Call a Specialist Today! (02) 9388 1741
Free Delivery! Free Delivery!

Check Point 12412 DDoS Protector Appliance
Stop Denial of Service attacks in seconds with customized, multilayered protection that blocks a wide range of attacks.

Check Point 8412 DDoS Protector Appliance

Sorry, this product is no longer available, Please, contact us for a replacement product!


In today's threat landscape, "Denial of Service (DoS)" attacks are increasing in number, speed and complexity. Denial of Service and Distributed Denial of Service (DDoS) attacks are relatively easy to carry out, and can cause serious damage to companies who rely on web services to operate. Multiple (more than 50) DDoS attack "toolkits" are readily available on the Internet, and an increasing number of attacks are initiated in over 230 countries. DDoS attacks are often profit-driven: in 2011, cyber criminals earned a whopping $12.5 billion dollars. 2012 shows an alarming surge of DDoS threats to the financial services industry. However hacktivisim and political motivations are fast becoming the most popular forum to launch Denial of Service attacks. Anonymous successfully spearheaded numerous attack campaigns against individuals, organizations, governments and countries in retaliation for actions or statements they didn't agree with.

Many DDoS solutions are deployed by an Internet Service Provider, offering generic protections against network layer attacks. However today's DDoS attacks have become more sophisticated, launching multiple attacks at networks and applications. Successful DDoS solutions will offer companies the ability to customize their protections to meet changing security needs, fast response time during an attack, and a choice of deployment options.


Check Point's new DDoS Protector keeps businesses running with multi-layered, customizable protections and 12Gbps performance that automatically defends against network flood and application layer attacks for fast response time against today's sophisticated denial of service attacks. DDoS Protector appliances offer flexible deployment options to easily protect any size business, and integrated security management for real-time traffic analysis and threat management intelligence for advanced protection against DDoS attacks. Check Point also provides dedicated 24/7 support and resources to ensure up-to-the-minute protections.

Key Features

  • Protects against known and unknown DDoS attacks
  • Defends against both network and application attacks
  • Flexible filter engines detect and prevent malicious exploits
  • Protects against HTTP attacks
  • Protects against bandwidth flood attacks
  • Fast, customized signature creation keeps businesses running

Key Benefits

  • Protection against evolving DDoS attacks to minimize business impacts
  • Advanced techniques help maintain web services during an attack
  • Turn-key appliance works right out of the box
  • Integrated with Check Point security management for greater visibility and control
  • High-performing DDoS solution with 14Gbps capacity and 12Gpbs throughput
  • Multi-layered protection blocks multiple attack types
  • Customized protections fit different business sizes and security needs
  • Flexible deployment options include on-site installation or through your ISP


Multi-Layered Protections

Network and Traffic Flood Protections

Protection against DDoS attacks aimed at networks using:

  • Behavioral DoS-Protects against TCP, UDP, ICMP, IGMP and Fragment DDoS attacks with adaptive behavioral based detection.
  • DoS Shield-Protects against known DDoS attack tools with pre-defined an customized filters to block rate-limits per pattern.
  • Syn Protection-Blocks SYN-spoofed DoS with SYN rate thresholds per protected servers.
  • Black List-Blocks generic attacks with L3 and L4 sourcedestination classifications and expiration rules.
  • Connection Rate Limit-Blocks generic, non-supported protocols (non DNS, HTTP) and application level flood attacks with rate-based thresholds.

Application Based Dos/Ddos Protections

Protects against more complex DDoS attacks that misuse application resources with:

  • SYN Protection with Web Challenge-Protects against HTTP connection-based DoS attacks with SYN rate threshold per protected server.
  • Behavioral DNS Protections-Block DNS query DoS attacks with DNS adaptive behavioral based detection using DNS footprint blocking rate limits and DNS challenge and response.
  • Behavioral HTTP Protections (The "HTTP Mitigator")-Blocks HTTP connection-based DoS attacks and upstream HTTP bandwidth attacks with server-based HTTP adaptive behavioral detection, HTTP footprint with web challenge response, 302 redirect and JS challenge actions.

Directed Application Dos/DDoS Protections

Repels Dos and DDoS attacks that require special filtering criteria. Flexible filtering definitions search for specific content patterns in each packet. Enables the ability to analyze and block ongoing attacks by defining on-the-fly protections.


DDoS Appliances are integrated with Check Point Security Management, including:


Unified security event and analysis solution that delivers real-time threat management information to instantly stop threats and block attacks with on-the-fly protections. Move from business view to forensics in just three clicks.


Advanced log analyzer that delivers proactive security intelligence with split-second search results from any log field for instant visibility into billions of log records over multiple time periods and domains.

SmartView Tracker

Comprehensive auditing solution to troubleshoot system and security issues, gather information for legal or audit purposes, and generate reports to analyze network traffic patterns. In the case of an attack or other suspicious network activity, use SmartView Tracker to temporarily or permanently terminate connections from specific IP addresses.


