CR50iNG

Future-ready

Future-ready Security for SME networks CR50iNG Data Sheet

Cyberoam NG series of Unified Threat Management appliances are the Next-Generation network security
appliances that include UTM security features along with performance required for future networks. The
NG series for SMEs are the fastest UTMs made for this segment. The best-in-class hardware along
with software to match, enables the NG series to offer unmatched throughput speeds, compared
to any other UTM appliance in this market segment. This assures support for future IT trends in
organizations like high-speed Internet and rising number of devices in organizations
offering future-ready security to SMEs.

The Next-Generation Series:

With Cyberoam NG series, businesses get assured Security, Connectivity and
Productivity. The Layer 8 Technology treats User-Identity as the 8th Layer or the The fastest UTMs made for SMEs
HUMAN layer in the protocol stack. It attaches User-Identity to security, which
adds speed to an organizations security by offering instant visibility into the
source of attacks by username rather than only IP address. Cyberoams
Extensible Security Architecture (ESA) supports feature
enhancements that can be developed rapidly and deployed with Cyberoam's Layer 8 Technology treats
minimum efforts, offering future-ready security to organizations. User Identity as the 8th Layer in the
protocol stack

L8 USER

L7 Application
VPNC
CERTIFIED
SSL
Portal
L6 Presentation ASCII, EBCDIC, ICA
Cyberoam UTM offers security
SSL
Exchange

SSL
Firefox
L5 Session L2TP, PPTP
COMMON CRITERIA
CERTIFIED
VPNC
CERTIFIED
Basic
SSL
JavaScript

SSL Basic
across Layer 2-Layer 8 using
EAL4+
Identity-based policies
Interop Network Extension

www.check-mark.com
AES
Interop
SSL Advanced
Network Extension L4 Transport TCP, UDP

