Cyberoam CR500iNG-XP Firewall

Cyberoam CR500iNG-XP Firewall – Technical Specifications

Interfaces

• Maximum number of Available Ports 24
• Fixed Copper GbE Ports 8
• Number of Slots for FleXi Ports Module 2
• Port options per FleXi Ports Module*** 8 / 8 / 4
• (GbE Copper/GbE Fiber/10GbE Fiber)
• Console Ports (RJ45) 1
• Configurable Internal/DMZ/WAN Ports Yes
• USB Ports 2
• # Hardware Bypass Segment 2

System Performance*

• Firewall Throughput (UDP) (Mbps) 18,000
• Firewall Throughput (TCP) (Mbps) 16,000
• New sessions/second 100,000
• Concurrent sessions 2,500,000
• IPSec VPN Throughput (Mbps) 1,500
• No. of IPSecTunnels 1,000
• SSLVPN Throughput (Mbps) 650
• WAF Protected Throughput (Mbps) 1,500
• Anti-Virus Throughput (Mbps) 3,500
• IPS Throughput (Mbps) 4,500
• NGFW Throughput (Mbps)**** 3,250
• Fully Protected Throughput (Mbps)***** 1,650

Stateful Inspection Firewall

• Layer 8 (User – Identity) Firewall
• Multiple Security Zones
• Location-aware and Device-aware Identity-based Access
  Control Policy
• Access Control Criteria (ACC): User-Identity, Source and
  Destination Zone, MAC and IP address, Service
• Security policies – IPS, Web Filtering, Application
  Filtering, Anti-virus, Anti-spam and QoS
• Country-based Traffic Control
• Access Scheduling
• Policy based Source and Destination NAT, Gateway
• Specific NAT Policy
• H.323, SIP NAT Traversal
• DoS and DDoS attack prevention
• MAC and IP-MAC filtering
• Spoof Prevention

Intrusion Prevention System

• Signatures: Default (4500+), Custom
• IPS Policies: Pre-configured Zone-based multiple policies, Custom
• Filter based selection: Category, Severity, Platform and
  Target (Client/Server)
• IPS actions: Recommended, Allow Packet, Drop Packet,
  Disable, Drop Session, Reset, Bypass Session
• User-based policy creation
• Automatic signature updates via Cyberoam Threat
  Research Labs
• Protocol Anomaly Detection
• SCADA-aware IPS with pre-defined category for ICS and SCADA signatures

Gateway Anti-Virus & Anti-Spyware

• Virus, Worm, Trojan Detection and Removal
• Spyware, Malware, Phishing protection
• Automatic virus signature database update
• Scans HTTP, HTTPS, FTP, SMTP/S, POP3, IMAP, IM, VPN Tunnels
• Customize individual user scanning
• Self Service Quarantine area
• Scan and deliver by file size
• Block by file types

Gateway Anti-Spam

• Inbound and Outbound Scanning
• Real-time Blacklist (RBL), MIME header check
• Filter based on message header, size, sender, recipient
• Subject line tagging
• Language and Content-agnostic spam protection using RPD Technology
• Zero Hour Virus Outbreak Protection
• Self Service Quarantine area
• IP address Black list/White list-
• Spam Notification through Digest
• IP Reputation based Spam filtering

Web Filtering

• On-Cloud Web Categorization
• Controls based on URL, Keyword and File type
• Web Categories: Default (89+), External URL Database,
  Custom
• Protocols supported: HTTP, HTTPS-
• Block Malware, Phishing, Pharming URLs
• Block Java Applets, Cookies, Active X, Google Cache
  pages
• CIPA Compliant
• Data leakage control by blocking HTTP and HTTPS
  upload
• Schedule-based access control
  Custom Denied Message per Web Category
• Safe Search enforcement, YouTube for Schools

Application Filtering

• Layer 7 (Applications) & Layer 8 (User – Identity) Control and Visibility
• Inbuilt Application Category Database
• Control over 2,000+ Applications classified in 21
  Categories
• Filter based selection: Category, Risk Level, Characteristics and Technology
• Schedule-based access control
• Visibility and Controls for HTTPS based Micro-Apps like Facebook chat, Youtube video upload
• Securing SCADA Networks
• SCADA/ICS Signature-based Filtering for Protocols
• Modbus, DNP3, IEC, Bacnet, Omron FINS, Secure
• DNP3, Longtalk
• Control various Commands and Functions

Web Application Firewall

• Positive Protection model
• Unique “Intuitive Website Flow Detector” technology
• Protection against SQL Injections, Cross-site Scripting (XSS), Session Hijacking, URL Tampering, Cookie
  Poisoning etc.
• Support for HTTP 0.9/1.0/1.1
• Back-end servers supported: 5 to 300 servers

Virtual Private Network

• IPSec, L2TP, PPTP
  Encryption – 3DES, DES, AES, Twofish, Blowfish, Serpent
• Hash Algorithms – MD5, SHA-1
• Authentication: Preshared key, Digital certificates
• IPSec NAT Traversal
• Dead peer detection and PFS support
• Diffie Hellman Groups – 1, 2, 5, 14, 15, 16
• External Certificate Authority support
• Export Road Warrior connection configuration
• Domain name support for tunnel end points
• VPN connection redundancy
• Overlapping Network support
• Hub & Spoke VPN support
• Threat Free Tunnelling (TFT) Technology

