Datasheet:

Check Point 12600 Appliance

12600
Datacenter-grade security appliance

Check Point 12600 Appliance KEY FEATURES

n 2050 SecurityPower™
n 14 Gbps production firewall throughput
Today the enterprise gateway is more than a firewall. It is a security device presented n 3.5 Gbps production IPS throughput
with an ever-increasing number of sophisticated threats. As an enterprise security
n High port density with up to 26 ports
gateway it must use multiple technologies to control network access, detect
sophisticated attacks and provide additional security capabilities like data loss n Dual redundant hot swappable power

prevention and protection from web-based threats. The proliferation of mobile supplies and HDD
devices like smartphones and Tablets and new streaming, social networking and n Lights-Out-Management
P2P applications requires a higher connection capacity and new application control
technologies. Finally, the shift towards enterprise private and public cloud services, KEY BENEFITS
in all its variations, changes the company borders and requires enhanced capacity n Data-center grade appliance
and additional security solutions. n All-inclusive security appliance
n Simplifies administration with a single
Check Point’s new appliances combine fast networking technologies with high
integrated management console
performance multi-core capabilities—providing the highest level of security without
n Extensible Software Blade Architecture
compromising on network speeds to keep your data, network and employees secure.
Optimized for the Software Blades Architecture, each appliance is capable of running n Ensures data security for remote access

any combination of Software Blades—providing the flexibility and the precise level of and site-to-site communications
security for any business at every network location by consolidating multiple security
technologies into a single integrated solution.
GATEWAY SOFTWARE BLADES
NGFW NGDP NGTP SWG
Each Check Point Appliance supports the Check Point 3D security vision of Firewall n n n n
combining policies, people and enforcement for unbeatable protection. To address
IPsec VPN n n n n
evolving security needs, Check Point offers Next Generation Security packages of
Mobile Access
Software Blades focused on specific customer requirements. Threat Prevention, (5 users)
n n n *
Data Protection, Web Security and Next Generation Firewall technologies are key
Advanced
foundations for a robust 3D Security blueprint. Networking & n n n n
Clustering
OVERVIEW Identity Awareness n n n n
With high security Software Blades performance and great scalability, the 12600 IPS n n n *
Appliance is a datacenter-grade platform offering advanced redundancy and
Application Control n n n n
modularity. In addition to two onboard 1 Gigabit copper Ethernet ports, three available
expansion slots can be used to configure a variety of network options such as 1 Gigabit Data Loss n
* * *
Prevention
Ethernet copper, 1 Gigabit Ethernet fiber, and 10 Gigabit Ethernet fiber connections.
URL Filtering * * n n

The 12600 default configuration includes eight 1 Gigabit Ethernet copper ports and a Antivirus * * n n
four 1 Gigabit Ethernet copper port expansion card. Fully loaded, the 12600 includes Anti-spam * * n *
a total of twenty-six 1 Gigabit Ethernet ports or twelve 10 Gigabit Ethernet ports.
Anti-Bot * * n *

* Optional

©2014 Check Point Software Technologies Ltd. All rights reserved.

Classification: [Protected] - All rights reserved 1 |
Datasheet: Check Point 12600 Appliance

12600
1 Graphic LCD display for management
1 2 3 4 5 6
IP address and image management
2 Two USB ports for ISO installation
3 Console port RJ45
4 Management port 10/100/1000Base-T RJ45
5 Sync port 10/100/1000Base-T RJ45
6 Lights Out Management card
7 Two hot-swappable 500GB RAID-1
hard drives 7 8
8 Three network card expansion slots
(default one 8 x 10/100/1000Base-T port card
& one 4 x 10/100/1000Base-T port card)
9 6 GB RAM upgrade (optional)
10 Two redundant hot-swappable AC power
supplies
11 Slide rails

