1. Unified Threat Management CR25wiNG
Future-ready
CR25wiNG
Future-ready Security with Wi-Fi Access Point for SOHO/ROBO networks Data Sheet
CR25wiNG is the Next-Generation Unified Threat Management appliance with Wi-Fi access points that
offer “the fastest UTMs made for SMBs” to small offices, with high performance security over WLAN.
CR25wiNG appliances come with 3x3 MIMO technology that greatly enhances wireless range and
performance. It supports 802.11n/b/g wireless standards. Combined with security over wired
networks offered by its range of UTM appliances, Cyberoam enables organizations to overcome
the physical limitations of securely accessing network resources and offers more user
flexibility, user productivity and lower network ownership costs.
The ‘Next-Generation’ UTM Series for SOHO:
The best-in-class hardware along with software to match, enables the NG series to
offer unmatched throughput speeds, compared to any other UTM appliance in Faster performance, broader coverage with 3x3
this market segment. This assures support for future IT trends in organizations MIMO Technology
like high-speed Internet and rising number of devices in organizations –
offering future-ready security for small office networks.
Cyberoam's Layer 8 technology that treats user-identity as the 8th Cyberoam's Layer 8 Technology treats
Layer or the HUMAN layer in the protocol stack, works even in “User Identity” as the 8th Layer in the
WLAN environments, to allow Identity-based security policies protocol stack
in dynamic IP environment.
VPNC
L8 USER
CERTIFIED
SSL
Portal
SSL
Exchange
L7 Application
SSL
Firefox
VPNC
CERTIFIED
Basic
SSL
JavaScript
SSL Basic
L6 Presentation ASCII, EBCDIC, ICA
Interop Network Extension
www.check-mark.com
AES
Interop
SSL Advanced
Network Extension Cyberoam UTM offers security
L5 Session L2TP, PPTP
across Layer 2-Layer 8 using
L4 Transport TCP, UDP Identity-based policies
L3 Network 192.168.1.1
L2 Data Link 00-17-BB-8C-E3-E7
L1 Physical
Cyberoam UTM features assure Security, Connectivity, Productivity
Security Connectivity Productivity
Network Security Business Continuity Employee Productivity
- Firewall - Multiple Link Management - Content Filtering
- Intrusion Prevention System - High Availability - Instant Messaging Archiving & Controls
- Web Application Firewall
- Wireless Security Network Availability IT Resource Optimization
- VPN - Bandwidth Management
Content Security - 3G/4G/WiMAX Connectivity - Traffic Discovery
- Anti-Virus/Anti-Spyware - Application Visibility & Control
##
- Anti-Spam (Inbound/Outbound) Future-ready Connectivity
- HTTPS/SSL Content Security - “IPv6 Ready” Gold Logo Administrator Productivity
- Next-Gen UI
Administrative Security
- Next-Gen UI
- iView- Logging & Reporting

2. Specification
Interfaces Web Filtering Networking
Copper GbE Ports 4 - Inbuilt Web Category Database - Failover - Automated Failover/Failback, Multi-WAN failover,
Configurable - URL, keyword, File type block 3GModem failover
Internal/DMZ/WAN Ports Yes - Categories: Default(82+), Custom - WRR based load balancing
Console Ports (RJ45/DB9) 1 - Protocols supported: HTTP, HTTPS - Policy routing based on Application and User
USB Ports 2 - Block Malware, Phishing, Pharming URLs - IP Address Assignment - Static, PPPoE, L2TP, PPTP & DDNS
- Schedule-based access control Client, Proxy ARP, DHCP server, DHCP relay
Built-in Wireless LAN - Custom block messages per category - Support for HTTP Proxy
Wireless Standards IEEE 802.11 a/b/g/n (WEP, WPA, - Block Java Applets, Cookies, Active X - Dynamic Routing: RIP v1& v2, OSPF, BGP, Multicast
WPA2, 802.11i , TKIP, AES, PSK, - CIPA Compliant Forwarding
802.1x EAP) - Data leakage control via HTTP, HTTPS upload - Parent Proxy support with FQDN
- “IPv6 Ready” Gold Logo
Antenna Detachable 3x3 MIMO Application Filtering
- Inbuilt Application Category Database Administration & System Management
