Unified Threat Management CR 50iNG

Future-ready

Future-ready Security for Small & Medium networks CR 50iNG Data Sheet

Cyberoam Unified Threat Management appliances offer assured security, connectivity and productivity to
small and medium enterprises (SMEs) by allowing user identity-based policy controls.

Cyberoam’s User Layer 8 Technology treats user-identity as the 8th Layer or the HUMAN layer in
the protocol stack. It attaches user identity to security, taking organizations a step ahead of
conventional solutions that bind security to IP-addresses. This adds speed to an
organization’s security by offering instant visibility into the source of attacks by username
rather than IP address – allowing immediate remediation to restore security or allowing
The ‘Next-Generation’ Series for SOHO:
proactive security. Layer 8 technology functions along with each of Cyberoam
security features to allow creation of identity-based security policies. Offering “the fastest UTMs made for SMBs”
to Small & Medium Offices
Cyberoam’s future-ready Extensible Security Architecture (ESA) offers an
extensible platform that can grow with the future security needs of an
organization without degrading system performance. ESA supports
feature enhancements that can be developed rapidly and deployed Cyberoam's Layer 8 Technology treats
with minimum efforts. “User Identity” as the 8th Layer in the
protocol stack

VPNC
L8 USER
CERTIFIED
SSL
Portal
SSL
Exchange
L7 Application
SSL
Firefox
VPNC
CERTIFIED
Basic
SSL
JavaScript

SSL Basic
L6 Presentation ASCII, EBCDIC, ICA
Interop Network Extension

www.check-mark.com
AES
Interop
SSL Advanced
Network Extension Cyberoam UTM offers security
L5 Session L2TP, PPTP
across Layer 2-Layer 8 using
L4 Transport TCP, UDP Identity-based policies

L3 Network 192.168.1.1

L2 Data Link 00-17-BB-8C-E3-E7

L1 Physical

Cyberoam UTM features assure Security, Connectivity, Productivity

Security Connectivity Productivity

Network Security Business Continuity Employee Productivity
- Firewall - Multiple Link Management - Content Filtering
- Intrusion Prevention System - High Availability - Instant Messaging Archiving & Controls

