CR25iNG

Future-ready

Future-ready Security for SOHO/ROBO networks CR25iNG Data Sheet

Cyberoam NG series of Unified Threat Management appliances are the Next-Generation network security
appliances that include UTM security features and performance required for future networks. The NG
series for SOHO offer “the fastest UTMs made for SMBs” to small offices. The best-in-class hardware
along with software to match, enables the NG series to offer unmatched throughput speeds,
compared to any other UTM appliance in this market segment. This assures support for future IT
trends in organizations like high-speed Internet and rising number of devices in organizations
– offering future-ready security for small office networks.

The ‘Next-Generation’ Series for SOHO:

With Cyberoam NG series, businesses get assured Security, Connectivity and
Productivity. The Layer 8 Technology treats User-Identity as the 8th Layer or the Offering “the fastest UTMs made for SMBs”
HUMAN layer in the protocol stack. It attaches User-Identity to security, which to Small Offices
adds speed to an organization’s security by offering instant visibility into the
source of attacks by username rather than only IP address. Cyberoam’s
Extensible Security Architecture (ESA) supports feature
enhancements that can be developed rapidly and deployed with Cyberoam's Layer 8 Technology treats
minimum efforts, offering future-ready security to organizations. “User Identity” as the 8th Layer in the
protocol stack

L8 USER

L7 Application
VPNC
CERTIFIED
SSL
Portal
L6 Presentation ASCII, EBCDIC, ICA
Cyberoam UTM offers security
SSL
Exchange

SSL
Firefox
L5 Session L2TP, PPTP
COMMON CRITERIA
CERTIFIED
VPNC
CERTIFIED
Basic
SSL
JavaScript

SSL Basic
across Layer 2-Layer 8 using
EAL4+
Identity-based policies
Interop Network Extension

www.check-mark.com
AES
Interop
SSL Advanced
Network Extension L4 Transport TCP, UDP

