CR10iNG

Future-ready

Future-ready Security for SOHO/ROBO networks CR10iNG Data Sheet

Cyberoam NG series of Unified Threat Management appliances are the Next-Generation appliances that include UTM security features and performance required for future networks. The NG series for SOHO offer “the fastest UTMs made for SMBs” to small offices. The best-in-class hardware along with to match, enables the NG series to offer unmatched throughput speeds, compared to any other UTM appliance in this market segment. This assures support for future IT trends in organizations like high-speed Internet and rising number of devices in organizations – offering future-ready security for small office networks. The ‘Next-Generation’ Series for SOHO: With Cyberoam NG series, businesses get assured Security, Connectivity and Productivity. The Layer 8 Technology treats User-Identity as the 8th Layer or the Offering “the fastest UTMs made for HUMAN layer in the protocol stack. It attaches User-Identity to security, which SMBs” to Small Offices adds speed to an organization’s security by offering instant visibility into the source of attacks by username rather than only IP address. Cyberoam’s Extensible Security Architecture (ESA) supports feature enhancements that can be developed rapidly and deployed with Cyberoam's Layer 8 Technology treats minimum efforts, offering future-ready security to organizations. “User Identity” as the 8th Layer in the protocol stack

VPNC CERTIFIED L8 USER SSL Portal SSL Exchange

SSL Firefox L7 Application VPNC SSL COMMON CRITERIA JavaScript CERTIFIED CERTIFIED Basic SSL Basic EAL4+ Interop Network Extension AES SSL Advanced L6 Presentation ASCII, EBCDIC, ICA www.check-mark.com Interop Network Extension Cyberoam UTM offers security L5 Session L2TP, PPTP across Layer 2-Layer 8 using L4 Transport TCP, UDP Identity-based policies

L3 Network 192.168.1.1

L2 Data Link 00-17-BB-8C-E3-E7

L1 Physical

Cyberoam UTM features assure Security, Connectivity, Productivity

Security Connectivity Productivity

Network Security Business Continuity Employee Productivity - - Multiple Link Management - Content Filtering - Intrusion Prevention System - Instant Messaging Archiving & Controls Network Availability Content Security - VPN IT Resource Optimization - Anti-Virus/Anti- - 3G/4G/WiMAX Connectivity - Bandwidth Management - Anti-Spam - Traffic Discovery - HTTPS/SSL Content Security Future-ready Connectivity - Application Visibility & Control - “IPv6 Ready” Gold Logo Administrative Security Administrator Productivity - Next-Gen UI - Next-Gen UI

www.4Gon.co.uk [email protected] Tel: +44 (0)1245 808295 Fax: +44 (0)1245 808299 Specification

