Call a Specialist Today! 888-785-4405

Cyberoam CR1000iNG-XP
Next-Generation Firewall for Enterprise Networks


Cyberoam – a Sophos Company, secures organizations with its wide range of product offerings at the network gateway. For the latest Cyberoam products, please visit our Sophos's store EnterpriseAV.com


Cyberoam CR1000iNG-XP

Sorry, this product is no longer available, please contact us for a replacement.


Overview:

The mobilization of workforce has led to demand for anytime-anywhere access to network resources. This, along with increasing number of users like customers and partners connecting to an enterprise network from outside, and trends like rise in number of network users and devices, application explosion, virtualization, and more are leading to loss of security controls for enterprises over their networks. Cyberoam Next-Generation Firewalls (NGFW) with Layer 8 Identity-based technology offer actionable intelligence and controls to enterprises that allow complete security controls over L2-L8 for their future-ready security. Cyberoam’s Human Layer 8 acts like a standard abstract layer that binds with real Layers 2-7, enabling organizations to regain lost security controls.

Cyberoam CR1000iNG-XP offers inline application inspection and control, website filtering, HTTPS inspection, Intrusion Prevention System, VPN (IPSec and SSL) and granular bandwidth controls. Additional security features like WAF, Gateway Anti- Virus, Anti-Spam are also available. The FleXi Ports (XP) available in CR1000iNG-XP appliances offer flexible network connectivity with I/O slots that allow additional Copper 1G, Fiber 1G/10G ports on the same security appliance.

Cyberoam security appliances offer high performance, assured Security, Connectivity and Productivity and an Extensible Security Architecture (ESA) for future-ready security in enterprises.

Next-Generation Firewall for Enterprises:

Offering Actionable Intelligence and Controls

Cyberoam's Layer 8 technology

Cyberoam UTM features assure Security, Connectivity, Productivity

SecuritySecurity

Network Security

  • Firewall
  • Intrusion Prevention System
  • Wireless Security

Content Security

  • Anti-Virus/Anti-Spyware
  • Anti-Spam (Inbound/Outbound)
  • HTTPS/SSL Content Security

Administrative Security

  • Next-Gen UI
  • iView- Logging & Reporting

ConnectivityConnectivity

Business Continuity

  • Multiple Link Management

Network Availability

  • VPN
  • 3G/4G/WiMAx Connectivity

Future-ready Connectivity

  • "IPv6 Ready" Gold Logo

ProductivityProductivity

Employee Productivity

  • Content Filtering
  • Instant Messaging Archiving & Controls

IT Resource Optimization

  • Bandwidth Management
  • Traffic Discovery
  • Application Visibility & Control

Administrator Productivity

  • Next-Gen UI

Features:

The Cyberoam NGFWs offer next-generation security features to organizations to protect against newly-evolving threats.

Layer 8 Identity-based SecurityLayer 8 Identity-based Security
Cyberoam's Layer 8 Technology treats user identity as the 8th layer or the "human layer" in the network protocol stack. This allows administrators to uniquely identify users, control Internet activity of these users in the network, and enable policy-setting and reporting by username – adding speed to security. Cyberoam's Layer 8 security binds with Layer 2 to Layer 7 giving better security controls over the network and offers Layer 8 Identity-based security over AAA (User Authentication, Service Authorization, Audit with logs /reports).

Application Visibility & ControlApplication Visibility & Control
With an industry-leading coverage of 2000+ applications, Cyberoam's Application Visibility & Control feature enables prioritization of applications based on User Identity, time, applications, and bandwidth, allowing great flexibility and real L2-L8 visibility & control. Advanced application controls classify applications based on their risk level, characteristics and technology, offering more granular controls. The pro-active protection model eliminates the need for manual intervention by administrator to update policy for new applications that are being added to the list.

Intrusion Prevention SystemIntrusion Prevention System
Cyberoam Intrusion Prevention System protects against network and application-level attacks, securing organizations against intrusion attempts, malware, Trojans, DoS and DDoS attacks, malicious code transmission, backdoor activity and blended threats.

First-of-its-kind On-appliance ReportingFirst-of-its-kind On-appliance Reporting
Cyberoam has been the first and only vendor in the industry to offer on-appliance reporting with real-time logs and reports, saving the cost of deploying a dedicated reporting solution. The 1200+ in-depth reports offer real-time visibility into user and network activities, helping organizations to manage security, display compliance and forensic analysis, unmatched by any network security vendor till date. Cyberoam reports include dynamic and animated reports, in-line graphs, and country maps.

Virtual Private NetworkVirtual Private Network
Cyberoam VPN (IPSec and SSL) offers secure remote access, ensuring secure endpoints and network with its Threat-free Tunneling Technology.

