QUANTUM 26000 SECURITY GATEWAY

AI Deep Learning powered threat prevention

Top Security Effectiveness
Leader with 99.7% malware block rate in
to secure enterprise data centers
Miercom NGFW Security Benchmark (2023)
Check Point Quantum 26000 Next Generation
AI ML powered Threat Prevention
Protect networks and users from zero-days, Firewalls enable enterprises to deploy the
phishing, DNS, and ransomware attacks industry’s leading threat prevention capabilities at
Hyperscale Network Security
all points of their infrastructure, scaling security
On-demand expansion and resilient access according to their changing business needs.
to mission-critical applications

Unified Management and Ops Efficiency This enables enterprises to prevent and block even
Increase protection and reduce TCO with a the most advanced attacks before they can disrupt
consolidated security architecture
business — greatly increasing the efficiency of their
Industry Recognition security operations.
Named a Leader for the 23rd time in the
Gartner® Magic Quadrant™ for Network
Firewalls
PERFORMANCE HIGHLIGHTS
Named a Leader in the Forrester Wave™ Firewall Next Gen Firewall Threat Prevention
106.2 Gbps 40.5 Gbps 24 Gbps
Enterprise Firewalls Q4 2022
Awarded the Frost & Sullivan Firewall
Performance measured with enterprise testing conditions. Additional performance
Company of the Year
details on page 3. 1: Includes Firewall, Application Control, and IPS. 2: Includes
Firewall, Application Control, URL Filtering, IPS, Antivirus, Anti-Bot and SandBlast
Zero-Day Protection.

© 2023 Check Point Software Technologies Ltd. All rights reserved. | August 30, 2023 1
SPOTLIGHT
26000 SECURITY GATEWAY
3 4
1
2
5

6 7

1. RJ45 and USB Type-C console ports 6. 2x USB 3.0 ports

2. Lights-out Management port 7. Management 10/100/1000 Base-T port
3. Sync 10/100/1000 Base-T port 8. Eight network card expansion slots
4. ESD grounding point 3x redundant power supplies (back view not shown)
5. 2x 480GB SSD RAID1 4x field replaceable fans (back view not shown)

AI Deep Learning Threat Prevention

IoT Security
The speed and sophistication of evasive
Quantum IoT Protect now provides
zero-day DNS and phishing attacks
autonomous threat prevention. Quantum
requires AI Deep Learning to predict and
Firewalls discover IoT assets, feed those
block malicious behavior without human
to the IoT Cloud Service to automatically
intervention. Quantum Firewalls use
map IoT devices to profiles and then
Check Point’s threat intelligence cloud
apply a zero-trust policy on the firewalls
40+ AI/ML engines to block emerging
to prevent IoT threats in 5 minutes.
threats that haven’t been seen before. Next Generation Firewall, Next Generation Threat Prevention and
SandBlast packages

100, 40 and 25 GbE Connectivity Integrated SD-WAN

Remote Management and Monitoring
If you’re ready to move from 10 to 25, 40 Security protects you when you’re
A Lights-Out-Management (LOM) card
or 100 GbE, so is the 26000 Next connected. SD-WAN ensures you’re always
provides out-of-band management to
Generation Security Gateway. The 26000 connected, and the connection offers the
remotely diagnose, start, restart, and
Security Gateway lets you connect your best user experience for the lowest cost.
manage the appliance from a remote
10 GbE server uplinks to your core Quantum SD-WAN in Quantum firewalls
location.
network. keeps you secure and connected.

