Datasheet:

Check Point 4200 Appliance

4200
Entry level Enterprise security
appliance (114 SPU/3 Gbps)
with copper and fiber
connectivity options

Check Point 4200 Appliance KEY FEATURES

n

n
114 SecurityPower™
3 Gbps of firewall throughput
n 2 Gbps of IPS throughput
Today the enterprise gateway is more than a firewall. It is a security device presented n Up to 8 10/100/1000Base-T ports
with an ever-increasing number of sophisticated threats. As an enterprise security
n Up to 4 1GbE Fiber interface ports
gateway it must use multiple technologies to control network access, detect
sophisticated attacks and provide additional security capabilities like data loss
n 1 rack unit appliance
prevention and protection from web-based threats. The proliferation of mobile
devices like smartphones and Tablets and new streaming, social networking and KEY BENEFITS
P2P applications requires a higher connection capacity and new application control n Turn-key security solution for branch
technologies. Finally, the shift towards enterprise private and public cloud services, office and small to mid-size offices
in all its variations, changes the company borders and requires enhanced capacity n Delivers everything you need to secure
and additional security solutions. your network in one appliance
n Simplifies administration with a single
Check Point’s new appliances combine fast networking technologies with high integrated management console
performance multi-core capabilities—providing the highest level of security without n Ensures data security by securing remote
compromising on network speeds to keep your data, network and employees secure. access and site-to-site communications
Optimized for the Software Blades Architecture, each appliance is capable of running n Provides comprehensive security and
any combination of Software Blades—providing the flexibility and the precise level of protects against emerging threats with
security for any business at every network location by consolidating multiple security Extensible Software Blade Architecture
technologies into a single integrated solution.
GATEWAY SOFTWARE BLADES
Each Check Point Appliance supports the Check Point 3D security vision of 4205 4207 4208 4210
combining policies, people and enforcement for unbeatable protection and is Firewall n n n n
optimized for enabling any combination of the following Software Blades: (1) Firewall, IPsec VPN n n n n
(2) VPN, (3) IPS, (4) Application Control, (5) Mobile Access, (6) DLP, (7) URL Filtering,
Mobile Access
(8) Antivirus, (9) Anti-spam, (10) Anti-Bot, (11) Identity Awareness and (12) Advanced (5 users)
n n n n

Networking & Clustering. Advanced

Networking n n n n
& Clustering
Identity Awareness n n n n

IPS * n n n

Application Control * n n n

Data Loss n
Prevention * * *
URL Filtering * * * n

Antivirus * * * n

Anti-spam * * * n

Anti-Bot * * * *
* Optional

©2012 Check Point Software Technologies Ltd. All rights reserved.

|
Classification: [Protected] - All rights reserved 1
Datasheet: Check Point 4200 Appliance

4200
1 Standard rack mount (Slide rails optional)
2 One network expansion slot
3 4 x 10/100/1000Base-T RJ45 ports
4 Two USB ports for ISO installation
5 Console port RJ45
6 Graphic LCD display for management
IP address and image management
1 2 3 4 5 6

OVERVIEW ALL-INCLUSIVE SECURITY SOLUTION

The Check Point 4200 Appliance offers a complete and Available in four Software Blade packages of 5, 7, 8 and 10
consolidated security solution, with leading performance Blades, the 4200 Appliance is extensible to include additional
in a 1U form factor. Software Blades for further security in order to protect against
any threat and exploit regardless of size and network location.
In addition to four onboard 1 Gigabit copper Ethernet ports,
the 4200 also comes with an available expansion slot with the INTEGRATED SECURITY MANAGEMENT
option of adding an additional four 1 Gigabit copper or fiber The appliance can either be managed locally with its available
Ethernet ports. integrated security management or via central unified
Offering 114 SecurityPower Units, max firewall throughput of management. Using local management, the appliance
3 Gbps and IPS performance up to 2 Gbps the 4200 is capable can manage itself and one adjacent appliance for high
of securing any small to mid-size office. availability purposes.