Interfaces - Block , Phishing, Pharming URLs - Supports HTTP Proxy, Parent Proxy with FQDN Copper GbE Ports 3 - Block Java Applets, Cookies, Active X, - Dynamic Routing: RIP v1& v2, OSPF, BGP, Multicast Configurable Internal/DMZ/WAN Ports Yes Cache pages Forwarding Console Ports (RJ45) 1 - CIPA Compliant - IPv6 Support: USB Ports 2 - Data leakage control by blocking HTTP and HTTPS - Dual Stack Architecture: Support for IPv4 and IPv6 upload Protocols System Performance* - Schedule-based access control - Management over IPv6 Firewall throughput (UDP) (Mbps) 400 - Custom Denied Message per Web Category - IPv6 routing protocols Firewall throughput (TCP) (Mbps) 300 - Safe Search enforcement, YouTube for Schools - IPv6 tunneling (6in4, 6to4, 6rd, 4in6) New sessions/second 2,000 - Alias and VLAN Concurrent sessions 27,500 Application Filtering - DNSv6 and DHCPv6 Services IPSec VPN throughput (Mbps) 100 - Layer 7 (Applications) & Layer 8 (User - Identity) - Firewall security over IPv6 traffic No. of IPSec Tunnels 25 Control and Visibility SSL VPN Throughput (Mbps) 25 - Inbuilt Application Category Database Administration & System Management Anti-Virus throughput (Mbps) 100 - Filter based selection: Category, Risk Level, - Web-based configuration wizard IPS throughput (Mbps) 90 Characteristics and Technology - Role-based Access control UTM throughput (Mbps) 60 - Schedule-based access control - Support of API - Securing SCADA Networks - Firmware Upgrades via Web UI Stateful Inspection Firewall - SCADA/ICS Signature-based Filtering for - Web 2.0 compliant UI (HTTPS) - Layer 8 (User - Identity) Firewall Protocols Modbus, DNP3, IEC, Bacnet, Omron - UI Color Styler - Multiple Security Zones FINS, Secure DNP3, Longtalk - Command Line Interface (Serial, SSH, Telnet) - Location-aware and Device-aware Identity-based - Control various Commands and Functions - SNMP (v1, v2, v3) Access Control Policy - NTP Support - Access Control Criteria (ACC): User-Identity, Source Virtual Private Network - Multi-lingual support: English, Chinese, Hindi, French, and Destination Zone, MAC and IP address, Service - IPSec, L2TP, PPTP Japanese - Security policies - IPS, Web Filtering, Application - Encryption - 3DES, DES, AES, Twofish, Blowfish, - Cyberoam Central Console/CCMS (Optional) Filtering, Anti-virus, Anti-spam and QoS Serpent - Country-based Traffic Control - Hash Algorithms - MD5, SHA-1 User Authentication - Access Scheduling - Authentication: Preshared key, Digital certificates - Internal database - Policy based Source and Destination NAT, Gateway - IPSec NAT Traversal -AD Integration with support for OU-based Security Policies Specific NAT Policy - Dead peer detection and PFS support -Automatic Windows Single Sign On - H.323, SIP NAT Traversal - Diffie Hellman Groups - 1, 2, 5, 14, 15, 16 - External LDAP/LDAPS/RADIUS database Integration - DoS and DDoS attack prevention - External Certificate Authority support - Thin Client support - MAC and IP-MAC filtering - Export Road Warrior connection configuration - RSASecurID support - Spoof Prevention - Domain name support for tunnel end points - User/MAC Binding - VPN connection redundancy - SMS (Text-based)Authentication Intrusion Prevention System - Overlapping Network support - Layer 8 Identity over IPv6 - Signatures: Default, Custom - Hub & Spoke VPN support - SecureAuthentication –AD, LDAP,Radius - IPS Policies: Pre-configured Zone-based multiple - Threat Free Tunnelling (TFT) Technology - Clientless Users policies, Custom -Authentication using Captive Portal - Filter based selection: Category, Severity, Platform SSL VPN and Target (Client/Server) - TCP & UDP Tunnelling Logging/Monitoring - IPS actions: Allow Packet, Drop Packet, Disable, - Authentication - Active Directory, LDAP, RADIUS, - Real-time Logging and Monitoring Drop Session, Reset, Bypass Session Cyberoam (Local) - Log Viewer - IPS, Web filter, Anti-Virus, Anti-Spam, - User-based policy creation - Multi-layered Client Authentication - Certificate, Authentication, System and Admin Events - Automatic signature updates via Cyberoam Threat Username/Password - Forensic Analysis with quick identification of network Research Labs - User & Group policy enforcement attacks and other traffic anomalies - Network access - Split and Full tunnelling - Protocol Anomaly Detection - Syslog support - Browser-based (Portal) Access - Clientless access - 4-eye Authentication - SCADA-aware IPS with pre-defined category for - Lightweight SSL VPN Tunnelling Client ICS and SCADA signatures - Granular access control to all the enterprise network resources IPSec VPN Client** Gateway Anti-Virus & Anti-Spyware - Administrative controls - Session timeout, Dead - Inter-operability with major IPSec VPN Gateways - Virus, Worm, Trojan Detection and Removal Peer Detection, Portal customization - Import Connection configuration - Spyware, Malware, Phishing protection - TCP based Application Access - HTTP, HTTPS, - Automatic virus signature database update RDP, TELNET, SSH Certification - Scans HTTP, HTTPS, FTP, SMTP, POP3, IMAP, IM, - Common Criteria - EAL4+ VPN Tunnels Wireless WAN - ICSA Firewall - Corporate - Checkmark Certification - Customize individual user scanning - USB port 3G/4G and WiMAX Support - Scan and deliver by file size - VPNC - Basic and AES interoperability - Primary WAN link - IPv6 Ready Gold Logo - Block by file types - WAN Backup link - Add disclaimer/signature - Global Support Excellence - ITIL compliance (ISO 20000) Bandwidth Management Hardware Specifications Gateway Anti-Spam - Application, Web Category and Identity based - Inbound Scanning Memory 1GB Bandwidth Management Storage 4GB - Real-time Blacklist (RBL), MIME header check - Schedule-based Guaranteed & Burstable - Filter based on message header, size, sender, bandwidth policy recipient Compliance - Application & User Identity based Traffic Discovery CE - Subject line tagging - Data Transfer Report for multiple Gateways - Redirect spam mails to dedicated email address FCC - Language and Content-agnostic spam protection Networking Dimensions using RPD Technology - Multilink Load Balancing - Zero Hour Virus Outbreak Protection H x W x D (inches) 1.35 x 8.75 x 6.8 - Automated Failover/Failback H x W x D (cms) 3.43 x 22.23 x 17.3 - IP address Black list/White list - WRR based Load balancing Weight 1.10 kg, 2.42 lbs - Spam Notification through Digest - Interface types: Alias, Bridge Pair, LAG (port - IP Reputation based Spam filtering trunking), VLAN, WWAN Power - DNS-based inbound load balancing Input Voltage 100-240 VAC Web Filtering - IP Address Assignment - Static, PPPoE (with Consumption 13.2W - On-Cloud Web Categorization Schedule Management), L2TP, PPTP & DDNS, Total Heat Dissipation (BTU) 45 - Controls based on URL, Keyword and File type Client, Proxy ARP, Multiple DHCP Servers support, - Web Categories: Default (89+), External URL DHCP relay Environmental Database, Custom Operating Temperature 0 to 40 °C - Protocols supported: HTTP, HTTPS Storage Temperature -25 to 75 °C Relative Humidity (Non condensing) 10 to 90%

*Antivirus, IPS and UTM performance is measured based on HTTP traffic as per RFC 3511 guidelines. Actual performance may vary depending on the real network traffic environments. **Additional Purchase Required. For list of compatible platforms, refer to OS Compatibility Matrix on Cyberoam DOCS.

Applicable to Hardware Version 1.0 – 19/08/2014

C o p y r i g h t © 1999-2014 Cyberoam Tec h n o l o g i e s Pvt. L t d. Al l R i g h t s R e s e r v e d. Cyberoam and Cyberoam logo are registered trademark of Cyberoam Technologies Pvt. Ltd. Although Cyberoam has attempted to provide accurate information, Cyberoam assumes no responsibility for accuracy or completeness of information neither is this a legally binding representation. Cyberoam has the right to change,modify, transfer or otherwise revise the publication without notice.

www.4Gon.co.uk [email protected] Tel: +44 (0)1245 808295 Fax: +44 (0)1245 808299