Check Point 5400 Security Gateway | Datasheet

CHECK POINT
5400 NEXT GENERATION SECURITY GATEWAY
FOR THE SMALL ENTERPRISE

CHECK POINT 5400 NEXT OVERVIEW

GENERATION SECURITY The Check Point 5400 Next Generation Security Gateway combines the most

GATEWAY comprehensive security protections to safeguard your small enterprise. The 5400 is a
1U Next Generation Security Gateway with one I/O expansion slot for higher port
capacity, a 500GB (HDD) or 240GB (SSD) disk, and Lights-Out Management (LOM)
Small enterprise security
for remote management. This powerful Next Generation Security Gateway is
optimized to deliver real-world threat prevention to secure your critical assets and
environments.
Product Benefits
 High performance protection against
the most advanced cyber attacks COMPREHENSIVE THREAT PREVENTION
 Unique “first time prevention” for the The rapid growth of malware, growing attacker sophistication and the rise of new
most sophisticated zero day attack unknown zero-day threats require a different approach to keep enterprise networks
 Optimized for inspecting SSL and data secure. Check Point delivers fully integrated, comprehensive Threat
encrypted traffic Prevention with award-winning SandBlast™ Threat Emulation and Threat Extraction
 Future-proofed technology for complete protection against the most sophisticated threats and zero-day
safeguards against tomorrow’s risks vulnerabilities.
 Centralized control and LOM
improves serviceability Unlike traditional solutions that are subject to evasion techniques, introduce
 Modular, expandable chassis with unacceptable delays, or let potential threats through while evaluating files, Check
flexible I/O options Point SandBlast stops more malware from entering your network. With our solution
your employees can work safely no matter where they are and doesn’t compromise
Product Features their productivity.
 Simple deployment and management
 Secure remote access to corporate
resources from a wide variety of
PERFORMANCE HIGHLIGHTS
devices Firewall IPS NGFW1 Threat Prevention 2
 One network expansion slot to add 22 Gbps 3.9 Gbps 3.4 Gbps 1.745 Gbps
port density, fiber and fail-open IO Performance measured under ideal testing conditions. Additional performance details on page 4.

card options 1. Includes Firewall, Application Control, and IPS Software Blades.
2. Includes Firewall, Application Control, URL Filtering, IPS, Antivirus, Anti -Bot and SandBlast Zero-Day Protection Software
 Redundant appliance clustering Blades using R80.10.
technologies eliminate a single point
of failure

©2018 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non -confidential content | Jaunuary 25, 2018 | Page 1
 Check Point 5400 Security Gateway | Datasheet

ALL-INCLUSIVE SECURITY SOLUTIONS INSPECT ENCRYPTED CONNECTIONS

Check Point 5400 Next Generation Security Gateways offer a There is a shift towards more use of HTTPS, SSL and TLS
complete and consolidated security solution available in two encryption to increase Internet security. At the same time
complete packages: files delivered into the organization over SSL and TLS
 NGTP: prevent sophisticated cyber-threats with represent a stealthy attack vector that bypasses traditional
Application Control, URL Filtering, IPS, Antivirus, security implementations. Check Point Threat Prevention
Anti-Bot and Email Security. looks inside encrypted SSL and TLS tunnels to detect
 NGTX: NGTP with SandBlast Zero-Day Protection, threats, ensuring users remain in compliance with company
which includes Threat Emulation and Threat policies while surfing the Internet and using corporate data.
Extraction.
INCLUSIVE HIGH PERFORMANCE PACKAGE
PREVENT KNOWN AND ZERO-DAY THREATS Customers with high connection capacity requirements can
The 5400 Next Generation Security Gateway protects purchase the affordable High Performance Package (HPP).
organizations from both known and unknown threats with This includes the base system plus one 4x 1Gb SFP
Antivirus, Anti-Bot, SandBlast Threat Emulation interface card, transceivers, Lights-Out-Management (LOM)
(sandboxing), and SandBlast Threat Extraction technologies. and 16 GB of memory for high connection capacity.

