cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Comparing 15000 series appliances against 6000 series

Hello!

Check Point released a new appliance line of 6000 series and here comes the new challenge. For a customer who wants NGTP functionality and in the scenario where based on sizing 15600 is a perfect match for them, should we go for it or it is even better to go with 6800 model? You see NGTP performance of 6800 is far better by datasheet and price is much lower too.

Enterprise Testing Conditions:

6800 Security Gateway

- 8.9 Gbps of Threat Prevention

15600 Security Gateway

- 7.4 Gbps of Threat Prevention2

Both numbers are provided with R80.20

 

Your opinions?

BR
Vato

0 Kudos
11 Replies

Re: Comparing 15000 series appliances against 6000 series

As far as I can see in our area, we have havy competition from some other vendors especially in these sizes and pricing is really a major difference.
So that said, the 6800 is indeed a bit more powerful but the hardware expansion possibilities are a bit more limited.
So if those limitations are no problem for your environment, I would go for the 6800.
Regards, Maarten
0 Kudos

Re: Comparing 15000 series appliances against 6000 series

Agree with @Maarten_Sjouw here, the 6000 series does have an impressive price/performance profile with slightly more limited expandability than a 15600.  The only drawback for now is the lack of AES-NI support in Gaia even though the underlying 6000 processor architecture supports it, so if IPSec VPNs are heavily used on the prospective gateway that could be a consideration.  (Thanks to @HeikoAnkenbrand for discovering this)  The AES-NI limitation should go away once the 3.10 kernel is available on the various Check Point gateway appliances including the 6000 series, and the 3.10 kernel version of R80.30 is already available in EA here: https://community.checkpoint.com/t5/Enterprise-Appliances-and-Gaia/R80-30-3-10-EA-Program-is-now-ava...

 

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
0 Kudos

Re: Comparing 15000 series appliances against 6000 series

 

@Timothy_Hall So far I do not have information about processors used in 6000 series appliances. Here DS says they have Augmented SSL Inspection - do they manage encryption/decryption on hardware base also? I need to find out HTTPS inspection capabilities - to compare 6800 and 15600, which model processes encrypted traffic better? 

BR
Vato

0 Kudos

Re: Comparing 15000 series appliances against 6000 series

I'm not able to determine what "Augmented SSL" actually means for the 6000 series; it may just refer to software improvements in SSL decryption as I don't think there are any special hardware modules in the 6000 series beyond what Intel put in them.  It also could be a reference to the upcoming Falcon accelerator card; supposedly the 6000 uses the same line cards as the 5000 series and the 5000 series will support Falcon.  Although I haven't seen an explicit statement anywhere that the 6000 series will be able to use Falcon.  It is a bit concerning that AES-NI is not currently supported on the 6000 series with kernel 2.6.18 as SSL decryption could definitely take advantage of that.

Here are the processors, along with their SPU benchmarks:

15600: 2x Intel Xeon E5-2630v3, 2.40GHz (Eight-Core), 7400 SPU

6500:  Intel(R) Core(TM) i7-4790S CPU @ 3.20GHz (Eight-Core), 3400 SPU

6800:  Intel(R) Xeon(R) CPU E5-2640 v4 @ 2.40GHz (Ten-Core), 8900 SPU

As far as 15600 vs. 6800 you can see that they use practically the same processor, the 6800 just uses a newer version with 2 extra cores which accounts for the performance bump.  All the other specs at ark.intel.com (bus/memory speed etc) between the two are about the same, with slightly faster bus/memory speeds for the 6800 and some extra SmartCache.

 

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com

Re: Comparing 15000 series appliances against 6000 series

Thanks for the info!

As you mentioned 15600 used 2x CPUs, 16x physical cores, 32x virtual cores in total. So it has 6x more cores 12x more vcores than 6800. So for me, it is still a bit strange that it has lower SPU.

Still waiting for official info regarding Falcon release date.

BR
Vato

0 Kudos

Re: Comparing 15000 series appliances against 6000 series

When the 15600 was released & originally benchmarked for SPUs, I believe SMT/Hyperthreading was disabled by default. I think the 6000 series has it enabled by default so that might account for the discrepancy.

 

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com

Re: Comparing 15000 series appliances against 6000 series

Yes, that makes sense

BR
Vato

0 Kudos

Re: Comparing 15000 series appliances against 6000 series

At this date, 08 of june 2019, 6800-plus is gone from the price list. Now we have 6800-turbo with a higher price. This one does not include any service package (NGTP or NGTX), so you have to add one (there is now the NGFW too) which means an extra cost.  In terms of price 15600 is better.

Aidan_Luby
Copper

Re: Comparing 15000 series appliances against 6000 series

We noticed this as well. I really wish there was some official information on the reasoning behind the change in licensing and pricing considering these appliances have only be available for a few months.

0 Kudos

Re: Comparing 15000 series appliances against 6000 series

I just had a call with checkpoint about this earlier in the week. We are/were in the market for the 6500 appliance but then it jumped in price. If the blades/licensing were included in the price of the appliance for the first year, like the previously were, I wouldn't have any issues with the change. According to the sales guy we talked with the reason for the pricing bump is due to the new flexibility (whatever that means) that comes with these appliances. 

0 Kudos

Re: Comparing 15000 series appliances against 6000 series

there were complaints from partners that the special deal discount levels were no longer possible, so to be able to give more discount you just up the price.
The worst part of this is that the NGTP package is 50% of the appliance price. When you purchase it for 1 year, the discount on that package is the standard subscription discount, however when you purchase it for 3 or more years in advance the discount on the subscription is all the sudden the same as for the appliance itself.
Very confusing...
Regards, Maarten
0 Kudos