L3 Network 192.168.1.1

L2 Data Link 00-17-BB-8C-E3-E7

L1 Physical

Cyberoam UTM features assure Security, Connectivity, Productivity

Security Connectivity Productivity

Network Security Business Continuity Employee Productivity
- Firewall - Multiple Link Management - Content Filtering
- Intrusion Prevention System - High Availability - Instant Messaging Archiving & Controls
- Web Application Firewall
Network Availability IT Resource Optimization
Content Security - VPN - Bandwidth Management
- Anti-Virus/Anti-Spyware - 3G/4G/WiMAX Connectivity - Traffic Discovery
- Anti-Spam (Inbound/Outbound) - Application Visibility & Control
- HTTPS/SSL Content Security Future-ready Connectivity
- “IPv6 Ready” Gold Logo Administrator Productivity
Administrative Security - Next-Gen UI
- Next-Gen UI
- iView- Logging & Reporting
 Specification
Interfaces
Copper GbE Ports
Configurable Internal/DMZ/WAN Ports
Console Ports (RJ45)
USB Ports
System Performance*
Firewall Throughput (UDP) (Mbps)
Firewall Throughput (TCP) (Mbps)
New sessions/second
Concurrent sessions
IPSec VPN Throughput (Mbps)
No. of IPSec Tunnels
SSL VPN Throughput (Mbps)
WAF Protected Throughput (Mbps)
Anti-Virus Throughput (Mbps)
IPS Throughput (Mbps)
UTM Throughput (Mbps)
Stateful Inspection Firewall
- Layer 8 (User - Identity) Firewall
- Multiple Security Zones
- Location-aware and Device-aware Identity-based Access
Control Policy
- Access Control Criteria (ACC): User-Identity, Source and
Destination Zone, MAC and IP address, Service
- Security policies - IPS, Web Filtering, Application
Filtering, Anti-virus, Anti-spam and QoS
- Country-based Traffic Control
- Access Scheduling
- Policy based Source and Destination NAT, Gateway
Specific NAT Policy
- H.323, SIP NAT Traversal
- DoS and DDoS attack prevention
- MAC and IP-MAC filtering
- Spoof Prevention
Intrusion Prevention System
- Signatures: Default (4500+), Custom
- IPS Policies: Pre-configured Zone-based multiple
policies, Custom
- Filter based selection: Category, Severity, Platform and
Target (Client/Server)
- IPS actions: Recommended, Allow Packet, Drop Packet,
Disable, Drop Session, Reset, Bypass Session
- User-based policy creation
- Automatic signature updates via Cyberoam Threat
Research Labs
- Protocol Anomaly Detection
- SCADA-aware IPS with pre-defined category for ICS and
SCADA signatures
Gateway Anti-Virus & Anti-Spyware
- Virus, Worm, Trojan Detection and Removal
- Spyware, Malware, Phishing protection
- Automatic virus signature database update
- Scans HTTP, HTTPS, FTP, SMTP/S, POP3, IMAP, IM,
VPN Tunnels
- Customize individual user scanning
- Self Service Quarantine area
- Scan and deliver by file size
- Block by file types
Gateway Anti-Spam
- Inbound and Outbound Scanning
- Real-time Blacklist (RBL), MIME header check
- Filter based on message header, size, sender, recipient
- Subject line tagging
- Language and Content-agnostic spam protection using
RPD Technology
- Zero Hour Virus Outbreak Protection
- Self Service Quarantine area
- IP address Black list/White list
- Spam Notification through Digest
- IP Reputation based Spam filtering
Web Filtering
- On-Cloud Web Categorization
- Controls based on URL, Keyword and File type
- Web Categories: Default (89+), External URL Database,
Custom
- Protocols supported: HTTP, HTTPS
- Block Malware, Phishing, Pharming URLs
- Block Java Applets, Cookies, Active X, Google Cache
pages
- CIPA Compliant
- Data leakage control by blocking HTTP and HTTPS
upload
- Schedule-based access control
- Custom Denied Message per Web Category
- Safe Search enforcement, YouTube for Schools
Application Filtering High Availability
4 - Layer 7 (Applications) & Layer 8 (User - Identity) Control - Active-Active
Yes and Visibility - Active-Passive with state synchronization
1 - Inbuilt Application Category Database - Stateful Failover with LAG Support
2 - Control over 2,000+ Applications classified in 21
Categories Administration & System Management
- Filter based selection: Category, Risk Level, Characteristics - Web-based configuration wizard
1,800 and Technology - Role-based Access control
1,200 - Schedule-based access control - Support of API
6,000 - Visibility and Controls for HTTPS based Micro-Apps like - Firmware Upgrades via Web UI
500,000 Facebook chat, Youtube video upload - Web 2.0 compliant UI (HTTPS)
210 - Securing SCADA Networks - UI Color Styler
550 - SCADA/ICS Signature-based Filtering for Protocols - Command Line Interface (Serial, SSH, Telnet)
75 Modbus, DNP3, IEC, Bacnet, Omron FINS, Secure - SNMP (v1, v2c)
100 DNP3, Longtalk - Multi-lingual : English, Chinese, Hindi, French, Japanese
350 - Control various Commands and Functions - Cyberoam Central Console (Optional)
240
125 Web Application Firewall User Authentication
- Positive Protection model - Internal database
- Unique "Intuitive Website Flow Detector" technology - AD Integration and OU-based Security Policies
- Protection against SQL Injections, Cross-site Scripting - Automatic Windows/RADIUS Single Sign On
(XSS), Session Hijacking, URL Tampering, Cookie - External LDAP/LDAPS/RADIUS database Integration
Poisoning etc. - Thin Client support
- Support for HTTP 0.9/1.0/1.1 - 2-factor authentication: 3rd party support**