As part of the Check Point SandBlast Zero-Day Protection Base HPP Max
solution, the cloud-based Threat Emulation engine detects 1 GbE ports (Copper) 10 10 18
malware at the exploit phase, even before hackers can apply
1 GbE ports (Fiber) 0 4 4
evasion techniques attempting to bypass the sandbox. Files
Transceivers (SR) 0 4 4
are quickly quarantined and inspected, running in a virtual
sandbox to discover malicious behavior before it enters your RAM 8GB 16GB 32GB
network. This innovative solution combines cloud-based AC or DC Power Units 1 1 1
CPU-level inspection and OS-level sandboxing to prevent Lights Out Management Optional Included Included
infection from the most dangerous exploits, and zero-day and
targeted attacks.
REMOTE MANAGEMENT AND MONITORING
An optional Lights-Out-Management (LOM) card provides
Furthermore, SandBlast Threat Extraction removes
out-of-band remote management to remotely diagnose, start,
exploitable content, including active content and embedded
restart and manage the appliance from a remote location.
objects, reconstructs files to eliminate potential threats, and
Administrators can also use the LOM web interface to
promptly delivers sanitized content to users to maintain
remotely install an OS image from an ISO file.
business flow.

SECURE REMOTE ACCESS

NGTX
NGTP Each Check Point Next Generation Security Gateway is
(SandBlast)
Prevent known Prevent known configured with mobile access connectivity for up to 5 users,
threats and zero-day using the Mobile Access Blade. This license provides secure
attacks remote access to corporate resources from a wide variety of
Firewall   devices including smartphones, tablets, PCs, Mac and Linux.
VPN (IPsec)  
IPS   INTEGRATED SECURITY MANAGEMENT
Application Control   Every Check Point appliance can either be managed locally
URL Filtering   with the available integrated security management 1 or via
central unified management. Using local management, the
Anti-Bot  
appliance can manage itself and one adjacent appliance for
Anti-Virus   high availability deployments.
Anti-Spam  
SandBlast Threat Emulation   1
not available when purchased with the SSD option
SandBlast Threat Extraction  

©2018 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non -confidential content | Jaunuary 25, 2018 | Page 2
 Check Point 5400 Security Gateway | Datasheet

1 2 2
5400 SECURITY GATEWAY
1 Sync 10/100/1000Base-T RJ45 port
2 RJ45/micro USB console port
3 One network card expansion slot
4 8x 10/100/1000Base-T RJ45 ports
5 Management 10/100/1000Base-T RJ45 port
6 2x USB ports for ISO installation
7 Lights-Out Management port

3 4 5 6 7

ORDERING INFORMATION
BASE CONFIGURATION 1
5400 Next Generation Security Gateway Base Configuration, includes 10x1GbE copper ports, 8GB RAM, CPAP-SG5400-NGTP
1 HDD, 1 AC Power Unit, Next Generation Threat Prevention (NGTP) Security Subscription Package for 1
Year.
5400 SandBlast Next Generation Security Gateway Base Configuration, includes 10x1GbE copper ports, CPAP-SG5400-NGTX
8GB RAM, 1 HDD, 1 AC Power Unit, SandBlast (NGTX) Security Subscription Package for 1 Year

HIGH PERFORMANCE PACKAGES 1

5400 Next Generation Security Gateway with High Performance Package, includes10x1GbE copper ports, CPAP-SG5400-NGTP-HPP
4x1Gb SFP ports, 4 SR transceivers, 16 GB RAM, 1 HDD, 1 AC Power Unit, Lights Out Management
(LOM), Next Generation Threat Prevention (NGTP) Security Subscription Package for 1 Year
5400 Next Generation Security Gateway with High Performance Package, includes10x1GbE copper ports, CPAP-SG5400-NGTX-HPP
4x1Gb SFP ports, 4 SR transceivers, 16 GB RAM, 1 HDD, 1 AC Power Unit, Lights Out Management
(LOM), Next Generation Threat Extraction (SandBlast) Security Subscription Package for 1 Year
1 SKUs for 2 and 3 years, for High Availability and Appliances with an SSD or DC power option are also available, see the online Product Catalog

ACCESSORIES
INTERFACE CARDS AND TRANSCEIVERS
8 Port 10/100/1000 Base-T RJ45 interface card CPAC-8-1C-B
4 Port 1000Base-F SFP interface card; requires additional 1000Base SFP transceivers CPAC-4-1F-B
SFP transceiver module for 1G fiber ports - long range (1000Base-LX) CPAC-TR-1LX-B
SFP transceiver module for 1G fiber ports - short range (1000Base-SX) CPAC-TR-1SX-B
SFP transceiver to 1000 Base-T RJ45 (Copper) CPAC-TR-1T-B
4 Port 1GE copper Bypass (Fail-Open) network interface card (10/100/1000 Base-T) CPAC-4-1C-BP-B

