· Appliance Comparison Chart ©2016 Check Point Software Technologies Ltd. All rights reserved. Classification: [Protected] — All rights reserved. | 2 fi ...

Appliance Comparison Chart

©2016 Check Point Software Technologies Ltd. All rights reserved. Classification: [Protected] — All rights reserved. | 2


May 11, 2016

1 Aassumes maximum production throughput with real-world traffic blend, a typical rule-base size, NAT and logging enabled and the most secure threat prevention protection

2 Performance measured with default/maximum memory

3200 5200 5400 5600 5800

Branch Office Small Enterprise Mid-Size Enterprise

Production Performance (Real-World Traffic Blend)

SecurityPower 250 425 600 950 1750

Firewall (Gbps) 2.1 5.3 10 17.5 22

IPS Throughput (Gbps) 460 Mbps 810 Mbps 1.08 1.9 3.05

NGFW Throughput (Gbps) 260 Mbps 520 Mbps 690 Mbps 1.18 2

Threat Prevention (Gbps) 140 Mbps 250 Mbps 330 Mbps 540 Mbps 1

Ideal Testing Conditions Performance (RFC 3511, 2544, 2647, 1242 )

Firewall Throughput (Gbps) 4 16 22 25 35

Connections Per Second (K) 48 125 150 185 185

Concurrent Sessions (M)1 3.2 3.2/6.4 3.2/6.4 3.2/6.4 3.2/6.4

VPN Throughput (Gbps) 2.25 1.88 2.16 6.5 10

IPS Throughput (Gbps) 1.44 3 3.9 7.8 10

NGFW Throughput (Gbps) 1.15 2.7 3.4 5.8 8.1

Network

10/100/1000Base-T (Base/Max) 6/6 6/14 10/18 10/18 10/26

1000Base-F SFP (Base/Max) NA 0/4 0/4 0/4 0/8

10GBase-F SFP+ (Base/Max) NA 0/0 0/0 0/4 0/8

40GB QSFP (Base/Max) NA NA NA NA 0/4

Expansion Slot NA 1 1 1 2

Fail-Over NIC Option NA Yes Yes Yes Yes

Additional Features

Storage 1x 320 GB 1x 500 GB 1x 500 GB 1x 500 GB 1x 500 GB

Memory Options (GB) 8 8 8, 16 8, 16 8, 16

LOM Card NA Optional Optional Optional Included

Virtual Systems

Maximum (base/HPP)2 10 10/20 10/20 10/20 10/20

Physical

Enclosure Desktop 1U 1U 1U 1U

Weight 1.3kg (2.9 lbs) 6.22kg (13.7 lbs) 6.37kg (14 lbs) 7.95kg (17.53 lbs) 8.37kg (18.45 lbs)

Power

Dual, Hot-Swappable Power Supplies NA NA NA Optional Optional

Power Input 90-264V, 47-63 Hz

Single Power Supply Rating 40W 250W 250W 275W 275W

Power Consumption (Max) 29.5W 62.9W 76.5W 103W 110W

Security Gateway Appliances



May 11, 2016

1 Assumes maximum production throughput with real-world traffic blend, a typical rule-base size, NAT and logging enabled and the most secure threat prevention protection 2 Performance measured with default/maximum memory

15400 15600 23500 23800

Large Enterprise Data Center Grade

Production Performance (Real-World Traffic Blend)1

SecurityPower 2600 3850 4900 6200

Firewall (Gbps) 30 30 34 43

IPS Throughput (Gbps) 4.5 8 10 12

NGFW Throughput (Gbps) 3 5.2 6.3 7.2

Threat Prevention (Gbps) 1.5 2.5 2.9 3.6

Ideal Testing Conditions Performance (RFC 3511, 2544, 2647, 1242)

Firewall Throughput (Gbps) 58 77 116 128

Connections Per Second (K) 185 185 200 200

Concurrent Sessions (M)2 3.2/9.6 6.4/12.8 12.8/25.6 12.8/28

VPN Throughput (Gbps) 10.8 15.8 26 26

IPS Throughput (Gbps) 14 18 22 30

NGFW Throughput (Gbps) 12 17 20 27

Network

10/100/1000Base-T (Base/Max) 10/26 10/26 10/42 10/42

1000Base-F SFP (Base/Max) 0/12 0/12 0/20 0/20

10GBase-F SFP+ (Base/Max) 2/12 2/12 2/20 2/20

40GBase QSFP (Base/Max) 0/4 0/4 0/4 0/4

Expansion Slot 3 3 5 5

Fail-Open/Bypass NIC Option Yes Yes Yes Yes

Additional Features

Storage 1x 1TB 2x 1TB RAID1 2x 1TB RAID1 2x 1TB RAID1

Memory Options (GB) 8/24 16/32 16/64 32/64

LOM Card Included Included Included Included

LCD Display Graphic LCD Graphic LCD Graphic LCD Graphic LCD

Virtual Systems

Maximum (base/HPP)2 10/40 60/80 60/125 125/250

Physical

Enclosure 2U 2U 2U 2U

Weight 14.3kg (31.5 lbs) 14.3kg (31.5 lbs) 15.8kg (34.8 lbs) 15.8 kg (34.8 lbs.)

Power

Hot-Swappable Power Supplies Included Included Included Included

Power Input 90-264V, 47-63 Hz

Single Power Supply Rating 600W 600W 800W 800W

Power Consumption (Max) 263W 297W 383W 399W

Security Gateway Appliances continued



May 11, 2016

1 Assumes maximum production throughput with real-world traffic blend, a typical rule-base size, NAT and logging enabled and the most secure threat prevention protection

2 With memory upgrade and the GAiA OS 3 Via a Solutions Center request

2200 4200 4400 4600 4800

Small-Office Enterprise Grade


SecurityPower 121 121 230 405 673

Firewall (Gbps) 1.4 1.4 2.2 3.4 5.8

Firewall and IPS (Mbps) 150 165 360 630 1100

RFC 3511, 2544, 2647, 1242 Performance Tests (LAB)