DATA CENTER GRADE PLATFORM

1 GbE 1 GbE 10 100/40/25* Redundant Redundant

Memory LOM
copper fiber GbE GbE Power Storage
Base model 10 0 0 0 48 GB
Plus model 10 0 12 0 96 GB
Max capacity 66 32 32 8 128 GB
optional accessory

© 2023 Check Point Software Technologies Ltd. All rights reserved. | August 30, 2023 2
SPECIFICATIONS
Performance Content Security (continued)
Enterprise Test Conditions Dynamic User-based Policy
Threat Prevention (Gbps) 1
24 • Integrates with Microsoft AD, LDAP, RADIUS, Cisco pxGrid,
NGFW (Gbps)2
40.5 Terminal Servers and with 3 parties via a Web API
rd

IPS (Gbps) 43 • Enforce consistent policy for local and remote users on Windows,
macOS, Linux, Android and Apple iOS platforms
Firewall (Gbps) 106.2

RFC 3511, 2544, 2647, 1242 Performance (Lab) Network

Firewall 1518B UDP (Gbps) 316.5 Network Connectivity
VPN AES-128 (Gbps) 40.1
• Integrated SD-WAN network optimization and resilience
Connections/sec 550,000
• Total physical and virtual (VLAN) interfaces per appliance:
Concurrent connections 3
10/20/32M 3
1024/4096 (single gateway/with virtual systems)
1. Includes Firewall, Application Control, URL Filtering, IPS, Antivirus, Anti-Bot and SandBlast Zero-Day Protection • 802.3ad passive and active link aggregation
with logging enabled. 2. Includes Firewall, Application Control and IPS with logging enabled. 3. Performance
• Layer 2 (transparent) and Layer 3 (routing) mode
measured with Base/Plus/maximum memory.
High Availability
• Active/Active L2, Active/Passive L2 and L3
Additional Features
• Session failover for routing change, device and link failure
Highlights
• ClusterXL or VRRP
• 2x CPUs, 36 physical cores, 72 virtual cores (total)
IPv6
• 1x 1TB HDD or 480GB SSD, (2x SSD in Plus)
• 3x AC power supplies (DC option) • NAT66, NAT64, NAT46

• 48, 96 and 128 GB memory options • CoreXL, SecureXL, HA with VRRPv3

• Lights-Out-Management card (optional in Base package) Unicast and Multicast Routing (see SK98226)
• Virtual Systems (base/PLUS/max mem): 125/250/250 • OSPFv2 and v3, BGP, RIP
Network Expansion Slot Options (7 of 8 slots open) • Static routes, Multicast routes
• 8x 10/100/1000Base-T RJ45 port card, up to 66 ports • Policy-based routing
• 4x 1000Base-F SFP port card, up to 32 ports • PIM-SM, PIM-SSM, PIM-DM, IGMP v2, and v3
• 4x 10GBase-F SFP+ port card, up to 32 ports
• 2x 100/40/25G QSFP28 port double-slot-width card, up to 8 ports Physical
Power Requirements
Content Security
• Single Power Supply rating AC: 850W, DC: 1300W
First Time Prevention Capabilities
• Power input: 100 to 240V (47-63Hz), 40~-72VDC
• CPU-level, OS-level and static file analysis • Power consumption avg/max: 330/589W
• File disarm and reconstruction via Threat Extraction • Maximum thermal output AC: 2009.8 BTU/hr.
• Average emulation time for unknown files that require full
Dimensions
sandbox evaluation is under 100 seconds
• Maximal file size for Emulation is 100 MB • Enclosure: 3RU

• Emulation OS Support: Windows XP, 7, 8.1, 10 • Dimensions (WxDxH): 17.4 x 24 x 5.2 in. (442 x 610 x 132mm)

Applications • Weight: 46.3 lbs. (21 kg)

• Use 10,000+ pre-defined or customize your own applications Environmental Conditions

• Accept, prevent, schedule, and apply traffic-shaping • Operating: 0° to 40°C, humidity 5% to 95%
Data Loss Prevention • Storage: –20° to 70°C, humidity 5% to 95% at 60°C

• Classify 700+ pre-defined data types

Certifications

• End user and data owner incident handling • Safety: UL, CB, CE, TUV GS
• Emissions: FCC, CE, VCCI, RCM/C-Tick
• Environmental: RoHS, WEEE, REACH , ISO14001
1 1

