FleXi Ports Module

8-port 1 GbE Copper Module 8-port 1 GbE Fiber Module 4-port 10 GbE Fiber Module
CR500iNG-XP

Next-Generation Firewall for Enterprise Networks CR500iNG-XP Data Sheet

The mobilization of workforce has led to demand for anytime-anywhere access to network resources. This,
along with increasing number of users like customers and partners connecting to an enterprise network
from outside, and trends like rise in number of network users and devices, application explosion,
virtualization, and more are leading to loss of security controls for enterprises over their networks.
Cyberoam Next-Generation Firewalls (NGFW) with Layer 8 Identity-based technology offer
actionable intelligence and controls to enterprises that allow complete security controls over L2-
L8 for their future-ready security. Cyberoams Human Layer 8 acts like a standard abstract
layer that binds with real Layers 2-7, enabling organizations to regain lost security controls.
Next-Generation Firewall
Cyberoam CR500iNG-XP offers inline application inspection and control, website for Enterprises:
filtering, HTTPS inspection, Intrusion Prevention System, VPN (IPSec and SSL) and
granular bandwidth controls. Additional security features like WAF, Gateway Anti-
Offering Actionable Intelligence and Controls
Virus, Anti-Spam are also available. The FleXi Ports (XP) available in
CR500iNG-XP appliances offer flexible network connectivity with I/O slots
that allow additional Copper/Fiber 1G/10G ports on the same security
appliance. Cyberoam's Layer 8 Technology treats
User Identity as the 8th Layer in the
Cyberoam security appliances offer high performance, assured protocol stack
Security, Connectivity and Productivity and an Extensible
Security Architecture (ESA) for future-ready security in
enterprises. L8 USER

L7 Application
VPNC
CERTIFIED
SSL
Portal
L6 Presentation ASCII, EBCDIC, ICA
Cyberoam NGFW offers security
SSL
Exchange

SSL
Firefox
L5 Session L2TP, PPTP
COMMON CRITERIA
CERTIFIED
VPNC
CERTIFIED
Basic
SSL
JavaScript

SSL Basic
across Layer 2-Layer 8 using
Network Extension
EAL4+
Identity-based policies
Interop

www.check-mark.com
AES
Interop
SSL Advanced
Network Extension L4 Transport TCP, UDP