VPN Throughput (Gbps) 0.4 0.4 1.2 1.5 2

IPS Recommended Profile (Gbps) 0.3 0.3 0.7 1 1.5


Concurrent Sessions (M) 1.2 1.2 1.2 1.2 3.32

Network

10/100/1000Base-T/Max Ports 6/6 4/8 8/12 8/12 8/16

1000Base-F SFP (MAX Ports) NA 4 4 4 4

10GBase-F SFP+ (MAX Ports) NA NA NA NA 2

Expansion Slot 0 1 1 1 1

Fail-Open/Bypass NIC Option No Yes Yes Yes Yes

Additional Features

Storage 250 GB 250 GB 250 GB 250 GB 250 GB

Memory / Max 4/4 GB 4/4 GB 4/4 GB 4/4 GB 4/8 GB

LOM Card NA NA NA NA Included

Virtual Systems

Default/Max VS Supported 3/3 3/3 10/10 10/10 25/25

Physical

Enclosure Desktop 1U 1U 1U 1U

Weight 2kg (4.4 lbs) 4kg (8.82 lbs) 7.5kg (16.53 lbs) 7.5kg (16.53 lbs) 7.6kg (16.76 lbs)

Power

Dual, Hot-Swappable Power Supplies No No No No Optional

Power Input 100-240VAC, 47-63Hz


Power Consumption (Max) 35W 57W 90W 90W 140W

DC Option No No No Optional3 Optional3

Security Gateway Appliances (released before 2016)



May 11, 2016

1 Assumes maximum production throughput with real-world traffic blend, a typical rule-base size, NAT and logging enabled and the most secure threat prevention protection

2 With memory upgrade and the GAiA OS 3 Via a Solutions Center request

12200 12400 12600 13500 13800

Enterprise Grade


SecurityPower 811 1185 2050 3200 3800

Firewall (Gbps) 6.2 9.1 14 23.6 27.2

Firewall and IPS (Gbps) 1.28 2.11 3.58 5.7 6.4

RFC 3511, 2544, 2647, 1242 performance tests (LAB)


VPN Throughput (Gbps) 2.5 3.5 7 17 18.3

IPS Recommended Profile (Gbps) 2.5 3.5 6 7.8 9.6


Concurrent Sessions (M) 52 52 52 282 282

Network

10/100/1000Base-T/Max Ports 8/16 10/26 14/26 14/26 14/26

1000Base-F SFP (MAX Ports) 4 12 12 12 12

10GBase-F SFP+ (MAX Ports) 4 12 12 12 12

40GBase-F MAX Ports NA NA NA NA NA

Expansion Slot 1 3 3 3 3

Fail-Open/Bypass NIC Option Yes Yes Yes Yes Yes

Additional Features

Storage 1+1 500 GB 1+1 500 GB 2x500 GB RAID 1 2x500GB RAID 1 2x500GB RAID 1

Memory / Max 4/12 GB 4/12 GB 6/12 GB 16/64 GB 16/64 GB

LOM Card Included Included Included Included Included

Virtual Systems

Default/Max VS Supported 25/502 25/752 75/1502 150/2502 150/2502

Physical

Enclosure 1U 2U 2U 2U 2U

Weight 7.6kg (16.76 lbs) 23.4kg (51.6 lbs) 23.4kg (51.6 lbs) 17.5 kg (38.6 lbs.) 17.5 kg (38.6 lbs.)

Power

Hot-Swappable Power Supplies Optional 2 AC 2 AC 2 AC 2 AC



Power Consumption (Max) 121W 132W 220W 431W 431W

DC Option Optional3 Optional3 Optional3 Optional Optional

Security Gateway Appliances (released before 2016 continued)



May 11, 2016

1 With Security Acceleration Module 2 With memory upgrade and the GAiA OS 3 Via a Solutions Center request

21400 21700 21800

Data Center Grade


SecurityPower 2175/29001 3300/35511 4100/43001

Firewall (Gbps) 17.1/44.31 25.4/44.51 30.4/44.51

Firewall and IPS (Gbps) 3.67 5.7 6.9


Firewall Throughput (Gbps) 50/1101 78/1101 78/1101

VPN Throughput (Gbps) 7/501 11/501 23.5/501

IPS Recommended Profile (Gbps) 6 8 9.9

Connections Per Second (K) 130/3001 170/3001 198/3001

Concurrent Sessions (M) 102 132 282

Network

10/100/1000Base-T/Max Ports 13/37 13/37 13/37

1000Base-F SFP (MAX Ports) 36 36 36

10GBase-F SFP+ (MAX Ports) 12 13 13

40GBase-F MAX Ports NA NA NA

Expansion Slot 3 3 3

Fail-Open/Bypass NIC Option No No No

Additional Features

Storage 2x500 GB RAID 1 2x500GB RAID 1 2x500GB RAID 1

Memory / Max 12/24 GB 16/64 GB 16/64 GB

LOM Card Included Included Included

Virtual Systems

Default/Max VS Supported 125/2502 150/2502 150/2502

Physical

Enclosure 2U 2U 2U

Weight 26kg (57.4 lbs) 26kg (57.4 lbs) 26kg (57.4 lbs)

Power

Hot-Swappable Power Supplies 2 AC 2 AC 2 AC


Single Power Supply Rating 910W 1200W 1200W

Power Consumption (Max) 449W/744W1 489W/784W1 489W/784W1

DC Option Optional3 Optional3 Optional3

Security Gateway Appliances (released before 2016 continued)



May 11, 2016

1 Assumes maximum production throughput with real-world traffic blend, a typical rule-base size, NAT and logging enabled and the most secure threat prevention protection2 With 4 x SSM160

41000 61000

Data Center, Telco, Carrier Grade


SecurityPower 3200 to 11000 3200 to 33000

Firewall (Gbps) Up to 40 Up to 120

Firewall and IPS (Gbps) Up to 25 Up to 70


Firewall Throughput (Gbps) Up to 80 Up to 400

VPN Throughput (Gbps) Up to 40 Up to 110

IPS Recommended Profile (Gbps) Up to 44 Up to 130

Connections Per Second (K) Up to 1100 Up to 3000

Concurrent Sessions (M) Up to 80 Up to 210

Network

10/100/1000Base-T/Max Ports 14 28

1000Base-F SFP (MAX Ports) 14 28

10GBase-F SFP+ (MAX Ports) 30 602

40GBase-F MAX Ports 4 82

Expansion Slot 6 14

Fail-Open/Bypass NIC Option No No

Additional Features

Storage - -

Memory 64 GB 64 GB

LOM Card Included Included

Virtual Systems

Max VS Supported 250 250

Physical

Enclosure 6U 15U

Weight Max: 38.6kg (84.9 lbs) Max: 65.84kg (145.2 lbs)