Access Points Up to 8 bssid - 11+ Application Categories: e.g. Gaming, IM, P2P, Proxy - Web-based configuration wizard
- Schedule-based access control - Role-based access control
Transmit Power (EIRP) 11n HT40 : +15dBm - Block - Firmware Upgrades via Web UI
11b CCK: +15dBm - P2P applications e.g. Skype - Web 2.0 compliant UI (HTTPS)
11g OFDM:+15dBm - Anonymous proxies e.g. UItra surf - UI Color Styler
- “Phone home” activities - Command Line Interface (Serial, SSH, Telnet)
Receiver Sensitivity -68dBm at 300Mbps - Keylogger - SNMP (v1, v2c, v3)
-70dBm at 54Mbps - Layer 7 (Applications) & Layer 8 (User - Identity) Visibility - Multi-lingual support: Chinese, Hindi, French, Korean
-88dBm at 6Mbps - Cyberoam Central Console (Optional)
Web Application Firewall - NTP Support
- Positive Protection model
Frequency Range 2.412 GHz - 2.472 GHz - Unique "Intuitive Website Flow Detector" technology User Authentication
5.200 GHz - 5.825 GHz - Protection against SQL Injections, Cross-site Scripting - Internal database
(XSS), Session Hijacking, URL Tampering, Cookie - Active Directory Integration
Poisoning - Automatic Windows Single Sign On
Number of Selectable USA (FCC) - 11 channels, - Support for HTTP 0.9/1.0/1.1 - External LDAP/RADIUS database integration
Channels EU (ETSI) / Japan (TELEC) - 13 - Extensive Logging & Reporting - Thin Client support - Microsoft Windows Server 2003
channels Terminal Services and Citrix XenApp
Virtual Private Network - RSA securID support
Data Rate 802.11n: up to 450Mbps, - IPSec, L2TP, PPTP - External Authentication - Users and Administrators
802.11b: 1, 2, 5,5, 11Mbps, - Encryption - 3DES, DES, AES, Twofish, Blowfish, Serpent - User/MAC Binding
802.11g: 6, 9, 12, 18, 24, 36, 48, - Hash Algorithms - MD5, SHA-1 - Multiple Authentication servers
54Mbps - Authentication - Preshared key, Digital certificates
- IPSec NAT Traversal Logging/Monitoring
System Performance* - Dead peer detection and PFS support - Graphical real-time and historical monitoring
Firewall Throughput (UDP) 1,500 (Mbps) - Diffie Hellman Groups - 1,2,5,14,15,16 - Email notification of reports, viruses and attacks
Firewall Throughput (TCP) 1,000 (Mbps) - External Certificate Authority support - Syslog support
New sessions/second 5,000 - Export Road Warrior connection configuration - Log Viewer - IPS, Web filter, Anti Virus, Anti Spam,
Concurrent sessions 150,000 - Domain name support for tunnel end points Authentication, System and Admin Events
IPSec VPN Throughput 210 (Mbps) - VPN connection redundancy
No. of IPSec Tunnels 100 - Overlapping Network support On-Appliance Cyberoam-iView Reporting Cyberoam TM
SSL VPN Throughput 75 (Mbps) - Hub & Spoke VPN support - Integrated Web-based Reporting tool -
VIEW
WAF Protected Throughput 45 (Mbps) Cyberoam-iView
Anti-Virus Throughput 300 (Mbps) SSL VPN - 1000+ drilldown reports
IPS Throughput 200 (Mbps) -TCP&UDPTunneling - 45+ Compliance Reports
UTM Throughput 110 (Mbps) - Authentication - Active Directory, LDAP, RADIUS, - Historical and Real-time reports
Cyberoam - Multiple Dashboards
Stateful Inspection Firewall - Multi-layered Client Authentication - Certificate, - Username, Host, Email ID specific Monitoring
- Layer 8 (User - Identity) Firewall Username/Password Dashboard
- Multiple Security Zones - User &Group policy enforcement - Reports - Security, Spam, Virus, Traffic, Policy violations,
- Access Control Criteria (ACC) - User - Identity, Source & Destination - Network access - Split and Full tunneling VPN, Search Engine keywords
Zone, MAC and IP address, Service - Browser-based (Portal)Access - Clientless access - Multi-format reports - tabular, graphical
- UTM policies - IPS, Web Filtering, Application Filtering, - Lightweight SSL VPN Tunneling Client - Exportable formats - PDF, Excel
Anti-Virus, Anti-Spam and Bandwidth Management - Granular access control to all the Enterprise Network - Automated Report Scheduling
