Interfaces

• 3 Copper GbE Ports
• Configurable
• Internal/DMZ/WAN Ports
• 1 Console Ports (RJ45/DB9)
• 2 USB Ports

Built-in Wireless LAN

• Wireless Standards - IEEE 802.11 a/b/g/n (WEP, WPA, WPA2, 802.11i , TKIP, AES, PSK)
• Antenna - Detachable 3x3 MIMO
• Access Points - Up to 8 bssid
• Transmit Power (EIRP)
  - 11n HT40 : +15dBm, 11b CCK: +15dBm, 11g OFDM:+15dBm
• Receiver Sensitivity - -68dBm at 300Mbps, -70dBm at 54Mbps, -88dBm at 6Mbps
• Frequency Range - 2.412 GHz - 2.472 GHz, 5.200 GHz - 5.825 GHz
• Number of Selectable Channels
  - USA (FCC) - 11 channels, EU (ETSI) / Japan (TELEC) - 13 channels
• Data Rate - 802.11a/g: 6, 9, 12, 18, 24, 36, 48, 54Mbps, 802.11b: 1, 2, 5,5, 11Mbps, 802.11n: up to 450Mbps

System Performance*

• Firewall Throughput (UDP) - 1,000 (Mbps)
  Firewall Throughput (TCP) - 750 (Mbps)
• New sessions/second - 3,500
• Concurrent sessions - 60,000
• IPSec VPN Throughput - 110 (Mbps)
• No. of IPSec Tunnels- 50
• SSL VPN Throughput - 50 (Mbps)
• Anti-Virus Throughput - 180 (Mbps)
• IPS Throughput - 140 (Mbps)
• UTM Throughput - 80 (Mbps)

Stateful Inspection Firewall

• Layer 8 (User - Identity) Firewall
• Multiple Security Zones
• Access Control Criteria (ACC) - User - Identity, Source " " Destination
  Zone, MAC and IP address, Service
  - UTM policies - IPS, Web Filtering, Application Filtering,
• Anti-Virus, Anti-Spam and Bandwidth Management
• Layer 7 (Application) Control " " Visibility
  -Access Scheduling
  - Policy based Source " " Destination NAT
  - H.323, SIP NATTraversal
  - 802.1q VLAN Support
  - DoS " " DDoSAttack prevention
  - MAC " " IP-MAC filtering and Spoof prevention

GatewayAnti-Virus " "Anti-Spyware

• Virus, Worm, Trojan Detection " " Removal
• Spyware, Malware, Phishing protection
• Automatic virus signature database update
• Scans HTTP, HTTPS, FTP, SMTP, POP3, IMAP, IM, VPN Tunnels
• Customize individual user scanning
• Scan and deliver by file size
• Block by file types
• Add disclaimer/signature

GatewayAnti-Spam

• Inbound Scanning
• Real-time Blacklist (RBL), MIME header check
• Filter based on message header, size, sender, recipient
• Subject line tagging
• IP address Black list/White list
• Redirect Spam mails to dedicated email address
• Image-based Spam filtering using RPD Technology
• Zero hour Virus Outbreak Protection
• IP Reputation-based Spam filtering

Intrusion Prevention System

• Signatures: Default (4500+), Custom
• IPS Policies: Multiple, Custom
• User-based policy creation
• Automatic real-time updates from CRProtect networks
• ProtocolAnomaly Detection
• DDoS attack prevention
• SCADA-aware IPS with pre-defined category for ICS and SCADA signatures

Web Filtering

• Inbuilt Web Category Database
• URL, keyword, File type block
• Categories: Default(82+), Custom
• Protocols supported: HTTP, HTTPS
• Block Malware, Phishing, Pharming URLs
• Schedule-based access control
• Custom block messages per category
• Block JavaApplets, Cookies,Active X
• CIPA Compliant
• Data leakage control via HTTP, HTTPS upload

Application Filtering

• InbuiltApplication Category Database
• 11+ Application Categories: e.g. Gaming, IM, P2P, Proxy
• Schedule-based access control
• Block
• P2P applications e.g. Skype
• Anonymous proxies e.g. UItra surf
• “Phone home” activities
• Layer 7 (Applications) " " Layer 8 (User - Identity) Visibility
• Securing SCADA Networks
• SCADA/ICS Signature-based Filtering for Protocols -
• Modbus, DNP3, IEC, Bacnet, Omron FINS, Secure
• DNP3, Longtalk - Control various Commands and Functions

Web Application Firewall

• Positive Protection model
• Unique "Intuitive Website Flow Detector" technology
• Protection against SQL Injections, Cross-site Scripting
  (XSS), Session Hijacking, URL Tampering, Cookie
  Poisoning
• Support for HTTP 0.9/1.0/1.1
• Extensive Logging " " Reporting