Power

Hot-Swappable Power Supplies 3 AC or 2 DC 4 AC or 2 DC

Power Input See data sheet

Single Power Supply Rating 1200W@110V; 1500W@220V

2500W @ 208V/230V, 1500W @ 110V (USA), 1300W @ 100V (Japan)

Power Consumption (Max) 2300W 4900W

DC Option Yes Yes

Security Systems



May 11, 2016

1120 1140 1180 1430 1450 1470 1490

Performance

SecurityPower 28 34 37 75 141 194 233

Firewall (Mbps) 20 50 100 900 1100 1600 1800

Threat Prevention (Mbps) 10 25 50 90 150 175 220

Lab (RFC 3511, 2544, 2647, 1242 Performance Tests)

Firewall Throughput (Gbps) 750 Mbps 1.0 1.5 2 2 3.2 4

Connections Per Second (K) 5 5 5 18 25 30 40

Concurrent Sessions (K) 200 200 200 500 500 500 500

VPN Throughput (Mbps) 140 175 220 250 500 500 1000

Network

Wireless Option 802.11 b/g/n 802.11 b/g/n/ac 802.11 b/g/n and 802.11 n/ac

ADSL2/ADSL2+ (Annex A or B) Yes - -

10/100/1000Base-T/Max Ports 10 8 18

Additional Features

Security Architecture Embedded GAiA Embedded GAiA Embedded GAiA

3G, 4G Modem Support Yes Yes Yes

SD Card Slot SD Micro SDHC slot Micro SDHC slot

Web-based Management Available Available Available

Central Management Model Enterprise Security Management Enterprise Security Management Enterprise Security Management

Physical

Enclosure Desktop Desktop Desktop

Weight 1.2kg (2.65 lbs) 1.3kg (2.8 lbs) 1.6kg (3.6 lbs)

Power

Power Input 100/240VAC, 50-60Hz 100/240VAC, 50-60Hz 100/240VAC, 50-60Hz

Single Power Supply Rating 12V/2A 24W - 12V/2.5A 30W (ADSL and Wi-Fi models) 12V/3.33A 40W desktop adaptor 12V/5.4A 65W desktop adaptor

Power Consumption (Max) 16.68W 25W (non-Wi-Fi), 30W (Wi-Fi option) 55W (non-Wi-Fi), 60W (Wi-Fi option)

Small Branch Office Security Appliances



May 11, 2016

1200R


SecurityPower 49

Firewall (Mbps) 700

Firewall and IPS (Mbps) 60


Firewall Throughput (Gbps) 2

VPN Throughput (Mbps) 450

Connections Per Second (K) 10

Concurrent Sessions (K) 400

Network

10/100/1000Base-T (Max) 6

1000Base-F (Max) 2

Additional Features

3G/4G Yes

Serial Console Port Yes

Mount Options DIN rail

Central Management Model Enterprise Security Management

Certifications

Industrial IEC 61850-3, IEEE 1613, IEC 60068-2

Operating Environment

Temperature -40°to167°F / -40° to 75°C

Humidity 20%-90% (non-condensing)

Physical

Enclosure Desktop

Weight 1.2 kg (2.65 lbs.)

Power

AC 100-240V, 50–60 Hz

DC 12V-72V, -48V DC

Power Consumption (Max) 15W

Rugged Appliances1

1 Also see the [Siemens RUGGEDCOM APE (Application Processing Engine) Line Module]

http://w3.siemens.com/mcms/industrial-communication/en/rugged-communication/products/switches-routers-layer-3/Pages/ape-module.aspx



May 11, 2016

X20 X30 X50 X60 X80-S

Performance

Firewall IMIX Chassis Throughput (Gbps) Up to 5 Up to 10 Up to 18 Up to 70 Up to 140

XOS Stateful Connections Per Second Up to 120K Up to 120K Up to 150K Up to 300K Up to 600K

XOS Stateless Connections Per Second NA (not enabled) NA (not enabled) Up to 220K Up to 550K Up to 1.1M

Maximum Concurrent Connections 8M 8M 18M 70M 100M

Network

Interfaces 10 x 1Gb SFP ports 10 x 1Gb SFP ports; 2 x 10Gb XFP ports Up to 16 x 10/1Gb SFP+ ports Up to 32 x 1Gb SFP/10Gb SFP+

(16 per NPM)Up to 64 x 1Gb SFP/10Gb SFP+

(16 per NPM)

Modules Support 1 NPM-x, up to 2 APM-x, and 1 CPM-x (included) Up to 2 NPM-x, up to 5 APM-x, up to 2 CPM-x

Up to 4 NPM-x, up to 10 APM-x, up to 2 CPM-x

Maximum Modules Up to 4 Up to 7 Up to 14

Application Processor Module (APM) Details

Processors (per APM) 8 core 4, 8 or 12 core options

System Memory (per APM) Up to 16 GB Up to 12 GB Up to 24 GB

Disk Size (per APM) Up to 2 x 500GB SATA Hard Drives with RAID 1 Up to 2 x 450GB SAS with RAID 1

Additional Features

Check Point Software Security Gateway R77, R76, R75.40, R75.40VS, R75.20, R75, R71.10; Firewall-1 GX 5.0

Supported Operating System XOS 9.0.x, 9.5.x, 9.6.x and 9.7.x

High Availability Options Dual Box High Availability (DBHA) with another chassis of the same model

System Management X-Series Management System (XMS), Greenlight Elelment Manager (GEM), Command line interface (CLI) with automated workflow system (AWS), SNMP v1 v2 v3 and NetFiow v5 v9 v10 support

Physical

Form Factor / Size 13.5” H, 17.5” W, 19” D 29” H, 17.5” W, 17.5” D

Environment Temperature 0 to 40’ C (32-104’F); Humidity: 10%- 90% non-condensing; Altitude: 3048m (10,000ft.)