L3 Network 192.168.1.1

L2 Data Link 00-17-BB-8C-E3-E7

L1 Physical

Cyberoam NGFWs assure Security, Connectivity, Productivity

Security Connectivity Productivity

Network Security Business Continuity Employee Productivity
- Firewall - Multiple Link Management - Content Filtering
- Intrusion Prevention System - High Availability - Instant Messaging Archiving & Controls
- Web Application Firewall
Network Availability IT Resource Optimization
Administrative Security - VPN - Bandwidth Management
- Next-Gen UI - 3G/4G/WiMAX Connectivity - Traffic Discovery
- iView- Logging & Reporting - Application Visibility & Control
Future-ready Connectivity
Content Security - IPv6 Ready Gold Logo Administrator Productivity
- Anti-Virus/Anti-Spyware - FleXi Ports (XP) - Next-Gen UI
- Anti-Spam (Inbound/Outbound)
- HTTPS/SSL Content Security
 Specification
Interfaces Terminal Services and Citrix XenApp - Novell eDirectory Gateway Anti-Virus & Anti-Spyware
Maximum number of Available Ports 24 - RSA SecurID support - Virus, Worm, Trojan: Detection and Removal
Fixed Copper GbE Ports 8 - External Authentication - Users and Administrators - Spyware, Malware, Phishing protection
Number of Slots for FleXi Ports Module* 2 - User/MAC Binding - Automatic virus signature database update
Port Options for FleXi Ports Module 8/8/4 - Multiple Authentication servers - Scans HTTP, HTTPS, FTP, SMTP, POP3, IMAP, IM,
(GbE Copper/GbE Fiber/10GbE Fiber) VPN Tunnels
Console Ports (RJ45) 1 Logging and Monitoring - Customize individual user scanning
Configurable Internal/DMZ/WAN Ports Yes - Graphical real-time and historical monitoring - Self Service Quarantine area
USB Ports 2 - Email notification of reports, gateway status, viruses and - Scan and deliver by file size
Hardware Bypass Segment
**
2 attacks - Block by file types
- Add disclaimer/signature
- Syslog support
System Performance*** - Log Viewer - Firewall, IPS, Web filter, WAF, Anti Virus, Anti
Firewall Throughput (UDP) (Mbps) Gateway Anti-Spam
18,000 Spam, Authentication, System and Admin Events
Firewall Throughput (TCP) (Mbps) - Inbound/Outbound Scanning
16,000
New sessions/second - Real-time Blacklist (RBL), MIME header check
100,000
TM
Cyberoam
On-Appliance Cyberoam-iView Reporting VIEW - Filter based on message header, size, sender, recipient
Concurrent sessions 2,500,000 - Integrated Web-based Reporting tool -
IPSec VPN Throughput (Mbps) - Subject line tagging
1,500 Cyberoam-iView
No. of IPSecTunnels - IP address Black list/White list
1,000 - 1200+ drilldown reports
SSL VPN Throughput (Mbps) - Redirect Spam mails to dedicated email address
650 - 45+ Compliance Reports
WAF Protected Throughput (Mbps) - Image-based Spam filtering using RPD Technology
1,500 - Historical and Real-time reports
Anti-Virus Throughput (Mbps) - Zero hour Virus Outbreak Protection
3,500 - Multiple Dashboards
IPS Throughput (Mbps) - Self Service Quarantine area
4,500 - Username, Host, Email ID specific Monitoring
NGFW Throughput (Mbps)
**** - Spam Notification through Digest
3,250 Dashboard
Fully Protected Throughput (Mbps)
***** - IP Reputation-based Spam filtering
1,650 - Reports - Security, Virus, Spam, Traffic, VPN,
Search Engine keywords Wireless WAN
Stateful Inspection Firewall - Multi-format reports - tabular, graphical
- Layer 8 (User - Identity) Firewall - USB port 3G/4G and Wimax Support
- Exportable formats - PDF, Excel - Primary WAN link
- Multiple Security Zones - Automated Report Scheduling
- Access Control Criteria (ACC) : User - Identity, Source - WAN Backup link
and Destination Zone, MAC and IP address, Service Virtual Private Network
- Security policies - IPS, Web Filtering, Application Networking
- IPSec, L2TP, PPTP - Failover - Automated Failover/Failback, Multi-WAN
Filtering, Anti-Virus, Anti-Spam and Bandwidth - Encryption - 3DES, DES, AES, Twofish, Blowfish,
Management Failover, 3G/4G Modem Failover
Serpent - WRR based load balancing
- Application (Layer 7) Control and Visibility - Hash Algorithms - MD5, SHA-1
- Access Scheduling - Policy routing based on Application and User
- Authentication - Preshared key, Digital certificates - IP Address Assignment - Static, PPPoE, L2TP, PPTP &
- Policy based Source and Destination NAT - IPSec NAT Traversal
- H.323, SIP NAT Traversal DDNS Client, Proxy ARP, DHCP server, DHCP relay
- Dead peer detection and PFS support - Support for HTTP Proxy
- 802.1q VLAN Support - Diffie Hellman Groups - 1,2,5,14,15,16
- DoS and DDoS Attack prevention - Dynamic Routing: RIP v1 and v2, OSPF, BGP, Multicast
- External Certificate Authority support Forwarding
- MAC and IP-MAC filtering and Spoof prevention - Export Road Warrior connection configuration - Parent Proxy support with FQDN
- Domain name support for tunnel end points - IPv6 Ready Gold Logo
Application Filtering - VPN connection redundancy
- Inbuilt Application Category Database - Overlapping Network support
- 2,000+ Applications Supported - Hub and Spoke VPN support High Availability
- Schedule-based access control - Active-Active
- Block - Active-Passive with State Synchronization