- Back-end servers supported: 5 to 300 servers - SMS (Text-based) Authentication
- Layer 8 Identity over IPv6
Virtual Private Network - Secure Authentication – AD, LDAP, Radius
- IPSec, L2TP, PPTP
- Clientless Users
- Encryption - 3DES, DES, AES, Twofish, Blowfish,
- Authentication using Captive Portal
Serpent
- Hash Algorithms - MD5, SHA-1
Logging/Monitoring
- Authentication: Preshared key, Digital certificates
- IPSec NAT Traversal - Real-time and historical Monitoring
- Dead peer detection and PFS support - Log Viewer - IPS, Web filter, WAF, Anti-Virus, Anti-Spam,
- Diffie Hellman Groups - 1, 2, 5, 14, 15, 16 Authentication, System and Admin Events
- External Certificate Authority support - Forensic Analysis with quick identification of network
- Export Road Warrior connection configuration attacks and other traffic anomalies
- Domain name support for tunnel end points - Syslog support
- VPN connection redundancy - 4-eye Authentication
- Overlapping Network support
TM
Cyberoam
VIEW
- Hub & Spoke VPN support On-Appliance Cyberoam-iView Reporting
- Threat Free Tunnelling (TFT) Technology - Integrated Web-based Reporting tool
- 1,200+ drilldown reports
SSL VPN - Compliance reports - HIPAA, GLBA, SOX, PCI, FISMA
- TCP & UDP Tunnelling - Zone based application reports
- Historical and Real-time reports
- Authentication - Active Directory, LDAP, RADIUS,
Cyberoam (Local) - Default Dashboards: Traffic and Security
- Username, Host, Email ID specific Monitoring Dashboard
- Multi-layered Client Authentication - Certificate, - Reports – Application, Internet & Web Usage, Mail Usage,
Username/Password Attacks, Spam, Virus, Search Engine, User Threat
- User & Group policy enforcement Quotient (UTQ) for high risk users and more
- Network access - Split and Full tunnelling - Client Types Report including BYOD Client Types
- Browser-based (Portal) Access - Clientless access - Multi-format reports - tabular, graphical
- Lightweight SSL VPN Tunnelling Client - Export reports in - PDF, Excel, HTML
- Granular access control to all the enterprise network - Email notification of reports
resources - Report customization – (Custom view and custom logo)
- Administrative controls - Session timeout, Dead Peer - Supports 3rd party PSA Solution – ConnectWise
Detection, Portal customization
- TCP based Application Access - HTTP, HTTPS, RDP, IPSec VPN Client***
TELNET, SSH - Inter-operability with major IPSec VPN Gateways
- Import Connection configuration
Wireless WAN
- USB port 3G/4G and WiMAX Support Certification
- Primary WAN link - Common Criteria - EAL4+
- WAN Backup link - ICSA Firewall - Corporate
- Checkmark Certification
Bandwidth Management - VPNC - Basic and AES interoperability
- Application, Web Category and Identity based Bandwidth - IPv6 Ready Gold Logo
Management - Global Support Excellence - ITIL compliance (ISO 20000)
- Guaranteed & Burstable bandwidth policy
- Application & User Identity based Traffic Discovery Hardware Specifications
- Data Transfer Report for multiple Gateways Memory 2GB
Compact Flash 2GB
Networking HDD 250GB or higher
- WRR based Multilink Load Balancing
- Automated Failover/Failback Compliance
- Interface types: Alias, Multiport Bridge, LAG (port CE
trunking), VLAN, WWAN, TAP FCC
- DNS-based inbound load balancing
- IP Address Assignment - Static, PPPoE (with Schedule Dimensions
Management), L2TP, PPTP & DDNS, Client, Proxy ARP, H x W x D (inches) 1.7 x 6 x 9.1
Multiple DHCP Servers support, DHCP relay H x W x D (cms) 4.4 x 15.3 x 23.2
- Supports HTTP Proxy, Parent Proxy with FQDN Weight 2.3 kg, 5.07 lbs
- Dynamic Routing: RIP v1& v2, OSPF, BGP, PIM-SIM,
Multicast Forwarding Power
- Discover mode for PoC Deployments Input Voltage 100-240 VAC
- IPv6 Support: Consumption 33.5W
- Dual Stack Architecture: Support for IPv4 and IPv6 Total Heat Dissipation (BTU) 114
Protocols
- Management over IPv6 Environmental
- IPv6 Route: Static and Source Operating Temperature 0 to 40 °C
- IPv6 tunneling (6in4, 6to4, 6rd, 4in6) Storage Temperature -25 to 75 °C
- Alias and VLAN Relative Humidity (Non condensing) 10 to 90%
- DNSv6 and DHCPv6 Services
- Firewall security over IPv6 traffic
- High Availability for IPv6 networks

*Antivirus, IPS and UTM performance is measured based on HTTP traffic as per RFC 3511 guidelines. Actual performance may vary depending on the real network traffic environments.
**For details, refer Cyberoam's Technical Alliance Partner list on Cyberoam website. ***Additional Purchase Required. For list of compatible platforms, refer to OS Compatibility Matrix on Cyberoam DOCS.

Applicable to Hardware Version 1.1 – 21/03/2016

Toll Free Numbers
USA : +1-800-686-2360 | India : 1-800-301-00013
APAC/MEA : +1-877-777-0368 | Europe : +44-808-120-3958
C o p y r i g h t © 1999-2016 Cyberoam Te c h n o l o g i e s Pvt. L t d. A l l R i g h t s R e s e r v e d.
Cyberoam and Cyberoam logo are registered trademark of Cyberoam Technologies Pvt. Ltd. Although
Cyberoam has attempted to provide accurate information, Cyberoam assumes no responsibility for
accuracy or completeness of information neither is this a legally binding representation. Cyberoam has the
right to change,modify, transfer or otherwise revise the publication without notice. 1.1-10.6.2-210316

www.cyberoam.com I [email protected]