Interfaces

• Copper GbE Ports 8
• Configurable Internal/DMZ/WAN Ports Yes
• Console Ports (Rj45) 1
• USB Ports 2
• Hardware Bypass Segment 2

System Performance

• Firewall Throughput (UDP) (Mbps) 4,500
• Firewall Throughput (TCP) (Mbps) 3,500
• New sessions/second 45,000
• Concurrent sessions 1,250,000
• IPSec VPN Throughput (Mbps) 450
• No. of IPSec Tunnels 250
• SSLVPN Throughput (Mbps) 400
• WAF Protected Throughput (Mbps) 500
• Anti-Virus Throughput (Mbps) 1400
• IPS Throughput (Mbps) 1,200
• UTM Throughput (Mbps) 750

Stateful Inspection Firewall

• Layer 8 (User - Identity) Firewall
• Multiple Security Zones
• Access Control Criteria (ACC) - User - Identity, Source " "
  Destination Zone, MAC and IP address, Service
• UTM policies - IPS, Web Filtering, Application Filtering,
  Anti-Virus, Anti-Spam and Bandwidth Management
• Layer 7 (Application) Control " " Visibility
• Access Scheduling
• Policy based Source " " Destination NAT
• H.323, SIP NATTraversal
• 802.1q VLAN Support
• DoS " " DDoSAttack prevention
• MAC " " IP-MAC filtering and Spoof prevention

GatewayAnti-Virus " "Anti-Spyware

• Virus, Worm, Trojan: Detection " " Removal
• Spyware, Malware, Phishing protection
• Automatic virus signature database update
• Scans HTTP, HTTPS, FTP, SMTP, POP3, IMAP, IM,
  VPN Tunnels
• Customize individual user scanning
• Self Service Quarantine area
• Scan and deliver by file size
• Block by file types
• Add disclaimer/signature

GatewayAnti-Spam

• Inbound/Outbound Scanning
• Real-time Blacklist (RBL), MIME header check
• Filter based on message header, size, sender, recipient
• Subject line tagging
• IP address Black list/White list
• Redirect Spam mails to dedicated email address
• Image-based Spam filtering using RPD Technology
• Zero hour Virus Outbreak Protection
• Self Service Quarantine area
• Spam Notification through Digest
• IP Reputation-based Spam filtering

Intrusion Prevention System

• Signatures: Default (4500+), Custom
• IPS Policies: Multiple, Custom
• User-based policy creation
• Automatic real-time updates from CRProtect networks
• ProtocolAnomaly Detection
• DDoS attack prevention
• SCADA-aware IPS with pre-defined category for ICS and
• SCADAsignatures

Web Filtering

• Inbuilt Web Category Database
• URL, keyword, File type block
• Categories: Default(82+), Custom
• Protocols supported: HTTP, HTTPS
• Block Malware, Phishing, Pharming URLs
• Schedule-based access control
• Custom block messages per category
• Block JavaApplets, Cookies,Active X
• CIPA Compliant
• Data leakage control via HTTP, HTTPS upload

Application Filtering

• InbuiltApplication Category Database
• 11+ Application Categories: e.g. Gaming, IM, P2P
• Schedule-based access control
• Block
• P2P applications e.g. Skype
• Anonymous proxies e.g. UItra surf
• “Phone home” activities
• Layer 7 (Applications) " " Layer 8 (User - Identity) Visibility
• Securing SCADA Networks
• SCADA/ICS Signature-based Filtering for Protocols
• Modbus, DNP3, IEC, Bacnet, Omron FINS, Secure
  DNP3, Longtalk
• Control various Commands and Functions

Web Application Firewall

• Positive Protection model
• Unique "Intuitive Website Flow Detector" technology
• Protection against SQL Injections, Cross-site Scripting
  (XSS), Session Hijacking, URL Tampering, Cookie
  Poisoning
• Support for HTTP 0.9/1.0/1.1
• Extensive Logging " " Reporting

Virtual Private Network

• IPSec, L2TP, PPTP
• Encryption - 3DES, DES, AES, Twofish, Blowfish,
  Serpent
• HashAlgorithms - MD5, SHA-1
• Authentication - Preshared key, Digital certificates
• IPSec NATTraversal
• Dead peer detection and PFS support
• Diffie Hellman Groups - 1,2,5,14,15,16
• External CertificateAuthority support
• Export Road Warrior connection configuration
• Domain name support for tunnel end points
• VPN connection redundancy
• Overlapping Network support
• Hub " " Spoke VPN support

