1500i datasheet pdf 07-12-09.cdr

Unified Threat Management
Data Sheet
Cyberoam CR1500i
VPNC
CERTIFIED
SSL
Portal
Comprehensive Network
Security for Large Enterprises
SSL
Firefox
VPNC
SSL
JavaScript
CERTIFIED
Basic
Interop
AES
www.check-mark.com
Interop
SSL Basic
Network Extension
SSL Advanced
Network Extension
Cyberoam UTM
Identity-based Security in UTM
Cyberoam CR1500i is an identity-based security appliance that delivers real-time
network protection against evolving Internet threats to large enterprises through
unique user based policies.
Cyberoam attaches the user identity to security, taking
enterprises a step ahead of conventional solutions that bind
security to IP-addresses. Cyberoam's identity-based security
offers full business flexibility while ensuring complete security
in any environment, including DHCP and Wi-Fi, by identifying
individual users within the network-whether they are victims
or attackers.
Large enterprises with limited security like firewall, anti-virus are exposed to Internet
threats. Cyberoam delivers comprehensive protection from malware, virus, spam,
phishing, pharming and more. Its unique identity-based security protects users from
internal threats that lead to data leakage. Cyberoam features include Stateful
Inspection Firewall, VPN (SSL & IPSec), Gateway Anti-Virus and Anti-Spyware,
Gateway Anti-Spam, IPS, Content Filtering, Bandwidth Management, Multiple Link
Management and can be centrally managed with Cyberoam Central Console.
Features
Description
Benefits
Stateful Inspection Firewall
(ICSA Labs Certified)
! Powerful stateful and deep packet inspection
! Fusion technology blends all the components of Cyberoam into
a single firewall policy
! Prevents DoS & flooding attacks from internal & external sources
! Identity-based access control for applications like P2P, IM
! Application layer protection
! Provides the right balance of security, connectivity and
productivity
! Flexibility to set policies by user identity
! High scalability
Virtual Private Network
!
!
!
!
Threat Free Tunneling
Industry standard: IPSec, SSL, L2TP, PPTP VPN
VPN High Availability for IPSec and L2TP connections
Dual VPNC Certifications - Basic and AES Interop
!
!
!
!
Safe and clean VPN traffic
Secure connectivity to branch offices and remote users
Low cost remote connectivity over the Internet
Effective failover management with defined connection
priorities
Gateway Anti-Virus
& Anti-Spyware
!
!
!
!
Scans HTTP, FTP, IMAP, POP3 and SMTP traffic
Detects and removes viruses, worms and Trojans
Access to quarantined mails to key executives
Instant user identification in case of HTTP threats
!
!
!
!
Complete protection of traffic over all protocols
High business flexibility
Protection of confidential information
Real-time security
Gateway Anti-Spam
!
!
!
!
!
Scans SMTP, POP3 and IMAP traffic for spam
Detects, tags and quarantines spam mail
Enforces black and white lists
Virus Outbreak Protection
Content-agnostic spam protection including Image-spam
using Recurrent Pattern Detection (RPDTM) Technology
! Spam Notification through Digest
! IP Reputation-based Spam filtering
!
!
!
!
!
!
Enhances productivity
High business flexibility
Protection from emerging threats
High scalability
Zero hour protection incase of virus outbreaks
Multi-language and Multi-format spam detection
Intrusion Prevention
System - IPS
! Database of over 3000 signatures
! Multi-policy capability with policies based on default & custom
signatures, source and destination
! Prevents intrusion attempts, DoS attacks, malicious code,
backdoor activity and network-based blended threats
! Blocks anonymous proxies with HTTP proxy signatures
! Blocks “phone home” activities
!
!
!
!
Low false positives
Real-time Security in dynamic environments like DHCP and Wi-Fi
Offers instant user-identification in case of internal threats
Apply IPS policies on users
Content &
Application Filtering
! Automated web categorization engine blocks non-work sites
based on millions of sites in over 82+ categories
! URL Filtering for HTTP & HTTPS protocols
! Hierarchy, department, group, user-based filtering policies
! Time-based access to pre-defined sites
! Prevents downloads of streaming media, gaming, tickers, ads
! Supports CIPA compliance for schools and libraries
!
!
!
!
!
!
!