9 10 11
The 12600 includes Lights-Out-Management (LOM) and hot- ALL-INCLUSIVE SECURITY SOLUTIONS
swappable redundant disk drives and power supplies. The 12600 The Check Point 12600 Appliance offers a complete and
Appliance is a two rack unit (2RU) security appliance, with 2050 consolidated security solution based on the Check Point
SecurityPower Units, that offers real-world firewall throughput of Software Blade architecture. The appliance is available in four
14 Gbps and real-world IPS throughput of 3.58 Gbps. Software Blade packages and extensible to include additional
Software Blades for further security protection.
SECURITYPOWER™
Until today security appliance selection has been based upon • Next Generation Firewall (NGFW): identify and control
selecting specific performance measurements for each security applications by user and scan content to stop threats—with
function, usually under optimal lab testing conditions and using IPS and Application Control.
a security policy that has one rule. Today customers can select • Next Generation Secure Web Gateway (SWG): enables
security appliances by their SecurityPower™ ratings which are secure use of Web 2.0 with real time multi-layered protection
based on real-world customer traffic, multiple security functions against web-borne malware—with Application Control,
and a typical security policy. URL Filtering, Antivirus and SmartEvent.
• Next Generation Data Protection (NGDP): preemptively
SecurityPower is a new benchmark that measures the capability protect sensitive information from unintentional loss, educate
and capacity of an appliance to perform multiple advanced users on proper data handling policies and empower them
security functions (Software Blades) such as IPS, DLP and to remediate incidents in real-time—with IPS, Application
Application Control in real world traffic conditions. This provides Control and DLP.
an effective metric to better predict the current and future
behavior of appliances under security attacks and in day-to-day • Next Generation Threat Prevention (NGTP): apply multiple
operations. Customer SecurityPower Unit (SPU) requirements, layers of protection to prevent sophisticated cyber-threats—
determined using the Check Point Appliance Selection Tool, with IPS, Application Control, Antivirus, Anti-Bot, URL
can be matched to the SPU ratings of Check Point Appliances Filtering and Email Security.
to select the right appliance for their specific requirements.
PREVENT UNKNOWN THREATS WITH
THREATCLOUD EMULATION
Check Point Appliances are a key component in the ThreatCloud
Ecosystem providing excellent protection from undiscovered
exploits, zero-day and targeted attacks. Appliances inspect and
send suspicious files to the ThreatCloud Emulation Service which

©2014 Check Point Software Technologies Ltd. All rights reserved.

|
Classification: [Protected] - All rights reserved 2
Datasheet: Check Point 12600 Appliance

runs them in a virtual sandbox to discover malicious behavior. GAiA—THE UNIFIED SECURITY OS
Discovered malware is prevented from entering the network. A Check Point GAiA™ is the next generation Secure Operating
signature is created and sent to the ThreatCloud which shares System for all Check Point appliances, open servers and
information on the newly identified threat to protect other Check virtualized gateways. GAiA combines the best features from
Point customers. IPSO and SecurePlatform into a single unified OS providing
greater efficiency and robust performance. By upgrading
INCLUSIVE HIGH PERFORMANCE PACKAGE to GAiA, customers will benefit from improved appliance
Customers with high connection capacity requirements can connection capacity and reduced operating costs. With GAiA,
purchase the affordable High Performance Package with the customers will gain the ability to leverage the full breadth and
Next Generation security package of their choice. This includes power of all Check Point Software Blades. GAiA secures IPv4
the appliance plus a 4x10Gb SFP+ interface card, transceivers and IPv6 networks utilizing the Check Point Acceleration
and 12 GB of memory for high connection capacity. & Clustering technology and it protects the most complex
network environments by supporting dynamic routing protocols
A RELIABLE SERVICEABLE PLATFORM like RIP, OSPF, BGP, PIM (sparse and dense mode) and IGMP.
The Check Point 12600 appliance delivers business continuity As a 64-Bit OS, GAiA increases the connection capacity of
and serviceability through features such as hot-swappable select appliances.
redundant power supplies, hot-swappable redundant hard
disk drives (RAID) and an advanced LOM card for out-of-band GAiA simplifies management with segregation of duties by
management. Combined together, these features ensure a enabling role-based administrative access. Furthermore, GAiA
greater degree of business continuity and serviceability when greatly increases operation efficiency by offering Automatic
these appliances are deployed in the customer’s networks. Software Updates. The intuitive and feature-rich Web interface
allows for instant search of any commands or properties.
REMOTE PLATFORM MANAGEMENT AND GAiA offers full compatibility with IPSO and SecurePlatform
command line interfaces, making it an easy transition for
MONITORING
existing Check Point customers.
A Lights-Out-Management (LOM) card provides out-of-band
remote management to remotely diagnose, start, restart and
manage the appliance from a remote location. Administrators
can also use the LOM web interface to remotely install an OS
image from an ISO file.

