Açıklama

Stateful Inspection Firewall

• Layer 8 (User – Identity) Firewall
• Multiple Security Zones

Application Filtering

• Layer 7 (Applications) & Layer 8 (User – Identity) Control and Visibility
• Inbuilt Application Category Database
• Control over 2,000+ Applications classified in 21 Categories
• Filter based selection: Category, Risk Level, Characteristics and Technology
• Schedule-based access control
• Visibility and Controls for HTTPS based Micro-Apps like Facebook chat, Youtube video upload
• Securing SCADA Networks
  • SCADA/ICS Signature-based Filtering for Protocols Modbus, DNP3, IEC, Bacnet, Omron FINS, Secure DNP3, Longtalk
  • Control various Commands and Functions

Web Application Firewall

• Positive Protection model
• Unique “Intuitive Website Flow Detector” technology
• Protection against SQL Injections, Cross-site Scripting (XSS), Session Hijacking, URL Tampering, Cookie

High Availability

• Active-Active
• Active-Passive with state synchronization
• Stateful Failover with LAG Support

Administration & System Management

• Web-based configuration wizard
• Role-based Access control
• Support of API
• Firmware Upgrades via Web UI
• Web 2.0 compliant UI (HTTPS)
• UI Color Styler
• Command Line Interface (Serial, SSH, Telnet)
• SNMP (v1, v2c)
• Multi-lingual : English, Chinese, Hindi, French, Japanese
• Cyberoam Central Console (Optional)

User Authentication

• Internal database
• AD Integration and OU-based Security Policies
• Automatic Windows/RADIUS Single Sign On
• External LDAP/LDAPS/RADIUS database Integration

• Location-aware and Device-aware Identity-based Access

Control Policy

• Access Control Criteria (ACC): User-Identity, Source and Destination Zone, MAC and IP address, Service
• Security policies – IPS, Web Filtering, Application Filtering, Anti-virus, Anti-spam and QoS
• Country-based Traffic Control
• Access Scheduling
• Policy based Source and Destination NAT, Gateway Specific NAT Policy
• 323, SIP NAT Traversal
• DoS and DDoS attack prevention
• MAC and IP-MAC filtering
• Spoof Prevention

Intrusion Prevention System

• Signatures: Default (4500+), Custom
• IPS Policies: Pre-configured Zone-based multiple policies, Custom
• Filter based selection: Category, Severity, Platform and Target (Client/Server)
• IPS actions: Recommended, Allow Packet, Drop Packet, Disable, Drop Session, Reset, Bypass Session
• User-based policy creation
• Automatic signature updates via Cyberoam Threat Research Labs
• Protocol Anomaly Detection
• SCADA-aware IPS with pre-defined category for ICS and SCADA signatures

Gateway Anti-Virus & Anti-Spyware

• Virus, Worm, Trojan Detection and Removal
• Spyware, Malware, Phishing protection
• Automatic virus signature database update
• Scans HTTP, HTTPS, FTP, SMTP/S, POP3, IMAP, IM,

VPN Tunnels

• Customize individual user scanning
• Self Service Quarantine area
• Scan and deliver by file size
• Block by file types

Gateway Anti-Spam

• Inbound and Outbound Scanning
• Real-time Blacklist (RBL), MIME header check
• Filter based on message header, size, sender, recipient
• Subject line tagging
• Language and Content-agnostic spam protection using RPD Technology
• Zero Hour Virus Outbreak Protection
• Self Service Quarantine area
• IP address Black list/White list
• Spam Notification through Digest
• IP Reputation based Spam filtering

Web Filtering

• On-Cloud Web Categorization
• Controls based on URL, Keyword and File type

Poisoning etc.

