Cyberoam CR100iNG UTM Firewall

Cyberoam CR100iNG UTM Firewall

The Cyberoam CR100iNG can offer unmatched throughput speeds, compared to any other UTM appliance in this market segment. The CR100iNG is a Next-Generation network security appliance that includes UTM security. The Cyberoam CR100iNG for SMEs is the “fastest UTM” made for this segment. 

Cyberoam CR100iNG Key Features

• Copper GbE Ports 8
• Firewall throughput (UDP) (Mbps) 4,500
• Concurrent sessions 1,250,000
• Anti-Virus throughput (Mbps) 1,400

With the Cyberoam NG series, businesses get assured Security, Connectivity and Productivity. The Layer 8 Technology treats User-Identity as the 8th Layer or the HUMAN layer in the protocol stack. It attaches User-Identity to security, which adds speed to an organization’s security by offering instant visibility into the source of attacks by username rather than only IP address. Cyberoam’s Extensible Security Architecture (ESA) supports feature enhancements that can be developed rapidly and deployed with minimum efforts, offering future-ready security to organisations.

Cyberoam CR100iNG UTM Firewall Technical Specifications

Interfaces

• Copper GbE Ports 8
• Configurable Internal/DMZ/WAN Ports Yes
• Console Ports (Rj45) 1
• USB Ports 2
• Hardware Bypass Segment 2

System Performance

• Firewall Throughput (UDP) (Mbps) 4,500
• Firewall Throughput (TCP) (Mbps) 3,500
• New sessions/second 45,000
• Concurrent sessions 1,250,000
• IPSec VPN Throughput (Mbps) 450
• No. of IPSec Tunnels 250
• SSLVPN Throughput (Mbps) 400
• WAF Protected Throughput (Mbps) 500
• Anti-Virus Throughput (Mbps) 1400
• IPS Throughput (Mbps) 1,200
• UTM Throughput (Mbps) 750

Stateful Inspection Firewall

• Layer 8 (User - Identity) Firewall
• Multiple Security Zones
• Access Control Criteria (ACC) - User - Identity, Source &
  Destination Zone, MAC and IP address, Service
• UTM policies - IPS, Web Filtering, Application Filtering,
  Anti-Virus, Anti-Spam and Bandwidth Management
• Layer 7 (Application) Control & Visibility
• Access Scheduling
• Policy based Source & Destination NAT
• H.323, SIP NATTraversal
• 802.1q VLAN Support
• DoS & DDoSAttack prevention
• MAC & IP-MAC filtering and Spoof prevention

GatewayAnti-Virus &Anti-Spyware

• Virus, Worm, Trojan: Detection & Removal
• Spyware, Malware, Phishing protection
• Automatic virus signature database update
• Scans HTTP, HTTPS, FTP, SMTP, POP3, IMAP, IM,
  VPN Tunnels
• Customize individual user scanning
• Self Service Quarantine area
• Scan and deliver by file size
• Block by file types
• Add disclaimer/signature

GatewayAnti-Spam

• Inbound/Outbound Scanning
• Real-time Blacklist (RBL), MIME header check
• Filter based on message header, size, sender, recipient
• Subject line tagging
• IP address Black list/White list
• Redirect Spam mails to dedicated email address
• Image-based Spam filtering using RPD Technology
• Zero hour Virus Outbreak Protection
• Self Service Quarantine area
• Spam Notification through Digest
• IP Reputation-based Spam filtering

Intrusion Prevention System

• Signatures: Default (4500+), Custom
• IPS Policies: Multiple, Custom
• User-based policy creation
• Automatic real-time updates from CRProtect networks
• ProtocolAnomaly Detection
• DDoS attack prevention
• SCADA-aware IPS with pre-defined category for ICS and
• SCADAsignatures

Web Filtering

• Inbuilt Web Category Database
• URL, keyword, File type block
• Categories: Default(82+), Custom
• Protocols supported: HTTP, HTTPS
• Block Malware, Phishing, Pharming URLs
• Schedule-based access control
• Custom block messages per category
• Block JavaApplets, Cookies,Active X
• CIPA Compliant
• Data leakage control via HTTP, HTTPS upload

Application Filtering

• InbuiltApplication Category Database
• 11+ Application Categories: e.g. Gaming, IM, P2P
• Schedule-based access control
• Block
• P2P applications e.g. Skype
• Anonymous proxies e.g. UItra surf
• “Phone home” activities
• Layer 7 (Applications) & Layer 8 (User - Identity) Visibility
• Securing SCADA Networks
• SCADA/ICS Signature-based Filtering for Protocols
• Modbus, DNP3, IEC, Bacnet, Omron FINS, Secure
  DNP3, Longtalk
• Control various Commands and Functions

Web Application Firewall

• Positive Protection model
• Unique "Intuitive Website Flow Detector" technology
• Protection against SQL Injections, Cross-site Scripting
  (XSS), Session Hijacking, URL Tampering, Cookie
  Poisoning
• Support for HTTP 0.9/1.0/1.1
• Extensive Logging & Reporting

Virtual Private Network

• IPSec, L2TP, PPTP
• Encryption - 3DES, DES, AES, Twofish, Blowfish,
  Serpent
• HashAlgorithms - MD5, SHA-1
• Authentication - Preshared key, Digital certificates
• IPSec NATTraversal
• Dead peer detection and PFS support
• Diffie Hellman Groups - 1,2,5,14,15,16
• External CertificateAuthority support
• Export Road Warrior connection configuration
• Domain name support for tunnel end points
• VPN connection redundancy
• Overlapping Network support
• Hub & Spoke VPN support