Unified Threat Management CR15wiNG Future-ready CR15wiNG

Future-ready Security with Wi-Fi Access Point for SOHO/ROBO networks Data Sheet

CR15wiNG is the Next-Generation Unified Threat Management appliance with Wi-Fi access points that offer “the fastest UTMs made for SMBs” to small offices with high performance security over WLAN. CR15wiNG appliances come with 3x3 MIMO technology that greatly enhances wireless range and performance . It supports 802.11a/b/g/n wireless standards. Combined with security over wired networks offered by its range of UTM appliances, Cyberoam enables organizations to overcome the physical limitations of securely accessing network resources and offers more user flexibility, user productivity and lower network ownership costs. The ‘Next-Generation’ UTM Series for SOHO: The best-in-class hardware along with to match, enables the NG series to offer unmatched throughput speeds, compared to any other UTM appliance in Faster performance, broader coverage with 3x3 this market segment. This assures support for future IT trends in organizations MIMO Technology like high-speed Internet and rising number of devices in organizations – offering future-ready security for small office networks.

Cyberoam's Layer 8 technology that treats user-identity as the 8th Cyberoam's Layer 8 Technology treats Layer or the HUMAN layer in the protocol stack, works even in “User Identity” as the 8th Layer in the WLAN environments, to allow Identity-based security policies protocol stack in dynamic IP environment.

L8 USER

L7 Application

VPNC CERTIFIED SSL L6 Presentation ASCII, EBCDIC, ICA Portal SSL Exchange Cyberoam UTM offers security SSL Firefox L5 Session L2TP, PPTP VPNC SSL COMMON CRITERIA JavaScript CERTIFIED CERTIFIED across Layer 2-Layer 8 using Basic SSL Basic EAL4+ Interop Network Extension AES SSL Advanced www.check-mark.com Interop Network Extension L4 Transport TCP, UDP Identity-based policies

L3 Network 192.168.1.1

L2 Data Link 00-17-BB-8C-E3-E7

L1 Physical

Cyberoam UTM features assure Security, Connectivity, Productivity

Security Connectivity Productivity

Network Security Business Continuity Employee Productivity - - Multiple Link Management - Content Filtering - Intrusion Prevention System - Instant Messaging Archiving & Controls - Wireless Security Network Availability - VPN IT Resource Optimization Content Security - 3G/4G/WiMAX Connectivity - Bandwidth Management - Anti-Virus/Anti- - Traffic Discovery - Anti-Spam (Inbound/Outbound) Future-ready Connectivity - Application Visibility & Control - HTTPS/SSL Content Security - “IPv6 Ready” Gold Logo Administrator Productivity Administrative Security - Next-Gen UI - Next-Gen UI

www.voipon.co.uk [email protected] Tel: +44 (0)1245 808195 Fax: +44 (0)1245 808299 Specification