TECHNICAL SPECIFICATIONS
Base Configuration Production Performance1
2 on board 1GbE copper interface 2050 SecurityPower
4x1GbE copper interfaces card (for 1 of the 3 expansion slots) 14 Gbps firewall throughput
8x1GbE copper interfaces card (for 1 of the 3 expansion slots) 3.58 Gbps firewall and IPS throughput
6 GB memory RFC 3511, 2544, 2647, 1242 Performance Tests (LAB)
Redundant dual hot-swappable Power Supplies 30 Gbps of firewall throughput, 1518 byte UDP
Redundant dual hot-swappable 500G Hard Drives 7 Gbps of VPN throughput, AES-128
LOM card 55,000 max IPsec VPN tunnels
Slide rails (22” to 32”) 6 Gbps of IPS throughput, Recommended IPS profile, IMIX traffic blend
Network Expansion Slot Options (3 slots) 2.5/52 million concurrent connections
4 x 10/100/1000Base-T RJ45 ports 130,000 connections per second, 64 byte HTTP response
8 x 10/100/1000Base-T RJ45 ports Network Connectivity
2 x 1000Base-F SFP ports IPv4 and IPv6
4 x 1000Base-F SFP ports 1024 interfaces or VLANs per system
2 x 10GBase-F SFP+ ports 4096 interfaces per system (in Virtual System mode)
4 x 10GBase-F SFP+ ports 802.3ad passive and active link aggregation
4 x 10/100/1000Base-T Fail-Open NIC Layer 2 (transparent) and Layer 3 (routing) mode
4 x 1000Base-F SX or LX Fail-Open NIC High Availability
2 x 10GBase-F SR or LR Fail-Open NIC Active/Active - L3 mode
Max Configuration Active/Passive - L3 mode
Up to 26 x 10/100/1000Base-T RJ45 ports Session synchronization for firewall and VPN
Up to 12 x 1000Base-F SFP ports Session failover for routing change
Up to 12 x 10GBase-F SFP+ ports Device failure detection
12 GB memory Link failure detection
ClusterXL or VRRP
©2014 Check Point Software Technologies Ltd. All rights reserved.
|
Classification: [Protected] - All rights reserved 3
Datasheet: Check Point 12600 Appliance