- Layer 7 (Application) Control & Visibility resources
- Access Scheduling - Administrative controls - Session timeout, Dead Peer IPSec VPN Client**
- Policy based Source & Destination NAT Detection, Portal customization - Inter-operability with major IPSec VPN Gateways
- H.323, SIP NAT Traversal - TCP- based Application Access - HTTP, HTTPS, - Supported platforms: Windows 2000, WinXP 32/64-bit,
- 802.1q VLAN Support RDP, TELNET, SSH Windows 2003 32-bit, Windows 2008 32/64-bit, Windows Vista
- DoS & DDoS Attack prevention 32/64-bit, Windows 7 RC1 32/64-bit
- MAC & IP-MAC filtering and Spoof prevention Instant Messaging (IM) Management - Import Connection configuration
- Yahoo and Windows Live Messenger
Gateway Anti-Virus & Anti-Spyware - Virus Scanning for IM traffic Certification
- Virus, Worm, Trojan Detection & Removal - Allow/Block Login - ICSA Firewall - Corporate
- Spyware, Malware, Phishing protection - Allow/Block File Transfer - Checkmark UTM Level 5 Certification
- Automatic virus signature database update - Allow/Block Webcam - VPNC - Basic and AES interoperability
- Scans HTTP, HTTPS, FTP, SMTP, POP3, IMAP, IM, - Allow/Block one-to-one/group chat - “IPv6 Ready” Gold Logo
VPN Tunnels - Content-based blocking
- Customize individual user scanning - IM activities Log
- Archive files transferred Hardware Specifications
- Scan and deliver by file size
- Custom Alerts Memory 1GB
- Block by file types
- Add disclaimer/signature Compact Flash 2GB
Wireless WAN HDD 250GB or higher
Gateway Anti-Spam - USB port 3G/4G and Wimax Support
- Inbound/Outbound Scanning - Primary WAN link Compliance
- Real-time Blacklist (RBL), MIME header check - WAN Backup link - CE
- Filter based on message header, size, sender, recipient - FCC
- Subject line tagging Bandwidth Management
- IP address Black list/White list - Application and User Identity based Bandwidth Dimensions
- Redirect Spam mails to dedicated email address Management H x W x D (inches) 1.7 x 6 x 9.1
- Image-based Spam filtering using RPD Technology - Guaranteed & Burstable bandwidth policy H x W x D (cms) 4.4 x 15.3 x 23.2
- Zero hour Virus Outbreak Protection - Application & User Identity based Traffic Discovery Weight 2.3kg, 5.07 lbs
- IP Reputation-based Spam filtering - Multi WAN bandwidth reporting
- Category-based bandwidth restriction Power
Intrusion Prevention System Input Voltage 100-240 VAC
- Signatures: Default (4500+), Custom User Identity and Group Based Controls Consumption 33.5W
- IPS Policies: Multiple, Custom - Access time restriction Total Heat Dissipation (BTU) 114
- User-based policy creation - Time and Data Quota restriction
- Automatic real-time updates from CRProtect networks - Schedule based Committed and Burstable Bandwidth Environmental
- Protocol Anomaly Detection - Schedule based P2P and IM Controls Operating Temperature 0 to 40 °C
- DDoS attack prevention Storage Temperature 0 to 75 °C
Relative Humidity (Non condensing) 10 to 90%
*Antivirus, IPS and UTM performance is measured based on HTTP traffic as per RFC 3511 guidelines. Actual performance may vary depending on the real network traffic environments.
##
**Additional Purchase Required. Inbound and Outbound Spam filtering cannot be used simultaneously.
Toll Free Numbers C o p y r i g h t © 1999-2012 Cyberoam Te c h n o l o g i e s Pvt. L t d. A l l R i g h t s R e s e r v e d.
Cyberoam and Cyberoam logo are registered trademark of Elitecore Technologies Pvt. Ltd. Although
USA : +1-800-686-2360 | India : 1-800-301-00013 Elitecore has attempted to provide accurate information, Elitecore assumes no responsibility for accuracy
or completeness of information neither is this a legally binding representation. Elitecore has the right to
APAC/MEA : +1-877-777-0368 | Europe : +44-808-120-3958 change,modify, transfer or otherwise revise the publication without notice. PL-10-1000252-100718 Unified Threat Management
www.cyberoam.com I sales@cyberoam.com