Interfaces Web Filtering Networking Copper GbE Ports 3 - Inbuilt Web Category Database - Failover - Automated Failover/Failback, Multi-WAN failover, Configurable - URL, keyword, File type block 3GModem failover Internal/DMZ/WAN Ports Yes - Categories: Default(82+), Custom - WRR based load balancing Console Ports (RJ45/DB9) 1 - Protocols supported: HTTP,HTTPS - Policy routing based onApplication and User USB Ports 2 - Block , Phishing, Pharming URLs - IP Address Assignment - Static, PPPoE, L2TP, PPTP & DDNS - Schedule-based access control Client, Proxy ARP, DHCP server, DHCP relay Built-in Wireless LAN - Custom block messages per category - Support for HTTP Proxy Wireless Standards IEEE 802.11 a/b/g/n (WEP, WPA, - Block JavaApplets, Cookies,Active X - Dynamic Routing: RIP v1& v2, OSPF, BGP, Multicast WPA2, 802.11i , TKIP, AES, PSK) - CIPA Compliant Forwarding - Data leakage control via HTTP, HTTPS upload - Parent Proxy support with FQDN - “IPv6 Ready” Gold Logo Antenna Detachable 3x3 MIMO Application Filtering - InbuiltApplication Category Database Administration & System Management Access Points Up to 8 bssid - 11+ Application Categories: e.g. Gaming, IM, P2P, Proxy - Web-based configuration wizard - Schedule-based access control - Role-based access control Transmit Power (EIRP) 11n HT40 : +15dBm - Block - Firmware Upgrades via Web UI 11b CCK: +15dBm - P2P applications e.g. Skype - Web 2.0 compliant UI (HTTPS) 11g OFDM:+15dBm -Anonymous proxies e.g. UItra surf - UI Color Styler - “Phone home” activities - Command Line Interface (Serial, SSH, Telnet) Receiver Sensitivity -68dBm at 300Mbps - Layer 7 (Applications) & Layer 8 (User - Identity) Visibility - SNMP (v1, v2c, v3) -70dBm at 54Mbps - Securing SCADA Networks - Multi-lingual support: Chinese, Hindi, French, Korean -88dBm at 6Mbps - SCADA/ICS Signature-based Filtering for Protocols - - Cyberoam Central Console (Optional) Modbus, DNP3, IEC, Bacnet, Omron FINS, Secure - NTP Support DNP3, Longtalk Frequency Range 2.412 GHz - 2.472 GHz - Control various Commands and Functions User Authentication 5.200 GHz - 5.825 GHz - Internal database Web -Active Directory Integration - Positive Protection model -Automatic Windows Single Sign On Number of Selectable USA (FCC) - 11 channels, - Unique "Intuitive Website Flow Detector" technology - External LDAP/RADIUS database integration Channels EU (ETSI) / Japan (TELEC) - 13 - Protection against SQL Injections, Cross-site Scripting - Thin Client support - Microsoft Windows Server 2003 channels (XSS), Session Hijacking, URL Tampering, Cookie TerminalServices and Citrix XenApp Poisoning - RSAsecurID support Data Rate 802.11a/g: 6, 9, 12, 18, 24, 36, - Support for HTTP 0.9/1.0/1.1 - ExternalAuthentication - Users andAdministrators 48, 54Mbps - Extensive Logging & Reporting - User/MAC Binding 802.11b: 1, 2, 5,5, 11Mbps - MultipleAuthentication servers 802.11n: up to 450Mbps Virtual Private Network - IPSec, L2TP,PPTP Logging/Monitoring System Performance* - Encryption - 3DES, DES, AES, Twofish, Blowfish, Serpent - Graphical real-time logging and monitoring Firewall Throughput (UDP) 1,000 (Mbps) - HashAlgorithms - MD5, SHA-1 750 (Mbps) - Syslog support Firewall Throughput (TCP) - Authentication - Preshared key, Digital certificates - Log Viewer - Firewall, IPS, Web filter, Anti Virus, Anti Spam, 3,500 - IPSec NAT Traversal New sessions/second Authentication, System andAdmin Events Concurrent sessions 60,000 - Dead peer detection and PFS support IPSec VPN Throughput 110 (Mbps) - Diffie Hellman Groups - 1,2,5,14,15,16 50 - External CertificateAuthority support IPSec VPN Client** No. of IPSec Tunnels - Inter-operability with major IPSec VPN Gateways 50 (Mbps) - Export Road Warrior connection configuration SSL VPN Throughput - Supported platforms: Windows 2000, WinXP 32/64-bit, Anti-Virus Throughput 180 (Mbps) - Domain name support for tunnel end points - VPN connection redundancy Windows 2003 32-bit, Windows 2008 32/64-bit, Windows Vista IPS Throughput 140 (Mbps) 32/64-bit, Windows 7 RC1 32/64-bit UTM Throughput 80 (Mbps) - Overlapping Network support - Hub & Spoke VPN support - Import Connection configuration Stateful Inspection Firewall SSL VPN Certification - Layer 8 (User - Identity) Firewall - Common Criteria - EAL4+ - Multiple Security Zones -TCP&UDPTunneling -Authentication -Active Directory, LDAP,RADIUS, - ICSAFirewall - Corporate - Access Control Criteria (ACC) - User - Identity, Source & Destination - Checkmark UTM Level 5 Certification Zone, MAC and IP address, Service Cyberoam - Multi-layered ClientAuthentication - Certificate, - VPNC - Basic andAES interoperability - UTM policies - IPS, Web Filtering, Application Filtering, - “IPv6 Ready” Gold Logo Anti-Virus, Anti-Spam and Bandwidth Management Username/Password - Layer 7 (Application) Control & Visibility - User &Group policy enforcement -Access Scheduling - Network access - Split and Full tunneling Hardware Specifications - Policy based Source & Destination NAT - Browser-based (Portal)Access - Clientless access Memory 2GB - H.323, SIP NATTraversal - Lightweight SSL VPN Tunneling Client Compact Flash 4GB - 802.1q VLAN Support - Granular access control to all the Enterprise Network - DoS & DDoSAttack prevention resources Compliance - MAC & IP-MAC filtering and Spoof prevention -Administrative controls - Session timeout, Dead Peer - CE Detection, Portal customization - FCC Gateway Anti-Virus & Anti-Spyware - TCP- basedApplicationAccess - HTTP,HTTPS, - Virus, Worm, Trojan Detection & Removal RDP,TELNET,SSH Dimensions - Spyware, Malware, Phishing protection H x W x D (inches) 1.7 x 6 x 9.1 -Automatic virus signature database update Instant Messaging (IM) Management H x W x D (cms) 4.4 x 15.3 x 23.2 - Scans HTTP, HTTPS, FTP, SMTP, POP3, IMAP, IM, - Yahoo and Windows Live Messenger Weight 1.5kg, 3.307 lbs VPN Tunnels - Virus Scanning for IM traffic - Customize individual user scanning -Allow/Block Login Power - Scan and deliver by file size -Allow/Block File Transfer Input Voltage 100-240 VAC - Block by file types -Allow/Block Webcam Consumption 13.2W -Add disclaimer/signature -Allow/Block one-to-one/group chat Total Heat Dissipation (BTU) 45 - Content-based blocking Gateway Anti-Spam - IM activities Log Environmental - Inbound Scanning - Archive files transferred Operating Temperature 0 to 40 °C - Real-time Blacklist (RBL), MIME header check - CustomAlerts Storage Temperature -25 to 75 °C - Filter based on message header, size, sender, recipient Relative Humidity (Non condensing) 10 to 90% - Subject line tagging Wireless WAN - IP address Black list/White list - USB port 3G/4G and Wimax Support - Redirect Spam mails to dedicated email address - Primary WAN link - Image-based Spam filtering using RPD Technology - WAN Backup link - Zero hour Virus Outbreak Protection - IP Reputation-based Spam filtering Bandwidth Management - Application and User Identity based Bandwidth Intrusion Prevention System Management - Signatures: Default (4500+), Custom - Guaranteed & Burstable bandwidth policy - IPS Policies: Multiple, Custom - Application & User Identity based Traffic Discovery - User-based policy creation - Multi WAN bandwidth reporting -Automatic real-time updates from CRProtect networks - Category-based bandwidth restriction - ProtocolAnomaly Detection - DDoS attack prevention User Identity and Group Based Controls - SCADA-aware IPS with pre-defined category for ICS and SCADA - Access time restriction signatures - Time and Data Quota restriction - Schedule based Committed and Burstable Bandwidth - Schedule based P2P and IM Controls

*Antivirus, IPS and UTM performance is measured based on HTTP traffic as per RFC 3511 guidelines. Actual performance may vary depending on the real network traffic environments. **Additional Purchase Required.

Applicable to Hardware Version 1.0 – 23/08/2013

Toll Free Numbers C o p y r i g h t © 1999-2014 Cyberoam Tec h n o l o g i e s Pvt. L t d. Al l R i g h t s R e s e r v e d. Cyberoam and Cyberoam logo are registered trademark of Cyberoam Technologies Pvt. Ltd. Although Cyberoam has attempted to provide accurate information, Cyberoam assumes no responsibility for USA :+1-800-686-2360 | India :1-800-301-00013 accuracy or completeness of information neither is this a legally binding representation. Cyberoam has the APAC/MEA : +1-877-777-0368| Europe : +44-808-120-3958 right to change,modify, transfer or otherwise revise the publication without notice. PL-10-1000252-100423 Unified Threat Management www.voipon.co.uk [email protected] Tel: +44 (0)1245 808195 Fax: +44 (0)1245 808299 www.cyberoam.com I [email protected]