Virtual Systems Operating Environmental Conditions

Max VSs: 75 (w/6GB), 150 (w/12GB) Temperature: 32° to 104°F / 0° to 40°C
Dimensions Humidity: 20%-90% (non-condensing)
Enclosure: 2RU Storage Conditions
Standard (W x D x H): 17.24 x 22.13 x 3.46 in. Temperature: –4° to 158°F / –20° to 70°C
Metric (W x D x H): 438 x 562 x 88 mm Humidity: 5% to 95% @60°C
Weight: 23.4 kg (51.6 lbs.) Certifications
Power Requirements Safety: CB, UL/cUL, CSA, TUV, NOM, CCC, IRAM, PCT/GoST
AC Input Voltage: 100 - 240V Emissions: FCC, CE, VCCI, C-Tick, CCC, ANATEL, KCC
Frequency: 47-63 Hz Environmental: RoHS
Single Power Supply Rating: 400 W 1
Maximum R77 production performance based upon the SecurityPower
Power Consumption Maximum: 220 W benchmark. Real-world traffic, Multiple Software Blades, Typical rule-
base, NAT and Logging enabled. Check Point recommends 50% SPU
Maximum thermal output: 750.6 BTU
utilization to provide room for additional Software Blades and future
traffic growth. Find the right appliance for your performance and security
requirements using the Appliance Selection Tool.
2
With GAiA OS and memory upgrade
SOFTWARE BLADE PACKAGE SPECIFICATIONS
Base Packages1 SKU
12600 Next Generation Firewall Appliance (with FW, VPN, ADNC, IA, MOB-5, IPS and APCL Blades); CPAP-SG12600-NGFW
bundled with local management for up to 2 gateways.
Secure Web Gateway 12600 Appliance (with FW, VPN, ADNC, IA, APCL, AV and URLF Blades); bundled with local CPAP-SWG12600
management for up to 2 gateways and SmartEvent. Includes one CPAC-RAM6GB-12600 6 GB memory upgrade.
12600 Next Generation Data Protection Appliance (with FW, VPN, ADNC, IA, MOB-5, IPS, APCL, and DLP Blades); CPAP-SG12600-NGDP
bundled with local management for up to 2 gateways.
12600 Next Generation Threat Prevention Appliance (with FW, VPN, ADNC, IA, MOB-5, IPS, APCL, URLF, AV, ABOT and CPAP-SG12600-NGTP
ASPM Blades); bundled with local management for up to 2 gateways.
High Performance Packages SKU
12600 Next Generation Firewall Appliance High Performance Package with 4x10Gb SFP+ interface card, CPAP-SG12600-NGFW-HPP
transceivers and extended memory for high connection capacity.
12600 Secure Web Gateway Appliance High Performance Package with 4x10Gb SFP+ interface card, CPAP-SWG12600-HPP
transceivers and extended memory for high connection capacity.
12600 Next Generation Data Protection Appliance High Performance Package with 4x10Gb SFP+ interface card, CPAP-SG12600-NGDP-HPP
transceivers and extended memory for high connection capacity.
12600 Next Generation Threat Prevention Appliance High Performance Package with 4x10Gb SFP+ interface card, CPAP-SG12600-NGTP-HPP
transceivers and extended memory for high connection capacity.
Software Blades Packages1 SKU
12600 Next Generation Firewall Appliance Software Blade package for 1 year (IPS and APCL Blades) CPSB-NGFW-12600-1Y
Secure Web Gateway 12600 Appliance Software Blade package for 1 year (APCL, AV and URLF Blades) CPSB-SWG-12600-1Y
12600 Next Generation Data Protection Appliance Software Blade package for 1 year (IPS, APCL, and DLP Blades) CPSB-NGDP-12600-1Y
12600 Next Generation Threat Prevention Appliance Software Blade package for 1 year CPSB-NGTP-12600-1Y
(IPS, APCL, URLF, AV, ABOT and ASPM Blades)
Additional Software Blades1 SKU
Check Point Mobile Access Software Blade for unlimited concurrent connections CPSB-MOB-U
Data Loss Prevention Software Blade for 1 year CPSB-DLP-U-1Y
(for 1,500 users and above, up to 250,000 mails per hour and maximum throughput of 2.5 Gbps)
Check Point IPS Software Blade for 1 year CPSB-IPS-XL-1Y
Check Point Application Control Software Blade for 1 year CPSB-APCL-XL-1Y
Check Point URL Filtering Software Blade for 1 year CPSB-URLF-XL-1Y
Check Point Antivirus Software Blade for 1 year CPSB-AV-XL-1Y
Check Point Anti-Spam & Email Security Software Blade for 1 year CPSB-ASPM-XL-1Y
Check Point Anti-Bot blade for 1 year—for ultra high-end appliances and pre-defined systems CPSB-ABOT-XL-1Y
1
SKUs for 2 and 3 years are available, see the online Product Catalog.

