Data Sheet

Cyberoam CR1000ia Powerful Unified Threat Management Appliances for Large Enterprises

POWER A B C D CR10 0 0 i a HDD RESET ESC Unified Threat Management CONSOLE ENTER VPNC CERTIFIED M N OP E F G H IJKL SSL Portal SSL Exchange

SSL Firefox VPNC SSL CERTIFIED JavaScript

Basic SSL Basic Interop Network Extension AES SSL Advanced www.check-mark.com Interop Network Extension

Cyberoam Unified Threat Management appliances offer assured security, connectivity and productivity to large enterprises by allowing user identity-based policy controls.

Cyberoam’s User Layer 8 Technology treats user-identity as the 8th Layer or the HUMAN layer in the protocol stack. It attaches user identity to security, taking organizations a step ahead of conventional The only UTM to be solutions that bind security to IP-addresses. This adds speed to an organization’s security by offering ICSA-certified for its instant visibility into the source of attacks by username rather than IP address – allowing immediate remediation to restore security or allowing proactive security. Layer 8 technology functions along with each High Availability of Cyberoam security features to allow creation of identity-based security policies. criteria and to have “IPv6 Ready” Gold Cyberoam’s multi-core technology allows parallel processing of all its security features – ensuring security without compromising performance. Its future-ready Extensible Security Architecture (ESA) offers an logo extensible platform that can grow with the future security needs of an organization without degrading system performance. ESA supports feature enhancements that can be developed rapidly and deployed with minimum efforts.

User Identity-based Security Policy Controls

L8 USER

L7 Application Cyberoam's Layer 8 Technology treats L6 Presentation ASCII, EBCDIC, ICA “User Identity” as the 8th Layer in the protocol stack L5 Session L2TP, PPTP Cyberoam UTM offers security across L4 Transport TCP, UDP Layer 2-Layer 8 using Identity-based policies L3 Network 192.168.1.1

L2 Data Link 00-17-BB-8C-E3-E7

L1 Physical

Cyberoam UTM features assure Security, Connectivity, Productivity

Security Connectivity Productivity

Network Security Business Continuity Employee Productivity - - Multiple Link Management - Content Filtering - Intrusion Prevention System - High Availability - Instant Messaging Archiving & Controls - Wireless security Network Availability IT Resource Optimization Content Security - VPN - Bandwidth Management - Anti-Virus/Anti- - 3G/WiMAX Connectivity - Traffic Discovery - Anti-Spam - Application Layer 7 Management - HTTPS/SSL Content Security Future-ready Connectivity - “IPv6 Ready” Gold Logo Administrator Productivity Administrative Security - Next-Gen UI - Next-Gen UI - iView- Logging & Reporting Specification

