Skip to navigation

Cyberoam CR35iNG review

Verdict

Delivers an excellent range of security measures at a tempting price – and raises the bar for performance

Review Date: 20 Feb 2013

Reviewed By: Dave Mitchell

Price when reviewed: £1,415 (£1,698 inc VAT)

Overall Rating
6 stars out of 6

Features & Design
6 stars out of 6

Value for Money
5 stars out of 6

Performance
6 stars out of 6

Too many SMB security appliances are overpriced and underpowered, but Cyberoam’s latest NG Series of security appliances aims to change the landscape. In this exclusive review we test the CR35iNG, which claims a high firewall throughput of 2.3Gbits/sec and offers it at a surprisingly low price.

This compact desktop unit is equipped with a 1.4GHz AMD G-Series T48L processor and 1GB of DDR3 RAM. Cyberoam’s operating system is installed on a 2GB CompactFlash card and there’s an internal 250GB SATA hard disk as well. This serves a number of roles: it can be used as an internal email quarantine area, and to store all the system’s iView Syslog server reports.

The CR35iNG delivers plenty of security measures, including an SPI firewall, antivirus, anti-spam, anti-spyware, IPS, IM and web content filtering, IPsec VPNs and traffic management. The appliance costs £656 exc VAT, and you can pick which services you want to add to it.

The three-year Total Value Subscription, which costs £759, is worth considering since it enables all security services and includes support eight hours a day, five days a week, and a hardware warranty. Cyberoam also offers an optional web application firewall to protect web servers, which costs £417 for a three-year subscription.

Cyberoam CR35iNG

The appliance can operate in routed or transparent bridge modes, so you can either use it as a firewall or place it behind an existing one. We opted for routed mode during installation and, after providing IP addresses for the LAN and WAN interfaces, were able to start the appliance in passive mode or apply one of two default security policies to traffic.

The appliance uses Cyberoam’s superb identity-based security, which links policies to users and groups rather than just systems. Three user types are supported when logging on to the appliance via the Corporate Client software.

You can apply web filtering, internet access and bandwidth usage policies on a per-user or group basis. It’s even possible to specify limits on uploads and downloads, with different values applied for daily, weekly, monthly and yearly periods.

Anti-spam measures are equally wide-ranging. For SMTP traffic, it’s possible to move suspect messages to the quarantine area of the hard disk. A spam digest service is provided, which emails reports to users detailing messages that have been quarantined.

Firewall rules use port zones to define sources and destinations, and can specify networks and hosts, too. They can also apply service filters, blocking actions and time schedules. Advanced rules enable antivirus and anti-spam functions and policies for intrusion detection, and allow you to limit internet access and apply bandwidth restrictions.

Cyberoam CR35iNG

Cyberoam’s IM rules can be used to control logins and block or allow text chats, file transfer and webcam sharing. One option enables all IM traffic to be scanned from within a firewall policy; with this option selected, our Windows Live Messenger users received a pop-up message from Cyberoam’s service advising their conversations were being monitored.

For performance testing, we hooked up the CR35iNG to the lab’s Ixia XM2 chassis and its Xcellon-Ultra NP load modules. To assess raw firewall throughput, we created a test using the same 1,518-byte UDP packets as Cyberoam: we saw IxLoad confirm averages of 2.3Gbits/sec.

Testing using UDP packets gives only an indication of raw throughput, however; we also wanted to see how the CR35iNG coped with real-world web traffic. We created a new test simulating web clients on one load module port, accessing web servers over HTTP port 80 on another.

The IxLoad utility recorded a high top throughput of 800Mbits/sec. With AV scanning for HTTP enabled in the firewall rule, we saw around 520Mbits/sec – close to Cyberoam’s claimed figures. This is impressive performance, almost three times faster than its competitor, the Dell SonicWALL NSA 2400MX, and yet the CR35iNG costs less than half as much.

The new hardware platform for the CR35iNG sets new standards for performance. Combine this with a comprehensive set of features and a reasonable price and its A-List place is secure. For SMBs, there’s nothing else that comes close.

Author: Dave Mitchell

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here
Be the first to comment this article

You need to Login or Register to comment.

(optional)

Latest Category Reviews
Netgear ProSecure UTM25S review

Netgear ProSecure UTM25S

Category: Security appliances
Rating: 5 out of 6
Price: £959
WatchGuard XTM 515 review

WatchGuard XTM 515

Category: Security appliances
Rating: 6 out of 6
Price: £1,213
eSoft InstaGate 404s review

eSoft InstaGate 404s

Category: Security appliances
Rating: 3 out of 6
Price: £684
ExactTrak Security Guardian review

ExactTrak Security Guardian

Category: Security appliances
Rating: 5 out of 6
Price: £354
WatchGuard XTM 330 review

WatchGuard XTM 330

Category: Security appliances
Rating: 5 out of 6
Price: £1,012
Compare reviews: Security appliances

advertisement

Latest News Stories Subscribe to our RSS Feeds
Latest Blog Posts Subscribe to our RSS Feeds
Latest Features
Latest Real World Computing

advertisement

Sponsored Links
 

 
SEARCH
Loading
WEB ID
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2010
 
 

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.