The CR200iNG-XP is the newest addition to Cyberoam’s UTM range, and is designed to grow with businesses. The appliance comes with six Gigabit ports as standard and
its FleXi Port slot supports a range of additional expansion modules, including a four-port 10GbE model.
The CR200iNG-XP offers an impressive range of security measures including an SPI firewall, antivirus, anti-spam, anti-spyware, IPS, IM and web content filtering, IPsec VPNs and traffic management. For the appliance only, it’ll set you back $4,650.
Cyberoam’s Total Value Subscription (TVS) enables all security services and adds five-day-per-week, eight-hour-per-day support, in addition to the hardware warranty – with Comprehensive Value Subscription (CVS), the price is $8,900.
A 4GB CompactFlash card runs Cyberoam’s OS, and has a 250GB hard disk that is used for multiple roles. It can act as an internal email-quarantine area, and Cyberoam’s onboard iView syslog server stores its reports there.
This is not a cheap appliance, but the CR200iNG-XP offers UDP firewall and UTM throughputs of almost 9.8Gbits/sec and 1.2Gbits/sec respectively.
The appliance supports routed or transparent bridge modes, and can be used as a firewall or placed behind an existing one. Installation is deftly handled by a wizard-based setup routine, which offers a choice of operations and the option to either start in passive mode or apply one of two default security policies to all traffic.
Cyberoam’s web console is well designed. It opens with a handy dashboard showing your subscription status, CPU and memory usage, plus details on the latest security incidents. All features are easily accessible from the sidebar, and firewall rules are used to define security policies.
Each rule uses port zones to define sources, destinations, network and hosts, along with service filters, blocking actions and time schedules. Advanced rules allow you to specify antivirus and anti-spam functions, add policies for IDP, limit internet access and apply bandwidth restrictions.
Cyberoam’s identity-based security links policies to users and groups rather than only to systems. Three user types are supported where a normal user logs on to the appliance via the locally installed Corporate Client.
Controls for users and groups are impressive: you can apply web filtering, internet access and bandwidth-usage policies to each one. You can also enforce data-transfer limitations on uploads and downloads, and have daily, weekly, monthly and yearly limits.
Controls are extensive: you can apply anti-spam rules to groups or individual email addresses; quarantine suspect messages to the internal hard disk; and email your users hourly, daily or weekly spam reports.
Cyberoam’s IM rules can be used to control logins and block or allow text chats, file transfer and webcam sharing. A useful feature is the ability to have all IM traffic scanned from within a firewall policy. You can also send Windows Live Messenger users a pop-up message advising that their conversations are being monitored.
The iView syslog reporting service is invaluable. It comes as standard, and provides a wealth of information. The dashboard opens with a graphical summary of allowed and denied traffic, and clicking on any graph bar drills down into a complete breakdown of all traffic types, presented as a collection of pie charts. These provide details of protocol spreads for allowed traffic, firewall, virus and spam activity, web-content filtering, FTP, IPS and much more.
You can create custom reports, but Cyberoam already includes plenty of predefined ones: you can view host activity; general application, web and mail usage; detected attacks and spam; and even criteria being entered in a range of search engines.
Distributors Bluechip Infotech, MPA Systems, Connector Systems
RRP Appliance only: $4,650, With CVS (Comprehensive Value Subscription) for one year: $8,900
Launched June 2013
Next product below CR100iNG
Next product above CR300iNG-XP
The reviewers say “Stacked up against rival UTM security appliances, the CR200iNG-XP is competitively priced – and very easy to deploy. It provides an extensive range of security measures, integral reporting is provided as standard, and its FleXi Port offers a good 10GbE upgrade path.”