Cr 250i Datasheet 29-01-2007

Transcript

Unified Threat Management Data Sheet Cyberoam CR 250i Complete Internet Security for Small and Medium Enterprises Cyberoam CR 250i is an identity based security appliance that delivers real-time network protection against evolving Internet threats to small enterprises through unique user based policies. The Cyberoam CR 250i system delivers enterprise class Identity based Firewall, VPN, anti-virus, anti-spam, intrusion detection and prevention - IDP, content filtering, bandwidth management and Multi-Link Manager over a single platform .Integrated high availability feature provides hardware failure protection against power supply, hard disk or processor to maximize network uptime and ensure uninterrupted access. The appliances protect corporates, educational institutions and government organizations from internal and external threats, including spyware, phishing, pharming, viruses, worms, Trojans, DoS attacks and other threats. Identity-based Security in UTM Cyberoam attaches the individual user identity to security, taking enterprises a step ahead of conventional solutions that bind security to immobile IP-addresses. Cyberoam's identity-based security offers full business flexibility while ensuring complete security in any environment, including DHCP and Wi-Fi, by identifying individual users within the network - whether they are victims or attackers. Features Description Benefits Identity-based Firewall (ICSA Labs Certified) ! Powerful stateful and deep packet inspection ! Prevents DoS and flooding attacks from internal and external sources ! Identity-based access control to applications like P2P, IM ! High-end application protection ! Flexibility to set policies by the user ! High scalability VPN ! Industry standard: PPTP, L2TP, IPSec VPN ! Secure connectivity to branch offices and remote users ! Low cost remote connectivity over the Internet Gateway Anti-Virus ! Scans incoming and outgoing HTTP, FTP, IMAP, POP3 and SMTP traffic ! Detects and removes viruses, worms and Trojans ! Access to quarantined mails to key executives ! Restriction on file transfer based on keywords ! Instant user identification in case of HTTP threats ! ! ! ! Complete protection of traffic over all protocols High business flexibility Protection of confidential information Real-time security Gateway Anti-Spam ! ! ! ! ! ! ! Scans IMAP, POP3 and SMTP traffic for spam Detects, tags and quarantines spam mail Lenient and strict policies based on user need Marks copy of mails to superiors Enforces black and white lists Analyzes large messages at high throughput Controls Image-based spam using RPD Technology ! ! ! ! Enhances productivity High business flexibility Protection from emerging threats High scalability Intrusion Detection & Prevention - IDP ! Over 2500 signature database ! Multi-policy capability with policies based on signature, source and destination ! Internal user identification ! Detect and prevent intrusion based on custom signature ! Prevents intrusion attempts, DoS attacks, malicious code, backdoor activity and network-based blended threats Content Filtering ! Automated web categorization engine blocks nonwork sites based on millions of sites in over 63 categories ! Hierarchy, department, group, user-based filtering policies ! Time-based access to pre-defined sites ! Prevents downloads of streaming media, gaming, tickers, ads ! Low false positives ! Real-time Security even in DHCP and Wi-Fi environments ! Offers user-identification in case of internal threats ! ! ! ! ! Prevents exposure of network to external threats Ensures regulatory compliance Saves bandwidth Enhances productivity Protects against legal liability Bandwidth Management ! Committed and burstable bandwidth by hierarchy, departments, groups, users ! Allows implementation of emerging technologies like VoIP ! Prevents bandwidth choking ! Allows high priority to bandwidth critical applications Multi-Link Manager ! Security over multiple ISP links through single appliance ! Load balances on weighted round robin basis with policy-based ratios for users and applications ! Switches traffic from failed to working link automatically ! ! ! ! On-Appliance Reporting ! Complete Reporting Suite available on the Appliance ! Traffic discovery offers real-time reports ! Reporting by username ! Reduced TCO as no additional purchase required ! Instant and complete visibility into patterns of usage ! Instant identification of victims and attackers in internal network www.cyberoam.com Easy to manage security over multiple links Controls bandwidth choking Optimal use of low-cost links Ensures business continuity Specification Interfaces 10/100 Ethernet ports 10/100/1000 GBE Ports Configurable Internal/DMZ/WAN Ports Console ports (RJ45) SFP (Mini GBIC) Ports