Check Point QUANTUM SPARK 1595R - User Manual

The Check Point Quantum Spark 1595R is a robust security appliance designed to deliver enterprise-grade security for branch offices, networks, and data, protecting against cyber-theft. It is a member of the 1500 Security Appliance family and runs the latest R81.10 software for Quantum Spark appliances. This device is particularly suited for Critical Infrastructure and Industrial Control Systems (ICS) environments, securing over 70 standard and proprietary protocols used in Utilities, Energy, Manufacturing, Building Management Systems, and IoT devices without impacting operations.

Key Features:

• Design: Fanless, aluminum-based design, ensuring durability and silent operation.
• Connectivity: Supports both wired and WiFi + LTE connections.
  • LAN: 4x1GbE ports.
  • WAN: 1x1GbE / SFP port.
  • DMZ: 1x1GbE / SFP port.
  • Flexiport: A LAN port can also operate as a WAN port, offering flexible network configurations.
• Cellular Connectivity (for Cellular models):
  • Embedded modem supporting advanced 5G NR Sub-6 GHz, with fallback to LTE/4G and 3G networks.
  • Worldwide 5G coverage with a single product.
  • Dual SIM functionality (Nano and Micro SIMs) for automatic failover between SIMs.
  • 5G supports Sub-6 GHz; 4G supports Cat-20; 3G supports DC-HSPA+ and WCDMA (no 2G support).
  • Peak download rate: 300Mbps; uplink: 50Mbps (TBD).
  • Four external antennas (Main, MIMO1, MIMO2, and AUX) to optimize RF signal and coverage.
• Serial Port: RJ45 female connector supporting RS232, RS422, R485 protocols (SW-configurable) for endpoint PLC control.
• Power Sources:
  • Power adapter (12V, 40W Commercial grade, and 120W Industrial -40 to 70 degree C grade). SKU options are available in the catalog.
  • 3-Pin terminal block (12V-60VDC and -48VDC) for customer-supplied power infrastructure.
  • Power redundancy is available when both power sources are connected.
• Mounting Options: Desktop, Wall mount, and DIN rail (rear and bottom assembly types).
• USB Ports: USB Type-C console port and USB 3.0 Port.
• Storage: SD Card support.
• Protocol Support: ICS/SCADA Protocol Support, including BACNet, CIP, DNP3, IEC-60870-5-104, IEC 60870-6 (ICCP), IEC 61850, MMS, ModBus, OPC DA & UA, Profinet, Step7 (Siemens), and more (1400+ protocols in total).
• Cryptography: 3/4G/LTE/5G Cryptography supports NAS/AS security procedures and Snow 3G/AES/ZUC security.
• Harsh Conditions Certification:
  • Industrial: IEEE 1613, IEC 61850-3, IEC 60945, EN/IEC 60529 (heat and immunity to electromagnetic interference).
  • Rugged: EN/IEC 60529, IEC 60068-2-27 (shock), IEC 60068-2-6 (vibration).
  • Operating Temperature Range: -40ºC to 75°C (-40°F to 167°F).
  • IP Rating: IP30 (Ingress Protection).
• Maritime Certification: IEC-60945 B, IACS E10:1991, DNV-GL 2.4, DNV-GL-CG-0339, IEC 61162-460.
  • Marine application: rated voltage 24 VDC; 12 VDC power input connector is not applicable.
  • Wall mount (for marine application).
  • Operating ranges: -40 to 70 deg. C for marine application.

Important Technical Specifications:

• Dimensions (with DIN adapter):
  • 1595R (without rubber feet): 41.30mm (Height) x 170mm (Width) x 150mm (Depth).
  • 1595R with rear DIN adapter (Wired): 41.30mm (Height) x 170mm (Width) x 168mm (Depth).
  • 1595R with bottom DIN adapter (Wired): 108mm (Height) x 170mm (Width) x 150mm (Depth).
  • 1570WLE with rear DIN adapter (WiFi-LTE): 177mm (Height) x 150mm (Width) x 225mm (Depth) (includes LTE and WiFi antennas; requires a middle-part adapter).
  • 1570WLE with bottom DIN adapter (WiFi-LTE): 195mm (Height) x 150mm (Width) x 225mm (Depth) (includes LTE and WiFi antennas).
• Terminal Block: Suitable for 14 AWG (6A) wires, torque value 0.60 Newton/meter (5 Pound/inch). Cross-sectional area of earthing conductors should be at least 14AWG. Input connection cable temperature rating should be higher than 95°C.
• Power Input Tolerance: Supports 10.2VDC~72VDC, but without power input tolerance. It is recommended to connect with a power supply of output voltage lower than 72VDC. A UPS, battery, or power regulator is recommended. For V91RC series: 12VDC-60VDC, -48VDC, 2.3A. For V91 series: 12VDC-60VDC, -48VDC, 2.1A.
• Earthing: Protective earthing terminal is available.
• LAN Ports: 1-8, Port #2 is sync, 10/100/1000 MbE.
• WAN and DMZ Ports: 10/100/1000 MbE, support copper RJ45 and fiber interfaces. Only one interface is allowed per port; plugging both copper and fiber simultaneously can cause instability. When using SFP, ambient temperature is limited to 70°C.
• LED Indicators:
  • Management LED: Bi-color (blue and red) indicating system status, Zero Touch process, SMP connection, and activation status.
  • Network LEDs (RJ45 WAN, LAN, SFP): Bi-color (green and amber) indicating link/activity and speed (10M to 1GbE). SFP port supports 1GbE only.
• USB Drive/SD Card: Must be formatted in FAT32 for configuration file deployment or image installation.