© 2023 Check Point Software Technologies Ltd. All rights reserved. | August 30, 2023 3
ORDERING QUANTUM 26000 SECURITY GATEWAYS
SECURITY APPLIANCE 1
SKU
26000 Base configuration: 10x 1GbE copper ports, 48 GB RAM, 1x 1TB HDD, 3x AC PSUs, telescopic rails, SandBlast CPAP-SG26000-SNBT
(SNBT) Subscription Package for 1 Year, (HDD standalone support).
26000 Plus configuration: 10x 1GbE copper ports, 12x 10GbE SFP+ ports, 12x SR transceivers, 96 GB RAM, 2x 480GB CPAP-SG26000-PLUS-SNBT
SSD, 3x AC PSUs, LOM, telescopic rails, 5 VS, SandBlast (SNBT) for 1 Year.
Quantum IoT Network Protection for 1 year for 26000 appliances CPSB-IOTP-26000-1Y
Quantum IoT Network Protection for 1 year for 26000 PLUS appliances CPSB-IOTP-26000-PLUS-1Y
Quantum SD-WAN subscription for 1 year for 26000 appliances CPSB-SDWAN-26000-1Y
Quantum SD-WAN subscription for 1 year for 26000 PLUS appliances CPSB-SDWAN-26000-PLUS-1Y
The Base package includes 2 virtual systems (VS) - one management VS and one production/data VS. These are not additive or counted when adding additional VS
licenses. Plus includes 5 VS licenses which are additive when adding additional VS licenses. 1 Renewal NGFW, NGTP and SandBlast (SNBT) packages are available
in the online product catalog.

Accessories
INTERFACE CARDS AND TRANSCEIVERS
8 Port 10/100/1000 Base-T RJ45 interface card CPAC-8-1C-C

4 Port 1000Base-F SFP interface card; requires additional 1000Base SFP transceivers CPAC-4-1F-C

SFP transceiver module for 1G fiber ports - long range (1000Base-LX) CPAC-TR-1LX-C

SFP transceiver module for 1G fiber ports - short range (1000Base-SX) CPAC-TR-1SX-C

SFP transceiver to 1000 Base-T RJ45 (Copper) CPAC-TR-1T-C

4 Port 10GBase-F SFP+ interface card CPAC-4-10F-C

SFP+ transceiver module for 10G fiber ports - for links up to 40km (10GBASE-ER) CPAC-TR-10ER-C

SFP+ transceiver module for 10G fiber ports - long range up to 10km (10GBase-LR) CPAC-TR-10LR-C

SFP+ transceiver module for 10G fiber ports - short range (10GBase-SR) CPAC-TR-10SR-C

SFP+ transceiver 10GBASE-T RJ45 (Copper) - for links up to 30m over CAT6a/CAT7 CPAC-TR-10T-C

10G Direct Attach Copper (DAC) Cable, (10BASE-CU) 3 meters CPAC-DAC-10G-3M

2 Port 10/25/40/100G QSFP28 Dual Width interface card * CPAC-2-40/100F-C

QSFP28 transceiver module for 100G fiber ports - short range (100GBase-SR4) CPAC-TR-100SR

QSFP28 transceiver module for 100G fiber ports - long range (100GBase-LR4) CPAC-TR-100LR

100G SWDM4, LC connector, 75m/OM3 fiber CPAC-TR-100SWDM4

100G CWDM4, LC connector, 2Km/ single mode fiber CPAC-TR-100CWDM4

QSFP+ transceiver module for 40G fiber ports - short range (40GBase-SR) CPAC-TR-40SR-QSFP-300m

QSFP+ transceiver module for 40G fiber ports - long range (40GBase-LR) CPAC-TR-40LR-QSFP-10Km

Bi-directional QSFP transceiver for 40G fiber ports - short range (40GBase-SR-BD) CPAC-TR-40SR-QSFP-BIDI

QSFP28 to SFP28 Adapter - 10G/25G fiber adaptor CPAC-TR-QSFP28-SFP28

SFP28 transceiver module for 25G fiber ports with QSFP28 adaptor - short range (25GBase-SR) CPAC-TR-25SR-ADP

