Cyberoam CR250i

An identity-based UTM device for enterprises that can be integrated with ADS and has elaborative reporting services

Wednesday, September 05, 2007

Cyberoam CR250i is identity-based unified threat management solution for enterprises. It has all the prevalent features. It has got four ports. Two of them are Gb Ethernet ports and the rest two are 10/100 Mbps ports. Each port can individually be configured for LAN, WAN and DMZ. These ports can even be configured for WAN failovers and load balancing. It also has four USB and two COM ports. The initial setup of this device is very easy. There is a setup wizard that lets you configure the device. For content filtering, it has 65 plus categories to select from, and has URL filters as well. As it is an identity-based UTM, the policies can be implemented at the user level, irrespective of IPs.

Tests and results
For testing the effectiveness of anti-virus, we started downloading viruses over HTTP and FTP. It blocked all, but 75 of them, which we will call as good. Spam-blocker also worked fine with text, image and pdf based spams. Anti-virus and anti-spam results were similar to that of Sonicwall PRO 5060. On default setting, when we ran Nessus, it showed one warning and a hole. But configuration of the device solved this issue. Then, we tried jamming the LAN ports by flooding it with a client on its private network. The port couldn't be jammed, but when we tried the same with 5 clients, the ports were blocked. We were not able to access the public network. We also tested the device for denial-of-service attack and the attack was successful. It neither logged the attack nor did it block it, although the system was always working. Then, we ran ARP spoofing attack to check the performance of its IDP. The IDP was not able to detect or block this attack.

BOTTOMLINE: It is a good buy for those who want to deploy user-level policies. The only catch is its IDP, which gives up to ARP attacks.

Page(s)   1