Unified Threat Management

Data Sheet

Cyberoam CR50i
Comprehensive Network Security for Small and Remote Offices
Cyberoam UTM
Cyberoam CR50i is an identity-based security appliance that delivers real-time network protection against evolving Internet threats to Small Office-Home Office (SOHO) and Remote Office Branch Office (ROBO) users. Small, remote offices with limited security like firewall, anti-virus are exposed to Internet threats. Cyberoam delivers comprehensive protection from malware, virus, spam, phishing, pharming and more. Its unique identity-based security protects users from internal threats that lead to data leakage. Cyberoam features include Stateful Inspection Firewall, VPN (SSL VPN & IPSec), Gateway Anti-Virus and Anti-Spyware, Gateway Anti-Spam, IPS, Content Filtering, Bandwidth Management, Multiple Link Management and can be centrally managed with Cyberoam Central Console.
VPNC
CERTIFIED
Basic

VPNC
CERTIFIED
SSL Portal SSL Exchange SSL Firefox SSL JavaScript SSL Basic Network Extension SSL Advanced Network Extension

Interop
AES
www.check-mark.com

Interop

Identity-based Security in UTM

Features
Stateful Inspection Firewall (ICSA Labs Certified)

Description
! Powerful stateful and deep packet inspection ! Fusion technology blends all the components of Cyberoam into a single firewall policy ! Prevents DoS & flooding attacks from internal & external sources ! Identity-based access control for applications like P2P, IM ! ! ! ! ! ! ! ! ! ! ! ! ! Threat Free Tunneling Industry standard: IPSec, SSL, L2TP, PPTP VPN VPN High Availability for IPSec and L2TP connections Dual VPNC Certifications - Basic and AES Interop

Benefits
! Application layer protection ! Provides the right balance of security, connectivity and productivity ! Flexibility to set policies by user identity ! High scalability ! ! ! ! ! ! ! ! ! ! ! ! ! ! Safe and clean VPN traffic Secure connectivity to branch offices and remote users Low cost remote connectivity over the Internet Effective failover management with defined connection priorities Complete protection of traffic over all protocols High business flexibility Protection of confidential information Real-time security Enhances productivity High business flexibility Protection from emerging threats High scalability Zero hour protection incase of virus outbreaks Multi-language and Multi-format spam detection

Virtual Private Network

Gateway Anti-Virus & Anti-Spyware

Scans HTTP, FTP, IMAP, POP3 and SMTP traffic Detects and removes viruses, worms and Trojans Access to quarantined mails to key executives Instant user identification in case of HTTP threats

Gateway Anti-Spam

Scans SMTP, POP3 and IMAP traffic for spam Detects, tags and quarantines spam mail Enforces black and white lists Virus Outbreak Protection Content-agnostic spam protection including Image-spam using Recurrent Pattern Detection (RPDTM) Technology ! Spam Notification through Digest ! IP Reputation-based Spam filtering ! Database of over 3000 signatures ! Multi-policy capability with policies based on default & custom signatures, source and destination ! Prevents intrusion attempts, DoS attacks, malicious code, backdoor activity and network-based blended threats ! Blocks anonymous proxies with HTTP proxy signatures ! Blocks phone home activities ! Automated web categorization engine blocks non-work sites based on millions of sites in over 82+ categories ! URL Filtering for HTTP & HTTPS protocols ! Hierarchy, department, group, user-based filtering policies ! Time-based access to pre-defined sites ! Prevents downloads of streaming media, gaming, tickers, ads ! Supports CIPA compliance for schools and libraries ! Committed and burstable bandwidth by hierarchy, departments, groups & users ! Category-based Bandwidth restriction ! Security over multiple ISP links using a single appliance ! Load balances traffic based on weighted round robin distribution ! Link Failover automatically shifts traffic from a failed link to a working link ! Complete Reporting Suite available on the Appliance ! Traffic discovery offers real-time reports ! Reporting by username

Intrusion Prevention System - IPS

! ! ! !

Low false positives Real-time Security in dynamic environments like DHCP and Wi-Fi Offers instant user-identification in case of internal threats Apply IPS policies on users

Content & Application Filtering

! ! ! ! ! ! !

Prevents exposure of network to external threats Blocks access to restricted websites Ensures regulatory compliance Saves bandwidth and enhances productivity Protects against legal liability Ensures the safety and security of minors online Enables schools to qualify for E-rate funding

Bandwidth Management

! Prevents bandwidth congestion ! Prioritizes bandwidth for critical applications ! ! ! !

Multiple Link Management

Easy to manage security over multiple links Controls bandwidth congestion Optimal use of low-cost links Ensures business continuity

On-Appliance Reporting

! Reduced TCO as no additional purchase required ! Instant and complete visibility into patterns of usage ! Instant identification of victims and attackers in internal network

