The document is a data sheet for the Cyberoam CR300i network security appliance. It provides unified threat management for small and medium offices through features like firewall, intrusion prevention, antivirus, antispam, web filtering, application control, and VPN. Key capabilities include identity-based security policies through layer 8 technology, high performance through multi-core processing, and an extensible security architecture.

1. Data Sheet
Comprehensive Network Security
Cyberoam CR300i
for Small & Medium Offices
Unified Threat Management CR 300i
POWER
CONSOLE E F A B C D
VPNC
RESET
CERTIFIED
SSL
Portal
SSL
Exchange
SSL
Firefox
VPNC SSL
CERTIFIED JavaScript
Basic SSL Basic
Interop Network Extension
AES SSL Advanced
www.check-mark.com Interop Network Extension
Cyberoam Unified Threat Management appliances offer assured security, connectivity and productivity to
small and medium enterprises (SMEs) by allowing user identity-based policy controls.
Cyberoam’s User Layer 8 Technology treats user-identity as the 8th Layer or the HUMAN layer in the
Gartner positions protocol stack. It attaches user identity to security, taking organizations a step ahead of conventional
Cyberoam UTM as a solutions that bind security to IP-addresses. This adds speed to an organization’s security by offering
instant visibility into the source of attacks by username rather than IP address – allowing immediate
“Visionary” in Magic remediation to restore security or allowing proactive security. Layer 8 technology functions along with each
Quadrant for SMB of Cyberoam security features to allow creation of identity-based security policies.
Multifunction Cyberoam’s multi-core technology allows parallel processing of all its security features – ensuring security
without compromising performance. Its future-ready Extensible Security Architecture (ESA) offers an
Firewalls extensible platform that can grow with the future security needs of an organization without degrading
system performance. ESA supports feature enhancements that can be developed rapidly and deployed
with minimum efforts.
User Identity-based Security Policy Controls
L8 USER
L7 Application
Cyberoam's Layer 8 Technology treats
L6 Presentation ASCII, EBCDIC, ICA “User Identity” as the 8th Layer
in the protocol stack
L5 Session L2TP, PPTP
Transport Cyberoam UTM offers security across
L4 TCP, UDP
Layer 2-Layer 8 using Identity-based policies
L3 Network 192.168.1.1
L2 Data Link 00-17-BB-8C-E3-E7
L1 Physical
Cyberoam UTM features assure Security, Connectivity, Productivity
Security Connectivity Productivity
Network Security Business Continuity Employee Productivity
- Firewall - Multiple Link Management - Content Filtering
- Intrusion Prevention System - High Availability - Instant Messaging Archiving & Controls
- Wireless security
Network Availability IT Resource Optimization
Content Security - VPN - Bandwidth Management
- Anti-Virus/Anti-Spyware - 3G/WiMAX Connectivity - Traffic Discovery
- Anti-Spam - Application Layer 7 Management
- HTTPS/SSL Content Security Future-ready Connectivity
- “IPv6 Ready” Gold Logo Administrator Productivity
Administrative Security - Next-Gen UI
- Next-Gen UI
- iView- Logging & Reporting

2. Specification
##
Interfaces Web Application Firewall High Availability
Copper GBE Ports 6 - Positive Protection model - Active-Active
Configurable Internal/DMZ/WAN Ports Yes - Unique "Intuitive Website Flow Detector" technology - Active-Passive with State Synchronization
Console Ports (RJ45/DB9) 1 - Protection against SQL Injections, Cross-site Scripting - Stateful failover
USB Ports 2 (XSS), Session Hijacking, URL Tampering, Cookie - Alerts on appliance status change
Hardware Bypass Segments 1* Poisoning
- Support for HTTP 0.9/1.0/1.1 Administration & System Management
System Performance** - Extensive Logging & Reporting - Web-based configuration wizard
Firewall throughput (UDP) (Mbps) 2600 - Back-end servers supported: 15 - Role-based access control
