Cyberoam CR1500i review

Cyberoam’s latest UTM appliance brings its unique identity based security to bear on the enterprise. In this exclusive review we find out if the Cyberoam CR1500i hits the target.

IT Pro Verdict

Compared with many enterprise UTM security appliances, the CR1500i looks good value and it also offers Cyberoam’s unique identity based security. It’s easy to deploy, performs very well and allows you to create user and group based policies to control just about any type of internet related activity.

Dave Mitchell's avatar
By
published
in Reviews

Identity based security requires Active Directory, NT domain, RADIUS or LDAP servers or the appliance's own database. You can also identify systems by their IP addresses, create IP address pools and link specific systems to users so they are only allowed to log in from an assigned address or a pool.

Three types of user are supported where a normal user must logon to the appliance, requiring a small client utility to be installed locally. Clientless users don't need the utility and don't have to log on to the appliance but for these you can't apply surfing and data transfer quotas or internet access time restrictions. The SSO user type is merely a normal user that is automatically logged in to the appliance when they have authenticated with an external directory server.

User and group controls are very extensive as each one can have their own web filtering, internet access and bandwidth usage policies. Data transfer limitations on uploads and downloads can also be applied and there are even options for daily, weekly, monthly or yearly limits.

Firewall rules offer advanced options where you can select additional policies for IPS, web filtering and bandwidth restrictions. For each rule you can also activate virus scanning on HTTP, POP3, IMAP, SMTP and FTP traffic.

You can apply a global anti-spam policy and underneath this add custom policies for separate users and groups. For each policy there are a set of advanced options where you limit attachment sizes and decide what to do based on each message's spam score. Dependent on the score, you can quarantine, drop or reject SMTP messages or tag the subject line whilst for POP3 you can accept a suspect message or tag it.

Dave Mitchell
Dave Mitchell

Dave is an IT consultant and freelance journalist specialising in hands-on reviews of computer networking products covering all market sectors from small businesses to enterprises. Founder of Binary Testing Ltd – the UK’s premier independent network testing laboratory - Dave has over 45 years of experience in the IT industry.

Dave has produced many thousands of in-depth business networking product reviews from his lab which have been reproduced globally. Writing for ITPro and its sister title, PC Pro, he covers all areas of business IT infrastructure, including servers, storage, network security, data protection, cloud, infrastructure and services.

Latest News