Virtual Private Network

• IPSec, L2TP, PPTP
• Encryption - 3DES, DES, AES, Twofish, Blowfish, Serpent
• HashAlgorithms - MD5, SHA-1
• Authentication - Preshared key, Digital certificates
• IPSec NAT Traversal
• Dead peer detection and PFS support
• Diffie Hellman Groups - 1,2,5,14,15,16
• External CertificateAuthority support
• Export Road Warrior connection configuration
• Domain name support for tunnel end points
• VPN connection redundancy
• Overlapping Network support

SSL VPN

• TCP" "UDPTunneling
• Authentication -Active Directory, LDAP, RADIUS Cyberoam
• Multi-layered ClientAuthentication - Certificate,
  Username/Password
• User " "Group policy enforcement
• Network access - Split and Full tunneling
• Browser-based (Portal)Access - Clientless access
• Lightweight SSLVPN Tunneling Client
• Granular access control to all the Enterprise Network resources
• Administrative controls - Session timeout, Dead Peer Detection, Portal customization
• - TCP- basedApplicationAccess - HTTP, HTTPS,
  RDP, TELNET, SSH

Instant Messaging (IM) Management

• Yahoo and Windows Live Messenger
• Virus Scanning for IM traffic
• Allow/Block Login
• Allow/Block File Transfer
• Allow/Block Webcam
• Allow/Block one-to-one/group chat
• Content-based blocking
• IM activities Log
• Archive files transferred
• CustomAlerts

Wireless WAN

• USB port 3G/4G and Wimax Support
• Primary WAN link
• WAN Backup link

Bandwidth Management

• Application and User Identity based Bandwidth
  Management
• Guaranteed " " Burstable bandwidth policy
• Application " " User Identity based Traffic Discovery
• Multi WAN bandwidth reporting
• Category-based bandwidth restriction

User Identity and Group Based Controls

• Access time restriction
• Time and Data Quota restriction
• Schedule based Committed and Burstable Bandwidth
• Schedule based P2P and IM Controls

Networking

• Failover - Automated Failover/Failback, Multi-WAN failover,
  3GModem failover
• WRR based load balancing
• Policy routing based onApplication and User
• IP Address Assignment - Static, PPPoE, L2TP, PPTP " " DDNS
  Client, Proxy ARP, DHCP server, DHCP relay
• Support for HTTP Proxy
• Dynamic Routing: RIP v1" " v2, OSPF, BGP, Multicast
  Forwarding
• Parent Proxy support with FQDN
• “IPv6 Ready”Gold Logo

Administration " " System Management

• Web-based configuration wizard
• Role-based access control
• Firmware Upgrades via Web UI
• Web 2.0 compliant UI (HTTPS)
• UI Color Styler
• Command Line Interface (Serial, SSH, Telnet)
• SNMP (v1, v2c, v3)
• Multi-lingual support: Chinese, Hindi, French, Korean
• Cyberoam Central Console (Optional)
• NTP Support

User Authentication

• Internal database
• Active Directory Integration
• Automatic Windows Single Sign On
• External LDAP/RADIUS database integration
• Thin Client support - Microsoft Windows Server 2003
• Terminal Services and Citrix XenApp
• RSAsecurID support
• ExternalAuthentication - Users andAdministrators
• User/MAC Binding
• MultipleAuthentication servers

Logging/Monitoring

• Graphical real-time logging and monitoring
• Syslog support
• Log Viewer - Firewall, IPS, Web filter, Anti Virus, Anti Spam,
  Authentication, System andAdmin Events

IPSec VPN Client**

• Inter-operability with major IPSec VPN Gateways
• Supported platforms: Windows 2000, WinXP 32/64-bit,
  Windows 2003 32-bit, Windows 2008 32/64-bit, Windows Vista
  32/64-bit, Windows 7 RC1 32/64-bit
• Import Connection configuration

Certification

• Common Criteria - EAL4+
• ICSAFirewall - Corporate
• Checkmark UTM Level 5 Certification
• VPNC - Basic andAES interoperability
• “IPv6 Ready”Gold Logo

Hardware Specifications

• Memory 2GB
• Compact Flash 4GB

Compliance

• CE
• FCC

Dimensions

• H x W x D (inches) - 1.7 x 6 x 9.1
• H x W x D (cms) - 4.4 x 15.3 x 23.2
• Weight - 1.5kg, 3.307 lbs

Power

• Input Voltage - 100-240 VAC
• Consumption - 13.2W
• Total Heat Dissipation (BTU) 45

Environmental

• Operating Temperature - 0 to 40 °C
• Storage Temperature - -25 to 75 °C
• Relative Humidity (Non condensing) 10 to 90%