©2014 Check Point Software Technologies Ltd. All rights reserved.

|
Classification: [Protected] - All rights reserved 4
Datasheet: Check Point 12600 Appliance

VIRTUAL SYSTEMS PACKAGES

Description SKU
50 Virtual Systems package CPSB-VS-50
50 Virtual Systems package for HA/VSLS CPSB-VS-50-VSLS
25 Virtual Systems package CPSB-VS-25
25 Virtual Systems package for HA/VSLS CPSB-VS-25-VSLS
10 Virtual Systems package CPSB-VS-10
10 Virtual Systems package for HA/VSLS CPSB-VS-10-VSLS

ACCESSORIES
Interface Cards and Transceivers SKU
2 Port 1000Base-F SFP interface card; requires additional 1000Base SFP transceiver modules per interface port CPAC-2-1F
4 Port 10/100/1000Base-T RJ45 interface card CPAC-4-1C
8 Port 10/100/1000Base-T RJ45 interface card CPAC-8-1C
4 Port 1000Base-F SFP interface card; requires additional 1000Base SFP transceiver modules per interface port CPAC-4-1F
SFP transceiver for 1000Base-T RJ45 (copper) CPAC-TR-1T
SFP transceiver module for 1G fiber ports—long range (1000Base-LX) CPAC-TR-1LX
SFP transceiver module for 1G fiber ports—short range (1000Base-SX) CPAC-TR-1SX
2 Port 10GBase-F SFP+ interface card; requires an additional 10GBase SFP+ transceiver per interface port CPAC-2-10F
4 Port 10GBase-F SFP+ interface card; requires an additional 10GBase SFP+ transceiver per interface port CPAC-4-10F
SFP+ transceiver module for 10G fiber ports—long range ( 10GBase-LR) CPAC-TR-10LR
SFP+ transceiver module for 10G fiber ports—short range ( 10GBase-SR) CPAC-TR-10SR
Bypass Card SKU
2 Port 10GE short-range Fiber Bypass (Fail-Open) Network interface card (10000Base-SR) CPAC-2-10FSR-BP
2 Port 10GE long-range Fiber Bypass (Fail-Open) Network interface card (10000Base-LR) CPAC-2-10FLR-BP
4 Port 1GE short-range Fiber Bypass (Fail-Open) Network interface card (1000Base-SX) CPAC-4-1FSR-BP
4 Port 1GE long-range Fiber Bypass (Fail-Open) Network interface card (1000Base-LX) CPAC-4-1FLR-BP
4 Port 1GE copper Bypass (Fail-Open) Network interface card (10/100/1000 Base-T) CPAC-4-1C-BP
Spares and Miscellaneous SKU
6 GB RAM Memory upgrade for 12600 appliance CPAC-RAM6GB-12600
Replacement parts kit (including 1 Hard Disk Drive, and one Power Supply) for 12600 appliance CPAC-SPARES-12600
Replacement AC Power Supply for 12600 appliance CPAC-PSU-12600
Replacement 500G Hard Disk Drive for 12600 appliance CPAC-HDD-500G
Slide RAILS for 4000 and 12000 Appliances (22”-32”) CPAC-RAILS
Extended Slide Rails for 4000 and 12000 Appliances (26”-36”) CPAC-RAILS-EXT

Worldwide Headquarters
5 Ha’Solelim Street, Tel Aviv 67897, Israel | Tel: 972-3-753-4555 | Fax: 972-3-624-1100 | Email: info@checkpoint.com
CONTACT CHECK POINT U.S. Headquarters
959 Skyway Road, Suite 300, San Carlos, CA 94070 | Tel: 800-429-4391; 650-628-2000 | Fax: 650-654-4233 | www.checkpoint.com

©2014 Check Point Software Technologies Ltd. All rights reserved.

January 8, 2014