Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Vato_Chantladze
Contributor
Contributor

Comparing 15000 series appliances against 6000 series

Hello!

Check Point released a new appliance line of 6000 series and here comes the new challenge. For a customer who wants NGTP functionality and in the scenario where based on sizing 15600 is a perfect match for them, should we go for it or it is even better to go with 6800 model? You see NGTP performance of 6800 is far better by datasheet and price is much lower too.

Enterprise Testing Conditions:

6800 Security Gateway

- 8.9 Gbps of Threat Prevention

15600 Security Gateway

- 7.4 Gbps of Threat Prevention2

Both numbers are provided with R80.20

 

Your opinions?

BR
Vato

0 Kudos
13 Replies
Maarten_Sjouw
Champion
Champion

As far as I can see in our area, we have havy competition from some other vendors especially in these sizes and pricing is really a major difference.
So that said, the 6800 is indeed a bit more powerful but the hardware expansion possibilities are a bit more limited.
So if those limitations are no problem for your environment, I would go for the 6800.
Regards, Maarten
Timothy_Hall
Champion
Champion

Agree with @Maarten_Sjouw here, the 6000 series does have an impressive price/performance profile with slightly more limited expandability than a 15600.  The only drawback for now is the lack of AES-NI support in Gaia even though the underlying 6000 processor architecture supports it, so if IPSec VPNs are heavily used on the prospective gateway that could be a consideration.  (Thanks to @HeikoAnkenbrand for discovering this)  The AES-NI limitation should go away once the 3.10 kernel is available on the various Check Point gateway appliances including the 6000 series, and the 3.10 kernel version of R80.30 is already available in EA here: https://community.checkpoint.com/t5/Enterprise-Appliances-and-Gaia/R80-30-3-10-EA-Program-is-now-ava...

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
Vato_Chantladze
Contributor
Contributor

 

@Timothy_Hall So far I do not have information about processors used in 6000 series appliances. Here DS says they have Augmented SSL Inspection - do they manage encryption/decryption on hardware base also? I need to find out HTTPS inspection capabilities - to compare 6800 and 15600, which model processes encrypted traffic better? 

BR
Vato

0 Kudos
Timothy_Hall
Champion
Champion

I'm not able to determine what "Augmented SSL" actually means for the 6000 series; it may just refer to software improvements in SSL decryption as I don't think there are any special hardware modules in the 6000 series beyond what Intel put in them.  It also could be a reference to the upcoming Falcon accelerator card; supposedly the 6000 uses the same line cards as the 5000 series and the 5000 series will support Falcon.  Although I haven't seen an explicit statement anywhere that the 6000 series will be able to use Falcon.  It is a bit concerning that AES-NI is not currently supported on the 6000 series with kernel 2.6.18 as SSL decryption could definitely take advantage of that.

Here are the processors, along with their SPU benchmarks:

15600: 2x Intel Xeon E5-2630v3, 2.40GHz (Eight-Core), 7400 SPU

6500:  Intel(R) Core(TM) i7-4790S CPU @ 3.20GHz (Eight-Core), 3400 SPU

6800:  Intel(R) Xeon(R) CPU E5-2640 v4 @ 2.40GHz (Ten-Core), 8900 SPU

As far as 15600 vs. 6800 you can see that they use practically the same processor, the 6800 just uses a newer version with 2 extra cores which accounts for the performance bump.  All the other specs at ark.intel.com (bus/memory speed etc) between the two are about the same, with slightly faster bus/memory speeds for the 6800 and some extra SmartCache.

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
Vato_Chantladze
Contributor
Contributor

Thanks for the info!

As you mentioned 15600 used 2x CPUs, 16x physical cores, 32x virtual cores in total. So it has 6x more cores 12x more vcores than 6800. So for me, it is still a bit strange that it has lower SPU.

Still waiting for official info regarding Falcon release date.

BR
Vato

Timothy_Hall
Champion
Champion

When the 15600 was released & originally benchmarked for SPUs, I believe SMT/Hyperthreading was disabled by default. I think the 6000 series has it enabled by default so that might account for the discrepancy.

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
Vato_Chantladze
Contributor
Contributor

Yes, that makes sense

BR
Vato

0 Kudos
genisis__
Leader Leader
Leader

Timothy,

Can you confirm what CPU / cores are in a 6400, and if there is a difference between a 6400 and 6400 plus from a CPU prospective.

0 Kudos
Timothy_Hall
Champion
Champion

I'm pretty sure the CPU for the "Plus" edition of the 6400 is the same as the base 6400; 4 cores (8 hyperthreaded) although I don't know the specific CPU type. The Plus edition includes redundant components, additional memory and network I/O for less than purchasing these items separately.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Marcos_Vieira
Contributor

At this date, 08 of june 2019, 6800-plus is gone from the price list. Now we have 6800-turbo with a higher price. This one does not include any service package (NGTP or NGTX), so you have to add one (there is now the NGFW too) which means an extra cost.  In terms of price 15600 is better.

Aidan_Luby
Collaborator

We noticed this as well. I really wish there was some official information on the reasoning behind the change in licensing and pricing considering these appliances have only be available for a few months.

Ryan_St__Germai
Advisor

I just had a call with checkpoint about this earlier in the week. We are/were in the market for the 6500 appliance but then it jumped in price. If the blades/licensing were included in the price of the appliance for the first year, like the previously were, I wouldn't have any issues with the change. According to the sales guy we talked with the reason for the pricing bump is due to the new flexibility (whatever that means) that comes with these appliances. 

0 Kudos
Maarten_Sjouw
Champion
Champion

there were complaints from partners that the special deal discount levels were no longer possible, so to be able to give more discount you just up the price.
The worst part of this is that the NGTP package is 50% of the appliance price. When you purchase it for 1 year, the discount on that package is the standard subscription discount, however when you purchase it for 3 or more years in advance the discount on the subscription is all the sudden the same as for the appliance itself.
Very confusing...
Regards, Maarten

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events