L3 Network 192.168.1.1

L2 Data Link 00-17-BB-8C-E3-E7

L1 Physical

Cyberoam UTM features assure Security, Connectivity, Productivity

Security Connectivity Productivity

Network Security Business Continuity Employee Productivity
- Firewall - Multiple Link Management - Content Filtering
- Intrusion Prevention System - High Availability - Instant Messaging Archiving & Controls
- Web Application Firewall
Network Availability IT Resource Optimization
Content Security - VPN - Bandwidth Management
- Anti-Virus/Anti-Spyware - 3G/4G/WiMAX Connectivity - Traffic Discovery
- Anti-Spam (Inbound/Outbound) - Application Visibility & Control
- HTTPS/SSL Content Security Future-ready Connectivity
- IPv6 Ready Gold Logo Administrator Productivity
Administrative Security - Next-Gen UI
- Next-Gen UI
- iView- Logging & Reporting
 Specification
Interfaces Application Filtering - Firewall security over IPv6 traffic
Copper GbE Ports 8 - Layer 7 (Applications) & Layer 8 (User - Identity) Control - High Availability for IPv6 networks
Configurable Internal/DMZ/WAN Ports Yes and Visibility
Console Ports (RJ45) 1 - Inbuilt Application Category Database High Availability
USB Ports 2 - Control over 2,000+ Applications classified in 21 - Active-Active
#
Hardware Bypass Segment 2 Categories - Active-Passive with state synchronization
- Filter based selection: Category, Risk Level, Characteristics - Stateful Failover with LAG Support
System Performance* and Technology
Firewall Throughput (UDP) (Mbps) 6,500 - Schedule-based access control Administration & System Management
Firewall Throughput (TCP) (Mbps) 4,000 - Visibility and Controls for HTTPS based Micro-Apps like - Web-based configuration wizard
New sessions/second 45,000 Facebook chat, Youtube video upload - Role-based Access control
Concurrent sessions 1,000,000 - Securing SCADA Networks - Support of API
IPSec VPN Throughput (Mbps) 850 - SCADA/ICS Signature-based Filtering for Protocols - Firmware Upgrades via Web UI
No. of IPSec Tunnels 2,000 Modbus, DNP3, IEC, Bacnet, Omron FINS, Secure - Web 2.0 compliant UI (HTTPS)
SSL VPN Throughput (Mbps) 300 DNP3, Longtalk - UI Color Styler
WAF Protected Throughput (Mbps) 450 - Control various Commands and Functions - Command Line Interface (Serial, SSH, Telnet)
Anti-Virus Throughput (Mbps) 1,500 - SNMP (v1, v2c)
IPS Throughput (Mbps) 1,600 Web Application Firewall - Multi-lingual : English, Chinese, Hindi, French, Japanese
UTM Throughput (Mbps) 850 - Positive Protection model - Cyberoam Central Console (Optional)
- Unique "Intuitive Website Flow Detector" technology
Stateful Inspection Firewall - Protection against SQL Injections, Cross-site Scripting User Authentication
- Layer 8 (User - Identity) Firewall (XSS), Session Hijacking, URL Tampering, Cookie - Internal database
- Multiple Security Zones Poisoning etc. - AD Integration and OU-based Security Policies
- Location-aware and Device-aware Identity-based Access - Support for HTTP 0.9/1.0/1.1 - Automatic Windows/RADIUS Single Sign On
Control Policy - Back-end servers supported: 5 to 300 servers - External LDAP/LDAPS/RADIUS database Integration
- Access Control Criteria (ACC): User-Identity, Source and - Thin Client support
Destination Zone, MAC and IP address, Service Virtual Private Network - 2-factor authentication: 3rd party support**
- Security policies - IPS, Web Filtering, Application - IPSec, L2TP, PPTP - SMS (Text-based) Authentication
Filtering, Anti-virus, Anti-spam and QoS - Encryption - 3DES, DES, AES, Twofish, Blowfish, - Layer 8 Identity over IPv6
- Country-based Traffic Control Serpent - Secure Authentication AD, LDAP, Radius
- Access Scheduling - Hash Algorithms - MD5, SHA-1 - Clientless Users
- Policy based Source and Destination NAT, Gateway - Authentication: Preshared key, Digital certificates
- Authentication using Captive Portal
Specific NAT Policy - IPSec NAT Traversal
- H.323, SIP NAT Traversal - Dead peer detection and PFS support
Logging/Monitoring
- DoS and DDoS attack prevention - Diffie Hellman Groups - 1, 2, 5, 14, 15, 16
- External Certificate Authority support - Real-time and historical Monitoring
- MAC and IP-MAC filtering
- Export Road Warrior connection configuration - Log Viewer - IPS, Web filter, WAF, Anti-Virus, Anti-Spam,
- Spoof Prevention
- Domain name support for tunnel end points Authentication, System and Admin Events
Intrusion Prevention System - VPN connection redundancy - Forensic Analysis with quick identification of network
- Signatures: Default (4500+), Custom - Overlapping Network support attacks and other traffic anomalies
- IPS Policies: Pre-configured Zone-based multiple - Hub & Spoke VPN support - Syslog support
policies, Custom - Threat Free Tunnelling (TFT) Technology - 4-eye Authentication
TM
Cyberoam
- Filter based selection: Category, Severity, Platform and VIEW
Target (Client/Server) SSL VPN On-Appliance Cyberoam-iView Reporting
- IPS actions: Recommended, Allow Packet, Drop Packet, - TCP & UDP Tunnelling - Integrated Web-based Reporting tool
- Authentication - Active Directory, LDAP, RADIUS, - 1,200+ drilldown reports
Disable, Drop Session, Reset, Bypass Session
Cyberoam (Local) - Compliance reports - HIPAA, GLBA, SOX, PCI, FISMA
- User-based policy creation - Zone based application reports