Content Security Network Availability IT Resource Optimization

- Anti-Virus/Anti-Spyware - VPN - Bandwidth Management
- Anti-Spam (Inbound/Outbound)## - 3G/4G/WiMAX Connectivity - Traffic Discovery
- HTTPS/SSL Content Security - Application Layer 7 Management
Future-ready Connectivity - Application Visibility & Control
Administrative Security - “IPv6 Ready” Gold Logo
- Next-Gen UI Administrator Productivity
- iView- Logging & Reporting - Next-Gen UI
 Specification
Interfaces
Copper GbE Ports
Configurable Internal/DMZ/WAN Ports
Console Ports (Rj45)
USB Ports
Hardware Bypass Segment
#
System Performance*
Firewall Throughput (UDP) (Mbps)
Firewall Throughput (TCP) (Mbps)
New sessions/second
Concurrent sessions
IPSec VPN Throughput (Mbps)
No. of IPSec Tunnels
SSL VPN Throughput (Mbps)
WAF Protected Throughput (Mbps)
Anti-Virus Throughput (Mbps)
IPS Throughput (Mbps)
UTM Throughput (Mbps)
Stateful Inspection Firewall
- Layer 8 (User - Identity) Firewall
- Multiple Security Zones
- Access Control Criteria (ACC) - User - Identity, Source &
Destination Zone, MAC and IP address, Service
- UTM policies - IPS, Web Filtering, Application Filtering,
Anti-Virus, Anti-Spam and Bandwidth Management
- Layer 7 (Application) Control & Visibility
- Access Scheduling
- Policy based Source & Destination NAT
- H.323, SIP NAT Traversal
- 802.1q VLAN Support
- DoS & DDoS Attack prevention
- MAC & IP-MAC filtering and Spoof prevention
Gateway Anti-Virus & Anti-Spyware
- Virus, Worm, Trojan: Detection & Removal
- Spyware, Malware, Phishing protection
- Automatic virus signature database update
- Scans HTTP, HTTPS, FTP, SMTP, POP3, IMAP, IM,
VPN Tunnels
- Customize individual user scanning
- Self Service Quarantine area
- Scan and deliver by file size
- Block by file types
- Add disclaimer/signature
Gateway Anti-Spam
- Inbound/Outbound Scanning
- Real-time Blacklist (RBL), MIME header check
- Filter based on message header, size, sender, recipient
- Subject line tagging
- IP address Black list/White list
- Redirect Spam mails to dedicated email address
- Image-based Spam filtering using RPD Technology
- Zero hour Virus Outbreak Protection
- Self Service Quarantine area
- Spam Notification through Digest
- IP Reputation-based Spam filtering
Intrusion Prevention System
- Signatures: Default (4500+), Custom
- IPS Policies: Multiple, Custom
- User-based policy creation
- Automatic real-time updates from CRProtect networks
- Protocol Anomaly Detection
- DDoS attack prevention
Web Filtering
- Inbuilt Web Category Database
- URL, keyword, File type block
- Categories: Default(82+), Custom
- Protocols supported: HTTP, HTTPS
- Block Malware, Phishing, Pharming URLs
- Schedule-based access control
- Custom block messages per category
- Block Java Applets, Cookies, Active X
- CIPA Compliant
- Data leakage control via HTTP, HTTPS upload
Application Filtering
- Inbuilt Application Category Database
- 11+ Application Categories: e.g. Gaming, IM, P2P,
Proxy
- Schedule-based access control
- Block
- P2P applications e.g. Skype
- Anonymous proxies e.g. UItra surf
- “Phone home” activities
- Keylogger
- Layer 7 (Applications) & Layer 8 (User - Identity)
Visibility
# ##
If Enabled, will bypass traffic only in case of power failure. **Additional Purchase Required. Inbound and Outbound Spam filtering cannot be used simultaneously.
*Antivirus, IPS and UTM performance is measured based on HTTP traffic as per RFC 3511 guidelines. Actual performance may vary depending on the real network traffic environments.
Toll Free Numbers
USA : +1-800-686-2360 | India : 1-800-301-00013
APAC/MEA : +1-877-777-0368 | Europe : +44-808-120-3958
www.cyberoam.com I [email protected]
Web Application Firewall Administration & System Management
8 - Positive Protection model - Web-based configuration wizard
Yes - Unique "Intuitive Website Flow Detector" technology - Role-based access control
1 - Protection against SQL Injections, Cross-site Scripting - Firmware Upgrades via Web UI
2 (XSS), Session Hijacking, URL Tampering, Cookie - Web 2.0 compliant UI (HTTPS)
2 Poisoning - UI Color Styler
- Support for HTTP 0.9/1.0/1.1 - Command Line Interface (Serial, SSH, Telnet)
- Extensive Logging & Reporting - SNMP (v1, v2c, v3)
3,250 - Multi-lingual support: Chinese, Hindi, French, Korean
3,000 Virtual Private Network - Cyberoam Central Console (Optional)
30,000 - IPSec, L2TP, PPTP - Network Time Protocol Support
1,000,000 - Encryption - 3DES, DES, AES, Twofish, Blowfish,
400 Serpent User Authentication
200 - Hash Algorithms - MD5, SHA-1 - Internal database
300 - Authentication - Preshared key, Digital certificates - Active Directory Integration
