01-CRI-0100iNG-01

Description

• Firewall Bandwidth (UDP): 4,500 Mbps
• Firewall throughput (TCP): 3,500 Mbps
• Number of new sessions/second: 45,000
• Number of concurrent sessions: 1,250,000
• Bandwidth for IPSec VPN: 450 Mbps
• Number of IPSec VPN tunnels: 250
• Bandwidth for SSL VPN: 400 Mbps
• WAF bandwidth: 500 Mbps
• Anti-Virus bandwidth: 1,400 Mbps
• IPS bandwidth: 1,200 Mbps
• UTM bandwidth: 750 Mbps

Interfaces

• GE 10/100/1000: 8
• Console port: 1
• USB: 2
• Bypass: 2
• LAN/DMZ/WAN port configuration: YES

Memory

• RAM: 2GB
• Flash: 4GB
• HDD: 250GB

Dimensions

• Dimensions: 4.4 x 37.2 x 44 cm
• Weight: 5 kg

Power supply

• Input voltage: 100-240V AC
• Power consumption: 99 W
• Heat output: 338 BTU

Environmental data

• Operating temperature: 0 to 40 degrees Celsius
• Storage temperature: -24 to 75 degrees Celsius
• Relative humidity (non-condensing): 10 to 90%

Firewall

• layer 8 firewall (User – Identity Firewall)
• support for multiple zones (Zone Based Firewall)
• access control criteria: user identity, source and destination zone, MAC and IP addresses, network services
• UTM policies: IPS, web filter, application filter, antivirus, antispam, bandwidth management
• control and preview of applications at the layer 7 level
• limiting access based on schedules
• policy-based network address translation (NAT).
• H.323, SIP NAT Traversal
• VLAN support according to 802.1q
• protection against DoS and DDoS attacks
• filtering MAC and IP addresses, protection against spoofing

Antivirus and antispyware protection

• detection and removal of malware in the form of viruses, worms and Trojan horses
• protection against phishing, spyware and malware
• automatic update of the threat signature database
• HTTP, HTTPS, FTP, SMTP, POP3, IMAP, IM, VPN traffic scanning
• individual user scanning
• scanning based on file size
• scanning based on file type
• adding content such as a signature or footer

Anti-spam protection

• scanning incoming or outgoing traffic
• spam protection based on RBL (Real-time Blacklist), MIME header analysis
• filtering messages based on header, size, sender's address, recipient's address
• marking messages in the subject line (tagging)
• the ability to send a suspicious message to a dedicated email address
• image filtering based on RPD (Recurrent Pattern Detection)
• Zero Hour Virus Outbreak Protection
• a separate quarantine with the possibility of self-service by the user
• spam filtering based on IP address reputation, whitelists or blacklists
• spam notifications via spam digest mechanism

IPS protection

• over 4,500 ready-made threat signatures, ability to define your own signatures
• possibility of creating individual or collective IPS policies
• creating policies per user
• automatic signature update from the CRProtect network
• detecting anomalies in network protocols
• protection against DDoS attacks

Web filtering

• built-in database of website categories
• filtering based on URL addresses, keywords, file types
• over 82 categories, ability to define your own page categories
• HTTP and HTTPS traffic filtering
• blocking websites containing malware, phishing and pharming
• prioritization and bandwidth allocation based on categories
• access control based on schedules
• blocking Java applets, Cookies, Active X
• CIPA (Children's Internet Protection Act) compliance
• protection against data leaks via HTTP and HTTPS

Application filtering

• built-in database of application categories
• 20 categories, e.g.: games, instant messaging, P2P, streaming media, proxies
• access control based on schedules
• detailed application control: permissions to add images and videos, blocking games and applications on Facebook
• anonymous proxy servers, e.g. TOR, JAP
• keyloggers
• application preview in layer 7, user preview in layer 8

Web Application Firewall (WAF)

• protection model: Positive Protection
• unique Intuitive Website Flow Detector technology
• protection against: SQL injection, Cross-site Scripting (XSS), Session Hijacking, URL Tampering, Cookie Poisoning, etc.
• support for HTTP 0.9/1.0/1.1
• scope of protection: from 5 to 200 servers

Virtual Private Networks (VPN)

