Cyberoam CR15i UTM Appliance

Stateful Inspection Firewall

- Layer 8 (User - Identity) Firewall
- Multiple Security Zones
- Access Control Criteria (ACC) - User - Identity, Source & Destination Zone,MACand IP address, Service
- UTM policies - IPS, Web Filtering, Application Filtering, Anti-Virus, Anti-Spam and Bandwidth Management
- Layer 7 (Application) Control &Visibility
- Access Scheduling
- Policy based Source &DestinationNAT
- H.323, SIPNATTraversal
- 802.1q VLAN Support
- DoS &DDoSAttack prevention
- MAC&IP-MAC filtering and Spoof prevention

GatewayAnti-Virus & Anti-Spyware

-Virus,Worm,Trojan: Detection &Removal
- Spyware, Malware, Phishing protection
-Automatic virus signature database update
- Scans HTTP, HTTPS, FTP, SMTP, POP3, IMAP, IM, VPN Tunnels
- Customize individual user scanning
- Self Service Quarantine area
- Scan and deliver by file size
- Block by file types
-Add disclaimer/signature

Gateway Anti-Spam

- Inbound/Outbound Scanning
- Real-time Blacklist (RBL), MIME header check
- Filter based on message header, size, sender, recipient
- Subject line tagging
- IP address Black list/White list
- Redirect Spam mails to dedicated email address
- Image-based Spam filtering usingRPDTechnology
- Zero hour Virus Outbreak Protection
- Self Service Quarantine area
- Spam Notification through Digest
- IP Reputation-based Spam filtering

Intrusion Prevention System

- Signatures: Default (4500+), Custom
- IPS Policies: Multiple, Custom
- User-based policy creation
-Automatic real-time updates from CRProtect networks
- ProtocolAnomaly Detection
-DDoS attack prevention

Web Filtering

- InbuiltWeb Category Database
- URL, keyword, File type block
- Categories: Default(82+), Custom
- Protocols supported: HTTP, HTTPS
- Block Malware, Phishing, Pharming URLs
- Schedule-based access control
- Custom block messages per category
- Block JavaApplets, Cookies,Active x
- CIPA Compliant
- Data leakage control via HTTP, HTTPS upload

Application Filtering

- Inbuilt Application Category Database
- 11+ Application Categories: e.g. Gaming, IM, P2P, Proxy
- Schedule-based access control
- Block

- P2Papplications e.g. Skype
-Anonymous proxies e.g. UItra surf
- “Phone home” activities
- Keylogger

Web Application Firewall

- Positive Protection model
- Unique "Intuitive Website Flow Detector" technology
- Protection against SQL Injections, Cross-site Scripting (xSS), Session Hijacking, URL Tampering, Cookie Poisoning
- Support for HTTP 0.9/1.0/1.1
- Extensive Logging & Reporting

Virtual Private Network

- IPSec, L2TP, PPTP
- Encryption - 3DES, DES, AES, Twofish, Blowfish, Serpent
- HashAlgorithms - MD5, SHA-1
- Authentication - Preshared key, Digital certificates
- IPSecNATTraversal
- Dead peer detection and PFS support
- Diffie Hellman Groups - 1,2,5,14,15,16
- External Certificate Authority support
- Export RoadWarrior connection configuration
- Domain name support for tunnel end points
- VPNconnection redundancy
- Overlapping Network support
- Hub &SpokeVPNsupport

SSL VPN

-TCP&UDPTunneling
- Authentication - Active Directory, LDAP, RADIUS, Cyberoam
- Multi-layered Client Authentication - Certificate, Username/Password
- User &Group policy enforcement
- Network access - Split and Full tunneling
- Browser-based (Portal)Access - Clientless access
- Lightweight SSLVPNTunneling Client
- Granular access control to all the Enterprise Network resources
- Administrative controls - Session timeout, Dead Peer Detection, Portal customization
- TCP- based Application Access - HTTP, HTTPS, RDP, TELNET, SSH

Instant Messaging (IM) Management

-Yahoo and Windows Live Messenger
-Virus Scanning for IM traffic
-Allow/Block Login
-Allow/Block FileTransfer
-Allow/BlockWebcam
-Allow/Block one-to-one/group chat
- Content-based blocking
- IM activities Log
-Archive files transferred
- CustomAlerts

WirelessWAN

-USBport 3G/4G and Wimax Support
- PrimaryWANlink
- WANBackup link

Bandwidth Management

- Application and User Identity based Bandwidth Management
- Guaranteed &Burstable bandwidth policy
- Application &User Identity basedTraffic Discovery
- MultiWANbandwidth reporting
- Category-based bandwidth restriction

User Identity and Group Based Controls

-Access time restriction
-Time and Data Quota restriction
- Schedule based Committed and Burstable Bandwidth
- Schedule based P2Pand IM Controls

Networking

- Failover - Automated Failover/Failback, Multi-WAN failover, 3GModem failover
- WRRbased load balancing
- Policy routing based onApplication and User
- IP Address Assignment - Static, PPPoE, L2TP, PPTP & DDNSClient, ProxyARP,DHCPserver,DHCPrelay
- Support for HTTPProxy
- Dynamic Routing: RIP v1& v2, OSPF, BGP, Multicast Forwarding
- Parent Proxy support withFQDN
- “IPv6 Ready” Gold Logo

High Availability

- Active-Active
- Active-Passive with State Synchronization
- Stateful failover
- Alerts on appliance status change

Administration & System Management

-Web-based configuration wizard
- Role-based access control
- Firmware Upgrades viaWeb UI
- Web 2.0 compliant UI (HTTPS)
- UI Color Styler
- Command Line Interface (Serial, SSH,Telnet)
- SNMP(v1, v2c, v3)
- Multi-lingual support: Chinese, Hindi, French, Korean
- Cyberoam Central Console (Optional)
- Network Time Protocol Support

User Authentication

- Internal database
- Active Directory Integration
- Automatic Windows Single Sign On
- External LDAP/RADIUS database integration
- Thin Client support - Microsoft Windows Server 2003 Terminal Services and Citrix xenApp - Novell eDirectory
- RSASecurID support
- ExternalAuthentication - Users andAdministrators
- User/MAC Binding
- MultipleAuthentication servers

Logging/Monitoring

- Graphical real-time and historical monitoring
- Email notification of reports, gateway status, viruses and attacks
- Syslog support
- Log Viewer - Firewall, IPS, Web filter, Anti Virus, Anti
Spam,Authentication, System andAdmin Events

Logging/Monitoring

- IntegratedWeb-based Reporting tool
- 1000+ drilldown reports
- 45+ Compliance Reports
- Historical and Real-time reports
- Multiple Dashboards
- Username, Host, Email ID specific Monitoring Dashboard
- Reports - Security, Virus, Spam, Traffic, Policy violations, VPN, Search Engine keywords
- Multi-format reports - tabular, graphical
- Exportable formats - PDF, Excel
-Automated Report Scheduling

IPSecVPNClient**

- Inter-operability with major IPSecVPNGateways
- Supported platforms: Windows 2000, WinxP 32/64-bit, Windows 2003 32-bit, Windows 2008 32/64-bit, Windows Vista 32/64-bit, Windows 7 RC1 32/64-bit
- Import Connection configuration

Certification

- ICSAFirewall - Corporate
- CheckmarkUTMLevel 5 Certification
-VPNC- Basic andAESinteroperability
- “IPv6 Ready”Gold Logo

Compliance

-CE
-FCC
-UL