Upload
asif-shaikh
View
218
Download
0
Embed Size (px)
Citation preview
8/8/2019 Cyberoam15 i
1/2
Data SheetUnified Threat Management
Identity-based Security in UTMCyberoam attaches the user identity to security, takingenterprises a step ahead of conventional solutions that bindsecurity to IP-addresses. Cyberoam's identity-basedsecurity offers full business flexibility while ensuringcomplete security in any environment, including DHCP andWi-Fi, by identifying individual users within the network-whether they are victims or attackers.
www.cyberoam.com
Features Benefits
Gateway Anti-Virus& Anti-Spyware
!
!
!
Scans HTTP, FTP, IMAP, POP3 and SMTP trafficDetects and removes viruses, worms and TrojansInstant user identification in case of HTTP threats
!
!
!
!
Complete protection of traffic over all protocolsHigh business flexibilityProtection of confidential information
Real-time security
Virtual Private Network !!
!
!
Threat Free TunnelingIndustry standard: IPSec, L2TP, PPTP VPNVPN High Availability for IPSec and L2TP connectionsDual VPNC Certifications - Basic and AES Interop
!
!
!
!
Safe and clean VPN trafficSecure connectivity to branch offices and remote usersLow cost remote connectivity over the InternetEffective failover management with defined connectionpriorities
Stateful Inspection Firewall(ICSA Labs Certified)
!
!
!
!
Powerful stateful and deep packet inspectionFusion technology blends all the components of Cyberoam intoa single firewall policyPrevents DoS & flooding attacks from internal & external sourcesIdentity-based access control for applications like P2P, IM
!
!
!
!
Application layer protectionProvides the right balance of security, connectivity andproductivityFlexibility to set policies by user identityHigh scalability
On-Appliance Reporting !!
Complete Reporting Suite available on the Appliance
Reporting by username
!
!
!
Reduced TCO as no additional purchase required
Instant and complete visibility into patterns of usageInstant identification of victims and attackers in internal network
Multiple Link Management!
!
!
Security over multiple ISP links using a single applianceLoad balances traffic based on weighted round robin distributionLink Failover automatically shifts traffic from a failed link to aworking link
!
!
!
!
Easy to manage security over multiple linksControls bandwidth congestionOptimal use of low-cost linksEnsures business continuity
Bandwidth Management !
!
Committed and burstable bandwidth by hierarchy,departments, groups & usersCategory-based Bandwidth restriction
!
!
Prevents bandwidth congestionPrioritizes bandwidth for critical applications
Content &
Application Filtering
!
!
!
!
!
!
Automated web categorization engine blocks non-work sites
based on millions of sites in over 82+ categoriesURL Filtering for HTTP & HTTPS protocolsHierarchy, department, group, user-based filtering policiesTime-based access to pre-defined sitesPrevents downloads of streaming media, gaming, tickers, adsSupports CIPA compliance for schools and libraries
!
!
!
!
!
!
!
Prevents exposure of network to external threats
Blocks access to restricted websitesEnsures regulatory complianceSaves bandwidth and enhances productivityProtects against legal liabilityEnsures the safety and security of minors onlineEnables schools to qualify for E-rate funding
Intrusion PreventionSystem - IPS
!
!
!
!
Multi-policy capability with policies based on default & customsignatures, source and destinationPrevents intrusion attempts, DoS attacks, malicious code,backdoor activity and network-based blended threatsBlocks anonymous proxies with HTTP proxy signaturesBlocks phone home activities
!
!
!
!
Low false positivesReal-time Security in dynamic environments like DHCP and Wi-FiOffers instant user-identification in case of internal threats Apply IPS policies on users
Gateway Anti-Spam !!
!
!
!
!
Scans SMTP, POP3 and IMAP traffic for spamDetects, tags and quarantines spam mailEnforces black and white listsVirus Outbreak ProtectionContent-agnostic spam protection including Image-spamusingRecurrent Pattern Detection (RPD ) TechnologyIP Reputation-based Spam filtering
TM
!