Certification FIPS 140-2 Certified; Under evaluation for Common Criteria EAL4+ Network Equipment Building System (NEBS) Compliant; Under evaluation for Common Criteria EAL4+

Chassis Regulatory Compliance RoHS, UL 60950, IEC 950, FCC 47 CFR Part 15 Class A, EN 55022: EN 55024, VCCI V-3: AS/NZS 3548: 1995 : CNS 13438 Class A

Green IT Compliancy High-efficiency power system up to 91 percent, WEEE Directive, ISO 14001, RoHS compliant

Power

Power Specifications 100-240 VAC 2,700W Rated Maximum 100-240 VAC 5,100W Rated Maximum or 48V DC 100A

Hot-Swappable PSUs (per system) Ships with 2 x 1,200W 120-240 VAC PSUs 4 PSUs supported

Status Indicators Power Supply and Module Active I Failed status LED, Port Link (NPM, CPM), Minor/Major/Critical Alarm LEDs

X-Series Platforms



May 11, 2016

1 Actual performance figures may change per network configuration, traffic type, etc. 2 Throughput is measured with behavioral and signature protections using the eCommerce protection profile3 External fiber fail-open switch with SFP ports is available at additional cost 4 External fiber fail-open switches with SFP or XFP ports are available at additional cost

506 1006 2006 4412 8412 12412 10420 20420 30420 40420

Network Grade Enterprise Datacenter Carrier

Performance1

Capacity (Gbps)2 0.5 1 2 4 8 14 10 20 30 40

Throughput (Gbps)2 0.5 1 2 4 8 12 10 20 30 40

Max Concurrent Sessions (M) 2 2 2 4 4 4 6 6 6 6

Max DoS Flood Attack Prevention Rate (M)(pps) 1 1 1 10 10 10 25 25 25 25

Latency < 60 micro seconds

Real-time Signatures Detect and protect against attacks in less than 18 seconds

Network

Inspection Ports

10/100/1000 Copper Ethernet 4 4 4 8 8 8 - - - -

1GbE Fiber (SFP) 2 2 2 4 4 4 - - - -

10GbE Fiber (XFP) - - - 4 4 4 - - - -

1/10 GbE (SFP+) - - - - - - 20 20 20 20

40 GbE (QSFP+) - - - - - - 4 4 4 4

Management Ports

10/100/1000 Copper 2 2 2 2 2 2 2 2 2 2

RS-232 Console 1 1 1 1 1 1 1 1 1 1

Operation Mode

Network Operation Transparent L2 Forwarding

Deployment Modes In-line; span port monitoring; copy port monitoring; local out-of-path; out-of-path mitigation (scrubbing center solution)

Tunneling protocols support VLAN Tagging, L2TP, MPLS, GRE, GTP

IPv6 Support IPv6 networks and block IPv6 attacks

Policy Action Block and Report; Report Only

Block Actions Drop packet, reset (source, destination, both), suspend (source, source port, destination, destination port or any combination); Challenge-Response for HTTP and DNS attacks

High Availability

Fail-open / Fail-closeInternal fail-open/fail-close for copper ports;

internal fail-close for SFP ports; optional fail-open for SFP ports3

Internal fail-open/fail-close for copper ports; internal fail-close for SFP and XFP ports; optional fail-open for SFP and XFP ports4

Internal fail-close for SFP+ and QSFP+ ports; optional fail-open for SFP+ and QSFP+ ports4

Clustering Active-Passive Cluster

Physical

Enclosure 1U 2U

Power

Dual Power Supply Optional Yes - Hot Swappable

Power Consumption (Max) 177W 476W 634W

DDoS Protector



May 11, 2016

Virtual Systems Appliances4400

Single Unit4400 VSLS

4600 Single Unit

4600 VSLS

4800 Single Unit

4800 VSLS

5600 Single Unit

5600 VSLS

5800 Single Unit

5800 VSLS

12200 Single Unit

12200 VSLS

Performance

Firewall Throughput (Gbps) 5 9 9 16.2 11 19.8 25 45 35 63 15 27

VPN Throughput (Gbps) 1.2 2.1 1.5 2.7 2 3.6 6.5 11 10 18 2.5 4.5

Concurrent Sessions (M) 1.2 1.4 1.2 1.4 3.31 3.91 6.4 11 6.4 11 51 61

12400 Single Unit

12400 VSLS

12600 Single Unit

12600 VSLS

13500 Single Unit

13500 VSLS

13800 Single Unit

13800 VSLS

15400 Single Unit

15400 VSLS

15600 Single Unit

15600 VSLS

Performance

Firewall Throughput (Gbps) 25 45 30 54 77 138.6 77 138.6 58 104 77 139

VPN Throughput (Gbps) 3.5 6.3 6 10.8 17 30.6 18.3 32.9 10.8 19 15.8 28

Concurrent Sessions (M) 51 61 51 61 281 33.61 281 33.61 9.61 161 12.81 211

21400 Single Unit

21400 VSLS

21700 Single Unit

21700 VSLS

21800 Single Unit

21800 VSLS

23500 Single Unit

23500 VSLS

23800 Single Unit

23800 VSLS

Performance

Firewall Throughput (Gbps) 50 90 78 140.4 78 140.4 116 209 128 230

VPN Throughput (Gbps) 7 12.6 11 27 23.5 42.3 26 46 26 46

Concurrent Sessions (M) 101 121 131 15.61 281 33.61 25.6 42 28 46

Public and Private Cloud Virtual AppliancesVMware ESX

4.0/4.1VMware vSphere

5/5.1/5.5VMware vShpere

6.0/6.1VMware NSX Manager 6.1.x

KVM Microsoft Hyper-V Amazon AWS Microsoft Azure OpenStack

vSEC Network Mode vSEC Hypervisor Mode Security Management Multi-Domain Security Management

1 With memory upgrade and GAiA OS



May 11, 2016

= Available

Software Blades Appliance Comparison ChartNGFW NGDP NGSWG NGTP NGTX

23800 23500 21800 21700 21400 15600 15400 13800 13500 12600 12400 12200 5800 5600 5400 5200 4800 4600 4400 4200 3200 2200 1200R 1400 1100



May 11, 2016

NGFW NGDP NGSWG NGTP NGTX

Security Gateway Software Blades

Firewall Identity Awareness IPsec VPN Advanced Networking & Clustering Mobile Access IPS Application Control DLP URL Filtering Antivirus Anti-Spam Anti-Bot SandBlast Threat Emulation SandBlast Threat Extraction Security Management Software Blades

Network Policy Management Logging & Status SmartEvent

= Included

Optional Security Management Software Blades available: SmartWorkflow, Monitoring, Management Portal, User Directory, SmartProvisioning, SmartReporter, SmartEvent, Endpoint Policy Management, Compliance

Software Blades Appliance Comparison Chart (Continued)