COM port USB ports System Performance Concurrent sessions New sessions/second Firewall throughput (Mbps) 168-bit Triple-DES throughput (Mbps) Anti Virus throughput (Mbps) Data Sheet 2 2 Yes 2 4 4,00,000 10,000 400 120 70 Firewall Modes and Features Multiple Zones security with separate level of access rule enforcement for each zone Rules based on the combination of User, Source & Destination Zone and IP address and Service Actions include policy based control for IDP, content filtering, anti virus, anti spam and bandwidth management Access Scheduling Policy based Source & Destination NAT H.323 NAT Traversal DoS Attack prevention Yes Yes Yes Yes Yes Anti-Virus Virus, Worm, Trojan Detection & Removal Spyware, Malware, Phishing protection Automatic virus signature database update Scans HTTP, FTP, SMTP, POP3, IMAP Customize individual user scanning Self Service Quarantine area Scan and deliver by file size Block by file types Add disclaimer/signature Yes Yes Yes Yes Yes Yes Yes Yes Yes Anti-Spam Real-time Blacklist (RBL) MIME header check Filter based on message header, size, sender, recipient Subject line tagging IP address blacklist/exempt list Redirect spam mails to dedicated email address Image-based spam filtering using RPD Technology Yes Yes Yes Yes Yes Yes Yes Dynamic Intrusion Detection and Prevention 2500+ Intrusion Detection signatures Multiple IDP Policies Automatic real-time updates from CRProtect networks Protocol Anomaly Detection Custom Signatures Custom IDP Policies Yes Yes Yes Yes Yes Yes Web Content Filtering URL, keyword, File type block Inbuilt Web Category Database URL Categories Custom Categories HTTP Upload block Internet Access Policies Block Malware, Phishing, Pharming URLs Custom block messages per category Block Java Applets, Cookies, Active X CIPA Compliant Yes Yes 63+ Yes Yes Yes Yes Yes Yes Yes VPN IPSec, L2TP, PPTP Encryption - 3DES, DES, AES, Twofish, Blowfish, Serpent Hash Algorithms - MD5, SHA-1 Authentication - Preshared key, Digital certificates IPSec NAT Traversal Dead peer detection Perfect Forward Secrecy Diffie Hellman Groups - 1,2,5,14,15,16 External Certificate Authority support Export Road Warrior connection configuration Domain name support for tunnel end points Bandwidth Management Application and User Identity based Bandwidth Management Guaranteed & Burstable bandwidth policy Application & User Identity based Traffic Discovery Multi WAN bandwidth reporting Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes User Identity and Group Based Controls Access time restriction Time Quota restriction Schedule based Committed and Burstable Bandwidth Data Quota restriction Schedule based P2P and IM Controls Yes Yes Yes Yes Yes Networking Multiple Link Auto Failover WRR based Load balancing Multiple Zone support Policy routing based on Application and User DDNS DDNS support for NATed IP address Hardware failure-Active/Passive PPPoE Client Yes Yes Yes Yes Yes Yes Yes Yes High Availability Active-Passive HA Device Failure detection Link Status monitor Alert notification on Appliance Status change Automatic and Manual Synchronization Yes Yes Yes Yes Yes Administration Web-based configuration wizard Role-based administration Multiple administrators and user levels Upgrades & changes via Web UI Yes Yes Yes Yes System Management Console interface Web UI (HTTPS) Command line interface Secure Command Shell (SSH) Appliance hardware health tools SNMP (v1, v2c, v3) Yes Yes Yes Yes Yes Yes User Authentication Internal database Windows Domain Control & Active Directory Support Automatic Windows Single Sign On LDAP/RADIUS database Support Yes Yes Yes Yes Logging/Monitoring Internal HDD Graphical real-time and historical monitoring Email notification of reports, viruses and attacks Log to remote Syslog server Yes Yes Yes Yes On-Appliance Reporting Intrusion reporting Policy violations reporting Web Category reporting (user, content type) Search Engine Keyword wise reporting Data transfer reporting (Host, Group, IP Wise) User wise and IP wise Virus reporting Yes Yes Yes Yes Yes Yes VPN Client IPSec compliant Inter-operability with major IPSec VPN Gateways Supported platforms: Windows 98, Me, NT4, 2000, XP Import Connection configuration Yes Yes Yes Yes Compliance CE FCC Yes Yes Certification ICSA Firewall - Corporate Yes Dimensions Height Width Depth 1.72 inches 16.8 inches 13.4 inches Power Input Voltage Redundant Power Supply 110 -240VAC - Environmental Operating Temperature Storage Temperature Relative Humidity (Non condensing) Cooling system (40mm Fan) 0 to 40 °C -20 to 80 °C 10 to 90% 2 Yes Yes Yes Yes Elitecore Product Unified Threat Management www.cyberoam.com Visit: www.cyberoam.com Contact: [email protected] USA - Tel: +1-978-465-8400, Fax: 1-978-293-0200 India - Tel: +91-79-66065606, Fax: +91-79-26407640