SSL VPN

• TCP & UDP Tunnelling
• Authentication – Active Directory, LDAP, RADIUS,
  Cyberoam (Local)
• Multi-layered Client Authentication – Certificate,
  Username/Password
• User & Group policy enforcement
• Network access – Split and Full tunnelling
• Browser-based (Portal) Access – Clientless access
• Lightweight SSL VPN Tunnelling Client
• Granular access control to all the enterprise network
  resources
• Administrative controls – Session timeout, Dead Peer
  Detection, Portal customization
• TCP based Application Access – HTTP, HTTPS, RDP,
  TELNET, SSH

Wireless WAN

• USB port 3G/4G and WiMAX Support
• Primary WAN link
• WAN Backup link

Bandwidth Management

• Application, Web Category and Identity based Bandwidth Management
• Guaranteed & Burstable bandwidth policy
• Application & User Identity based Traffic Discovery
• Data Transfer Report for multiple Gateways

Networking

• WRR based Multilink Load Balancing
• Automated Failover/Failback
• Interface types: Alias, Multiport Bridge, LAG (port trunking), VLAN, WWAN, TAP
• DNS-based inbound load balancing
• IP Address Assignment – Static, PPPoE (with Schedule
  Management), L2TP, PPTP & DDNS, Client, Proxy ARP,
  Multiple DHCP Servers support, DHCP relay
• Supports HTTP Proxy, Parent Proxy with FQDN
• Dynamic Routing: RIP v1& v2, OSPF, BGP, PIM-SIM,
  Multicast Forwarding
• Support of ICAP to integrate third-party DLP, Web
  Filtering and AV applications
• Discover mode for PoC Deployments
• IPv6 Support:
• Dual Stack Architecture: Support for IPv4 and IPv6
  Protocols
• Management over IPv6
• IPv6 Route: Static and Source
• IPv6 tunneling (6in4, 6to4, 6rd, 4in6)
• Alias and VLAN
• DNSv6 and DHCPv6 Services
  Firewall security over IPv6 traffic
• High Availability for IPv6 networks

High Availability

• Active-Active
• Active-Passive with state synchronization
• Stateful Failover with LAG Support

Administration & System Management

• Web-based configuration wizard
• Role-based Access control
• Support of API
• Firmware Upgrades via Web UI
• Web 2.0 compliant UI (HTTPS)
• UI Color Styler
• Command Line Interface (Serial, SSH, Telnet)
• SNMP (v1, v2c)
• Multi-lingual : English, Chinese, Hindi, French, Japanese
• Cyberoam Central Console (Optional)

User Authentication

• Internal database
• AD Integration and OU-based Security Policies
• Automatic Windows/RADIUS Single Sign On
• External LDAP/LDAPS/RADIUS database Integration
• Thin Client support
• 2-factor authentication: 3rd party support**
• SMS (Text-based) Authentication
• Layer 8 Identity over IPv6
• Secure Authentication – AD, LDAP, Radius
• Clientless Users
• Authentication using Captive Portal

Logging/Monitoring

• Real-time and historical Monitoring
• Log Viewer – IPS, Web filter, WAF, Anti-Virus, Anti-Spam,
  Authentication, System and Admin Events
• Forensic Analysis with quick identification of network
  attacks and other traffic anomalies
• Syslog support
• 4-eye Authentication

On-Appliance Cyberoam-iView Reporting

• Integrated Web-based Reporting tool
• 1,200+ drilldown reports
• Compliance reports – HIPAA, GLBA, SOX, PCI, FISMA
• Zone based application reports
• Historical and Real-time reports
• Default Dashboards: Traffic and Security
• Username, Host, Email ID specific Monitoring Dashboard
• Reports – Application, Internet & Web Usage, Mail Usage,
  Attacks, Spam, Virus, Search Engine, User Threat
  Quotient (UTQ) for high risk users and more
• Client Types Report including BYOD Client Types
• Multi-format reports – tabular, graphical
• Export reports in – PDF, Excel, HTML
• Email notification of reports
• Report customization – (Custom view and custom logo)
• Supports 3rd party PSA Solution – ConnectWise

IPSec VPN Client***

• Inter-operability with major IPSec VPN Gateways
• Import Connection configuration

Certification

• Common Criteria – EAL4+
• ICSA Firewall – Corporate
• Checkmark Certification
• VPNC – Basic and AES interoperability
• IPv6 Ready Gold Logo
• Global Support Excellence – ITIL compliance (ISO 20000)

Hardware Specifications

• Memory 4GB
• Compact Flash 4GB
• HDD 250GB or higher

Compliance

• CE
• FCC
• UL

Dimensions

• H x W x D (inches) – 1.7 x 17.3 x 11.85
• H x W x D (cms) – 4.4 X 43.9 X 30.1
• Weight – 5.1 kg, 11.24 lbs

Power

• Input Voltage – 100-240 VAC
• Consumption – 208W
• Total Heat Dissipation (BTU) – 345

Environmental

• Operating Temperature – 0 to 40 °C
• Storage Temperature – 0 to 70 °C
• Relative Humidity (Non condensing) – 10 to 90%