Mobile Access Sofware Blade:The 23000, 21000, 15000, 13000, 12000, 5000, 4000, 3200 and 2200 include 5 users in the default package and this can be extended using the Mobile Access packagesThe 1200R includes Mobile Access for 20 usersThe 1430, 1450, 1470, 1490 includes Mobile Access for 100 usersThe 1120, 1140, 1180 includes Mobile Access for 5, 10 and 20 users respectively

©2016 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non-confidential content | November 22, 2016 | Page 1

Check Point 15600 Appliance | Datasheet

Large enterprise security,

performance and reliability

Product Benefits

High performance protection against the most advanced cyber attacks

most sophisticated zero day attack

Optimized for inspecting SSL encrypted traffic

Future-proofed technology

Centralized control and LOM improves serviceability

Modular, expandable chassis with flexible I/O options

Product Features

3,850 Security

Simple deployment and management

Virtual Systems consolidates security onto one device

High port density with 40 GbE option

Redundant AC or DC power supplies, fans and disk drives eliminate single point of failure

The Check Point 15600 Next Generation Security Gateway combines the most

comprehensive security protections with data center grade hardware to maximize

uptime while safeguarding enterprise and data center networks. The 15600 is a 2U

Next Generation Security Gateway with three I/O expansion slots for high port

capacity, redundant AC or DC power supplies and fans, a 2x 1TB (HDD) or 2x 480GB

(SSD) RAID1 disk array, and Lights-Out Management (LOM) for remote management.

15600 Next Generation Security

Gateway with the 40 GbE IO card option.

The rapid growth of malware, growing attacker sophistication and the rise of new

unknown zero-day threats require a different approach to keep enterprise networks

and data secure. Check Point delivers fully integrated, comprehensive Threat

Prevention with award-

for complete protection against the most sophisticated zero-day threats.

Unlike traditional solutions that are subject to evasion techniques, introduce

unacceptable delays, or let potential threats through while evaluating files, Check

Point SandBlast stops more malware from entering your network. With our solution

their productivity.

Firewall IPS NGFW1 Threat Prevention

2

76 Gbps 18 Gbps 17 Gbps 5.7 Gbps

Performance measured under ideal testing conditions. Additional performance detailed on page 5.

1 Includes Firewall, Application Control, and IPS Software Blades.

2 Includes Firewall, Application Control, URL Filtering, IPS, Antivirus, Anti -Bot and SandBlast Zero-Day Protection Software Blades.

2 Includes Firewall, Application Control, URL Filtering, IPS, Antivirus, Anti -Bot and SandBlast Zero-Day Protection Software Blades.

5.7 Gbps



Check Point 15600 Next Generation Security Gateways offer

a complete and consolidated security solution available in

two complete packages:

NGTP: prevent sophisticated cyber-threats with

Application Control, URL Filtering, IPS, Antivirus,

Anti-Bot and Email Security.

NGTX: NGTP with SandBlast Zero-Day Protection,

which includes Threat Emulation and Threat

Extraction.

The 15600 Next Generation Security Gateway protects

organizations from both known and unknown threats with

Antivirus, Anti-Bot, SandBlast Threat Emulation

(sandboxing), and SandBlast Threat Extraction technologies.

As part of the Check Point SandBlast Zero-Day Protection

solution, the cloud-based Threat Emulation engine detects

malware at the exploit phase, even before hackers can apply

evasion techniques attempting to bypass the sandbox. Files

are quickly quarantined and inspected, running in a virtual

sandbox to discover malicious behavior before it enters your

network. This innovative solution combines cloud-based

CPU-level inspection and OS-level sandboxing to prevent

infection from the most dangerous exploits, and zero-day and

targeted attacks.

Furthermore, SandBlast Threat Extraction removes

exploitable content, including active content and embedded

objects, reconstructs files to eliminate potential threats, and

promptly delivers sanitized content to users to maintain

business flow.

NGTP NGTX

(SandBlast)

Prevent known threats

Prevent known and zero-day

attacks

Firewall

VPN (IPsec)

IPS

Application Control

URL Filtering

Anti-Bot

Anti-Virus

Anti-Spam

SandBlast Threat Emulation

SandBlast Threat Extraction

Customers with high connection capacity requirements can

purchase the affordable High Performance Package (HPP).

This includes the base system plus one 4x 10Gb SFP+

interface cards, transceivers and 32 GB of memory for high

connection capacity.

The Check Point 15600 Next Generation Security Gateway

delivers business continuity and serviceability through

features such as hot swappable redundant AC or DC power

supplies, hot-swappable redundant disk drives (RAID),

redundant fans and an advanced LOM card for out-of-band

management. Combined together, these features ensure a

greater degree of business continuity and serviceability when

A Lights-Out-Management (LOM) card provides out-of-band

remote management to remotely diagnose, start, restart and

manage the Next Generation Security Gateway from a

remote location. Administrators can also use the LOM web

interface to remotely install an OS image from an ISO file.

High speed connections are essential in modern enterprise

and data center environments, especially those with high-

40 GbE, so is the 15600 Next Generation Security Gateway.

The Check Point 15600 lets you connect your 10 GbE server

uplinks to your 40 GbE core network with up to 4x 40 GbE

ports.

Check Point Virtual Systems enable organizations to

consolidate infrastructure by creating multiple virtualized

security gateways on a single hardware device, offering

significant cost savings with seamless security and

infrastructure consolidation.

Base HPP Max

1 GbE ports (Copper) 10 10 26

10 GbE ports (Fiber) 2 6 12

Transceivers (SR) 2 6 12

40 GbE ports (Fiber) 0 0 4

RAM 16GB 32GB 64GB

HDD or SSD 2 2 2

AC or DC Power Units 2 2 2

Lights Out Management Included Included Included



BASE CONFIGURATION 1

15600 Next Generation Security Gateway Base Configuration, includes 10x1GbE copper ports, 2 10GbE SFP+ ports + 2 SR transceivers, 16GB RAM, 2 HDD, 2 AC Power Units, Lights Out Management (LOM), Next Generation Threat Prevention (NGTP) Security Subscription Package for 1 Year .