Firewall throughput (TCP) (Mbps) 1800 - Firmware Upgrades via Web UI
New sessions/second 15,000 Virtual Private Network - Web 2.0 compliant UI (HTTPS)
Concurrent sessions 500,000 - IPSec, L2TP, PPTP - UI Color Styler
168-bit 3DES/AES throughput (Mbps) 180/200 - Encryption - 3DES, DES, AES, Twofish, Blowfish, - Command Line Interface (Serial, SSH, Telnet)
WAF Protected Throughput (Mbps) 150 Serpent - SNMP (v1, v2c, v3)
Anti-Virus throughput (Mbps) 450 - Hash Algorithms - MD5, SHA-1 - Multi-lingual support: Chinese, Hindi, French, Korean
IPS throughput (Mbps) 850 - Authentication - Preshared key, Digital certificates - Cyberoam Central Console (Optional)
UTM throughput (Mbps) 350 - IPSec NAT Traversal - NTP Support
- Dead peer detection and PFS support
Stateful Inspection Firewall - Diffie Hellman Groups - 1,2,5,14,15,16 User Authentication
- Layer 8 (User - Identity) Firewall - External Certificate Authority support - Internal database
- Multiple Security Zones - Export Road Warrior connection configuration - Active Directory Integration
- Access Control Criteria (ACC) - User - Identity, Source & - Domain name support for tunnel end points - Automatic Windows Single Sign On
- VPN connection redundancy - External LDAP/RADIUS database integration
Destination Zone, MAC and IP address, Service
- Overlapping Network support - Thin Client support - Microsoft Windows Server 2003
- UTM policies - IPS, Web Filtering, Application Filtering,
- Hub & Spoke VPN support Terminal Services and Citrix XenApp
Anti-Virus, Anti-Spam and Bandwidth Management
- Layer 7 (Application) Control & Visibility - RSA securID support
- Access Scheduling
SSL VPN - External Authentication - Users and Administrators
- Policy based Source & Destination NAT - TCP & UDP Tunneling - User/MAC Binding
- H.323, SIP NAT Traversal - Authentication - Active Directory, LDAP, RADIUS, - Multiple Authentication servers
- 802.1q VLAN Support Cyberoam
- DoS & DDoS Attack prevention - Multi-layered Client Authentication - Certificate, Logging/Monitoring
- MAC & IP-MAC filtering and Spoof prevention Username/Password - Graphical real-time and historical monitoring
- User & Group policy enforcement - Email notification of reports, viruses and attacks
Gateway Anti-Virus & Anti-Spyware - Network access - Split and Full tunneling - Syslog support
- Virus, Worm, Trojan Detection & Removal - Browser-based (Portal) Access - Clientless access - Log Viewer - IPS, Web filter, Anti Virus, Anti Spam,
- Spyware, Malware, Phishing protection - Lightweight SSL VPN Tunneling Client Authentication, System and Admin Events
- Automatic virus signature database update - Granular access control to all the Enterprise Network
- Scans HTTP, HTTPS, FTP, SMTP, POP3, IMAP, IM, resources On-Appliance Cyberoam-iView Reporting Cyberoam TM
- Administrative controls - Session timeout, Dead Peer VIEW
VPN Tunnels - Integrated Web-based Reporting tool -
- Customize individual user scanning Detection, Portal customization Cyberoam-iView
- Self Service Quarantine area - TCP- based Application Access - HTTP, HTTPS, RDP, - 1000+ drilldown reports
- Scan and deliver by file size TELNET, SSH - 45+ Compliance Reports
- Block by file types - Historical and Real-time reports
- Add disclaimer/signature Instant Messaging (IM) Management - Multiple Dashboards
- Yahoo and Windows Live Messenger - Username, Host, Email ID specific Monitoring
Gateway Anti-Spam - Virus Scanning for IM traffic Dashboard
- Real-time Blacklist (RBL), MIME header check - Allow/Block Login - Reports - Security, Virus, Spam, Traffic, Policy
- Filter based on message header, size, sender, recipient - Allow/Block File Transfer violations, VPN, Search Engine keywords
- Subject line tagging - Allow/Block Webcam - Multi-format reports - tabular, graphical
- IP address Black list/White list - Allow/Block one-to-one/group chat - Exportable formats - PDF, Excel
- Redirect Spam mails to dedicated email address - Content-based blocking - Automated Report Scheduling
- Image-based Spam filtering using RPD Technology - IM activities Log