Interfaces - Block HighAvailability## 10/100/1000 GBE Ports 12 - P2P applications e.g. Skype -Active-Active Configurable Internal/DMZ/WAN Ports Yes -Anonymous proxies e.g. UItra surf -Active-Passive with state synchronization Console Ports (RJ45/DB9) 1 - “Phone home” activities - Stateful Failover SFP (Mini GBIC) Ports 4 - Keylogger -Alerts onAppliance Status change USB Ports 2 - Layer 7 (Applications) & Layer 8 (User - Identity) Visibility Hardware Bypass Segments 2 Administration & System Management - Web-based configuration wizard System Performance** Virtual Private Network - Role-basedAccess control Firewall Throughput (UDP) (Mbps) 7,500 - IPSec, L2TP,PPTP - Firmware Upgrades via Web UI Firewall Throughput (TCP) (Mbps) 5,500 - Encryption - 3DES, DES, AES, Twofish, Blowfish, - Web 2.0 compliant UI (HTTPS) New sessions/second 50,000 Serpent - UI Color Styler Concurrent sessions 1,200,000 - HashAlgorithms - MD5, SHA-1 - Command line interface (Serial, SSH, Telnet) 168-bit Triple-DES/AES throughput (Mbps) 900/1200 -Authentication - Preshared key, Digital certificates - SNMP (v1, v2c, v3) Antivirus throughput (Mbps) 1,250 - IPSec NAT Traversal, Dead peer detection and PFS - Multi-lingual support: Chinese, Hindi, French, IPS throughput (Mbps) 2,000 support Korean UTM throughput (Mbps) 800 - Diffie Hellman Groups - 1,2,5,14,15,16 - Cyberoam Central Console (Optional) - External CertificateAuthority support - NTP Support Stateful Inspection Firewall - Export Road Warrior connection configuration - Layer 8 (User - Identity) Firewall - Domain name support for tunnel end points User Authentication - VPN connection redundancy - Multiple Security Zones - Internal database - Overlapping Network support - Access Control Criteria (ACC) - User - Identity, Source -Active Directory Integration - Hub & Spoke VPN support & Destination Zone, MAC and IP address, Service -Automatic Windows Single Sign On - UTM policies - IPS, Web Filtering, Application - External LDAP/RADIUS database Integration Filtering, Anti-virus, Anti-spam and Bandwidth SSL VPN - Thin Client support - Microsoft Windows Server 2003 Management - TCP & UDP Tunneling TerminalServices and Citrix XenApp - Layer 7 (Application) Control & Visibility - Authentication - Active Directory, LDAP, RADIUS, - RSAsecurID support -Access Scheduling Cyberoam - ExternalAuthentication - Users andAdministrators - Policy based Source & Destination NAT - Multi-layered Client Authentication - Certificate, - User/MAC Binding - H.323, SIP NATTraversal Username/Password - MultipleAuthentication servers - 802.1q VLAN Support - User & Group policy enforcement - DoS & DDoSAttack prevention - Network access - Split and Full tunneling Logging/Monitoring - MAC & IP-MAC filtering and Spoof prevention - Browser-based (Portal)Access - Clientless access - Graphical real-time and historical monitoring - Lightweight SSLVPN Tunneling Client - Email notification of reports, viruses and attacks GatewayAnti-Virus &Anti-Spyware - Granular access control to all the Enterprise Network - Syslog support - Virus, Worm, Trojan Detection & Removal resources - Log Viewer - IPS, Web filter, Anti Virus, Anti Spam, - Spyware, , Phishing protection - Administrative controls - Session timeout, Dead Peer Authentication, System andAdmin Events -Automatic virus signature database update Detection, Portal customization - Scans HTTP, FTP, SMTP, POP3, IMAP, IM, VPN - TCP- based Application Access - HTTP, HTTPS, On-Appliance Cyberoam-iView Reporting Cyberoam TM Tunnels RDP, TELNET, SSH - Integrated Web-based Reporting tool - VIEW - Customize individual user scanning Cyberoam-iView - Self Service Quarantine area Instant Messaging (IM) Management - 1000+ drilldown reports - Scan and deliver by file size - Yahoo and Windows Live Messenger - 45+ Compliance reports - Block by file types - Virus Scanning for IM traffic - Historical and Real-time reports -Add disclaimer/signature -Allow/Block Login - Multiple Dashboards -Allow/Block File Transfer - Username, Host, Email ID specific Monitoring GatewayAnti-Spam -Allow/Block Webcam Dashboard - Real-time Blacklist (RBL), MIME header check -Allow/Block