Reviews

Cyberoam CR1500i review

Cyberoam’s latest UTM appliance brings its unique identity based security to bear on the enterprise. In this exclusive review we find out if the Cyberoam CR1500i hits the target.

21 Dec 2009

.polaris__post-meta--date { display: none; } .polaris__post-meta--date.no-script { display: block; padding-left: 45px } 21 Dec 2009

Price

£6,410

EXCLUSIVE: Cyberoam isn't a name that comes immediately to mind when considering UTM appliances but this division of the India-based EliteCore Technologies is keen as mustard to change this perception. It's been muscling into the UK market for the past year with a particular focus on the small and medium-sized business (SMB) market but in this review we take a closer look at the CR1500i which represents the very pinnacle of its product range.

As a UTM appliance, the CR1500i ticks a lot of boxes. It offers firewalling and IPsec VPNs as standard and to these you can add options including anti-virus, anti-spam, IPS, filtering for web content and applications plus SSL VPNs.

A key feature is Cyberoam's identity based UTM security which allows you to tie policies to users rather than systems. This isn't a new concept by any means but Cyberoam goes one step beyond the majority as it can apply a wider range of controls within its firewall rules to specific users and groups.

The appliance offers a reasonable specification and you have plenty of port permutations to play with as all twelve are the Gigabit variety with two of them accepting SFPs for fibre connections. For all ports you can choose individually between LAN, WAN or DMZ duties and you can deploy the appliance in routed or transparent bridge modes although the latter doesn't support Cyberoam's optional SSL VPNs.

Installation in the lab was a smooth process and we opted for transparent mode where we dropped the appliance behind our existing firewall. The main web interface is a tidy affair and on first contact you're greeted by a wizard which helps set up the bridged or transparent modes. You can also start off in passive mode or apply a default security policy to all traffic.