Review: Cyberoam CR35iNG

Read time 4min 30sec
The Cyberoam CR35iNG is an ideal incentive for South African SMEs to consider UTM hardware for their future security solutions.
The Cyberoam CR35iNG is an ideal incentive for South African SMEs to consider UTM hardware for their future security solutions.

Cyberoam markets the CR35iNG as a unified threat management (UTM) device - an all-in-one security solution for an array of security needs, from intrusion protection to content filtering. The unit comes packed with an array of protective tools and services.

The 'UTM' label is broad by definition and the functionality varies from device to device. Included are functions such as real-time monitoring, next-generation firewall (NGFW), intrusion prevention systems (IPS), virtual private networking (VPN), anti-spam measures, gateway anti-virus, Web content filtering and access control. In addition, some devices offer DDoS protection, data-leakage protection and anti-bot protection.

Getting started

The Cyberoam CR35iNG can be set up either in gateway or bridge mode, depending on your requirements. Gateway mode is for users who want to apply security policies to traffic between LAN and DMZ (mail/Web server) networks, as well as WAN traffic. Bridge mode is for the simpler DMZ-less approach. I tested the device in bridge mode and found the process to be easy and fairly quick.

First one accesses the device from the management computer (to designate a terminal, as the 'management computer' simply requires setting your computer's IP to a given IP listed in the manual, to gain access to the device's settings). This is followed by assigning the device an unused IP and setting up gateway/mail server options, then registering a customer service account and opting in to the trial version of all key features, which took mere seconds.

Within no time, I was watching the device's dashboard as it informed me of intrusion attempts, virus interceptions, general Web traffic events and monitoring statistics. I went for the standard security settings - as simple as selecting and clicking 'apply'.

Key features

Under this stock security setting (R5 152 - dependent on dollar/rand exchange), traffic from certain sites and applications, and about certain topics, was restricted, slowed or outright blocked.

In summary

Good: Affordable, with good performance that beats more expensive competitors. Highly customisable settings, easy to set up, meets complex security needs, monitors up to 2.3Gbps, quarantine zone for e-mails, intuitive dashboard and controls
Bad: Single point of failure
Rating: 9/10
Price: R10 247 (23 September 2013)

Sites related to terrorism, drugs or violence, for example, are all controlled (handily grouped under 'Unhealthy'). Some less severe sites and content types are grouped as 'Non-working' - allowing Web and network administrators to monitor procrastination and bandwidth wasting quite easily - even slowing down or outright blocking problematic topics. The same applies to IM, should you wish to employ such a feature - providing the ability to monitor all common instant messaging services (it does warn users that this is taking place).

Unified threat management

With the market for unified threat management (UTM) devices and applications burgeoning, integrated security solutions look to become more common in SA.
This is despite SA's slow adoption rate compared to its BRICS counterparts. However, as local SMEs increasingly become dependent on fast Internet (and the networking and security complications this entails), and given the UTM market's continued rising international growth (predicted to surpass $3.6 billion in 2015), UTM devices are on the way, and here to stay.
Although some deride the devices as a single point of failure, their popularity in North America, Europe and the Asia-Pacific, coupled with recent advances in technology and performance, herald their coming to the Middle East and African markets.
UTM offerings can also be software based, rather than being housed and run off their own hardware.
Ebenezer Obeng-Nyarkoh, senior research analyst at the Worldwide Trackers Group, said: "While businesses continue to explore the opportunities for migrating to a private cloud network as a new technology paradigm, unified security prospects will continue to expand rapidly into small and medium-size businesses where demand is greater than ever."

So, from the fairly harmless seeming 'Astronomy' to the more concerning 'CrimeandSuicide', traffic is carefully checked against a blacklist, then dealt with accordingly. Under Cyberoam's 'Identity Based Security', a multi-tiered permission management approach that offers more freedom than a simple 'user/privileges' style, users can be grouped and assigned different policies and filters, allowing for easy management of differing levels of Internet privilege, as well as assigning bandwidth and download file size limits to different levels of employee. This is infinitely preferable to the workstation/IP limitations commonly used in less advanced security solutions.

All traffic is scanned and green lit en-route to your terminal's browser, including (if you opt to set it up to do so) your mail. The device has a quarantine zone on its hard drive that you can use, in conjunction with spam filters. The device has built-in spam blacklisting services as well as virus outbreak prevention filters to identify and lock down self-duplicating viral e-mails before they can take hold.

As well as ensuring traffic is safe, you can also use the CR35iNG to balance network loads, with bandwidth slowing and other traffic management tools able to assist in ensuring optimum network performance, narrowing the potential for external manipulation resulting in potential security exploits and vulnerabilities.

With Web filtering, monitoring, balancing loads, anti-spam and firewall all in one, the ease of use and convenience of the device is offset only by the risk of it serving as a single point of failure. This means it needs to be robust and well-performing when fulfilling its duties.


UTM devices are notorious for their pricing, but the Cyberoam CR35iNG isn't another underperforming, overpriced security solution. Sporting 1GB of DDR3 RAM, an operating system run off a 2GB CompactFlash, the 1.4Ghz AMD G-Series T48L and 250GB of internal storage (SATA), the device does live up to its claimed performance, offering speed comparable to market rivals at a fraction of the cost.

Boasting the ability to manage 2.3Gbps of traffic, PCPro's testing demonstrated the CR35iNG performing three times faster than opponent Dell's SonicWALL NSA 2400MX offering, at less than half the price.

The Cyberoam CR35iNG sells for R10 247 (dependant on dollar/rand exchange) and is an ideal incentive for South African SMEs to consider UTM hardware for their future security solutions.

Login with