SSL VPN
- Proxy and Tunnel - Stateful failover
- TCP and UDP Tunneling
- File Transfer - Alerts on appliance status change
- Authentication - Active Directory, LDAP, RADIUS,
- Social Networking Cyberoam (Local) ******
- Streaming Media - Multi-layered Client Authentication - Certificate, IPSec VPN Client
- Layer 7 (Applications) & Layer 8 (User - Identity) Visibility Username/Password - Inter-operability with major IPSec VPN Gateways
- Securing SCADA Networks - User and Group policy enforcement - Supported platforms: Windows 2000, WinXP 32/64-bit,
- SCADA/ICS Signature-based Filtering for Protocols - Network access - Split and Full tunneling Windows 2003 32-bit, Windows 2008 32/64-bit, Windows
- Modbus, DNP3, IEC, Bacnet, Omron FINS, Secure - Browser-based (Portal) Access - Clientless access Vista 32/64-bit, Windows 7 32/64-bit
DNP3, Longtalk - Lightweight SSL VPN Tunneling Client - Import Connection configuration
- Control various Commands and Functions - Granular access control to all the enterprise network
resources Certification
Intrusion Prevention System (IPS) - Administrative controls - Session timeout, Dead Peer - Common Criteria - EAL4+
- Signatures: Default (4500+), Custom Detection, Portal customization - ICSA Firewall - Corporate
- IPS Policies: Multiple, Custom - TCP- based Application Access - HTTP, HTTPS, RDP, - Checkmark Certification
- User-based policy creation TELNET, SSH - VPNC - Basic and AES interoperability
- Automatic real-time updates from CRProtect networks - IPv6 Ready Gold Logo
- Protocol Anomaly Detection Web Filtering
- DDoS attack prevention - Inbuilt Web Category Database Hardware Specifications
- SCADA-aware IPS with pre-defined category for ICS and - URL, keyword, File type block Memory 4GB
SCADA signatures - Categories: Default(89+), Custom Compact Flash 4GB
- Protocols supported: HTTP, HTTPS HDD 250GB or higher
User Identity and Group Based Controls - Block Malware, Phishing, Pharming URLs
- Access time restriction - Schedule-based access control Compliance
- Time and Data Quota restriction - Custom block messages per category CE
- Schedule-based Committed and Burstable Bandwidth - Block Java Applets, Cookies, Active X FCC
- Schedule-based P2P and IM Controls - CIPA Compliant UL
- Data leakage control via HTTP, HTTPS upload
Administration and System Management Dimensions
- Web-based configuration wizard Bandwidth Management H x W x D (inches) 1.7 x 17.44 x 18.75
- Role-based access control - Application and User Identity based Bandwidth H x W x D (cms) 4.4 X 44.3 X 47.62
- Firmware Upgrades via Web UI Management Weight 5.1 kg, 11.24 lbs
- Web 2.0 compliant UI (HTTPS) - Guaranteed and Burstable bandwidth policy
- UI Color Styler - Application and User Identity based Traffic Discovery Power
- Command Line Interface (Serial, SSH, Telnet) - Multi WAN bandwidth reporting Input Voltage 100-240 VAC
- SNMP (v1, v2, v3) - Category-based bandwidth restriction Consumption 208W
- Multi-lingual support: English, Chinese, Hindi, French, Total Heat Dissipation (BTU) 345
Japanese Web Application Firewall
- Cyberoam Central Console (Optional) - Positive Protection model Environmental
- Network Time Protocol Support - Unique "Intuitive Website Flow Detector" technology Operating Temperature 0 to 40 C
- Protection against SQL Injections, Cross-site Scripting Storage Temperature 0 to 70 C
User Authentication (XSS), Session Hijacking, URL Tampering, Cookie Relative Humidity (Non condensing) 10 to 90%
- Internal database Poisoning, etc.
- Active Directory Integration - Support for HTTP 0.9/1.0/1.1
- Automatic Windows Single Sign On
- External LDAP/RADIUS database integration
- Thin Client support - Microsoft Windows Server
2003/2008
* ** ***
Additional purchase required. FleXi Ports are not HOT swappable. Appliance needs to be turned off prior to changing the FleXi Ports Module. If Enabled, will bypass traffic only in case of power failure. Antivirus, IPS and Fully
****
Protected Throughput performance is measured based on HTTP traffic as per RFC 3511 guidelines. Actual performance may vary depending on the real network traffic environments. NGFW throughput is measured with Firewall,
***** ******
IPS and Web & Application Filtering features turned on. Fully Protected Throughput is measured with Firewall, IPS, Web & Application Filtering and Anti-Virus features turned on. Additional Purchase Required.

Toll Free Numbers C o p y r i g h t 1999-2014 Cyberoam Te c h n o l o g i e s Pvt. L t d. A l l R i g h t s R e s e r v e d.

Cyberoam and Cyberoam logo are registered trademark of Cyberoam Technologies Pvt. Ltd. Although
USA : +1-800-686-2360 | India : 1-800-301-00013 Cyberoam has attempted to provide accurate information, Cyberoam assumes no responsibility for accuracy
or completeness of information neither is this a legally binding representation. Cyberoam has the right to
APAC/MEA : +1-877-777-0368 | Europe : +44-808-120-3958 change,modify, transfer or otherwise revise the publication without notice. AR-10-1000252-130128

www.cyberoam.com I sales@cyberoam.com