Datasheet:

Check Point 4400 Appliance

4400
Enterprise-grade security appliance

Check Point 4400 Appliance KEY FEATURES

n

n
230 SecurityPower™
2.2 Gbps production firewall throughput
Today the enterprise gateway is more than a firewall. It is a security device presented n 360 Mbps production IPS throughput
with an ever-increasing number of sophisticated threats. As an enterprise security n Up to 12 10/100/1000Base-T ports
gateway it must use multiple technologies to control network access, detect n Up to 4 1GbE Fiber ports
sophisticated attacks and provide additional security capabilities like data loss
prevention and protection from web-based threats. The proliferation of mobile KEY BENEFITS
devices like smartphones and Tablets and new streaming, social networking and n Entry level, enterprise-grade appliance
P2P applications requires a higher connection capacity and new application control n Delivers everything you need to secure
technologies. Finally, the shift towards enterprise private and public cloud services,
your network in one appliance
in all its variations, changes the company borders and requires enhanced capacity
n Simplifies administration with a single
and additional security solutions.
integrated management console
Check Point’s new appliances combine fast networking technologies with high n Ensures data security for remote access

performance multi-core capabilities—providing the highest level of security without and site-to-site communications
compromising on network speeds to keep your data, network and employees secure. n Provides comprehensive security and
Optimized for the Software Blades Architecture, each appliance is capable of running protects against emerging threats with
any combination of Software Blades—providing the flexibility and the precise level of Extensible Software Blade Architecture
security for any business at every network location by consolidating multiple security
technologies into a single integrated solution. GATEWAY SOFTWARE BLADES
NGFW NGDP NGTP SWG
Each Check Point Appliance supports the Check Point 3D security vision of
combining policies, people and enforcement for unbeatable protection. To address Firewall n n n n

evolving security needs, Check Point offers Next Generation Security packages of IPsec VPN n n n n

Software Blades focused on specific customer requirements. Threat Prevention, Mobile Access
Data Protection, Web Security and Next Generation Firewall technologies are key (5 users)
n n n *
foundations for a robust 3D Security blueprint. Advanced
Networking n n n n

OVERVIEW & Clustering

The Check Point 4400 Appliance offers a complete and consolidated security Identity Awareness n n n n

solution, with leading performance in a 1U form factor. IPS n n n *

Application Control n n n n
In addition to eight onboard 1 Gigabit copper Ethernet ports, the 4400 also comes
with an available expansion slot for the option of adding four 1 Gigabit copper or 2 or Data Loss
Prevention * n * *
4 fiber Ethernet ports. With 230 SecurityPower Units, real-world firewall throughput
of 2.2 Gbps and real-world IPS performance up to 360 Mbps the 4400 is capable of URL Filtering * * n n

securing any small to mid-size office. Antivirus * * n n

Anti-spam * * n *
Anti-Bot * * n *
* Optional

©2014 Check Point Software Technologies Ltd. All rights reserved.

