The Cyberoam series of security appliances provide multiple potential functions at the Internet gateway, including anti-spam, anti-virus, content filtering, firewalling, and VPN connectivity. The devices are typically deployed at the edge of the network, and support deployment as routers or as transparent bridges. Multiple sizes of the device are offered, targeting small to large organizations.

A key feature of the device as touted by the vendor is its identity awareness, facilitated by the device's support for dynamic user-to-IP mapping. User authentication is facilitated by an internal user database, Windows Domain Controller and Active Directory, or LDAP/RADIUS support; and rules can be defined for each of the primary functions based on defined users or groups. Single sign-on is supported.

Key functions of the device and their primary features include:

- SPI firewall, with the ability to define and enforce rules based on user, source/destination zone and IP address, and service. The firewall further includes DoS prevention capabilities and supports NAT.

- IPSec VPN, including support for both tunneling and transport mode, and supporting the native Windows IPSec Client, Cyberoam Secure Client (Windows) and other IPSec VPN clients.

- Intrusion Detection/Prevention, based on the vendor's "two point" processing which includes support for the creation of multiple policies (based on the signature, source and destination), and identification and reporting of individual users.

- Anti-Virus (Kaspersky) including real-time scanning of HTTP, FTP, POP3, SMTP, and IMAP traffic. The Anti-Virus mechanism uses both signature identification and heuristic detection; the signature DB is updated automatically.

- Anti-Spam, including support for RBLs; MIME header checks; filtering based on header, size, sender, or recipient; IP-based black and whitelisting; subject line tagging; and redirection support.

- Web content filtering, with support for URL, keyword, or file type blocking. Policies can include time as a metric, and the platform additionally supports the automatic identification of and policy application to multiple types of traffic beyond HTTP; including IM (AOL, Yahoo, MSN Messenger, Google Talk), P2P, FTP, audio/video, and others.

Other features of the appliance include a spyware blocker (identification of files and blocking connection to known sites); policy-based bandwidth management; and reporting functions that detail traffic metrics and user activities.

The CR series is currently offered in 7 possible models, ranging from the desktop-model 4 (10/100) port CR 25i to the 2U CR 1500i, with 10 10/100/1000 ports and 2 SFP (Mini GBIC) ports. The newest appliance models boast dual and quad-core processors for performance ranging to 3 Gb/sec IPS and 600 Mb/sec of UTM throughput over HTTP. The CR500i boasts a dual core processor; while the CR1000i and CR1500i boast single and dual quad-core processors, respectively.

Visit the vendor's Web site for further information.