SNMP V1, 2C and 3, Log File, Syslog, Email


SNMP, V1, 2C, 3, HTTP, HTTPS, SSH, Telnet, SOAP, API, Console (user selectable).

Time Synchronization

Based on Network Time Protocol (NTP).

Export Real-Time Signature Information

Northbound XML interface exports behavioral parameters.

Technical Specifications:

Model 506 1006 2006 4412 8412 12412 10420 20420 30420 40420
Network Grade Enterprise Datacenter Carrier
Capacity 2 500Mbps 1Gbps 2Gbps 4Gbps 8Gbps 14Gbps 10Gbps 20Gbps 30Gbps 40Gbps
Throughput 3 500Mbps 1Gbps 2Gbps 4Gbps 8Gbps 12Gbps 10Gbps 20Gbps 30Gbps 40Gbps
Max Concurrent Sessions 2,000,000 4,000,000 6,000,000
Max DDoS Flood Attack Prevention Rate (pps) 1,000,000 10,000,000 25,000,000
Latency < 60 microseconds
Real Time Signatures Detect and protect in less than 18 seconds
Inspection Ports
10/100/1000 Copper Ethernet 4 4 4 8 8 8 - - - -
Gigabit Ethernet (SFP) 2 2 2 4 4 4 - - - -
10 Gigabit Ethernet (XFP) - - - 4 4 4 - - - -
1 / 10 Gigabit Ethernet (SFP+) - - - - - - 20 20 20 20
40 Gigabit Ethernet (QSFP+) - - - - - - 4 4 4 4
Management Ports
10/100/1000 Copper Ethernet 2 2 2 2 2 2 2 2 2 2
RS-232 1 1 1 1 1 1 1 1 1 1
Operation Mode
Network Operation Transparent L2 Forwarding
Deployment Modes In-line; SPAN Port Monitoring; Copy Port Monitoring; local out-of-path; Out-of-path mitigation (scrubbing center solution)
Tunneling Protocol Support VLAN Tagging, L2TP, MPLS, GRE, GTP
IPv6 Support IPv6 networks and block IPv6 attacks
Policy Action Block & Report, Report Only
Block Actions Drop packet, reset (source, destination, both), suspend (source, src port, destination, dest port or any combination), Challenge-Response for HTTP and DNS attacks
High Availability
Fail-open/fail-close Internal fail-open/fail-close for copper ports; internal fail-close for SFP ports; optional fail-open for SFP ports 4 Internal fail-open/fail-close for copper ports; internal fail-close for SFP and XFP ports; optional fail-open for SFP and XFP ports 5 internal fail-close for SFP+ and QSFP+ ports; optional fail-open for SFP+ and QSFP+ ports 5
Clustering Active-Passive Cluster
Dual Power Supply Optional Yes - Hot Swappable
Advanced internal overload mechanism Yes
Power Consumption 177W,
(Dual PS option 147W)
476W 634W
Heat Dissipation 604 BTU/h,
(Dual PS option 501 BTU/h)
1623 BTU/h 2162 BTU/h
Auto-Ranging 100V-120V/200V-240V AC 47-63Hz or -38 to -72VDC
Dimensions (WxDxH) 424mm x 457mm x 44mm 424mm x 600mm x 88mm 426mm x 537mm x 88mm
Weight 15.9 lb / 7.2 kg,
(Dual PS option 19.2 lb / 8.7 kg)
39.0 lb / 18.0 kg 33.2 lb / 15.1 kg
Operating Temperature 5 - 55 C
Humidity (non-condensing) 5% to 95%
Safety Certifications EN 60950-1:2006, CB - IEC 60950-1, cTUVus EN, UL, CSA, IEC #60950-1 EN 60950-1:2006, CB -
IEC 60950-1, CCC, cTUVus
EMC EN 55022, EN 55024, FCC Part 15B Class A EN 55022, EN 55024, FCC Part 15B Class A EN 55022, EN 55024,
EN 61000-3-2, EN 61000-3-3
Other Certifications CE, FCC, VCCI, CB, TUV, UL/cUL, CCC, C-Tick, RoHS CE, FCC, VCCI, CB, TUV, UL/cUL, CCC, C-Tick, RoHS IEC 61000 4-2 to 4-6 ,
IEC 61000
4-8 & IEC 61000-4-11,
FCC Part 15B
Class A, ICES-003, VCCI,
C-Tick RoHS 6 Compliant
1 Actual performance figures may change per network configuration, traffic type, etc.
2 Capacity is measured as maximum traffic forwarding when no security profiles are configured.
3 Throughput is measured with behavioral IPS protections and signature IPS protections using eCommerce protection profile.
4 External fiber fail-open switch with SFP ports is available at additional cost.
5 External fiber fail-open switches with SFP, XFP SFP+ or QSFP+ ports are available at additional cost.


Download the Check Point DDoS Protector Appliances Datasheet (PDF).

It appears you don't have a PDF plugin for this browser. No biggie... you can click here to download the PDF file.