24” - 36”)
CPAC-RAIL-EXT-L
©2016 Check Point Software Technologies Ltd. All rights reserved. [Restricted] ONLY for designated groups and individuals | January 22, 2016 | Page 3
Check Point 23500 Appliance
Performance
|
Datasheet
Network
Production (Real-World Traffic Blend)
1
Network Connectivity
 4,900 SecurityPower
 1024 interfaces or VLANs per appliance
 33 Gbps firewall throughput
 4096 interfaces per appliance (in Virtual System mode)
 2.9 Gbps threat prevention throughput
 802.3ad passive and active link aggregation
Lab (RFC 3511, 2544, 2647, 1242)
 Layer 2 (transparent) and Layer 3 (routing) mode
 100 Gbps of firewall throughput, 1518 byte UDP
High Availability
 Active/Active and Active/Passive - L3 mode
 23 Gbps of AES-128 VPN throughput
 5 to 20 million concurrent connections, 64 byte response
2
 Session synchronization for firewall and VPN
 174,000 connections per second, 64 byte response
 Session failover for routing change
1
 Device and link failure detection
performance measured with a real-world traffic blend, a typical
rule-base, NAT and logging enabled and the most secure threat
prevention protection
2
 ClusterXL or VRRP
IPv6
performance measured with default/maximum memory
 Features: Firewall, Identity Awareness, Mobile Access, App
Control, URL Filtering, IPS, Anti-Bot, Antivirus
Expansion Options
Base Configuration (using 2 of 5 expansion slots)
 2 on-board 10/100/1000Base-T RJ-45 ports
 8x 10/100/1000Base-T RJ-45 IO card
 2x 10GBaseF SFP+ IO card
 NAT66, NAT64
 CoreXL, SecureXL, HA with VRRPv3
Physical
 16 GB memory
Power Requirements
 Redundant dual hot-swappable power supplies
 AC Input Voltage: 90-264V
 Redundant dual hot-swappable 1xTB hard drives
 Frequency: 47-63Hz
 Lights-Out-Management (LOM)
 Single Power Supply Rating: 800W
 Slide rails (22” – 32”)
 Power Consumption Maximum: 383W
Network Expansion Slot Options
 Maximum thermal output: 1306.9 BTU/hr.
 8x 10/100/1000Base-T RJ45 port card, up to 40 ports
Dimensions
 4x 1000Base-F SFP port card, up to 20 ports
 Enclosure: 2RU
 4x 10GBase-F SFP+ port card, up to 20 ports
 Standard (W x D x H): 17.4 x 20.84 x 3.5 in.
 2x 40GBase-F QSFP port card, up to 4 ports
 Metric (W x D x H): 442 x 529 x 88 mm
Fail-Open/Bypass Network Options
 Weight: 15.8 kg (34.8 lbs.)
 4x 10/100/1000Base-T RJ45 port card
Operating Environmental Conditions
 2x 10GBase-F SFP+ port card
 Temperature: 32° to 104°F / 0° to 40°C
Virtual Systems
 Humidity: 5% to 95% (non-condensing)
 Max VSs: 150 (w/16GB), 250 (w/64GB)
Storage Conditions
 Temperature: –4° to 158°F / –20° to 70°C
Routing
 Humidity: 5% to 95% at 60°C (non-condensing)
Unicast and Multicast Routing (see SK98226)
 OSPFv2 and v3, BGP, RIP
Certifications
 Static routes, Multicast routes
 Safety: UL60950-1, CB IEC60950-1, CE LVD EN60950-1,
TUV GS
 Policy-based routing
 Emissions: FCC, CE, VCCI, RCM/C-Tick
 PIM-SM, PIM-SSM, PIM-DM, IGMP v2, and v3
 Environmental: RoHS, *REACH, *ISO14001
CONTACT US
Worldwide Headquarters | 5 Ha’Solelim Street, Tel Aviv 67897, Israel | Tel: 972-3-753-4555 | Fax: 972-3-624-1100 | Email: info@checkpoint.com
U.S. Headquarters | 959 Skyway Road, Suite 300, San Carlos, CA 94070 | Tel: 800-429-4391; 650-628-2000 | Fax: 650-654-4233 | www.checkpoint.com
©2016 Check Point Software Technologies Ltd. All rights reserved. [Restricted] ONLY for designated groups and individuals | January 22, 2016 | Page 4
Download PDF