SECURITYPOWER GAiA—THE UNIFIED SECURITY OS

Until today security appliance selection has been based upon Check Point GAiA™ is the next generation Secure Operating
selecting specific performance measurements for each security System for all Check Point appliances, open servers and
function, usually under optimal lab testing conditions and virtualized gateways. GAiA combines the best features from
using a security policy that has one rule. Today customers can IPSO and SecurePlatform into a single unified OS providing
select security appliances by their SecurityPower ratings greater efficiency and robust performance. By upgrading to GAiA,
which are based on real-world customer traffic, multiple customers will benefit from improved appliance connection
security functions and a typical security policy. capacity and reduced operating costs. With GAiA, customers will
gain the ability to leverage the full breadth and power of all Check
SecurityPower is a new benchmark that measures the Point Software Blades. GAiA secures IPv4 and IPv6 networks
capability and capacity of an appliance to perform multiple utilizing the Check Point Acceleration & Clustering technology
advanced security functions (Software Blades) such as IPS, and it protects the most complex network environments by
DLP and Application Control in real world traffic conditions. supporting dynamic routing protocols like RIP, OSPF, BGP,
This provides an effective metric to better predict the current PIM (sparse and dense mode) and IGMP. As a 64-Bit OS, GAiA
and future behavior of appliances under security attacks and increases the connection capacity of select appliances.
in day-to-day operations. Customer SecurityPower Unit (SPU)
requirements, determined using the Check Point Appliance GAiA simplifies management with segregation of duties by
Selection Tool, can be matched to the SPU ratings of Check enabling role-based administrative access. Furthermore, GAiA
Point Appliances to select the right appliance for their specific greatly increases operation efficiency by offering Automatic
requirements. Software Updates. The intuitive and feature-rich Web interface
allows for instant search of any commands or properties. GAiA
offers full compatibility with IPSO and SecurePlatform command
line interfaces, making it an easy transition for existing Check
Point customers.

©2012 Check Point Software Technologies Ltd. All rights reserved.

|
Classification: [Protected] - All rights reserved 2
Datasheet: Check Point 4200 Appliance

TECHNICAL SPECIFICATIONS
Base Configuration High Availability
4 x 10/100/1000Base-T RJ45 ports Active/Active - L3 mode
250 GB hard disk drive Active/Passive - L3 mode
One AC power supply Session synchronization for firewall and VPN
Standard rack mount Session failover for routing change
Network Expansion Slot Options (1 slot) Device failure detection
4 x 10/100/1000Base-T RJ45 ports Link failure detection
2 x 1000Base-F SFP ports ClusterXL or VRRP
4 x 1000Base-F SFP ports Virtual Systems
4 x 10/100/1000Base-T Fail-Open NIC Max VSs: 3
4 x 1000Base-F SX or LX Fail-Open NIC Dimensions
Max Configuration Enclosure: 1U
8 x 10/100/1000Base-T RJ45 ports Standard (W x D x H): 17.25 x 12.56 x 1.73 in.
4 x 10/100/1000Base-T RJ45 + 4 x 1000Base-F SFP ports Metric (W x D x H): 438 x 319 x 44 mm
Performance Weight: 4.0 kg (8.82 lbs.)
114 SecurityPower 1 Power Requirements
3 Gbps of firewall throughput, 1518 byte UDP AC Input Voltage: 100 - 240V
400 Mbps of VPN throughput, AES-128 Frequency: 50 - 60 Hz
2 Gbps of IPS throughput Default IPS profile Single Power Supply Rating: 100 W
300 Mbps of IPS throughput Recommended IPS profile Power Consumption Maximum: 57 W
1.2 million concurrent connections Maximum thermal output: 146 BTU
25,000 connections per second Operating Environmental Conditions
Network Connectivity Temperature: 32° to 104°F / 0° to 40°C
IPv4 and IPv6 Humidity: 20% to 90% (non-condensing)
1024 VLANs Storage Conditions
256 VLANs per interface Temperature: –4° to 158°F / –20° to 70°C
802.3ad passive and active link aggregation Humidity: 5% - 95% @ 60°C (non-condensing)
Layer 2 (transparent) and Layer 3 (routing) mode Certifications
1
SecurityPower: A metric to measure appliance performance based on real Safety: CB, UL/cUL, CSA, TUV, NOM, CCC, IRAM, PCT/GoST
world traffic given the deployed software blades. Find the right appliance for
your performance and security needs. Emissions: FCC, CE, VCCI, C-Tick, CCC, ANATEL, KCC
Environmental: RoHS

©2012 Check Point Software Technologies Ltd. All rights reserved.

|
Classification: [Protected] - All rights reserved 3
Datasheet: Check Point 4200 Appliance