!
!
!
!
!
Enhances productivityHigh business flexibilityProtection from emerging threatsHigh scalabilityZero hour protection incase of virus outbreaksMulti-language and Multi-format spam detection
Description
Cyberoam UTMCyberoam CR15i is the identity-based security appliance that works on Layer 8,delivering real-time protection against evolving external and internal threats to SmallOffice-Home Office (SOHO) and Remote Office-Branch Office (ROBO) users.
Small, remote offices with limited security like firewall, anti-virus are exposed toInternet threats. Cyberoam delivers comprehensive protection from malware, virus,spam, phishing, pharming and more. Its unique identity-based security protects usersfrom internal threats that lead to data leakage. Cyberoam features include StatefulInspection Firewall, VPN (IPSec), Gateway Anti-Virus and Anti-Spyware, GatewayAnti-Spam, IPS, Content Filtering, Bandwidth Management, Multiple LinkManagement and can be centrally managed with Cyberoam Central Console.
Comprehensive Network Securityfor Small and Remote Offices
Cyberoam CR15iCERTIFIED
VPN
InteroBasi
AESInterowww.check-mark.com
8/8/2019 Cyberoam15 i
2/2
Bandwidth Management
User Identity and Group Based Controls
Networking
Administration & System Management
User Authentication
Logging/Monitoring
On-Appliance Reporting#
VPN Client
Certification
Dimensions
ower
Application and User Identity based Bandwidth Management YesGuaranteed & Burstable bandwidth policy YesMulti WAN bandwidth reporting YesCategory-based Bandwidth restriction Yes
Access time restriction YesTime and Data Quota restriction YesSchedule based Committed and Burstable Bandwidth YesSchedule based P2P and IM Controls Yes
Multiple Link Auto Failover YesWRR based Load balancing YesPolicy routing based on Application and User YesDDNS/PPPoE Client Yes
Dynamic Routing: RIP v1& v2, OSPF, BGP, Multicast Forwarding YesParent Proxy support with FQDN YesDHCP Server and Relay Yes
Web-based configuration wizard YesRole-based administration YesMultiple administrators and user levels YesUpgrades & changes via Web UI YesMulti-lingual support: Chinese, Hindi, French YesWeb UI (HTTPS) YesCommand line interface (Serial, SSH, Telnet) YesSNMP (v1, v2c, v3) YesCyberoam Central Console YesNTP Server Support Yes
Local database YesWindows Domain Control & Active Directory Integration Yes Automatic Windows Single Sign On YesExternal LDAP/RADIUS database Integration YesUser/MAC Binding Yes
Graphical real-time and historical monitoring YesEmail not ificat ion of repor ts, vi ruses and at tacks YesSyslog support Yes
Intrusion events reports YesPolicy violations reports YesWeb Category reports (user, content type) YesSearch Engine Keywords reporting YesData transfer reporting (By Host, Group & IPAddress) YesVirus reporting by User and IPAddress YesCompliance Reports 45+
IPSec compliant YesInter-operabil ity wi th major IPSec VPN Gateways YesSupported platforms: Windows 98, Me, NT4, 2000, XP, Vista YesImport Connection configuration Yes
ICSA Firewall - Corporate YesVPNC - Basic and AES interoperability YesCheckmark UTM Level 5 Certification Yes
CE YesFCC Yes
H x W x D (inches) 1.7 x 6 x 9.1H x W x D (cms) 4.4 x 15.3 x 23.2Weight 1.5 kg, 3.307 lbs
PInput Voltage 100-240VACConsumption 13.2WTotal Heat Dissipation (BTU) 45
Compliance
EnvironmentalOperating Temperature 0 to 40 CStorage Temperature -20 to 75 CRelative Humidity (Non condensing) 10 to 95%Cooling System - Fan Fanless
Support for HTTP Proxy Yes
nterfaces
System Performance*
Gateway Anti-Virus & Anti-Spyware
Virtual Private Network