Web FilteringWeb Filtering
Cyberoam's award-winning Web Filtering offers one of the most comprehensive URL databases with millions of URLs grouped into 89+ categories. It blocks access to harmful websites, preventing malware, phishing, pharming attacks and undesirable content that could lead to legal liability and direct financial losses.

Web Application FirewallWeb Application Firewall
Cyberoam offers an on-appliance Web Application Firewall subscription to secure websites and Web-based applications in organizations against attacks such as SQL injection, cross-site scripting (XSS), URL parameter tampering, session hijacking, buffer overflows, and more, including the OWASP Top 10 Web application vulnerabilities.

QoS / Bandwidth ManagementQoS / Bandwidth Management
Cyberoam enables organizations to tie bandwidth policies to users, user groups, Applications, Website Categories, Firewall rules, and more. Cyberoam's granular Layer 7 and Layer 8 Bandwidth controls allow prioritization of business-critical applications and users for bandwidth allocation, ensuring assured QoS for business-critical applications like VoIP and CRM. Granular bandwidth controls allow committed bandwidth to critical users at all times and also allow policies to assign idle bandwidth to other applications automatically, delivering optimal use of idle bandwidth and higher ROI.

Based on the need, Enterprises can get additional security features like Web Application Firewall, Gateway Anti-Virus, Gateway Anti-Spam, and more.

Specifications:


Specification

Interfaces

Maximum number of available Ports

42

Fixed Copper GbE Ports

10

Number of Slots for FleXi Ports Module*

4

Port Options for FleXi Ports Module

(GbE Copper/GbE Fiber/10GbE Fiber)

8 / 8 / 4

 

Console Ports (RJ45)

1

Configurable Internal/DMZ/WAN Ports

Yes

USB Ports

2

System Performance*

Firewall Throughput (UDP) (Mbps)

27,500

Firewall Throughput (TCP) (Mbps)

22,500

New sessions/second

240,000

Concurrent sessions

5,500,000

IPSec VPN Throughput (Mbps)

3,000

No. of IPSecTunnels

3,000

SSL VPN Throughput (Mbps)

850

WAF Protected Throughput (Mbps)

2,000

Anti-Virus Throughput (Mbps)

4,500

IPS Throughput (Mbps)

10,500

NGFW Throughput (Mbps)***

5,000

Fully Protected Throughput (Mbps)****

 

3,000

Stateful Inspection Firewall

  • Layer 8 (User - Identity) Firewall
  • Multiple Security Zones
  • Access Control Criteria (ACC) : User - Identity, Source and Destination Zone, MAC and IP address, Service
  • Security policies - IPS, Web Filtering, Application Filtering, Anti-Virus, Anti-Spam and Bandwidth Management
  • Application (Layer 7) Control and Visibility
  • Access Scheduling
  • Policy based Source and Destination NAT
  • H.323, SIP NAT Traversal
  • 802.1q VLAN Support
  • DoS and DDoS Attack prevention
  • MAC and IP-MAC filtering and Spoof prevention

Application Filtering

  • Inbuilt Application Category Database
  • 2,000+ Applications Supported
  • Schedule-based access control
  • Block
  • P2P applications e.g. Skype
  • Anonymous proxies e.g. UItra surf
  • “Phone home” activities
  • Keylogger
  • Layer 7 (Applications) & Layer 8 (User - Identity) Visibility

Intrusion Prevention System (IPS)

  • Signatures: Default (4500+), Custom
  • IPS Policies: Multiple, Custom
  • User-based policy creation
  • Automatic real-time updates from CRProtect networks
  • Protocol Anomaly Detection
  • DDoS attack prevention

User Identity and Group Based Controls

  • Access time restriction
  • Time and Data Quota restriction
  • Schedule-based Committed and Burstable Bandwidth
  • Schedule-based P2P and IM Controls

Administration and System Management

  • Web-based configuration wizard
  • Role-based access control
  • Firmware Upgrades via Web UI
  • Web 2.0 compliant UI (HTTPS)
  • UI Color Styler
  • Command Line Interface (Serial, SSH, Telnet)
  • SNMP (v1, v2, v3)
  • Multi-lingual support: English, Chinese, Hindi, French, Japanese
  • Cyberoam Central Console (Optional)
  • Network Time Protocol Support

User Authentication

  • Internal database
  • Active Directory Integration
  • Automatic Windows Single Sign On
  • External LDAP/RADIUS database integration
  • Thin Client support - Microsoft Windows Server 2003/2008

Terminal Services and Citrix XenApp - Novell eDirectory

  • RSA SecurID support
  • External Authentication - Users and Administrators
  • User/MAC Binding
  • Multiple Authentication servers