300 - IPSec NAT Traversal
- Automatic Windows Single Sign On
1,000 - Dead peer detection and PFS support
- External LDAP/RADIUS database integration
750 - Diffie Hellman Groups - 1,2,5,14,15,16
- External Certificate Authority support - Thin Client support - Microsoft Windows Server 2003
550 Terminal Services and Citrix XenApp - Novell eDirectory
- Export Road Warrior connection configuration
- Domain name support for tunnel end points - RSA SecurID support
- External Authentication - Users and Administrators
- VPN connection redundancy
- User/MAC Binding
- Overlapping Network support
- Multiple Authentication servers
- Hub & Spoke VPN support
Logging/Monitoring
SSL VPN
- TCP & UDP Tunneling - Graphical real-time and historical monitoring
- Email notification of reports, gateway status, viruses and
- Authentication - Active Directory, LDAP, RADIUS,
Cyberoam attacks
- Multi-layered Client Authentication - Certificate, - Syslog support
Username/Password - Log Viewer - Firewall, IPS, Web filter, Anti Virus, Anti
- User & Group policy enforcement Spam, Authentication, System and Admin Events
- Network access - Split and Full tunneling
- Browser-based (Portal) Access - Clientless access On-Appliance Cyberoam-iView Reporting Cyberoam TM
- Lightweight SSL VPN Tunneling Client - Integrated Web-based Reporting tool - VIEW
- Granular access control to all the Enterprise Network Cyberoam-iView
resources - 1000+ drilldown reports
- Administrative controls - Session timeout, Dead Peer - 45+ Compliance Reports
Detection, Portal customization - Historical and Real-time reports
- TCP- based Application Access - HTTP, HTTPS, RDP, - Multiple Dashboards
TELNET, SSH - Username, Host, Email ID specific Monitoring
Dashboard
Instant Messaging (IM) Management - Reports - Security, Virus, Spam, Traffic, Policy
- Yahoo and Windows Live Messenger violations, VPN, Search Engine keywords
- Virus Scanning for IM traffic - Multi-format reports - tabular, graphical
- Allow/Block Login - Exportable formats - PDF, Excel
- Allow/Block File Transfer - Automated Report Scheduling
- Allow/Block Webcam
- Allow/Block one-to-one/group chat IPSec VPN Client**
- Content-based blocking - Inter-operability with major IPSec VPN Gateways
- IM activities Log - Supported platforms: Windows 2000, WinXP 32/64-bit,
- Archive files transferred Windows 2003 32-bit, Windows 2008 32/64-bit, Windows
- Custom Alerts Vista 32/64-bit, Windows 7 RC1 32/64-bit
- Import Connection configuration
Wireless WAN
- USB port 3G/4G and Wimax Support Certification
- Primary WAN link - ICSA Firewall - Corporate
- WAN Backup link - Checkmark UTM Level 5 Certification
- VPNC - Basic and AES interoperability
Bandwidth Management - “IPv6 Ready” Gold Logo
- Application and User Identity based Bandwidth
Management Hardware Specifications
- Guaranteed & Burstable bandwidth policy Memory 2GB
- Application & User Identity based Traffic Discovery Compact Flash 4GB
- Multi WAN bandwidth reporting HDD 250GB or higher
- Category-based bandwidth restriction
Compliance
User Identity and Group Based Controls CE
- Access time restriction FCC
- Time and Data Quota restriction UL
- Schedule based Committed and Burstable Bandwidth
- Schedule based P2P and IM Controls
Dimensions
H x W x D (inches) 1.7 x 14.6 x 17.3
Networking H x W x D (cms) 4.4 X 37.2 X 44
- Failover - Automated Failover/Failback, Multi-WAN Weight 5 kg, 11.02 lbs
failover, 3GModem failover
- WRR based load balancing Power
- Policy routing based on Application and User Input Voltage 100-240 VAC
- IP Address Assignment - Static, PPPoE, L2TP, PPTP & Consumption 99W
DDNS Client, Proxy ARP, DHCP server, DHCP relay Total Heat Dissipation (BTU) 338
- Support for HTTP Proxy
- Dynamic Routing: RIP v1& v2, OSPF, BGP, Multicast Environmental
Forwarding Operating Temperature 0 to 40 °C
- Parent Proxy support with FQDN Storage Temperature -25 to 75 °C
- “IPv6 Ready” Gold Logo Relative Humidity (Non condensing) 10 to 90%
High Availability
- Active-Active
- Active-Passive with State Synchronization
- Stateful failover
- Alerts on appliance status change
C o p y r i g h t © 1999-2012 Cyberoam Te c h n o l o g i e s Pvt. L t d. A l l R i g h t s R e s e r v e d.
Cyberoam and Cyberoam logo are registered trademark of Elitecore Technologies Pvt. Ltd. Although
Elitecore has attempted to provide accurate information, Elitecore assumes no responsibility for accuracy
or completeness of information neither is this a legally binding representation. Elitecore has the right to
change,modify, transfer or otherwise revise the publication without notice. PL-10-1000252-100718 Unified Threat Management