|
Classification: [Protected] - All rights reserved 1
Datasheet: Check Point 4400 Appliance
4400
1 Standard rack mount (Slide rails optional)
2 One network expansion slot
3 8 x 10/100/1000Base-T RJ45 ports
4 Two USB ports for ISO installation
5 Console port RJ45
6 Graphic LCD display for management
IP address and image management
1 2
SECURITYPOWER
Until today security appliance selection has been based upon
selecting specific performance measurements for each security
function, usually under optimal lab testing conditions and using
a security policy that has one rule. Today customers can select
security appliances by their SecurityPower ratings which are
based on real-world customer traffic, multiple security functions
and a typical security policy.
SecurityPower is a new benchmark that measures the capability
and capacity of an appliance to perform multiple advanced
security functions (Software Blades) such as IPS, DLP and
Application Control in real world traffic conditions. This provides
an effective metric to better predict the current and future
behavior of appliances under security attacks and in day-to-day
operations. Customer SecurityPower Unit (SPU) requirements,
determined using the Check Point Appliance Selection Tool,
can be matched to the SPU ratings of Check Point Appliances
to select the right appliance for their specific requirements.
ALL-INCLUSIVE SECURITY SOLUTIONS
The Check Point 4400 Appliance offers a complete and
consolidated security solution in a 1U form factor based on
the Check Point Software Blade architecture. Available in four
software packages, the platform provides up-to-date and
extensible security protection.
• Next Generation Firewall (NGFW): identify and control
applications by user and scan content to stop threats—with
IPS and Application Control.
• Next Generation Secure Web Gateway (SWG): enables
secure use of Web 2.0 with real time multi-layered protection
against web-borne malware—with Application Control, URL
Filtering, Antivirus and SmartEvent.
3 4 5 6
• Next Generation Data Protection (NGDP): preemptively
protect sensitive information from unintentional loss, educate
users on proper data handling policies and empower them
to remediate incidents in real-time—with IPS, Application
Control and DLP.
• Next Generation Threat Prevention (NGTP): apply multiple
layers of protection to prevent sophisticated cyber-threats—
with IPS, Application Control, Antivirus, Anti-Bot, URL Filtering
and Email Security.
PREVENT UNKNOWN THREATS WITH
THREATCLOUD EMULATION
Check Point Appliances are a key component in the ThreatCloud
Ecosystem providing excellent protection from undiscovered
exploits, zero-day and targeted attacks. Appliances inspect and
send suspicious files to the ThreatCloud Emulation Service which
runs them in a virtual sandbox to discover malicious behavior.
Discovered malware is prevented from entering the network. A
signature is created and sent to the ThreatCloud which shares
information on the newly identified threat to protect other Check
Point customers.
INTEGRATED SECURITY MANAGEMENT
The appliance can either be managed locally with its available
integrated security management or via central unified management.
Using local management, the appliance can manage itself and one
adjacent appliance for high availability purposes.
REMOTE ACCESS CONNECTIVITY
FOR MOBILE DEVICES
Each appliance arrives with mobile access connectivity for
5 users, using the Mobile Access Blade. This license provides
secure remote access to corporate resources from a wide
variety of devices including smartphones, tablets, PCs,
Mac and Linux.
GAiA—THE UNIFIED SECURITY OS
Check Point GAiA™ is the next generation Secure Operating
System for all Check Point appliances, open servers and
virtualized gateways. GAiA combines the best features from IPSO
and SecurePlatform into a single unified OS providing greater
©2014 Check Point Software Technologies Ltd. All rights reserved.
|
Classification: [Protected] - All rights reserved 2
Datasheet: Check Point 4400 Appliance

efficiency and robust performance. By upgrading to GAiA,
customers will benefit from improved appliance connection
capacity and reduced operating costs. With GAiA, customers
will gain the ability to leverage the full breadth and power of
all Check Point Software Blades. GAiA secures IPv4 and IPv6
networks utilizing the Check Point Acceleration & Clustering
technology and it protects the most complex network
environments by supporting dynamic routing protocols like RIP,
OSPF, BGP, PIM (sparse and dense mode) and IGMP.
As a 64-Bit OS, GAiA increases the connection capacity
of select appliances.
GAiA simplifies management with segregation of duties by
enabling role-based administrative access. Furthermore, GAiA
greatly increases operation efficiency by offering Automatic
Software Updates. The intuitive and feature-rich Web interface
allows for instant search of any commands or properties.
GAiA offers full compatibility with IPSO and SecurePlatform
command line interfaces, making it an easy transition for
existing Check Point customers.