CPAP-SG15600-NGTP

15600 SandBlast Next Generation Security Gateway Base Configuration, includes 10x1GbE copper ports, 2 10GbE SFP+ ports + 2 SR transceivers, 16GB RAM, 2 HDD, 2 AC Power Units, Lights Out Management (LOM), SandBlast (NGTX) Security Subscription Package for 1 Year

CPAP-SG15600-NGTX

HIGH PERFORMANCE PACKAGES 1

15600 Next Generation Security Gateway with High Performance Package, includes10x1GbE copper ports, 6x10Gb SFP+ ports, 6 SR transceivers, 32 GB RAM, 2 HDD, 2 AC Power Units, Lights Out Management (LOM), Next Generation Threat Prevention (NGTP) Security Subscription Package for 1 Year

CPAP-SG15600-NGTP-HPP

15600 Next Generation Security Gateway with High Performance Package, includes10x1GbE copper ports, 6x10Gb SFP+ ports, 6 SR transceivers, 32 GB RAM, 2 HDD, 2 AC Power Units, Lights Out Management (LOM), Next Generation Threat Extraction (SandBlast) Security Subscription Package for 1 Year

CPAP-SG15600-NGTX-HPP

VIRTUAL SYSTEM PACKAGES 1

15600 Next Generation Security Gateway with High Performance Package, includes 10x1GbE copper ports, 6x10GbE SFP+ ports + 6 SR transceivers, 32GB RAM, 2 HDD, 2 AC Power Units, Lights Out Management (LOM), Next Generation Threat Prevention (NGTP) Security Subscription Package for 1 Year and 20 Virtual Systems

CPAP-SG15600-NGTP-HPP-VS20

Two 15600 Next Generation Security Gateways with High Performance Package, includes 10x1GbE copper ports, 6x10GbE SFP+ ports + 6 SR transceivers, 32GB RAM, 2 HDD, 2 AC Power Units, Lights Out Management (LOM), Next Generation Threat Prevention (NGTP) Security Subscription Package for 1 Year and 20 Virtual Systems

CPAP-SG15600-NGTP-HPP-VS20-2

15600 Next Generation Security Gateways with High Performance Package, includes 10x1GbE copper ports, 6x10GbE SFP+ ports + 6 SR transceivers, 32GB RAM, 2 HDD, 2 AC Power Units, Lights Out Management (LOM), Next Generation Threat Extraction (SandBlast) Security Subscription Package for 1 Year and 20 Virtual Systems

CPAP-SG15600-NGTX-HPP-VS20

Two 15600 Next Generation Security Gateways with High Performance Package, includes 10x1GbE copper ports, 6x10GbE SFP+ ports + 6 SR transceivers, 32GB RAM, 2 HDD, 2 AC Power Units, Lights Out Management (LOM), Next Generation Threat Extraction (SandBlast) Security Subscription Package for 1 Year and 20 Virtual Systems

CPAP-SG15600-NGTX-HPP-VS20-2

1SKUs for 2 and 3 years and appliances with an SSD option are also available, see the online Product Catalog

Graphic LCD display

2 x 1 TB (HDD) or 2x 480GB (SSD) RAID1

Three network card expansion slots (HPP)

USB ports for ISO installation

Console port

Lights-Out Management port

Sync 10/100/1000Base-T RJ45

Management 10/100/1000Base-T RJ45

4 3

1 2

5

6

7

8

1

2

3

4

5

6

7

8



INTERFACE CARDS AND TRANSCEIVERS

8 Port 10/100/1000 Base-T RJ45 interface card CPAC-8-1C-B

4 Port 1000Base-F SFP interface card; requires additional 1000Base SFP transceivers CPAC-4-1F-B

SFP transceiver module for 1G fiber ports - long range (1000Base-LX) CPAC-TR-1LX-B

SFP transceiver module for 1G fiber ports - short range (1000Base-SX) CPAC-TR-1SX-B

SFP transceiver to 1000 Base-T RJ45 (Copper) CPAC-TR-1T-B

4 Port 10GBase-F SFP+ interface card CPAC-4-10F-B

SFP+ transceiver module for 10G fiber ports - long range (10GBase-LR) CPAC-TR-10LR-B

SFP+ transceiver module for 10G fiber ports - short range (10GBase-SR) CPAC-TR-10SR-B

2 Port 40GBase-F QSFP interface card CPAC-2-40F-B

QSFP transceiver module for 40G fiber ports - short range (40GBase-SR) CPAC-TR-40SR-QSFP-300m

QSFP transceiver module for 40G fiber ports - long range (40GBase-LR) CPAC-TR-40LR-QSFP-10K

4 Port 1GE copper Bypass (Fail-Open) network interface card (10/100/1000 Base-T) CPAC-4-1C-BP-B

2 Port 10GE short-range Fiber Bypass (Fail-Open) network interface card (10GBase-SR) CPAC-2-10-FSR-B-BP

SPARES AND MISCELLANEOUS

Memory upgrade kit from 16GB to 32GB for 15600 appliance CPAC-RAM16GB-15600



Additional/Replacement 1 TB hard drive for 15000 and 23000 Appliances CPAC-HDD-1TB-B

Replacement AC power supply for 15000 Appliances CPAC-PSU-AC-15000

Dual DC power supplies for 15000 and 23000 appliances CPAC-PSU-DC-Dual-15000/23000

Replacement fan cartridge for 15000 and 23000 appliances CPAC-FAN-B

Slide rails for 15000 and 2 - CPAC-RAIL-L

Extended slide rails for 15000 and 23000 Appliances (26 - CPAC-RAIL-EXT-L

Redundant AC or DC power supplies

Cooling fans

1

2

1 2



Performance

Ideal Testing Conditions

76 Gbps of UDP 1518 byte packet firewall throughput

18 Gbps IPS

17 Gbps of NGFW1

5.7 Gbps of Threat Prevention2

15.8 Gbps of AES-128 VPN throughput

185,000 connections per second, 64 byte response

6.4 to 25.6 million concurrent connections, 64 byte response3

Real-World Production Conditions

3,850 SecurityPower Units

30 Gbps of firewall throughput

8 Gbps IPS

5.2 Gbps of NGFW1

2.5 Gbps of Threat Prevention2

Virtual Systems

Maximum VS (base/HPP/max memory): 60/80/125

Your performance may vary depending on different factors.

Contact a Check Point Partner to find an appliance that

matches your unique requirements.

1. Includes Firewall, Application Control and IPS Software Blades. 2. Includes Firewall, Application

Control, URL Filtering, IPS, Antivirus, Anti-Bot and SandBlast Zero-Day Protection Software

Blades. 3. Performance measured with default/maximum memory.