one-to-one/group Chat - Reports - Security, Spam, Virus, Spam, Traffic, Policy - Filter based on message header, size, sender, - Content-based blocking violations, VPN, Search Engine keywords recipient - IM activities Log - Multi-format reports - tabular, graphical - Subject line tagging -Archive files transferred - Exportable formats - PDF,Excel - IP address Black list/White list - CustomAlerts -Automated Report Scheduling - Redirect spam mails to dedicated email address - Image-based spam filtering using RPD Technology Wireless WAN # IPSec VPN Client*** - Zero hour Virus Outbreak Protection - USB port 3G and Wimax Support - Inter-operability with major IPSec VPN Gateways - Self Service Quarantine area - Primary WAN link - Supported platforms: Windows 2000, WinXP 32/64- - Spam Notification through Digest - WAN Backup link bit, Windows 2003 32-bit, Windows 2008 32/64-bit, - IP Reputation-based Spam filtering Windows Vista 32/64-bit, Windows 7 RC1 32/64-bit Bandwidth Management - Import Connection configuration Intrusion Prevention System - Application and User Identity based Bandwidth - Signatures: Default (3000+), Custom Management Certification - IPS Policies: Multiple, Custom - Guaranteed & Burstable bandwidth policy - ICSAFirewall - Corporate - User-based policy creation -Application & User Identity based Traffic Discovery - Checkmark UTM Level 5 Certification -Automatic real-time updates from CRProtect networks - Multi WAN bandwidth reporting - VPNC - Basic andAES interoperability - ProtocolAnomaly Detection - Category-based Bandwidth restriction - IPv6 Ready Gold Logo - DDoSAttack prevention User Identity and Group Based Controls Compliance Web Filtering -Access time restriction CE - Inbuilt Web Category Database - Time and Data Quota restriction FCC - URL, keyword, File type block - Schedule based Committed and Burstable - Categories: Default(82+), Custom Bandwidth Dimensions - Protocols supported: HTTP,HTTPS - Schedule based P2P and IM Controls H x W x D (inches) 1.77 x 17.25 x 18.30 - Block Malware, Phishing, Pharming URLs H x W x D (cms) - Schedule-based access control Networking 4.5 x 43.8 x 46.5 Weight 13.5 kg, 29.76 lbs - Custom block messages per category - Failover - Automated Failover/Failback, Multi-WAN - Block JavaApplets, Cookies,Active X failover, 3GModem failover Power - CIPA Compliant - WRR based Load balancing Input Voltage - Data leakage control via HTTP, HTTPS upload 90-260 VAC - Policy routing based onApplication and User Consumption 129W - IP Address Assignment - Static, PPPoE, L2TP, PPTP TotalHeat Dissipation (BTU) 626 Application Filtering & DDNS Client, Proxy ARP, DHCP server, DHCP - InbuiltApplication Category Database relay Environmental - Application Categories: 11+ e.g. Gaming, IM, P2P, - Support for HTTP Proxy Operating Temperature 0to40°C Proxy - Dynamic Routing: RIP v1& v2, OSPF, BGP, Multicast Storage Temperature -20 to 80 °C - Schedule-based access control Forwarding - Parent Proxy support with FQDN - IPv6 Ready Gold Logo *If Enabled, will bypass traffic only in case of power failure.## High Availability is currently a Beta feature. **Antivirus, IPS and UTM performance is measured based on HTTP traffic as per RFC 3511 guidelines. Actual performance may vary depending on the real network traffic environments. #3G card and modem details are not included. See http://www.cyberoam.com for supported USB devices. ***Additional Purchase Required.

Toll Free Numbers C o p y r i g h t © 1999-2010 E l i t e c o r e Tec h nologiesPvt. Lt d. Al l R i g h t s R e s e r v e d. Cyberoam and Cyberoam logo are registered trademark of Elitecore Technologies Pvt. Ltd. Although USA :+1-877-777-0368 | India : 1-800-301-00013 Elitecore has attempted to provide accurate information, Elitecore assumes no responsibility for accuracy or completeness of information neither is this a legally binding representation. Elitecore has the right to APAC/MEA :+1-877-777-0368 | Europe : +44-808-120-3958 change,modify, transfer or otherwise revise the publication without notice. PL-10-1000252-100602 Unified Threat Management www.cyberoam.com I [email protected] Elitecore Product