SSL VPN

• TCP " " UDPTunneling
• Authentication - Active Directory, LDAP, RADIUS,
  Cyberoam
• Multi-layered Client Authentication - Certificate,
  Username/Password
• User " " Group policy enforcement
• Network access - Split and Full tunneling
• Browser-based (Portal)Access - Clientless access
• Lightweight SSLVPN Tunneling Client
• Granular access control to all the Enterprise Network
  resources
• Administrative controls - Session timeout, Dead Peer
  Detection, Portal customization
• TCP- based Application Access - HTTP, HTTPS, RDP,
  TELNET, SSH

Instant Messaging (IM) Management

• Yahoo and Windows Live Messenger
• Virus Scanning for IM traffic
• Allow/Block Login
• Allow/Block File Transfer
• Allow/Block Webcam
• Allow/Block one-to-one/group chat
• Content-based blocking
• IM activities Log
• Archive files transferred
• CustomAlerts

Wireless WAN

• USB port 3G/4G and Wimax Support
• Primary WAN link
• WAN Backup link

Bandwidth Management

• Application and User Identity based Bandwidth
  Management
• Guaranteed " " Burstable bandwidth policy
• Application " " User Identity based Traffic Discovery
• Multi WAN bandwidth reporting
• Category-based bandwidth restriction

User Identity and Group Based Controls

• Access time restriction
• Time and Data Quota restriction
• Schedule based Committed and Burstable Bandwidth
• Schedule based P2P and IM Controls

Networking

• Failover - Automated Failover/Failback, Multi-WAN
  failover, 3GModem failover
• WRR based load balancing
• Policy routing based onApplication and User
• IP Address Assignment - Static, PPPoE, L2TP, PPTP " "
  DDNS Client, ProxyARP, DHCP server, DHCP relay
• Support for HTTP Proxy
• Dynamic Routing: RIP v1" " v2, OSPF, BGP, Multicast
  Forwarding
• Parent Proxy support with FQDN
• “IPv6 Ready”Gold Logo

High Availability

• Active-Active
• Active-Passive with State Synchronization
• Stateful failover
• Alerts on appliance status change

Administration " " System Management

• Web-based configuration wizard
• Role-based access control
• Firmware Upgrades via Web UI
• Web 2.0 compliant UI (HTTPS)
• UI Color Styler
• Command Line Interface (Serial, SSH, Telnet)
• SNMP (v1, v2c, v3)
• Multi-lingual support: Chinese, Hindi, French, Korean
• Cyberoam Central Console (Optional)
• Network Time Protocol Support

UserAuthentication

• Internal database
• Active Directory Integration
• Automatic Windows Single Sign On
• External LDAP/RADIUS database integration
• Thin Client support - Microsoft Windows Server 2003
  Terminal Services and Citrix XenApp - Novell eDirectory
• RSASecurID support
• ExternalAuthentication - Users andAdministrators
• User/MAC Binding
• MultipleAuthentication servers

Logging/Monitoring

• Graphical real-time and historical monitoring
• Email notification of reports, gateway status, viruses and
  attacks
• Syslog support
• Log Viewer - Firewall, IPS, Web filter, Anti Virus, Anti
  Spam,Authentication, System andAdmin Events

On-Appliance Cyberoam-iView Reporting

• Integrated Web-based Reporting tool -
  Cyberoam-iView
• 1000+ drilldown reports
• 45+ Compliance Reports
• Historical and Real-time reports
• Multiple Dashboards
• Username, Host, Email ID specific Monitoring
  Dashboard
• Reports - Security, Virus, Spam, Traffic, Policy
  violations, VPN, Search Engine keywords
• Multi-format reports - tabular, graphical
• Exportable formats - PDF, Excel
• Automated Report Scheduling

IPSec VPN Client**

• Inter-operability with major IPSec VPN Gateways
• Supported platforms: Windows 2000, WinXP 32/64-bit,
  Windows 2003 32-bit, Windows 2008 32/64-bit, Windows
  Vista 32/64-bit, Windows 7 RC1 32/64-bit
• Import Connection configuration

Certification

• Common Criteria - EAL4+
• ICSAFirewall - Corporate
• Checkmark UTM Level 5 Certification
• VPNC - Basic andAES interoperability
• “IPv6 Ready”Gold Logo

Hardware Specifications

• Memory 2GB
• Compact Flash 4GB
• HDD 250GB or higher

Compliance

• CE 
• FCC
• UL 

Dimensions

• H x W x D (inches) 1.7 x 14.6 x 17.3
• H x W x D (cms) 4.4 X 37.2 X 44
• Weight 5 kg, 11.02 lbs

Power

• Input Voltage 100-240 VAC
• Consumption 99W
• Total Heat Dissipation (BTU) 338

Environmental

• Operating Temperature 0 to 40 °C
• Storage Temperature -25 to 75 °C
• Relative Humidity (Non condensing) 10 to 90%