Cyberoam CR2500iNG UTM Review

The CR2500iNG UTM boasts of a slew of security and threat prevention features and even integrated identity-based controls. This enterprise class UTM provides a stateful inspection firewall, a full gateway anti-malware suite, anti-spam, an intrusion prevention system, SSL VPN, controls for instant messaging applications, and even a web application firewall. This device is indeed a no compromise device in terms of hardware configuration.

For instance, it contains a large number of different types of network ports, which are listed below:

1. 14 1 GbE ports

2. 4 1 GbE SFP (Mini GBIC) ports

3. 4 10 GbE SFP (Mini GBIC) ports

4. 1 Console Port (RJ45)

5. 2 USB Ports

These ports along with the remaining hardware allows this device to handle a whopping 3,500,000 concurrent sessions according to Cyberoam. We didn’t have the bandwidth to actually test this claim, but even if 90% of this is achieved, it’s a lot.

The device provides inline application inspection and control, HTTPS inspection, an Intrusion Prevention System, malware protection, secure remote access via VPN (IPSec and SSL) and granular bandwidth controls. Apart from this, the device offers administrative and content security. Plus, it offers IPv6 protection, and supports IT resource optimization to manage bandwidth, discover traffic, application visibility and control.

Deployment and configuration: CR2500iNG is easy to deploy and configure. You simply connect it to the network and browse to the default IP address with a web browser from a machine that’s connected to the same network. When you access the web-based interface, first time, it will take you to the through a brief setup wizard that will guide you to set up the basic appliance configuration as well as put a base security policy in place. It has a re-designed interface that makes navigation a breeze.

The UTM can be deployed in two different modes: Gateway and Bridge. If you want to replace your existing firewall, router and perimeter security device, then you have to set it up in gateway mode, but if you want to add an additional security device, then you need to choose the Bridge mode.

The UTM let's you create a trusted ARP list. any machine outside of this list is not assigned an IP address.

Performance: After setting up the appliance on our test network, we registered and synchronized the device. And before running any tests, we added the required policies and created a machine with different types of viruses (macros, zipped files, etc). We then tried to download these viruses from the machine through the UTM. The security appliance effectively blocked more than 80% of the viruses and displayed a custom message.

We then used a POP3 server to test its anti-spam capabilities, and dumped spam mails into it. When we tried to download these mails, the CR2500iNG appliance scanned and tagged them. It even blocked harmful web sites and other objectionable content from the web.

The UTM has re-designed its GUI interface,which makes it extremely easy to use. the left side shows some of the security features offered by the advice ,while the dashboard on the right shows message alerts, and system's CPU and memory usage.

Cyberoam claims that to protect yourself against ARP Spoofing, you should maintain a trusted ARP List. This way, any machine outside of this list wont be assigned an IP address from your network. We tested this claim and it worked fine. The UTM allowed access to the machine that was already in its trusted list, but didnt assign an IP to the one that wasnt. However, if somebody manages to assign a static IP to this machine and runs an ARP Spoof attack, then the UTM cant do much about it. In such a case, you’ll have to resort to additional third party tools to detect and counter ARP poisoning attacks.