Prevents exposure of network to external threats
Blocks access to restricted websites
Ensures regulatory compliance
Saves bandwidth and enhances productivity
Protects against legal liability
Ensures the safety and security of minors online
Enables schools to qualify for E-rate funding
Bandwidth Management
! Committed and burstable bandwidth by hierarchy,
departments, groups & users
! Category-based Bandwidth restriction
! Prevents bandwidth congestion
! Prioritizes bandwidth for critical applications
Multiple Link Management
! Security over multiple ISP links using a single appliance
! Load balances traffic based on weighted round robin distribution
! Link Failover automatically shifts traffic from a failed link to a
working link
!
!
!
!
On-Appliance Reporting
! Complete Reporting Suite available on the Appliance
! Traffic discovery offers real-time reports
! Reporting by username
! Reduced TCO as no additional purchase required
! Instant and complete visibility into patterns of usage
! Instant identification of victims and attackers in internal network
www.cyberoam.com
Easy to manage security over multiple links
Controls bandwidth congestion
Optimal use of low-cost links
Ensures business continuity
Specification
Bandwidth Management
Application and User Identity based Bandwidth Management
Guaranteed & Burstable bandwidth policy
Application & User Identity based Traffic Discovery
Multi WAN bandwidth reporting
Category-based Bandwidth restriction
Yes
Yes
Yes
Yes
Yes
User Identity and Group Based Controls
Access time restriction
Time and Data Quota restriction
Schedule based Committed and Burstable Bandwidth
Schedule based P2P and IM Controls
Yes
Yes
Yes
Yes
Networking
Multiple Link Auto Failover
WRR based Load balancing
Policy routing based on Application and User
DDNS/PPPoE Client
Support for HTTP Proxy
Dynamic Routing: RIP v1& v2, OSPF, BGP, Multicast Forwarding
Parent Proxy support with FQDN
DHCP Server and Relay
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
High Availability
Active-Active
Active-Passive with state synchronization
Stateful Failover
Alert on Appliance Status change
Yes
Yes
Yes
Yes
Gateway Anti-Virus & Anti-Spyware
Virus, Worm, Trojan Detection & Removal
Spyware, Malware, Phishing protection
Automatic virus signature database update
Scans HTTP, FTP, SMTP, POP3, IMAP, VPN Tunnels
Customize individual user scanning
Self Service Quarantine area
Scan and deliver by file size
Block by file types
Add disclaimer/signature
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Gateway Anti-Spam
Real-time Blacklist (RBL), MIME header check
Filter based on message header, size, sender, recipient
Subject line tagging
IP address Black list/White list
Redirect spam mails to dedicated email address
Image-based spam filtering using RPD Technology
Zero hour Virus Outbreak Protection
Self Service Quarantine area
Spam Notification through Digest
IP Reputation-based Spam filtering
Administration & System Management
Web-based configuration wizard
Role-based administration
Multiple administrators and user levels
Upgrades & changes via Web UI
Multi-lingual support: Chinese, Hindi, French
Web UI (HTTPS)
Command line interface (Serial, SSH, Telnet)
SNMP (v1, v2c, v3)
Cyberoam Central Console
Version Rollback
NTP Support
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
User Authentication
Local database
Windows Domain Control & Active Directory Integration
Automatic Windows Single Sign On
External LDAP/RADIUS database Integration
User/MAC Binding
Yes
Yes
Yes
Yes
Yes
Logging/Monitoring
Internal HDD
Graphical real-time and historical monitoring
Email notification of reports, viruses and attacks
Syslog support
Yes
Yes
Yes
Yes
On-Appliance Reporting
Intrusion events reports
Policy violations reports
Web Category reports (user, content type)
Search Engine Keywords reporting
Data transfer reporting (By Host, Group & IP Address)
Virus reporting by User and IP Address
Compliance Reports
Yes
Yes
Yes
Yes
Yes
Yes
45+
Interfaces
10/100/1000 GBE Ports
Configurable Internal/DMZ/WAN Ports
Console Ports (RJ45/DB9)
SFP (Mini GBIC) Ports
USB Ports
Hardware Bypass Segments