www.cyberoam.com

Specification
Interfaces 10/100 Ethernet Ports 10/100/1000 GBE Ports Configurable Internal/DMZ/WAN Ports Console Ports (RJ45/DB9) SFP (Mini GBIC) Ports USB Ports Hardware Bypass Segments System Performance* Firewall throughput (Mbps) New sessions/second Concurrent sessions 168-bit Triple-DES/AES throughput (Mbps) Antivirus throughput (Mbps) IPS throughput (Mbps) UTM throughput (Mbps) Stateful Inspection Firewall Multiple Zones security with separate levels of access rule enforcement for each zone Rules based on the combination of User, MAC, Source & Destination Zone and IP address and Service Actions include policy based control for IPS, Content Filtering, Anti virus, Anti spam and Bandwidth Management Access Scheduling Policy based Source & Destination NAT H.323 NAT Traversal 802.1q VLAN Support DoS & DDoS Attack prevention MAC & IP-MAC filtering and Spoof prevention Gateway Anti-Virus & Anti-Spyware Virus, Worm, Trojan Detection & Removal Spyware, Malware, Phishing protection Automatic virus signature database update Scans HTTP, FTP, SMTP, POP3, IMAP, VPN Tunnels Customize individual user scanning Self Service Quarantine area Scan and deliver by file size Block by file types Add disclaimer/signature Gateway Anti-Spam Real-time Blacklist (RBL), MIME header check Filter based on message header, size, sender, recipient Subject line tagging IP address Black list/White list Redirect spam mails to dedicated email address Image-based spam filtering using RPD Technology Zero hour Virus Outbreak Protection Self Service Quarantine area Spam Notification through Digest IP Reputation-based Spam filtering Intrusion Prevention System Signatures: Default (3000+), Custom IPS Policies: Multiple, Custom User-based policy creation Automatic real-time updates from CRProtect networks Protocol Anomaly Detection Block - P2P applications e.g. Skype - Anonymous proxies e.g. UItra surf - Phone home activities - Keylogger Content & Application Filtering Inbuilt Web Category Database URL, keyword, File type block Categories: Default(82+), Custom Protocols supported: HTTP, HTTPS Block Malware, Phishing, Pharming URLs Custom block messages per category Block Java Applets, Cookies, Active X CIPA Compliant Data leakage control via HTTP upload Virtual Private Network - VPN IPSec, L2TP, PPTP Encryption - 3DES, DES, AES, Twofish, Blowfish, Serpent Hash Algorithms - MD5, SHA-1 Authentication - Preshared key, Digital certificates IPSec NAT Traversal Dead peer detection and PFS support Diffie Hellman Groups - 1,2,5,14,15,16 External Certificate Authority support Export Road Warrior connection configuration Domain name support for tunnel end points VPN connection redundancy Overlapping Network support Hub & Spoke VPN support SSL VPN TCP & UDP Tunneling Authentication - Active Directory, LDAP, RADIUS, Cyberoam Multi-layered Client Authentication - Certificate, Username/Password User & Group policy enforcement Network access - Split and Full tunneling Browser-based (Portal) Access - Clientless access Lightweight SSL VPN Tunneling Client Granular access control to all the Enterprise Network resources Administrative controls - Session timeout, Dead Peer Detection, Portal customization 4 Yes 1 4 175 3,000 220,000 50/60 40 100 35 Bandwidth Management Application and User Identity based Bandwidth Management Guaranteed & Burstable bandwidth policy Application & User Identity based Traffic Discovery Multi WAN bandwidth reporting Category-based Bandwidth restriction User Identity and Group Based Controls Access time restriction Time and Data Quota restriction Schedule based Committed and Burstable Bandwidth Schedule based P2P and IM Controls Networking Multiple Link Auto Failover WRR based Load balancing Policy routing based on Application and User DDNS/PPPoE Client Support for HTTP Proxy Dynamic Routing: RIP v1& v2, OSPF, BGP, Multicast Forwarding Parent Proxy support with FQDN DHCP Server and Relay High Availability Active-Active Active-Passive with state synchronization Stateful Failover Alert on Appliance Status change Administration & System Management Web-based configuration wizard Role-based administration Multiple administrators and user levels Upgrades & changes via Web UI Multi-lingual support: Chinese, Hindi, French Web UI (HTTPS) Command line interface (Serial, SSH, Telnet) SNMP (v1, v2c, v3) Cyberoam Central Console Version Rollback NTP Server Support User Authentication Local database Windows Domain Control & Active Directory Integration Automatic Windows Single Sign On External LDAP/RADIUS database Integration User/MAC Binding Logging/Monitoring Internal HDD Graphical real-time and historical monitoring Email notification of reports, viruses and attacks Syslog support On-Appliance Reporting Intrusion events reports Policy violations reports Web Category reports (user, content type) Search Engine Keywords reporting Data transfer reporting (By Host, Group & IP Address) Virus reporting by User and IP Address Compliance Reports VPN Client IPSec compliant Inter-operability with major IPSec VPN Gateways Supported platforms: Windows 98, Me, NT4, 2000, XP, Vista Import Connection configuration Certification ICSA Firewall - Corporate VPNC - Basic and AES interoperability Checkmark UTM Level 5 Certification Compliance CE FCC Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes 45+ Yes Yes Yes Yes Yes Yes Yes Yes Yes

Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

Dimensions H x W x D (inches) H x W x D (cms) Weight Power Input Voltage Consumption Total Heat Dissipation (BTU) Environmental Operating Temperature Storage Temperature Relative Humidity (Non condensing) Cooling System Fans

1.72 x 16.8 x 9.1 4.4 x 42.7 x 23.5 4 kg, 8.82 lbs 110-240 VAC 25.09W 0 to 40 C -20 to 80 C 10 to 90% 2

*Antivirus, IPS and UTM performance is measured based on HTTP traffic as per RFC 3511 guidelines. Actual performance may vary depending on the real network traffic environments.

Toll Free Numbers USA : +1-877-777-0368 | India : 1-800-301-00013 APAC/MEA : +1-877-777-0368 | Europe : +44-808-120-3958

C o p y r i g h t 1999-2009 E l i t e c o r e Te c h n o l o g i e s L t d. A l l R i g h t s R e s e r v e d. Cyberoam and Cyberoam logo are registered trademark of Elitecore Technologies Ltd. Although Elitecore has attempted to provide accurate information, Elitecore assumes no responsibility for accuracy or completeness of information neither is this a legally binding representation. Elitecore has the right to change,modify, transfer or otherwise revise the publication without notice. PL-10-96034-091117

Unified Threat Management

www.cyberoam.com

I [email protected]

Elitecore Product