- Automatic signature updates via Cyberoam Threat - Multi-layered Client Authentication - Certificate,
Username/Password - Historical and Real-time reports
Research Labs - Default Dashboards: Traffic and Security
- Protocol Anomaly Detection - User & Group policy enforcement - Username, Host, Email ID specific Monitoring Dashboard
- SCADA-aware IPS with pre-defined category for ICS and - Network access - Split and Full tunnelling - Reports Application, Internet & Web Usage, Mail Usage,
SCADA signatures - Browser-based (Portal) Access - Clientless access Attacks, Spam, Virus, Search Engine, User Threat
- Lightweight SSL VPN Tunnelling Client Quotient (UTQ) for high risk users and more
Gateway Anti-Virus & Anti-Spyware - Granular access control to all the enterprise network - Client Types Report including BYOD Client Types
- Virus, Worm, Trojan Detection and Removal resources - Multi-format reports - tabular, graphical
- Spyware, Malware, Phishing protection - Administrative controls - Session timeout, Dead Peer - Export reports in - PDF, Excel, HTML
- Automatic virus signature database update Detection, Portal customization - Email notification of reports
- Scans HTTP, HTTPS, FTP, SMTP/S, POP3, IMAP, IM, - TCP based Application Access - HTTP, HTTPS, RDP, - Report customization (Custom view and custom logo)
VPN Tunnels TELNET, SSH - Supports 3rd party PSA Solution ConnectWise
- Customize individual user scanning
- Self Service Quarantine area Wireless WAN IPSec VPN Client***
- Scan and deliver by file size - USB port 3G/4G and WiMAX Support - Inter-operability with major IPSec VPN Gateways
- Block by file types - Primary WAN link - Import Connection configuration
- WAN Backup link
Gateway Anti-Spam Certification
- Inbound and Outbound Scanning Bandwidth Management - Common Criteria - EAL4+
- Real-time Blacklist (RBL), MIME header check - Application, Web Category and Identity based Bandwidth - ICSA Firewall - Corporate
- Filter based on message header, size, sender, recipient Management - Checkmark Certification
- Subject line tagging - Guaranteed & Burstable bandwidth policy - VPNC - Basic and AES interoperability
- Language and Content-agnostic spam protection using - Application & User Identity based Traffic Discovery - IPv6 Ready Gold Logo
RPD Technology - Data Transfer Report for multiple Gateways - Global Support Excellence - ITIL compliance (ISO 20000)
- Zero Hour Virus Outbreak Protection
- Self Service Quarantine area Networking Hardware Specifications
- IP address Black list/White list - WRR based Multilink Load Balancing Memory 2GB
- Spam Notification through Digest - Automated Failover/Failback Compact Flash 4GB
- IP Reputation based Spam filtering - Interface types: Alias, Multiport Bridge, LAG (port HDD 250GB or higher
trunking), VLAN, WWAN, TAP
Web Filtering - DNS-based inbound load balancing Compliance
- On-Cloud Web Categorization - IP Address Assignment - Static, PPPoE (with Schedule CE
- Controls based on URL, Keyword and File type Management), L2TP, PPTP & DDNS, Client, Proxy ARP, FCC
- Web Categories: Default (89+), External URL Database, Multiple DHCP Servers support, DHCP relay
Custom - Supports HTTP Proxy, Parent Proxy with FQDN Dimensions
- Protocols supported: HTTP, HTTPS - Dynamic Routing: RIP v1& v2, OSPF, BGP, PIM-SIM, H x W x D (inches) 1.7 x 14.6 x 17.3
- Block Malware, Phishing, Pharming URLs Multicast Forwarding H x W x D (cms) 4.4 X 37.2 X 44
- Block Java Applets, Cookies, Active X, Google Cache - Support of ICAP to integrate third-party DLP, Web Weight 5 kg, 11.02 lbs
pages Filtering and AV applications
- CIPA Compliant - Discover mode for PoC Deployments Power
- Data leakage control by blocking HTTP and HTTPS - IPv6 Support: Input Voltage 100-240 VAC
upload - Dual Stack Architecture: Support for IPv4 and IPv6 Consumption 99W
- Schedule-based access control Protocols Total Heat Dissipation (BTU) 338
- Custom Denied Message per Web Category - Management over IPv6
- Safe Search enforcement, YouTube for Schools - IPv6 Route: Static and Source Environmental
- IPv6 tunneling (6in4, 6to4, 6rd, 4in6) Operating Temperature 0 to 40 C
- Alias and VLAN Storage Temperature -25 to 75 C
- DNSv6 and DHCPv6 Services Relative Humidity (Non condensing) 10 to 90%
#
If Enabled, will bypass traffic only in case of power failure. *Antivirus, IPS and UTM performance is measured based on HTTP traffic as per RFC 3511 guidelines. Actual performance may vary depending
on the real network traffic environments. **For details, refer Cyberoam's Technical Alliance Partner list on Cyberoam website. ***Additional Purchase Required.
For list of compatible platforms, refer to OS Compatibility Matrix on Cyberoam DOCS.

Toll Free Numbers C o p y r i g h t 1999-2016 Cyberoam Te c h n o l o g i e s Pvt. L t d. A l l R i g h t s R e s e r v e d.

USA : +1-800-686-2360 | India : 1-800-301-00013
APAC/MEA : +1-877-777-0368 | Europe : +44-808-120-3958
Cyberoam and Cyberoam logo are registered trademark of Cyberoam Technologies Pvt. Ltd. Although
Cyberoam has attempted to provide accurate information, Cyberoam assumes no responsibility for
accuracy or completeness of information neither is this a legally binding representation. Cyberoam has the
right to change,modify, transfer or otherwise revise the publication without notice. 1.1-10.6.2-210316

www.cyberoam.com I sales@cyberoam.com