• support for IPSec, L2TP, PPTP
• encryption: DES/3DES, AES, Twofish, Blowfish, Serpent
• support for hashing algorithms: MD5, SHA-1
• authentication via shared key (PSK) or using digital certificates
• IPSec NAT Traversal
• support for Dead Peer Detection and Perfect Forward Secrecy functions
• Diffie Hellmann group support: 1,2,5,14,15,16
• support for external certification centers (CA)
• VPN configuration export for mobile workers
• domain name support
• VPN tunnel redundancy
• support for networks with overlapping IP addressing
• support for hub & spoke connections

SSL VPN

• tunneling TCP and UDP traffic
• authentication based on: Active Directory, LDAP, RADIUS, local database
• multi-layer client authentication via certificate, username and password
• access policies for users and user groups
• support for split or full VPN connections
• ability to establish a connection through the portal without using a client (using a web browser)
• possibility of establishing a connection using a lightweight software client
• granular access control to internal network resources
• administrative control: session time out, Dead Peer Detection, ability to personalize the appearance of the web portal
• access to applications based on HTTP, HTTPS, RDP, TELNET, SSH protocols

Instant messaging (IM) management

• Yahoo and Windows Live Messenger control
• scanning traffic for viruses
• allowing/blocking: user logins, file transfers, video streaming, chat
• content filtering
• ability to save instant messenger activity in system logs
• monitoring the transfer of archive files
• configuration of your own alerts

Wireless WAN (WWAN)

• built-in USB port for 3G/4G/WiMAX modems
• ability to set priority (Primary/Backup)

Bandwidth management

• bandwidth allocation for applications and users
• policies in band guarantee mode or burst mode
• load detection per application or per user
• load reporting for WAN interfaces
• bandwidth allocation for categories of websites and applications

Identity and user control

• limiting access time
• Quota restrictions on time or data volume
• management of available bandwidth based on schedules
• restrictions on P2P applications and instant messengers

Network

• protection against loss of connectivity (Multi-WAN failover) including the use of a 3G/4G/WiMAX modem
• load balancing based on WRR
• Policy Based Routing per application or per user
• IP address assignment: static, PPPoE, L2TP, PPTP and DDNS client, Proxy ARP, DHCP server, DHCP Relay
• HTTP Proxy support
• dynamic routing: RIPv1, RIPv2, OSPF, BGP, Multicast Forwarding
• Support for Parent Proxy with FQDN

High availability

• Active-Active
• Active-Passive with state synchronization
• Stateful Failover
• alerts about device status changes

Administration and management

• Web GUI-based configuration wizard
• role-based access control
• simple system software update via Web GUI
• Web 2.0 compatible graphical interface (HTTPS)
• possibility of changing the color theme
• support from the command line (CLI): serial port, SSH, Telnet
• support for SNMP (v1, v2c, v3)
• optional management from Cyberoam Central Console
• support for NTP protocol

User authentication

• built-in local database
• integration with Active Directory (AD)
• support for Windows Single Sign On
• integration with LDAP or RADIUS database
• support for thin clients – Windows Terminal Services and Citrix
• support for RSA SecurID
• external authentication of users and administrators
• binding the MAC address to the user
• possibility of using multiple authentication servers

Event logging and monitoring

• graphical presentation in real time
• email notifications: reports, viruses and attacks
• syslog support
• event viewer for: firewall, IPS, web filter, antivirus, antispam, authentication, system, admin

Built-in Cyberoam iView reporting module

• integrated, Web GUI-based reporting tool
• over 1,200 built-in reports
• over 45 compliance reports
• historical reports and real-time reports
• several dashboards available
• reports on the state of network security, spam, viruses, network traffic, violations of protection policies, VPN, keywords in search engines
• reports in many formats: tables, graphics
• possibility of exporting to PDF, Excel files
• automatic generation of reports according to the established schedule

IPSec VPN client**

• supported platforms: Windows 2000, WinXP 32/64-bit, Windows 2003 32-bit, Windows 2008 32/64-bit, Windows Vista 32/64-bit, Windows 7 32/64-bit
• possibility of importing a configuration file

Certificates

• Common Criteria EAL4+
• ICSA Firewall – Corporate
• Checkmark UTM Level 5 Certification
• VPNC – Basic and AES interoperability