• Support for HTTP 9/1.0/1.1
• Back-end servers supported: 5 to 300 servers

Virtual Private Network

• IPSec, L2TP, PPTP
• Encryption – 3DES, DES, AES, Twofish, Blowfish, Serpent
• Hash Algorithms – MD5, SHA-1
• Authentication: Preshared key, Digital certificates
• IPSec NAT Traversal
• Dead peer detection and PFS support
• Diffie Hellman Groups – 1, 2, 5, 14, 15, 16
• External Certificate Authority support
• Export Road Warrior connection configuration
• Domain name support for tunnel end points
• VPN connection redundancy
• Overlapping Network support
• Hub & Spoke VPN support
• Threat Free Tunnelling (TFT) Technology

SSL VPN

• TCP & UDP Tunnelling
• Authentication – Active Directory, LDAP, RADIUS, Cyberoam (Local)
• Multi-layered Client Authentication – Certificate, Username/Password
• User & Group policy enforcement
• Network access – Split and Full tunnelling
• Browser-based (Portal) Access – Clientless access
• Lightweight SSL VPN Tunnelling Client
• Granular access control to all the enterprise network resources
• Administrative controls – Session timeout, Dead Peer Detection, Portal customization
• TCP based Application Access – HTTP, HTTPS, RDP, TELNET, SSH

Wireless WAN

• USB port 3G/4G and WiMAX Support
• Primary WAN link
• WAN Backup link

Bandwidth Management

• Application, Web Category and Identity based Bandwidth Management
• Guaranteed & Burstable bandwidth policy
• Application & User Identity based Traffic Discovery
• Data Transfer Report for multiple Gateways

Networking

• WRR based Multilink Load Balancing
• Automated Failover/Failback
• Interface types: Alias, Multiport Bridge, LAG (port trunking), VLAN, WWAN, TAP
• DNS-based inbound load balancing
• IP Address Assignment – Static, PPPoE (with Schedule

• Thin Client support
• 2-factor authentication: 3rd party support**
• SMS (Text-based) Authentication
• Layer 8 Identity over IPv6
  • Secure Authentication – AD, LDAP, Radius
  • Clientless Users
  • Authentication using Captive Portal

Logging/Monitoring

• Real-time and historical Monitoring
• Log Viewer – IPS, Web filter, WAF, Anti-Virus, Anti-Spam, Authentication, System and Admin Events
• Forensic Analysis with quick identification of network attacks and other traffic anomalies
• Syslog support
• 4-eye Authentication

On-Appliance Cyberoam-iView Reporting

• Integrated Web-based Reporting tool
• 1,200+ drilldown reports
• Compliance reports – HIPAA, GLBA, SOX, PCI, FISMA
• Zone based application reports
• Historical and Real-time reports
• Default Dashboards: Traffic and Security
• Username, Host, Email ID specific Monitoring Dashboard
• Reports – Application, Internet & Web Usage, Mail Usage, Attacks, Spam, Virus, Search Engine, User Threat Quotient (UTQ) for high risk users and more
• Client Types Report including BYOD Client Types
• Multi-format reports – tabular, graphical
• Export reports in – PDF, Excel, HTML
• Email notification of reports
• Report customization – (Custom view and custom logo)
• Supports 3rd party PSA Solution – ConnectWise

IPSec VPN Client***

• Inter-operability with major IPSec VPN Gateways
• Import Connection configuration

Certification

• Common Criteria – EAL4+
• ICSA Firewall – Corporate
• Checkmark Certification
• VPNC – Basic and AES interoperability
• IPv6 Ready Gold Logo
• Global Support Excellence – ITIL compliance (ISO 20000)

• Web Categories: Default (89+), External URL Database, Custom
• Protocols supported: HTTP, HTTPS
• Block Malware, Phishing, Pharming URLs
• Block Java Applets, Cookies, Active X, Google Cache pages
• CIPA Compliant
• Data leakage control by blocking HTTP and HTTPS upload
• Schedule-based access control
• Custom Denied Message per Web Category
• Safe Search enforcement, YouTube for Schools

Management), L2TP, PPTP & DDNS, Client, Proxy ARP,

Multiple DHCP Servers support, DHCP relay

• Supports HTTP Proxy, Parent Proxy with FQDN
• Dynamic Routing: RIP v1& v2, OSPF, BGP, PIM-SIM, Multicast Forwarding
• Discover mode for PoC Deployments
• IPv6 Support:
  • Dual Stack Architecture: Support for IPv4 and IPv6 Protocols
  • Management over IPv6
  • IPv6 Route: Static and Source
  • IPv6 tunneling (6in4, 6to4, 6rd, 4in6)
  • Alias and VLAN
  • DNSv6 and DHCPv6 Services
  • Firewall security over IPv6 traffic
  • High Availability for IPv6 networks