You were never here, you didn't see anything..

Checkpoint IP2455 (Nokia IP2450)


In my ongoing search for awesoem hardware to use as a firewall I recently loaded up a Nokia IP690 with pfSense. This was an awesome success and it is running great. Of course it is limited by certain factors and I wanted to see about something less limited. Enter the Checkpoint IP2455.

Checkpoint IP2455
Checkpoint IP2455

The Checkpoint IP2455 is basically just a later revision of the Nokia IP2450. The change came about after Nokia sold off the IP series to Checkpoint and they started working the license and other items differently. Seems the name and model are not all that was changed however, which caused some massive problems for me.

First, the details. Note this applies to both the Checkpoint IP2455 and the Nokia IP2450.

  • Chassis = 2u @25 inches deep (counting misc items that stick out)
  • Power = Dual 700w Redundant
  • CPU = Dual Intel Xeon E5430, Quad Core @ 2.66GHz
  • Storage = CF card & Two Hot Swap HD Caddy Slots
    • CF should be either 128mb (disk based model) or an unknown larger size (for flash based model)
    • Default HD:
      • SATA 150
      • 80gb
      • 2.5in
      • Fujitsu MHZ2080BS
  • RAM = 8gb ECC
  • Ports = 2 Carrier slots and two standard slots
    • Carrier can support 2 slots or be replaced with an ADP module
    • Standard slots support various cards
  • Console = RJ-45 Serial @ 9600 8n1

The Hard Drive caddies are hot swappable. They come with an 80gb drive by default but support standard SATA 2.5in drives. The drive controller is an LSI LSISAS1064E. There are no standard SATA ports in the system anywhere. The drive caddies plug in to a proprietary backplane which attaches directly to the motherboard.

Hard Drive
Hard Drive

There are a total of 6 slots, divided up with 2 on the motherboard and 4 spread out evenly across two FIO Carrier Cards.

The standard slots support a variety of cards with one of two types, PMC or XMC. PMC is used in the majority of the IP series and is PCI-X. The XMC is only available in the IP1280/IP1285 and the IP2450/IP2455 and is PCI-E. Of course PCI-E would be the preferred card type since it has more bandwidth and does not affect all the other channels, but the XMC cards are a good bit harder to come by. I have found port types to include T1, E1, Fast Ethernet (1, 2 and 4 ports), Gigabit Ethernet (1, 2 and 4 ports), Gigabit Fiber (1, 2 and 4 ports) and 10gig Fiber (2 ports).

The carrier slots can either have a 2 slot carrier installed or an ADP module. The carriers (for the 1280 and 2450) support either PMC or XMC. I have no idea if they support mixing the types concurrently or not as I do not have any XMC cards. The ADP modules come in two forms, a 12 port Gigabit Ethernet model and a 12 port Gigabit Fiber model. The ADP modules are rated for higher throughput as they have an RMI Network Processor on the card iteself along with supporting memory. Sounds great, and should be, however this is NOT supported by pfSense (at least when I tested it) and only four of the 12 ports shows up in the host OS.

FIO CArrier
FIO Carrier

The system itself is well built. The unit itself is rather heavy for the size. For cooling it has redundant fans on each CPU and 4 fans placed back to back in pairs for the main chassis. There apears to be no temperature control as the fans run full on all the time and let me say they are really loud. This thing is louder than the IP690 by a good bit.

Now the fun… Checkpoint appears to have broken the BIOS. It can be gotten in to using the space bar on boot, but changes to it are not saved no matter what you change or how many times you hit save. Not only that, but the boot is limited to the CF card only. You can leapfrog from the CF card to boot from the hard drives, but this adds complexity and aditional points for failure to occur. Since you can’t change anything in the BIOs you are plain stuck. pfSense does have a CF/Embedded release that will happily boot and run great from the CF card with their normal install process.

Since the board is proprietary loading a new BIOS is sure to be dangerous to say the least. There is an update from Checkpoint but you have to have an active support account to reach it. It is by Insyde.

There is sadly more. I was unable to get the ethernet ports to respond on the units I have. I tried the ADP cards as well as the four port ethernet cards (both on the motherboard and on a carrier) with no luck. I tried with pfSense running from the CF card as well as from the hard drives (pfSense was installed to the HDs in raid1). This prompted me to gut the machines and salvage what I could (CPU & RAM) to build a more usable solution.

Have any Question or Comment?

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This blog is kept spam free by WP-SpamFree.

Most who fail…

Most who fail have yet to really try!