SOFTWARE PACKAGE SPECIFICATIONS

Base Packages1 SKU
4200 Appliance with 5 Security blades (including Firewall, VPN, Advanced Networking & Clustering, Identity Awareness, CPAP-SG4205
and Mobile Access for 5 concurrent users blades); bundled with local management for up to 2 gateways
4200 Appliance with 7 Security blades (including Firewall, VPN, Advanced Networking & Clustering, Identity Awareness, CPAP-SG4207
Mobile Access for 5 concurrent users, IPS, and Application Control blades); bundled with local management for up to 2 gateways
4200 Appliance with 8 Security blades (including Firewall, VPN, Advanced Networking & Clustering, Identity Awareness, CPAP-SG4208
Mobile Access for 5 concurrent users, IPS, Application Control, and DLP blades)
4200 Appliance with 10 Security blades (including Firewall, VPN, Advanced Networking & Clustering, Identity Awareness, CPAP-SG4210
and Mobile Access for 5 concurrent users, IPS, Application Control, URL Filtering, Antivirus, and Email Security blades); bundled
with local management for up to 2 gateways
Software Blades Packages1 SKU
Check Point Extended Security Software Blades Package for 1 year for 4200 appliance CPSB-ESEC-6B-4200-1Y
(including IPS, URL Filtering, Application Control, Antivirus, Email Security, and DLP blades)
Check Point UTM+ Software Blades Package for 1 year for 4200 appliance CPSB-UTMP-5B-4200-1Y
(including IPS, URL Filtering, Application Control, Antivirus, and Email Security blades)
Check Point DLP+ Software Blades Package for 1 year for 4200 appliance (including IPS, Application Control, and DLP) CPSB-DLPP-3B-4200-1Y
Check Point Threat Prevention Software Blades Package for 1 year for 4200 CPSB-TPRV-4B-4200-1Y
(including IPS, URL Filtering, Antivirus and Anti-Bot blades)
Check Point Extended Threat Protection Software Blades Package for 1 year for 4200 (including Application Control and IPS blades) CPSB-ETPR-2B-4200-1Y
Check Point Web Control Software Blades Package for 1 year for 4200 (including Application Control and URL Filtering blades) CPSB-WBCL-2B-4200-1Y
Check Point Anti-Malware Package for 1 year for 4200 (including Anti-Bot and AV blades) CPSB-ABAV-2B-4200-1Y
Additional Software Blades1 SKU
Check Point Mobile Access Blade for up to 50 concurrent connections CPSB-MOB-50
Data Loss Prevention Blade for 1 year (for up to 500 users, up to 15,000 mails per hour and max throughput of 700 Mbps) CPSB-DLP-500-1Y
Check Point IPS blade for 1 year CPSB-IPS-S-1Y
Check Point Application Control blade for 1 year CPSB-APCL-S-1Y
Check Point URL Filtering blade for 1 year CPSB-URLF-S-1Y
Check Point Antivirus Blade for 1 year CPSB-AV-S-1Y
Check Point Anti-Spam & Email Security Blade for 1 year CPSB-ASPM-1Y
Check Point Anti-Bot Blade for 1 year—for low-end appliances and pre-defined systems CPSB-ABOT-S-1Y
1
High Availability (HA) and SKUs for 2 and 3 years are available, see the online Product Catalog.

SOFTWARE PACKAGE SPECIFICATIONS

Description SKU
3 Virtual Systems package CPSB-VS-3
3 Virtual Systems package for HA/VSLS CPSB-VS-3-VSLS

©2012 Check Point Software Technologies Ltd. All rights reserved.

|
Classification: [Protected] - All rights reserved 4
Datasheet: Check Point 4200 Appliance

ACCESSORIES
Interface Cards and Transceivers SKU
4 Port 10/100/100Base-T RJ45 interface card CPAC-4-1C
4 Port 1000Base-F SFP interface card; requires additional 1000Base SFP transceiver modules per interface port CPAC-4-1F
SFP transceiver module for 1G fiber ports—short range (1000Base-SX) for CPAC-4-1F CPAC-TR-1SX
SFP transceiver module for 1G fiber ports—long range (1000Base-LX) for CPAC-4-1F CPAC-TR-1LX
Bypass Card SKU
4 Port 1GE short-range Fiber Bypass (Fail-Open) Network interface card (1000Base-SX) CPAC-4-1FSR-BP
4 Port 1GE long-range Fiber Bypass (Fail-Open) Network interface card (1000Base-LX) CPAC-4-1FLR-BP
4 Port 1GE copper Bypass (Fail-Open) Network interface card (10/100/1000 Base-T) CPAC-4-1C-BP
Spares and Accessories SKU
Slide RAILS for 4000 and 12000 Appliances (22"-32") CPAC-RAILS
Extended Slide Rails for 4000 and 12000 Appliances (26"-36") CPAC-RAILS-EXT

Worldwide Headquarters
5 Ha’Solelim Street, Tel Aviv 67897, Israel | Tel: 972-3-753-4555 | Fax: 972-3-624-1100 | Email: info@checkpoint.com
CONTACT CHECK POINT U.S. Headquarters
959 Skyway Road, Suite 300, San Carlos, CA 94070 | Tel: 800-429-4391; 650-628-2000 | Fax: 650-654-4233 | www.checkpoint.com

©2012 Check Point Software Technologies Ltd. All rights reserved.

October 15, 2012