SFP28 transceiver module for 25G fiber ports with QSFP28 adaptor - long range (25GBase-LR) CPAC-TR-25LR-ADP

SFP+ transceiver module for 10G fiber with QSFP28 adaptor - for links up to 40km (10GBASE-ER) CPAC-TR-10ER-ADP

SFP+ transceiver module for 10G fiber with QSFP28 adaptor - long range up to 10km (10GBase-LR) CPAC-TR-10LR-ADP

SFP+ transceiver module for 10G fiber with QSFP28 adaptor - short range (10GBase-SR) CPAC-TR-10SR-ADP

SFP+ transceiver 10GBASE-T RJ45 (Copper) with QSFP28 adaptor - for links up to 30m over CAT6a/CAT7 CPAC-TR-10T-ADP

100G Direct Attach Copper cable (QSFP28), 3 meters CPAC-DAC-100G-3M

40G Direct Attach Copper cable (QSFP28), 3 meters CPAC-DAC-40G-3M

25G Direct Attach Copper cable (QSFP28), 3 meters CPAC-DAC-25G-3M

10G Direct Attach Copper cable, (10BASE-CU) 3 meters CPAC-DAC-10G-3M

* CPAC-2-40/100F-C 25G transceivers will be supported in a future Jumbo Hot Fix

© 2023 Check Point Software Technologies Ltd. All rights reserved. | August 30, 2023 4
ORDERING QUANTUM 26000 (continued)
FAIL-OPEN NETWORK INTERFACE CARDS
4 Port 1GE copper Bypass (Fail-Open) Network interface card (10/100/1000 Base-T) CPAC-4-1C-BP-C

2 Port 10GE Short-range Fiber Bypass (Fail-Open) Network interface card (10GBase-SR) CPAC-2-10FSR-BP-C

MEMORY SKU
Memory upgrade kit from 48GB to 96GB for 26000 Security Gateways CPAC-RAM48GB-26000

Memory upgrade kit from 96GB to 128GB for 26000 Security Gateways CPAC-RAM32GB-26000

Memory upgrade kit from 48GB to 128GB for 26000 Security Gateways CPAC-RAM80GB-26000

SPARES AND MISCELLANEOUS SKU

1TB HDD for 16000/26000 Security Gateways CPAC-HDD-1T-C
480GB SSD for 16000/26000 Security Gateways CPAC-SSD-480G-C
AC power supply for 16600HS, 26000, 28000, 28600HS Security Gateways CPAC-PSU-AC-26000/28000
Dual DC power supplies for 16000 and 26000 Security Gateways CPAC-PSU-DC-Dual-16000/26000/28000
DC power supply for 16000 and 26000 Security Gateways CPAC-PSU-DC-16000/26000
Replacement Lights-Out Management Module CPAC-NLOM-C
Replacement Fan CPAC-FAN-26000/28000
Slide rails for 26000 Security Gateways (22” - 32”) CPAC-RAIL-L
Extended slide rails for 26000 Security Gateways (24” - 36”) CPAC-RAIL-EXT-L

All-inclusive Security
SNBT
NGFW NGTP
(SandBlast)
Basic access control Prevent known threats Prevent known and zero-
plus IPS day attacks
Firewall   
VPN (IPsec)   
Mobile Access   
Identity Awareness   
Application Control   
Content Awareness   
IPS   
URL Filtering  
Anti-Bot  
Anti-Virus  
Anti-Spam  
DNS Security  
SandBlast Threat Emulation 
SandBlast Threat Extraction 
Zero Phishing 
IoT Network Protection optional optional optional
SD-WAN Network Optimization optional optional optional
The first-year purchase includes the SNBT package. Security subscription renewals, NGFW, NGTP and SNBT are available for subsequent years. Optional security
capabilities can be ordered a-la-carte or separately.

CONTACT US North America - +1-866-488-6691 | International - +44-125-333-5558 | www.checkpoint.com

© 2023 Check Point Software Technologies Ltd. All rights reserved. | August 30, 2023 5