SPARES AND MISCELLANEOUS

Memory upgrade kit from 8GB to 16GB for 5400 appliance CPAC-RAM8GB-5000
Memory upgrade kit from 8GB to 32GB for 5400 appliance CPAC-RAM24GB-5000
Memory upgrade kit from 16GB to 32GB for 5400 appliance CPAC-RAM16GB-5000
Lights Out Management module CPAC-LOM-B
Slide rails for 5000 Appliances (22” - 32”) CPAC-RAIL-5000
Extended slide rails for 5000 Appliances (24” - 36”) CPAC-RAIL-EXT-5000

©2018 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non -confidential content | Jaunuary 25, 2018 | Page 3
 Check Point 5400 Security Gateway | Datasheet

Performance Network
Ideal Testing Conditions Network Connectivity
 22 Gbps of UDP 1518 byte packet firewall throughput  Total physical and virtual (VLAN) interfaces per appliance:
 3.9 Gbps IPS 1024/4096 (single gateway/with virtual systems)
 3.4 Gbps of NGFW1  802.3ad passive and active link aggregation
 1.745 Gbps of Threat Prevention2  Layer 2 (transparent) and Layer 3 (routing) mode
 2.16 Gbps of AES-128 VPN throughput High Availability
 150,000 connections per second, 64 byte response  Active/Active and Active/Passive - L3 mode
 3.2/6.4/12.8 million concurrent connections, 64 byte response3  Session failover for routing change, device and link failure
Real-World Production Conditions  ClusterXL or VRRP
 600 SecurityPower Units IPv6
 10 Gbps of firewall throughput  NAT66, NAT64
 1.08 Gbps IPS  CoreXL, SecureXL, HA with VRRPv3
 690 Mbps of NGFW1 Unicast and Multicast Routing (see SK98226)
 395 Mbps of Threat Prevention2
 OSPFv2 and v3, BGP, RIP
Virtual Systems  Static routes, Multicast routes
 Maximum VS (base/HPP/max memory): 10/20/20  Policy-based routing
Your performance may vary depending on different factors.  PIM-SM, PIM-SSM, PIM-DM, IGMP v2, and v3
Visit www.checkpoint.com/partnerlocator to find an appliance
that matches your unique requirements. Physical
1. Includes Firewall, Application Control and IPS Software Blades. 2. Includes Firewall, Application Power Requirements
Control, URL Filtering, IPS, Antivirus, Anti-Bot and SandBlast Zero-Day Protection Software  Single Power Supply Rating: 250W
 AC power input: 110-240V (47-63Hz)
Blades using R80.10. 3. Performance measured with default/HPP/maximum memory.

 Power consumption maximum: 76.5W

Expansion Options
 Maximum thermal output: 261 BTU/hr.
Base Configuration
Dimensions
 10 on-board 10/100/1000Base-T RJ-45 ports
 1x CPUs, 2x physical cores, 2x virtual cores (total)  Enclosure: 1RU

 8 GB memory (16 and 32 GB options)  Dimensions (W x D x H): 17.2x16x1.73 in. (438x406.5x44mm)

 1x 500GB (HDD) or 1x 240GB (SSD) drive  Weight: 14 lbs. (6.37 kg)

 1 power supply (AC or DC) Environmental Conditions
 Fixed rails (slide rail option)  Operating: 0° to 40°C, humidity 5% to 95%
 (Lights-Out-Management (LOM) option)  Storage: –20° to 70°C, humidity 5% to 95% at 60°C
Network Expansion Slot Options (1 slot available) Certifications
 8x 10/100/1000Base-T RJ45 port card, up to 18 ports  Safety: UL, CB, CE, TUV GS
 4x 1000Base-F SFP port card, up to 4 ports  Emissions: FCC, CE, VCCI, RCM/C-Tick
Fail-Open/Bypass Network Options  Environmental: RoHS, REACH1, ISO140011
 4x 10/100/1000Base-T RJ45 port card 1 factory certificate

CONTACT US EMAIL: INFO@CHECKPOINT.COM WEB: WWW.CHECKPOINT.COM

©2018 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non -confidential content | Jaunuary 25, 2018 | Page 4