Agree with @Maarten_Sjouw here, the 6000 series does have an impressive price/performance profile with slightly more limited expandability than a 15600.  The only drawback for now is the lack of AES-NI support in Gaia even though the underlying 6000 processor architecture supports it, so if IPSec VPNs are heavily used on the prospective gateway that could be a consideration.  (Thanks to @HeikoAnkenbrand for discovering this)  The AES-NI limitation should go away once the 3.10 kernel is available on the various Check Point gateway appliances including the 6000 series, and the 3.10 kernel version of R80.30 is already available in EA here: https://community.checkpoint.com/t5/Enterprise-Appliances-and-Gaia/R80-30-3-10-EA-Program-is-now-ava...

@Timothy_Hall So far I do not have information about processors used in 6000 series appliances. Here DS says they have Augmented SSL Inspection - do they manage encryption/decryption on hardware base also? I need to find out HTTPS inspection capabilities - to compare 6800 and 15600, which model processes encrypted traffic better? 

BR
Vato

I'm not able to determine what "Augmented SSL" actually means for the 6000 series; it may just refer to software improvements in SSL decryption as I don't think there are any special hardware modules in the 6000 series beyond what Intel put in them.  It also could be a reference to the upcoming Falcon accelerator card; supposedly the 6000 uses the same line cards as the 5000 series and the 5000 series will support Falcon.  Although I haven't seen an explicit statement anywhere that the 6000 series will be able to use Falcon.  It is a bit concerning that AES-NI is not currently supported on the 6000 series with kernel 2.6.18 as SSL decryption could definitely take advantage of that.

Here are the processors, along with their SPU benchmarks:

15600: 2x Intel Xeon E5-2630v3, 2.40GHz (Eight-Core), 7400 SPU

6500:  Intel(R) Core(TM) i7-4790S CPU @ 3.20GHz (Eight-Core), 3400 SPU

6800:  Intel(R) Xeon(R) CPU E5-2640 v4 @ 2.40GHz (Ten-Core), 8900 SPU

As far as 15600 vs. 6800 you can see that they use practically the same processor, the 6800 just uses a newer version with 2 extra cores which accounts for the performance bump.  All the other specs at ark.intel.com (bus/memory speed etc) between the two are about the same, with slightly faster bus/memory speeds for the 6800 and some extra SmartCache.

Thanks for the info!

As you mentioned 15600 used 2x CPUs, 16x physical cores, 32x virtual cores in total. So it has 6x more cores 12x more vcores than 6800. So for me, it is still a bit strange that it has lower SPU.

Still waiting for official info regarding Falcon release date.

BR
Vato

When the 15600 was released & originally benchmarked for SPUs, I believe SMT/Hyperthreading was disabled by default. I think the 6000 series has it enabled by default so that might account for the discrepancy.

Yes, that makes sense

BR
Vato

Timothy,

Can you confirm what CPU / cores are in a 6400, and if there is a difference between a 6400 and 6400 plus from a CPU prospective.

I'm pretty sure the CPU for the "Plus" edition of the 6400 is the same as the base 6400; 4 cores (8 hyperthreaded) although I don't know the specific CPU type. The Plus edition includes redundant components, additional memory and network I/O for less than purchasing these items separately.

We noticed this as well. I really wish there was some official information on the reasoning behind the change in licensing and pricing considering these appliances have only be available for a few months.

I just had a call with checkpoint about this earlier in the week. We are/were in the market for the 6500 appliance but then it jumped in price. If the blades/licensing were included in the price of the appliance for the first year, like the previously were, I wouldn't have any issues with the change. According to the sales guy we talked with the reason for the pricing bump is due to the new flexibility (whatever that means) that comes with these appliances.