Expansion Options

Base Configuration (using 2 of 3 expansion slots)

2 on-board 10/100/1000Base-T RJ-45 ports

8x 10/100/1000Base-T RJ-45 IO card

2 x 10GBaseF SFP+ IO card

16 GB memory (32 and 64 GB options)

Redundant dual hot-swappable power supplies (AC or DC)

Redundant dual hot-swappable 1TB HDD or 480GB SSD

Lights-Out-Management (LOM)

Network Expansion Slot Options

8x 10/100/1000Base-T RJ45 port card, up to 24 ports

4x 1000Base-F SFP port card, up to 12 ports

4x 10GBase-F SFP+ port card, up to 12 ports

2x 40GBase-F QSFP port card, up to 4 ports

Fail-Open/Bypass Network Options

4x 10/100/1000Base-T RJ45 port card

2x 10GBase-F SFP+ port card

Network

Network Connectivity

Total physical and virtual (VLAN) interfaces per appliance: 1024/4096 (single gateway/with virtual systems)

802.3ad passive and active link aggregation

Layer 2 (transparent) and Layer 3 (routing) mode

High Availability

Active/Active and Active/Passive - L3 mode

Session failover for routing change, device and link failure

ClusterXL or VRRP

IPv6

NAT66, NAT64

CoreXL, SecureXL, HA with VRRPv3

Unicast and Multicast Routing (see SK98226)

OSPFv2 and v3, BGP, RIP

Static routes, Multicast routes

Policy-based routing

PIM-SM, PIM-SSM, PIM-DM, IGMP v2, and v3

Physical

Power Requirements

Single Power Supply rating: AC(600W), DC(800W)

AC power input: 90 to 264V (47-63Hz)

DC input current: -40.5V/24A -48V/19.2A, -60V/16.0A

Power consumption avg/max: AC200/297W, DC262.6/297W

Maximum thermal output: 1013.4 BTU/hr.

Dimensions

Enclosure: 2RU

Dimensions (W x D x H): 17.4x20.84x3.5 in.( 442x529x88mm)

Weight: 31.5 lbs. (14.3 kg)

Environmental Conditions

Operating: 0° to 40°C, humidity 5% to 95%

Storage: 40° to 70°C, humidity 5% to 95% at 60°C

Certifications

Safety: UL, CB, CE, TUV GS

Emissions: FCC, CE, VCCI, RCM/C-Tick

Environmental: RoHS, REACH1, ISO14001

1

1 factory certificate

US Worldwide Headquarters | 5 67897, Israel | 972-3-753-4555 | 972-3-624-1100 | [email protected]

U.S. Headquarters | 959 300, 94070 | 800-429-4391; 650-628-2000 | 650-654-4233 | www.checkpoint.com

hreat Prevention2

2.5 Gbps of Threat Prevention

1. Includes Firewall, Application Control and IPS Software Blades. 2. Includes Firewall, Application

Control, URL Filtering, IPS, Antivirus, Anti-Bot and SandBlast Zero-Day Protection Software

Blades. 3. Performance measured with default/maximum memory.

8 Gbps IPS

hreat Prevention2

5.7 Gbps of Threat Prevention

©2016 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non-confidential content

April 2016

Check Point Real World Performance Testing | White Paper

1

CHECK POINT REAL WORLD PERFORMANCE TESTING

NEXT GENERATION THREAT

PREVENTION DEMANDS REAL

WORLD METRICS

SECURITYPOWER IS A REAL

WORLD PERFORMANCE

METRIC

RFC BASED TESTING METRICS

LEAD TO NUMEROUS ERRORS

IN APPLIANCE SIZING

In the past, appliance selection was based on one criterion – firewall throughput. The

security appliance was tested in lab conditions with a simple firewall -only security

policy with only one allow-all traffic rule. Though the results of these tests yielded a

very high throughput number, it did little to forecast the capability to meet customers’

security requirements in real world conditions. In essence, it equated to measuring the

power of a car only by its maximum speed, driving downwind and downhill.

With increasing security threats and their sophistication in today’s world, threat

prevention appliances must perform advanced security functions under constantly

rising traffic volumes. In this new environment, it can be challenging to choose the

right appliance to meet your security objectives, performance requirements, and

growth expectations. CPU core counts, quantity of RAM, and Network Interface Card

(NIC) speed alone are not enough to determine how a given hardware appliance will

perform in the real world. We need a new metric that takes into account how

underlying components combine to deliver a realistic threat prevention work load .

SecurityPower is that new metric.

SecurityPower The new way to measure the real power of security appliances

Old Way

Firewall Throughput

Based on lab

conditions

Only Firewall Security

Single firewall

rule

New Way

SecurityPower

Based on real-world customer

traffic

Advanced security

functions

Typical security policy


April 2016


2

REAL WORLD PERFORMANCE CAPABILITY AND CAPACITY OF SECURITY APPLIANCES

WHAT IS SECURITYPOWER? SecurityPower is a new measure of the real power of security appliances. A

benchmark measuring the capability and capacity of an appliance, SecurityPower

tests multiple advanced security functions (Software Blades) such as IPS, Application

Control, Antivirus, URL Filtering, and DLP, using real world traffic conditions and a

typical security policy. SecurityPower provides an effective metric in evaluating an

appliance, predicting its current and future behavior under security attacks and day-to-

day operation. SecurityPower capacity can be measured by third parties, both for

Check Point appliances as well as security appliances of other vendors.

REAL WORLD VS IDEAL TESTING When you examine the detail of performance testing figures on vendor datasheets

how often do you see the caveat “Performance and capacities are measured under

ideal testing conditions”? Sizing and capacity decisions based on such figures cannot

be trusted. In “Ideal testing conditions” the very security that you need to mitigate

threats to your organization may be disabled.

You need a meaningful benchmark to make an informed decision when purchasing

your new security appliance. The Check Point SecurityPower benchmark differs

distinctly from “Ideal testing conditions” benchmarks.

Real World Ideal Testing Conditions

Signatures Latest, up to date IPS

recommended signatures Out of the box signatures

Security Policy Realistic security policy with 100

rules matching test profile traffic Any-Any-Any-Accept

Traffic Blend A real life mix of HTTP, SMTP,

HTTPS, DNS, FTP and other

protocols derived from research

conducted over hundreds of

customer environments

Simple large, HTTP transactions

Traffic Content Real world content as seen in

customer environments, e.g.

HTTP traffic from popular web

pages; Google, Amazon,

Facebook, etc.