0/100 Ethernet Ports 30/100/1000 GBE Ports -
Configurable Internal/DMZ/WAN Ports Yes
USB Ports 1Hardware Bypass Segments -
68-bit Triple-DES/AES throughput (Mbps) 15/25Antivirus throughput (Mbps) 20
P (Mbps) 0UTM (Mbps) 5
Console Ports (RJ45/DB9) 1SFP (Mini GBIC) Ports -
Firewall throughput (Mbps) 90New sessions/second 2,000Concurrent sessions 30,000
S throughput 4throughput 1
Multiple Zones security with separate levels of access rulenforcement for each zone Yes
Rules based on the combination of User, MAC, Source &Destination Zone and IP address and Service YesActions include policy based control for IPS, ContentFiltering, Anti virus, Anti spam and Bandwidth Management Yes
Access Scheduling YesPolicy based Source & Destination NAT YesH.323 NAT Traversal Yes02.1q VLAN Support Yes
DoS & DDoS Attack prevention YesMAC & IP-MAC filtering and Spoof prevention Yes
Virus, Worm, Trojan Detection & Removal YesSpyware, Malware, Phishing protection Yes
Automatic virus signature database update Yes
Scans HTTP, FTP, SMTP, POP3, IMAP, VPN Tunnels YesCustomize individual user scanning YesScan and deliver by file size YesBlock by file types Yes
Add disclaimer/signature Yes
Real-time Blacklist (RBL), MIME header check YesFilter based on message header, size, sender, recipient YesSubject line tagging YesP address Black list/White list Yes
Redirect spam mails to dedicated email address Yesmage-based spam filtering using RPD Technology Yes
Zero hour Virus Outbreak Protection Yes
Signatures: Default, Custom YesPS Policies: Multiple, Custom Yes
User-based policy creation YesAutomatic real-time updates from CRProtect networks Yes
Protocol Anomaly Detection YesBlock
- P2P applications e.g. Skype Yes- Anonymous proxies e.g. UItra surf Yes- Phone home activities Yes- Keylogger Yes
nbuilt Web Category Database YesURL, keyword, File type block YesCategories: Default(82+), Custom YesProtocols supported: HTTP, HTTPS YesBlock Malware, Phishing, Pharming URLs YesCustom block messages per category YesBlock Java Applets, Cookies, Active X YesCIPA Compliant YesData leakage control via HTTP upload Yes
PSec, L2TP, PPTP YesEncryption - 3DES, DES, AES, Twofish, Blowfish, Serpent Yes
Hash Algorithms - MD5, SHA-1 YesAuthentication - Preshared key, Digital certificates YesPSec NAT Traversal Yes
Dead peer detection and PFS support YesDiffie Hellman Groups - 1,2,5,14,15,16 YesExternal Certificate Authority support YesExport Road Warrior connection configuration YesDomain name support for tunnel end points YesVPN connection redundancy YesOverlapping Network support YesHub & Spoke VPN support Yes
Stateful Inspection Firewall
Gateway Anti-Spam
ntrusion Prevention System
Content & Application Filtering
Specification
Only for the previous dayAntivirus, IPS and UTM performance is measured based on HTTP traffic as per RFC 3511 guidelines. Actual performance may vary depending on the real network traffic environments.
www.cyberoam.com I [email protected] Elitecore Product
Toll Free NumbersUSA : |APAC/MEA : | Europe :
+1-877-777-0368 : 1-800-301-00013
+1-877-777-0368 +44-808-120-3958India
Copy r igh t 1999-2009El i t ec o reTechno l og ie s L td . A l lR ig h t sR ese rv ed .Cyberoam and Cyberoam logo are registered trademark of Elitecore Technologies Ltd. AlthoughElitecorehasattemptedtoprovideaccurateinformation,Elitecoreassumesno responsibilityforaccuracyor completeness of information neither is this a legally binding representation. Elitecore has the right tochange,modify,transferorotherwiserevisethepublicationwithoutnotice. PL-10-96034-091117 Unified Threat Managemen