Cyberoam CR10wiNG

Stateful Inspection Firewall
- Layer 8 (User - Identity) Firewall
- Multiple Security Zones
- Access Control Criteria (ACC) - User - Identity, Source & Destination
Zone, MAC and IP address, Service
- UTM policies - IPS, Web Filtering, Application Filtering,

Anti-Virus, Anti-Spam and Bandwidth Management
- Layer 7 (Application) Control & Visibility
- Access Scheduling
- Policy based Source & Destination NAT
- H.323, SIP NAT Traversal
- 802.1q VLAN Support
- DoS & DDoS Attack prevention
- MAC & IP-MAC filtering and Spoof prevention

Gateway Anti-Virus & Anti-Spyware
- Virus, Worm, Trojan Detection & Removal
- Spyware, Malware, Phishing protection
- Automatic virus signature database update
- Scans HTTP, HTTPS, FTP, SMTP/S, POP3, IMAP, IM,

VPN Tunnels
- Customize individual user scanning
- Scan and deliver by file size
- Block by file types
- Add disclaimer/signature

Gateway Anti-Spam
- Inbound Scanning
- Real-time Blacklist (RBL), MIME header check
- Filter based on message header, size, sender, recipient
- Subject line tagging
- IP address Black list/White list
- Redirect Spam mails to dedicated email address
- Image-based Spam filtering using RPD Technology
- Zero hour Virus Outbreak Protection
- IP Reputation-based Spam filtering

Intrusion Prevention System
- Signatures: Default, Custom
- IPS Policies: Multiple, Custom
- User-based policy creation
- Automatic Signature updates
- Protocol Anomaly Detection
- DDoS attack prevention
- SCADA-aware IPS with pre-defined category for ICS and SCADA
signatures

Web Filtering
- On-cloud Web Category Database
- URL, keyword, File type block
- Categories: Default(89+), Custom
- Protocols supported: HTTP, HTTPS
- Block Malware, Phishing, Pharming URLs
- Schedule-based access control
- Visibility and Controls for HTTPS based Micro-Apps like

Facebook chat, Youtube video upload
- Custom block messages per category
- Block Java Applets, Cookies, Active X
- CIPA Compliant
- Data leakage control via HTTP, HTTPS upload

Application Filtering
- Inbuilt Application Category Database
- Schedule-based access control
- Block
- Proxy and Tunnel
- File Transfer
- Social Networking
- Streaming Media
- Storage and Backup
- Layer 7 (Applications) & Layer 8 (User - Identity) Visibility
- Securing SCADA Networks
- SCADA/ICS Signature-based Filtering for Protocols -
Modbus, DNP3, IEC, Bacnet, Omron FINS, Secure
DNP3, Longtalk
- Control various Commands and Functions

Virtual Private Network
- IPSec, L2TP, PPTP
- Encryption - 3DES, DES, AES, Twofish, Blowfish, Serpent
- Hash Algorithms - MD5, SHA-1
- Authentication - Preshared key, Digital certificates
- IPSec NAT Traversal
- Dead peer detection and PFS support
- Diffie Hellman Groups - 1,2,5,14,15,16
- External Certificate Authority support
- Export Road Warrior connection configuration
- Domain name support for tunnel end points
- VPN connection redundancy
- Overlapping Network support
- Hub & Spoke VPN support

SSL VPN
-TCP&UDPTunneling
- Authentication - Active Directory, LDAP, RADIUS,
Cyberoam
- Multi-layered Client Authentication - Certificate,
Username/Password
- User &Group policy enforcement
- Network access - Split and Full tunneling
- Browser-based (Portal)Access - Clientless access
- Lightweight SSL VPN Tunneling Client
- Granular access control to all the Enterprise Network
resources
- Administrative controls - Session timeout, Dead Peer
Detection, Portal customization
- TCP- based Application Access - HTTP, HTTPS,
RDP, TELNET, SSH

Instant Messaging (IM) Management
- Yahoo and Windows Live Messenger
- Virus Scanning for IM traffic
- Allow/Block Login
- Allow/Block File Transfer
- Allow/Block Webcam
- Allow/Block one-to-one/group chat
- Content-based blocking
- IM activities Log
- Archive files transferred
- Custom Alerts

Wireless WAN
- USB port 3G/4G and WiMAX Support
- Primary WAN link
- WAN Backup link

Bandwidth Management
- Application and User Identity based Bandwidth
Management
- Guaranteed & Burstable bandwidth policy
- Application & User Identity based Traffic Discovery
- Multi WAN bandwidth reporting
- Category-based bandwidth restriction

User Identity and Group Based Controls
- Access time restriction
- Time and Data Quota restriction
- Schedule based Committed and Burstable Bandwidth
- Schedule based P2P and IM Controls
Interfaces

Networking
- Failover - Automated Failover/Failback, Multi-WAN failover, 3G
Modem failover
- WRR based load balancing
- Policy routing based on Application and User
- IP Address Assignment - Static, PPPoE, L2TP, PPTP & DDNS
Client, Proxy ARP, DHCP server, DHCP relay
- Support for HTTP Proxy
- Dynamic Routing: RIP v1& v2, OSPF, BGP, PIM-SIM, Multicast
Forwarding
- Parent Proxy support with FQDN
- “IPv6 Ready” Gold Logo

Administration & System Management
- Web-based configuration wizard
- Role-based access control
- Firmware Upgrades via Web UI
- Web 2.0 compliant UI (HTTPS)
- UI Color Styler
- Command Line Interface (Serial, SSH, Telnet)
- SNMP (v1, v2c, v3)
- Multi-lingual support: Chinese, Hindi, French, Korean
- Cyberoam Central Console (Optional)
- NTP Support

User Authentication
- Internal database
- Active Directory Integration
- Automatic Windows/RADIUS Single Sign On
- External LDAP/RADIUS database integration
- Thin Client support - Microsoft Windows Server 2003
- 2-factor authentication: 3rd party support**

Terminal Services and Citrix XenApp
- External Authentication - Users and Administrators
- User/MAC Binding
- Multiple Authentication servers

Logging/Monitoring
- Graphical real-time logging and monitoring
- Syslog support
- Log Viewer - Firewall, IPS, Web filter, Anti Virus, Anti Spam,
Authentication, System and Admin Events

IPSec VPN Client***
- Inter-operability with major IPSec VPN Gateways
- Supported platforms: Windows 2000, WinXP 32/64-bit,
Windows 2003 32-bit, Windows 2008 32/64-bit, Windows Vista
32/64-bit, Windows 7 32/64-bit
- Import Connection configuration

Certification
- ICSA Firewall - Corporate
- Checkmark UTM Level 5 Certification
- VPNC - Basic and AES interoperability
- “IPv6 Ready” Gold Logo

Hardware Specifications
Memory 1GB
Storage 4GB