Cyberoam NGFW
Next-Generation Firewalls for Enterprise networks
Future-ready
Feature Specifications
Tech Sheet
The mobilization of workforce, increasing number of external users like customers and partners and trends like rise in number of network users and devices, application explosion, virtualization, and more are leading to loss of security controls for enterprises over their networks.
Cyberoam Next-Generation Firewalls (NGFW) with Layer 8 Identity-based technology offer actionable intelligence and controls to enterprises that allow complete security controls over L2-L8 for their future-ready security. Cyberoam’s Human Layer 8 acts like a standard abstract layer that binds with real Layers 2-7, enabling organizations to regainlost security controls.
Cyberoam NGFW offers inline application inspection and control, website filtering, HTTPS inspection, Intrusion Prevention System, VPN (IPSec and SSL) and granular bandwidth controls. Additional features likeWAF, FleXi Ports, Gateway Anti-Virus, Anti-Spam are also available.
Cyberoam security appliances offer high performance, assured Security, Connectivity and Productivity and an Extensible Security Architecture (ESA) for future-ready security in enterprises.
Stateful Inspection Firewall
- Layer 8 (User - Identity) Firewall
- Multiple Security Zones
- Access Control Criteria (ACC) : User-Identity, Source and
Destination Zone, MAC and IP address, Service
- Security policies - IPS, Web Filtering, Application Filtering, Anti-
virus, Anti-spam and Bandwidth Management
- Application (Layer 7) Control and Visibility
- Access Scheduling
- Policy based Source and Destination NAT
- H.323, SIP NAT Traversal
- 802.1q VLAN Support
- DoS and DDoS attack prevention
- MAC and IP-MAC filtering and Spoof prevention
Application Filtering
- Inbuilt Application Category Database
- 2,000+ Applications Supported
- Schedule-based access control
- Block
- Proxy and Tunnel
- File Transfer
- Social Networking
- Streaming Media
- Layer 7 (Applications) & Layer 8 (User - Identity) Visibility
- Securing SCADA Networks
- SCADA/ICS Signature-based Filtering for Protocols -
Modbus, DNP3, IEC, Bacnet, Omron FINS, Secure DNP3,
Longtalk
- Control various Commands and Functions
Intrusion Prevention System (IPS)
- Signatures: Default (4500+), Custom
- IPS Policies: Multiple, Custom
- User-based policy creation
- Automatic real-time updates from CRProtect networks
- Protocol Anomaly Detection
- DDoS attack prevention
- SCADA-aware IPS with pre-defined category for ICS and SCADA
signatures
User Identity-based and Group-based Controls
- Access time restriction
- Time and Data Quota restriction, P2P and IM Controls
- Schedule-based Committed and Burstable Bandwidth
Administration and System Management
-Web-based configuration wizard
- Role-based Access control
- Firmware Upgrades viaWeb UI
-Web 2.0 compliant UI (HTTPS)
- UI Color Styler
- Command line interface (Serial, SSH, Telnet)
- SNMP (v1, v2, v3)
- Multi-lingual support: English, Chinese, Hindi, French, Japanese
- Cyberoam Central Console (Optional)
- NTP Support
User Authentication
- Internal database
- Active Directory Integration
- Automatic Windows Single Sign On
- External LDAP/RADIUS database Integration
- Thin Client support - Microsoft Windows Server 2003 Terminal
Services and Citrix XenApp
- RSA SecurID support
- External Authentication - Users and Administrators
- User/MAC Binding
- Multiple Authentication servers
| 
