Cyberoam 750ia review

By Dave Mitchell, 21 Dec 2010

Rating:

Can Cyberoam’s latest UTM appliance keep your users under control with its identity based security approach? Read this exclusive review of the CR750ia to find out.

Indian company Cyberoam has been making a big play for the UK security appliance market over the past couple of years and a key feature of all its appliances is identity base security. This isn’t new as most established network security vendors allow policies to be applied to users and groups rather than just systems or IP addresses. However, Cyberoam aims to go further by offering far greater levels of control over what your users can do.

In this exclusive review we look at the CR750ia which is aimed at mid-sized businesses and enterprises. This 1U rack appliance is endowed with a good hardware specification including dual hot-plug power supplies and any of its fourteen Gigabit ports can be configured for LAN, WAN or DMZ duties as required.

The CR750ia provides the full gamut of security services which starts with an SPI firewall and support for IPsec VPNs. To these you can add a choice selection of features including anti-virus, anti-spam, IPS, SSL VPNs and filtering for web content and applications.

The appliance supports both routed and transparent bridge modes and we opted for the latter which only took a few minutes to deploy in the lab. The web interface begins with a wizard and after providing IP addresses for the LAN and WAN ports we could start the appliance in passive mode or apply one of two default security policies to all traffic.

Cyberoam has redesigned the main web interface which now opens with a new dashboard view. This clearly shows all detected threats such as viruses, spyware and DoS attacks, details about the appliance and the status of subscriptions. The previous interface focused on web activity and users' surfing patterns and wasn’t as useful.

User authentication supports AD, NT domain, LDAP and RADIUS servers or you can use the appliance’s own database. An unusual feature is the option to define single IP addresses and pools and only allow some users to login from a specific group of systems or a single PC.

Cyberoam groups users into three distinct types, each with different logon requirements. Clients authenticating to an external directory server will be automatically logged in to the appliance whereas a Normal user logs on to the appliance via the locally installed Corporate Client.

We successfully tested the client on our Windows 7 systems and configured it to log in automatically in the background. Clientless users are not required to authenticate with the appliance but these can’t have surfing and data transfer quotas or Internet access time restrictions applied to them.

Controls for users and groups are a cut above the rest as we could apply web filtering, Internet access and bandwidth usage policies. You can enforce data transfer limitations on uploads and downloads and have different limits for daily, weekly, monthly and yearly usage.

For security at the interface level, any of the appliance’s ports can be grouped into zones and have general firewall rules applied to them. Rules define source and destination zones, selected services, blocking or allowing actions to specific traffic types and time schedules.

If you started with the appliance in the passive monitoring mode, remember to activate the various security services for each rule otherwise your policies won’t do anything. You can enable virus scanning for selected protocols within each rule, turn on anti-spam and IM controls and add additional policies for IPS and bandwidth restrictions.

Web filtering policy rules support HTTP and HTTPS as standard and a useful feature is the ability to assign different actions to a category. You could, for example, block HTTP access to certain web sites but allow secure HTTPS connections.

Cyberoam’s IM app controls are sophisticated as you can use rules to control the login process and block or allow text chats, file transfer and web cam sharing. Creating IM contacts and groups takes this further as different access policies can be applied to selected users and you can decide what features they may use.

Commtouch handles anti-spam so the CR750ia lets you apply a global policy to all users and fine tune it with custom policies. Scores are applied to each message and you can quarantine, drop or reject SMTP messages or tag the subject line, whilst for POP3 you can accept a suspect message or tag it.

Reporting sees some of the biggest changes with the introduction of Cyberoam’s iView. This Syslog server is integrated into the appliance where it takes all logging information and presents it in a separate web interface. The iView dashboard provides a graphical summary of allowed and denied traffic. Click on a bar graph and you’re presented with a complete breakdown of all traffic types presented as a collection of pie charts.

These provide details of protocol spreads for allowed traffic, firewall, virus and spam activity, web content filtering, FTP, IPS and much more. Cyberoam provides hundreds of predefined reports where you can view host activity, general application, web and mail usage, detected attacks and spam and even criteria being entered in a range of search engines.

Compared with the big names in network security, Cyberoam’s new CR750ia is very good value as it has a remarkable range of features for the price. Its identity based security can control virtually all user Internet activity and the new iView utility is capable of provided sophisticated reporting facilities.