TECHNICAL SPECIFICATIONS
Base Configuration High Availability
8 x 10/100/1000Base-T RJ45 ports Active/Active - L3 mode
250 GB hard disk drive Active/Passive - L3 mode
One AC power supply Session synchronization for firewall and VPN
Standard rack mount Session failover for routing change
Network Expansion Slot Options (1 slot) Device failure detection
4 x 10/100/1000Base-T RJ45 ports Link failure detection
2 x 1000Base-F SFP ports ClusterXL or VRRP
4 x 1000Base-F SFP ports Virtual Systems
4 x 10/100/1000Base-T Fail-Open NIC Max VSs: 10
4 x 1000Base-F SX or LX Fail-Open NIC Dimensions
Max Configuration Enclosure: 1U
12 x 10/100/1000Base-T RJ45 ports Standard (W x D x H): 17.25 x 12.56 x 1.73 in.
8 x 10/100/1000Base-T RJ45 + 4 x 1000Base-F SFP ports Metric (W x D x H): 438 x 320 x 44 mm
Production Performance 1 Weight: 7.5 kg (16.53 lbs.)
230 SecurityPower Power Requirements
2.2 Gbps firewall throughput AC Input Voltage: 100 - 240V
360 Mbps firewall and IPS throughput Frequency: 50 - 60 Hz
RFC 3511, 2544, 2647, 1242 Performance Tests (LAB) Single Power Supply Rating: 250 W
5 Gbps of firewall throughput, 1518 byte UDP Power Consumption Maximum: 90 W

1.2 Gbps of VPN throughput, AES-128 Maximum thermal output: 240.1 BTU

25,000 max IPsec VPN tunnels Operating Environmental Conditions

700 Mbps of IPS throughput, Recommended IPS profile, IMIX traffic blend Temperature: 32° to 104°F / 0° to 40°C

1.2 million concurrent connections, 64 byte HTTP response Humidity: 20% - 90% (non-condensing)

40,000 connections per second, 64 byte HTTP response Storage Conditions

Network Connectivity Temperature: - 4° to 158°F / - 20° to 70°C

IPv4 and IPv6 Humidity: 5% - 95% @ 60°C (non-condensing)

1024 interfaces or VLANs per system Certifications

4096 interfaces per system (in Virtual System mode)
802.3ad passive and active link aggregation
Layer 2 (transparent) and Layer 3 (routing) mode
1
Safety: CB, UL/cUL, CSA, TUV, NOM, CCC, IRAM, PCT/GoST
Emissions: FCC, CE, VCCI, C-Tick, CCC, ANATEL, KCC
Environmental: RoHS
Maximum R77 production performance based upon the SecurityPower
benchmark. Real-world traffic, Multiple Software Blades, Typical rule-base,
NAT and Logging enabled. Check Point recommends 50% SPU utilization to
provide room for additional Software Blades and future traffic growth. Find
the right appliance for your performance and security requirements using the
Appliance Selection Tool.

©2014 Check Point Software Technologies Ltd. All rights reserved.

|
Classification: [Protected] - All rights reserved 3
Datasheet: Check Point 4400 Appliance

SOFTWARE PACKAGE SPECIFICATIONS

Base Packages1 SKU

4400 Next Generation Firewall Appliance (with FW, VPN, ADNC, IA, MOB-5, IPS and APCL Blades); CPAP-SG4400-NGFW
bundled with local management for up to 2 gateways.
Secure Web Gateway 4400 Appliance (with FW, VPN, ADNC, IA, APCL, AV and URLF Blades); CPAP-SWG4400
bundled with local management for up to 2 gateways and SmartEvent.
4400 Next Generation Data Protection Appliance (with FW, VPN, ADNC, IA, MOB-5, IPS, APCL, and DLP Blades); CPAP-SG4400-NGDP
bundled with local management for up to 2 gateways.
4400 Next Generation Threat Prevention Appliance (with FW, VPN, ADNC, IA, MOB-5, IPS, APCL, URLF, AV, CPAP-SG4400-NGTP
ABOT and ASPM Blades); bundled with local management for up to 2 gateways.
Software Blades Packages1 SKU

