Cyberoam CR35iNG review

Too many SMB security appliances are overpriced and underpowered, but Cyberoam’s latest NG Series of security appliances aims to change the landscape. In this exclusive review we test the CR35iNG, which claims a high firewall throughput of 2.3Gbits/sec and offers it at a surprisingly low price.

This compact desktop unit is equipped with a 1.4GHz AMD G-Series T48L processor and 1GB of DDR3 RAM. Cyberoam’s operating system is installed on a 2GB CompactFlash card and there’s an internal 250GB SATA hard disk as well. This serves a number of roles: it can be used as an internal email quarantine area, and to store all the system’s iView Syslog server reports.

The CR35iNG delivers plenty of security measures, including an SPI firewall, antivirus, anti-spam, anti-spyware, IPS, IM and web content filtering, IPsec VPNs and traffic management. The appliance costs £656 exc VAT, and you can pick which services you want to add to it.

The three-year Total Value Subscription, which costs £759, is worth considering since it enables all security services and includes support eight hours a day, five days a week, and a hardware warranty. Cyberoam also offers an optional web application firewall to protect web servers, which costs £417 for a three-year subscription.

The appliance can operate in routed or transparent bridge modes, so you can either use it as a firewall or place it behind an existing one. We opted for routed mode during installation and, after providing IP addresses for the LAN and WAN interfaces, were able to start the appliance in passive mode or apply one of two default security policies to traffic.

The appliance uses Cyberoam’s superb identity-based security, which links policies to users and groups rather than just systems. Three user types are supported when logging on to the appliance via the Corporate Client software.

You can apply web filtering, internet access and bandwidth usage policies on a per-user or group basis. It’s even possible to specify limits on uploads and downloads, with different values applied for daily, weekly, monthly and yearly periods.

Anti-spam measures are equally wide-ranging. For SMTP traffic, it’s possible to move suspect messages to the quarantine area of the hard disk. A spam digest service is provided, which emails reports to users detailing messages that have been quarantined.

Firewall rules use port zones to define sources and destinations, and can specify networks and hosts, too. They can also apply service filters, blocking actions and time schedules. Advanced rules enable antivirus and anti-spam functions and policies for intrusion detection, and allow you to limit internet access and apply bandwidth restrictions.

Cyberoam’s IM rules can be used to control logins and block or allow text chats, file transfer and webcam sharing. One option enables all IM traffic to be scanned from within a firewall policy; with this option selected, our Windows Live Messenger users received a pop-up message from Cyberoam’s service advising their conversations were being monitored.

For performance testing, we hooked up the CR35iNG to the lab’s Ixia XM2 chassis and its Xcellon-Ultra NP load modules. To assess raw firewall throughput, we created a test using the same 1,518-byte UDP packets as Cyberoam: we saw IxLoad confirm averages of 2.3Gbits/sec.

Testing using UDP packets gives only an indication of raw throughput, however; we also wanted to see how the CR35iNG coped with real-world web traffic. We created a new test simulating web clients on one load module port, accessing web servers over HTTP port 80 on another.

The IxLoad utility recorded a high top throughput of 800Mbits/sec. With AV scanning for HTTP enabled in the firewall rule, we saw around 520Mbits/sec – close to Cyberoam’s claimed figures. This is impressive performance, almost three times faster than its competitor, the Dell SonicWALL NSA 2400MX, and yet the CR35iNG costs less than half as much.

The new hardware platform for the CR35iNG sets new standards for performance. Combine this with a comprehensive set of features and a reasonable price and its A-List place is secure. For SMBs, there’s nothing else that comes close.

Author: Dave Mitchell