- Zero hour Virus Outbreak Protection - Archive files transferred IPSec VPN Client***
- Self Service Quarantine area - Custom Alerts - Inter-operability with major IPSec VPN Gateways
- Spam Notification through Digest - Supported platforms: Windows 2000, WinXP 32/64-bit,
- IP Reputation-based Spam filtering Wireless WAN Windows 2003 32-bit, Windows 2008 32/64-bit,
- USB port 3G and Wimax Support# Windows Vista 32/64-bit, Windows 7 RC1 32/64-bit
Intrusion Prevention System - Primary WAN link - Import Connection configuration
- Signatures: Default (3000+), Custom - WAN Backup link
- IPS Policies: Multiple, Custom Certification
- User-based policy creation Bandwidth Management - ICSA Firewall - Corporate
- Automatic real-time updates from CRProtect networks - Application and User Identity based Bandwidth - Checkmark UTM Level 5 Certification
- Protocol Anomaly Detection Management - VPNC - Basic and AES interoperability
- DDoS attack prevention - Guaranteed & Burstable bandwidth policy - “IPv6 Ready” Gold Logo
- Application & User Identity based Traffic Discovery
Web Filtering - Multi WAN bandwidth reporting Compliance
- Inbuilt Web Category Database - Category-based bandwidth restriction CE
- URL, keyword, File type block FCC
- Categories: Default(82+), Custom User Identity and Group Based Controls
- Protocols supported: HTTP, HTTPS - Access time restriction Dimensions
- Block Malware, Phishing, Pharming URLs - Time and Data Quota restriction H x W x D (inches)
- Schedule based Committed and Burstable Bandwidth 1.7 x 17.3 x 14.6
- Schedule-based access control H x W x D (cms) 4.3 x 43.9 x 37.1
- Custom block messages per category - Schedule based P2P and IM Controls Weight 6.5 kg, 14.33 lbs
- Block Java Applets, Cookies, Active X
- CIPA Compliant Networking Power
- Data leakage control via HTTP, HTTPS upload - Failover - Automated Failover/Failback, Multi-WAN Input Voltage 115-230 VAC
failover, 3GModem failover Consumption 72.1W
Application Filtering - WRR based load balancing Total Heat Dissipation (BTU) 324
- Inbuilt Application Category Database - Policy routing based on Application and User
- Application Categories: e.g. Gaming, IM, P2P, - IP Address Assignment - Static, PPPoE, L2TP, PPTP & Environmental
Proxy : 11+ DDNS Client, Proxy ARP, DHCP server, DHCP relay Operating Temperature 5 to 40 °C
- Schedule-based access control - Support for HTTP Proxy Storage Temperature 0 to 70 °C
- Block - Dynamic Routing: RIP v1& v2, OSPF, BGP, Multicast Relative Humidity (Non condensing) 10 to 90%
- P2P applications e.g. Skype Forwarding
- Anonymous proxies e.g. UItra surf - Parent Proxy support with FQDN
- “Phone home” activities - “IPv6 Ready” Gold Logo
- Keylogger
- Layer 7 (Applications) & Layer 8 (User - Identity)
Visibility
*If Enabled, will bypass traffic only in case of power failure. ##Subscription available in all the Models of CR50ia & above. For further details refer to WAF Datasheet.
**Antivirus, IPS and UTM performance is measured based on HTTP traffic as per RFC 3511 guidelines. Actual performance may vary depending on the real network traffic environments.
***Additional Purchase Required. #3G card and modem details are not included. See http://www.cyberoam.com for supported USB devices.
Toll Free Numbers C o p y r i g h t © 1999-2012 E l i t e c o r e Te c h n o l o g i e s Pvt. L t d. A l l R i g h t s R e s e r v e d.
Cyberoam and Cyberoam logo are registered trademark of Elitecore Technologies Pvt. Ltd. Although
USA : +1-800-686-2360 | India : 1-800-301-00013 Elitecore has attempted to provide accurate information, Elitecore assumes no responsibility for accuracy
or completeness of information neither is this a legally binding representation. Elitecore has the right to
APAC/MEA : +1-877-777-0368 | Europe : +44-808-120-3958 change,modify, transfer or otherwise revise the publication without notice. PL-10-1000252-100602 Unified Threat Management
www.cyberoam.com I sales@cyberoam.com Elitecore Product