4400 Next Generation Firewall Appliance Software Blade package for 1 year (IPS and APCL Blades) CPSB-NGFW-4400-1Y

Secure Web Gateway 4400 Appliance Software Blade package for 1 year (APCL, AV and URLF Blades) CPSB-SWG-4400-1Y

4400 Next Generation Data Protection Appliance Software Blade package for 1 year (IPS, APCL, and DLP Blades) CPSB-NGDP-4400-1Y

4400 Next Generation Threat Prevention Appliance Software Blade package for 1 year CPSB-NGTP-4400-1Y
(IPS, APCL, URLF, AV, ABOT and ASPM Blades)
Additional Software Blades1 SKU

Check Point Mobile Access Blade for up to 50 concurrent connections CPSB-MOB-50

Data Loss Prevention Blade for 1 year (for up to 500 users, up to 15,000 mails per hour and max throughput of 700 Mbps) CPSB-DLP-500-1Y

Check Point IPS blade for 1 year CPSB-IPS-S-1Y

Check Point Application Control blade for 1 year CPSB-APCL-S-1Y

Check Point URL Filtering blade for 1 year CPSB-URLF-S-1Y

Check Point Antivirus Blade for 1 year CPSB-AV-S-1Y

Check Point Anti-Spam & Email Security Blade for 1 year CPSB-ASPM-S-1Y

Check Point Anti-Bot Blade for 1 year - for low-end appliances and pre-defined system CPSB-ABOT-S-1Y
1
High Availability (HA) and SKUs for 2 and 3 years are available, see the online Product Catalog

VIRTUAL SYSTEMS PACKAGE

Description SKU

10 Virtual Systems package CPSB-VS-10

10 Virtual Systems package for HA/VSLS CPSB-VS-10-VSLS

3 Virtual Systems package CPSB-VS-3

3 Virtual Systems package for HA/VSLS CPSB-VS-3-VSLS

©2014 Check Point Software Technologies Ltd. All rights reserved.

|
Classification: [Protected] - All rights reserved 4
Datasheet: Check Point 4400 Appliance

ACCESSORIES
Description SKU

2 Port 1000Base-F SFP interface card; requires additional 1000Base SFP transceiver modules per interface port CPAC-2-1F

4 Port 10/100/100Base-T RJ45 interface card CPAC-4-1C

4 Port 1000Base-F SFP interface card; requires additional 1000Base SFP transceiver modules per interface port CPAC-4-1F

SFP transceiver for 1000Base-T RJ45 (copper) CPAC-TR-1T

SFP transceiver module for 1G fiber ports—long range (1000Base-LX) CPAC-TR-1LX

SFP transceiver module for 1G fiber ports—short range (1000Base-SX) CPAC-TR-1SX

Bypass Card SKU

4 Port 1GE short-range Fiber Bypass (Fail-Open) Network interface card (1000Base-SX) CPAC-4-1FSR-BP

4 Port 1GE long-range Fiber Bypass (Fail-Open) Network interface card (1000Base-LX) CPAC-4-1FLR-BP

4 Port 1GE copper Bypass (Fail-Open) Network interface card (10/100/1000 Base-T) CPAC-4-1C-BP

Spares and Miscellaneous SKU

Slide RAILS for 4000 and 12000 Appliances (22"-32") CPAC-RAILS

Extended Slide Rails for 4000 and 12000 Appliances (26"-36") CPAC-RAILS-EXT

Worldwide Headquarters
5 Ha’Solelim Street, Tel Aviv 67897, Israel | Tel: 972-3-753-4555 | Fax: 972-3-624-1100 | Email: [email protected]
CONTACT CHECK POINT U.S. Headquarters
959 Skyway Road, Suite 300, San Carlos, CA 94070 | Tel: 800-429-4391; 650-628-2000 | Fax: 650-654-4233 | www.checkpoint.com

©2014 Check Point Software Technologies Ltd. All rights reserved.

January 7, 2014