Simple repetitive content

Features Logging and NAT enabled Logging and NAT disabled

Recommended Signatures

The Check Point Security Research Group is responsible for our “Recommended IPS

Profile”. Emerging IPS signatures detect the most important and current attacks whilst

maintaining a relatively predictable performance impact. The Check Point

SecurityPower benchmark includes the latest available and recommended signatures.

This is used in the performance testing of our security appliances and available in our

published datasheets.

Appliance Performance


April 2016


3

PRACTICAL APPLICATION OF SECURITY POWER UNITS LEVERAGE APPLIANCE SIZING TOOL TO CONVERT CUSTOMER NEEDS TO REQUIRED SPUs

HOW TO USE SECURITYPOWER UNITS (SPU)? Security requirements can be converted into a SecurityPower value. Each Check Point

appliance has a SecurityPower capacity as measured by our performance labs. We

compare your needs against the real-world capabilities of our appliances allowing you

to determine which appliances meet your needs today and in the future.

APPLIANCE SIZING TOOL Traditional stateful inspection requires relatively little processing power compared to

advanced security functions such as Application Control, Antivirus, or IPS which

requires much deeper analysis and consumes more system resources. With Check

Point you can consolidate these security functions into a single platform, reducing

costs and improving your security posture. Our Appliance Sizing Tool combines two

key metrics to help you select the correct appliance:

Throughput

Required security functions

We translate your environment and security requirements into a required

SecurityPower value. This value is then checked against the SecurityPower Capacity

offered by Check Point appliances. The end result of the comparison is a small set of

recommended appliances appropriate for you.


April 2016


4

APPLIANCE SIZING TOOL PROVIDES ROOM TO GROW INTERNET TRAFFIC BLEND REFLECTS TYPICAL MIX OF TRAFFIC SEEN THROUGH AN INTERNET GATEWAY WITH PREDOMINANTLY WEB BROWSING TRAFFIC GROWING TREND IN HTTPS TRAFFIC DATA CENTER TRAFFIC BLENDS TYPICALLY CONSUME 20% MORE SPU

SECURITYPOWER TEST METHODOLOGY When assessing the capacity required from an appliance three key factors must be

consistent:

Configuration of the device under test (DUT)

The load testing apparatus

The traffic profile

The configuration of the device and the load testing apparatus is consistent for all

Check Point appliances. See our General Assumptions and Testing Methodology.

To reflect different deployment scenarios, we define two different traffic profiles: the

Data Center and Internet blends. These traffic blends are the result of in-depth

customer analysis.

Internet Traffic Blend

Represents the type of Internet traffic, security appliances handle on a day-

to-day basis.

Consists of the following Streams/Protocols: HTTP; HTTPS; SMTP; DNS;

POP3; FTP; Telnet.

The majority of the traffic is Internet Access (HTTP).

The growing trend in Internet traffic blend towards HTTPS encryption is built into the

Appliance Sizing Tool and we are able to factor a specific proportion of customer

traffic from the basic mix above (10% HTTPS) all the way up to 100% HTTPS.

Data Center Traffic Blend

The Data Center blend reflects the predominance of the following traffic

characteristics:

Web Services, File Stores, Authentication Services, Line-of-Business

Applications, Custom Applications and Data Intensive Applications.

Consists of the following Stream/Protocols: HTTP, HTTPS, SMTP,

SMB_CIFS, SQL, NFS, SMB_DCERPC, Oracle, DNS, LDAP, SSH, FTP.

The Data Center traffic blend consumes approximately 20% more SPU than the

Internet traffic blend.

https://sc1.checkpoint.com/uc/images/pricelist/TestingMethodology_v4.html


April 2016


5

ENSURE POC EXERCISES COMPARE APPLES WITH APPLES


Protocol Content Action Per Cent

HTTP Amazon Home Page HTTP GET -> 676K 16%

Yahoo Home Page HTTP GET -> 292K 16%

Facebook Home Page HTTP GET -> 271K 16%

Google Home Page HTTP GET -> 41K 17%

Google Mail HTTP GET of Gmail index.html file, 21K 2%

HTTP Post 100K PDF File 1%

SMTP SMTP 17K MIME Message with PDF attachment 7%

SMTP 100K MIME Message with Word attachment 6%

HTTPS HTTPS 10K HTTPS GET of 10K file 5%

HTTPS 100K HTTPS GET of 100K file 5%

Other DNS DNS Query 6%

POP3 Message size: 256-512 bytes 1%

Telnet Login; cd /disk/images; ls 1%

FTP FTP GET, 1MB file 1%

SECURITY SHORTCUTS Whilst we strive to introduce the real world to performance testing, we know the

playing field is not level. The configuration of modern security appliances has a

massive impact on performance and throughput capacity. If you remove or disable

certain aspects of traffic inspection, an appliance will perform better.

This is a problem in Proof of Concept (PoC) exercises. Frequently these exercises

comprise a sequence of tests, some of which focus on performance, whilst others on

the effectiveness of the security. It is crucial that all testing combines both of these

elements and delivers an accurate reflection of the relative capabilities of the solution .

The traffic load used for testing must include a variety of threat vectors e.g. transport

over HTTP, Email, and SMB etc. whilst also employing evasion techniques. Results

must measure both the throughput achieved and the number of threats detected for an

accurate reflection of the relative capabilities. Further information regarding PoC Best

Practice and security shortcuts can be found here: http://tiny.cc/poc-shortcuts.

SUMMARY Performance testing is a complex business; the permutations of configuration are so

vast that exact answers are impossible. Check Point provides a practical means to

assess your security and traffic throughput requirements, translating those into a

solution to meet your needs today and in the future.

CONTACT US Worldwide Headquarters | 5 Ha’Solelim Street, Tel Aviv 67897, Israel | Tel: 972-3-753-4555 | Fax: 972-3-624-1100 | Email: [email protected]

U.S. Headquarters | 959 Skyway Road, Suite 300, San Carlos, CA 94070 | Tel: 800-429-4391; 650-628-2000 | Fax: 650-654-4233 | www.checkpoint.com


HTTP

SMTP

HTTPS

OTHER

http://tiny.cc/poc-shortcuts

mailto:[email protected]

http://www.checkpoint.com/

· Appliance Comparison Chart ©2016 Check Point Software Technologies Ltd. All rights reserved. Classification: [Protected] — All rights reserved. | 2 fi ...

Documents