Logging and Monitoring

  • Graphical real-time and historical monitoring
  • Email notification of reports, gateway status, viruses and attacks
  • Syslog support
  • Log Viewer - Firewall, IPS, Web filter, WAF, Anti Virus, Anti Spam, Authentication, System and Admin Events

On-Appliance Cyberoam-iView Reporting

  • Integrated Web-based Reporting tool - Cyberoam-iView
  • 1200+ drilldown reports
  • 45+ Compliance Reports
  • Historical and Real-time reports
  • Multiple Dashboards
  • Username, Host, Email ID specific Monitoring Dashboard
  • Reports - Security, Virus, Spam, Traffic, VPN, Search Engine keywords
  • Multi-format reports - tabular, graphical
  • Exportable formats - PDF, Excel
  • Automated Report Scheduling

Virtual Private Network

  • IPSec, L2TP, PPTP
  • Encryption - 3DES, DES, AES, Twofish, Blowfish, Serpent
  • Hash Algorithms - MD5, SHA-1
  • Authentication - Preshared key, Digital certificates
  • IPSec NAT Traversal
  • Dead peer detection and PFS support
  • Diffie Hellman Groups - 1,2,5,14,15,16
  • External Certificate Authority support
  • Export Road Warrior connection configuration
  • Domain name support for tunnel end points
  • VPN connection redundancy
  • Overlapping Network support
  • Hub and Spoke VPN support

SSL VPN

  • TCP and UDP Tunneling
  • Authentication - Active Directory, LDAP, RADIUS, Cyberoam (Local)
  • Multi-layered Client Authentication - Certificate, Username/Password
  • User and Group policy enforcement
  • Network access - Split and Full tunneling
  • Browser-based (Portal) Access - Clientless access
  • Lightweight SSL VPN Tunneling Client
  • Granular access control to all the enterprise network resources
  • Administrative controls - Session timeout, Dead Peer Detection, Portal customization
  • TCP- based Application Access - HTTP, HTTPS, RDP, TELNET, SSH

Web Filtering

  • Inbuilt Web Category Database
  • URL, keyword, File type block
  • Categories: Default(89+), Custom
  • Protocols supported: HTTP, HTTPS
  • Block Malware, Phishing, Pharming URLs
  • Schedule-based access control
  • Custom block messages per category
  • Block Java Applets, Cookies, Active X
  • CIPA Compliant
  • Data leakage control via HTTP, HTTPS upload

Bandwidth Management

  • Application and User Identity based Bandwidth Management
  • Guaranteed and Burstable bandwidth policy
  • Application and User Identity based Traffic Discovery
  • Multi WAN bandwidth reporting
  • Category-based bandwidth restriction

Web Application Firewall

  • Positive Protection model
  • Unique "Intuitive Website Flow Detector" technology
  • Protection against SQL Injections, Cross-site Scripting (XSS), Session Hijacking, URL Tampering, Cookie Poisoning, etc.
  • Support for HTTP 0.9/1.0/1.1

Gateway Anti-Virus & Anti-Spyware

  • Virus, Worm, Trojan: Detection and Removal
  • Spyware, Malware, Phishing protection
  • Automatic virus signature database update
  • Scans HTTP, HTTPS, FTP, SMTP, POP3, IMAP, IM, VPN Tunnels
  • Customize individual user scanning
  • Self Service Quarantine area
  • Scan and deliver by file size
  • Block by file types
  • Add disclaimer/signature

Gateway Anti-Spam

  • Inbound/Outbound Scanning
  • Real-time Blacklist (RBL), MIME header check
  • Filter based on message header, size, sender, recipient
  • Subject line tagging
  • IP address Black list/White list
  • Redirect Spam mails to dedicated email address
  • Image-based Spam filtering using RPD Technology
  • Zero hour Virus Outbreak Protection
  • Self Service Quarantine area
  • Spam Notification through Digest
  • IP Reputation-based Spam filtering

Wireless WAN

  • USB port 3G/4G and Wimax Support
  • Primary WAN link
  • WAN Backup link

Networking

  • Failover - Automated Failover/Failback, Multi-WAN Failover, 3G/4G Modem Failover
  • WRR based load balancing
  • Policy routing based on Application and User
  • IP Address Assignment - Static, PPPoE, L2TP, PPTP & DDNS Client, Proxy ARP, DHCP server, DHCP relay
  • Support for HTTP Proxy
  • Dynamic Routing: RIP v1 and v2, OSPF, BGP, Multicast Forwarding
  • Parent Proxy support with FQDN
  • “IPv6 Ready” Gold Logo

High Availability

  • Active-Active
  • Active-Passive with State Synchronization
  • Stateful failover
  • Alerts on appliance status change