10
Yes
1
2
2
2
System Performance*
Firewall throughput (Mbps)
New sessions/second
Concurrent sessions
168-bit Triple-DES/AES throughput (Mbps)
Antivirus throughput (Mbps)
IPS throughput (Mbps)
UTM throughput (Mbps)
6Gbps
40,000
1,000,000
600/750
900
2500
750
Stateful Inspection Firewall
Multiple Zones security with separate levels of access rule
enforcement for each zone
Rules based on the combination of User, MAC, Source &
Destination Zone and IP address and Service
Actions include policy based control for IPS, Content
Filtering, Anti virus, Anti spam and Bandwidth Management
Access Scheduling
Policy based Source & Destination NAT
H.323 NAT Traversal
802.1q VLAN Support
DoS & DDoS Attack prevention
MAC & IP-MAC filtering and Spoof prevention
Intrusion Prevention System
Signatures: Default (3000+), Custom
IPS Policies: Multiple, Custom
User-based policy creation
Automatic real-time updates from CRProtect networks
Protocol Anomaly Detection
Block
- P2P applications e.g. Skype
- Anonymous proxies e.g. UItra surf
- “Phone home” activities
- Keylogger
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Content & Application Filtering
Inbuilt Web Category Database
URL, keyword, File type block
Categories: Default(82+), Custom
Protocols supported: HTTP, HTTPS
Block Malware, Phishing, Pharming URLs
Custom block messages per category
Block Java Applets, Cookies, Active X
CIPA Compliant
Data leakage control via HTTP upload
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
VPN Client
IPSec compliant
Inter-operability with major IPSec VPN Gateways
Supported platforms: Windows 98, Me, NT4, 2000, XP, Vista
Import Connection configuration
Yes
Yes
Yes
Yes
Certification
ICSA Firewall - Corporate
VPNC - Basic and AES interoperability
Checkmark UTM Level 5 Certification
Yes
Yes
Yes
Virtual Private Network - VPN
IPSec, L2TP, PPTP
Encryption - 3DES, DES, AES, Twofish, Blowfish, Serpent
Hash Algorithms - MD5, SHA-1
Authentication - Preshared key, Digital certificates
IPSec NAT Traversal
Dead peer detection and PFS support
Diffie Hellman Groups - 1,2,5,14,15,16
External Certificate Authority support
Export Road Warrior connection configuration
Domain name support for tunnel end points
VPN connection redundancy
Overlapping Network support
Hub & Spoke VPN support
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Compliance
CE
FCC
Yes
Yes
Dimensions
H x W x D (inches)
H x W x D (cms)
Weight
3.46 x 16.7 x 20.9
8.8 x 42.4 x 53.1
15.2 kg, 33.51 lbs
Power
Input Voltage
Consumption
Total Heat Dissipation (BTU)
90-264 VAC
210W
718
Environmental
Operating Temperature
Storage Temperature
Relative Humidity (Non condensing)
Cooling System - Fans
0 to 40 °C
-20 to 80 °C
10 to 90%
7
SSL VPN
TCP & UDP Tunneling
Authentication - Active Directory, LDAP, RADIUS, Cyberoam
Multi-layered Client Authentication - Certificate, Username/Password
User & Group policy enforcement
Network access - Split and Full tunneling
Browser-based (Portal) Access - Clientless access
Lightweight SSL VPN Tunneling Client
Granular access control to all the Enterprise Network resources
Administrative controls - Session timeout, Dead Peer Detection,
Portal customization
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
*Antivirus, IPS and UTM performance is measured based on HTTP traffic as per RFC 3511 guidelines. Actual performance may vary depending on the real network traffic environments.
Toll Free Numbers
USA : +1-877-777-0368 | India : 1-800-301-00013
APAC/MEA : +1-877-777-0368 | Europe : +44-808-120-3958
www.cyberoam.com I sales@cyberoam.com
C o p y r i g h t © 1999-2009 E l i t e c o r e Te c h n o l o g i e s L t d. A l l R i g h t s R e s e r v e d.
Cyberoam and Cyberoam logo are registered trademark of Elitecore Technologies Ltd. Although Elitecore
has attempted to provide accurate information, Elitecore assumes no responsibility for accuracy or
completeness of information neither is this a legally binding representation. Elitecore has the right to
change,modify, transfer or otherwise revise the publication without notice.
PL-10-96034-091117
Unified Threat Management
Elitecore Product
Download PDF