Usage Features:

• First Time Configuration Wizard: Guides users through initial setup, including:
  • Welcome Page: Introduces the appliance and allows language selection.
  • Zero Touch: Enables automatic fetching of settings from the cloud when connected to the internet. Supports DHCP for automatic settings download.
  • Authentication Details: Configures administrator name and password. Strong password recommendations are provided. Country selection affects wireless frequency and parameters for wireless models.
  • Appliance Date and Time Settings: Allows manual setting or synchronization with Network Time Protocol (NTP) servers.
  • Appliance Name: Sets a name and optional domain name for the appliance.
  • Security Policy Management: Choice between local management (WebUI) or central management (SmartConsole with a Security Management Server).
  • Internet Connection: Configuration of various connection types (Static IP, DHCP, PPPoE, PPTP, L2TP, Cellular, Cellular Modem, Bridge) and DNS server settings.
  • Local Network: Enables/disables switch on LAN ports, configures network name, IP address, subnet mask, DHCP server settings, and exclusion ranges.
  • Administrator Access: Defines sources (LAN, Trusted wireless, VPN, Internet) and IP addresses from which administrators can access the appliance.
  • Appliance Registration: Connects to Check Point User Center for license activation. Supports offline activation via file import and proxy configuration.
  • Software Blade Activation: Selects which Software Blades to activate. QoS (bandwidth control) is configured via WebUI after the wizard.
  • Summary: Displays a summary of configured settings.
• Zero Touch Cloud Service: Allows gateways to automatically fetch settings from the cloud upon initial internet connection.
• USB Drive or SD Card Deployment: Facilitates rapid deployment of configuration files or installation of images, bypassing the First Time Configuration Wizard. Useful for new appliances or those with existing configurations.

Maintenance Features:

• Reset Button: Short press resets the system without removing user parameters.
• Factory Default Button: Press continuously for 12 seconds to restore the appliance to factory default, removing all previously configured user parameters.
• SIM Card Installation: Detailed instructions for installing Nano and Micro SIM cards, including removing the tray cover and using a SIM pin.
• Firmware Updates: The appliance's Power LED indicates firmware installation progress during boot.
• Troubleshooting: Network LEDs provide visual cues for link/activity and speed. Management LED indicates status of retry mechanisms and errors.
• Support: Check Point offers 24/7 technical assistance via phone and provides a Support Center for additional technical information and security solutions. Users must provide their MAC address when contacting support.

Safety Information:

• Air Vents: Do not block air vents; maintain a minimum 1/2 inch (1.27 cm) clearance.
• User Serviceability: The appliance contains no user-serviceable parts. Opening the device or modifying it voids the warranty and poses a risk of personal injury. Servicing should only be performed by trained personnel.
• Power Supply: Use only AC adapters supplied by Check Point or purchased as accessories.
• Static Electricity: Handle all parts with care to prevent damage from static electricity discharge.
• Lithium Battery: Avoid short-circuiting the lithium battery cell (used for real-time clock) to prevent burns. Replace only with the same or equivalent type recommended by the manufacturer. Dispose of used batteries according to manufacturer's instructions and local waste disposal regulations. Do not dispose of batteries in fire or with household waste.
• Electrical Hazards: Do not connect/disconnect cables or perform maintenance during electrical storms. Connect power cords to properly wired, grounded sources. Use one hand only when possible for signal cables. Do not turn on equipment with evidence of fire, water, or structural damage. Disconnect DC power sources before opening device covers unless instructed otherwise.
• Hot Surface: The device can become hot when connected to a power source; avoid touching it.
• Wiring: For DC mains, use No. 14 AWG or larger UL Listed or CSA Certified Telecommunication Line Cord. Ensure proper earthing connections. Installation and removal of DC mains or power adapter should only be done by trained service personnel.
• Restricted Access: The equipment is intended for use in restricted access areas.
• Laser Product: Class 1 Laser product. Use only IEC 60825-1 certified Optical Transceiver product with minimum operating temperature at 75°C.
• California Proposition 65: Handling the cord may expose users to lead, a chemical known to cause cancer and birth defects. Wash hands after handling.

The Quantum Spark 1595R is a comprehensive security solution designed for reliability and high performance in demanding environments, with a strong emphasis on ease of deployment and robust security features.