IPSec VPN Client*****

  • Inter-operability with major IPSec VPN Gateways
  • Supported platforms: Windows 2000, WinXP 32/64-bit, Windows 2003 32-bit, Windows 2008 32/64-bit, Windows Vista 32/64-bit, Windows 7 32/64-bit
  • Import Connection configuration

Certification

  • Common Criteria - EAL4+
  • ICSA Firewall - Corporate
  • Checkmark Certification
  • VPNC - Basic and AES interoperability - “IPv6 Ready” Gold Logo

Hardware Specifications

Memory 4GB
Compact Flash 4GB
HDD 250GB or higher

Compliance

CE
FCC
UL

Dimensions

H x W x D (inches) 1.7 x 17.44 x 18.75
H x W x D (cms) 4.4 X 44.3 X 47.62
Weight 5.1 kg, 11.24 lbs

Power

Input Voltage 100-240 VAC
Consumption 208W
Total Heat Dissipation (BTU) 345

Environmental

Operating Temperature 0 to 40 °C
Storage Temperature 0 to 70 °C
Relative Humidity (Non condensing) 10 to 90%
#If Enabled, will bypass traffic only in case of power failure.
**Additional Purchase Required.
*Antivirus, IPS and UTM performance is measured based on HTTP traffic as per RFC 3511 guidelines. Actual performance may vary depending on the real network traffic environments.

Supports and Subscriptions:

Subscriptions:

  • Antivirus and Anti Spam Subscription: Protection against Internet and mail based malware
  • Comprehensive Value Subscription: Comprehensive Value Subscription includes Anti Malware, Anti Spam, Web and Application Filter, WAF, Intrusion Prevention System , 24x7 Support, hardware warranty and RMA fulfillment
  • Gateway Anti Spam: Zero-hour protection with industry’s highest spam detection capabilities
  • Gateway Anti Virus: Gateway level protection from viruses, worms and malicious code
  • Intrusion Prevention System: Protects from intrusion attempts, DoS attacks, malicious code transmission, backdoor activity and blended threats
  • Outbound Anti Spam: Protects service providers from recurring incidents of outbound spam in the network.
  • Security Value Subscription Plus: Cyberoam Security Value Subscription Plus includes Anti Malware, Web and Application Filter, Intrusion Prevention System , 24x7 Support, hardware warranty and RMA fulfillment
  • Security Value Subscription: Cyberoam Security Value Subscription includes Anti Malware, Web and Application Filter and Intrusion Prevention System, 8x5 Support, hardware warranty and RMA fulfillment
  • Total Value Subscription Plus: Cyberoam Total Value Subscription Plus includes Anti Malware, Anti Spam, Web and Application Filter, Intrusion Prevention System, 24x7 Support, hardware warranty and RMA fulfillment
  • Total Value Subscription: Cyberoam Total Value Subscription includes Anti Malware, Anti Spam, Web and Application Filter and Intrusion Prevention System, 8x5 Support, hardware warranty and RMA fulfillment
  • Web and Application Filter: Dependable web and application filtering to control and report non-work and malicious web and network traffic activity.
  • Web Application Firewall: Prevents exploitation of web applications vulnerabilities.

Supports

Basic 8x5 Support: 8x5 Phone, Email and Web Chat support with firmware upgrades , hardware warranty and RMA fulfillment

Premium Support 24x7: 24x7 Phone, Email and Web Chat support with firmware upgrades, hardware warranty and RMA fulfillment

  8x5 Basic Support 24x7 Premium Support
Technical Support
Timings 10AM - 6PM (Local Time Zone) Anytime during the day
Web Based Support Yes Yes
Phone Based Support Yes Yes
Chat Based Support Yes Yes
Number of support incidents per annual subscription Unlimited Unlimited
First Response Time 4 Hours 1 Hour
Onsite Support Services* - Fee Based Service
Software Support
Software & OS Upgrades and Patches Yes Yes
Hot Fixes and Enhancement upgrades Yes Yes
Signature & database update Yes Yes
Hardware Warranty
Limited Hardware warranty & Replacement Yes Yes
Return and Replacement policy 10 Days 4 Days
Advanced Hardware Replacement - Yes
Customer Portal
Product Documentation and Guides Yes Yes
Technical Trainings - CCNSP & CCNSE Certifications Fee Based Fee Based
Online Demo Yes Yes
Version Release Notes Yes Yes
Support Renewals
One, two and three (1, 2 and 3) Year Renewals Yes Yes

Download the Cyberoam Basic Support Plan Datasheet (PDF).

Download the Cyberoam Premium Support Plan Datasheet (PDF).

Documentation:

Download the Cyberoam CR1000iNG–XP Datasheet (PDF).

Download the Cyberoam UTM Techsheet (PDF).