Cyberoam CR 25i

This UTM (unified threat management) device provides firewall, VPN, antivirus, antispam, intrusion detection and prevention (IDP), and content-filtering features on a per-user basis. The Cyberoam CR 25i comes loaded with high-end features not usually found in a product at this price level, like failover capability and the ability to support multiple Internet connections at once. Setting it up wasn't easy, but the CR 25i deserves credit for its flexible configuration options, extensive security, content filtering, and bandwidth management features.
When setting up the CR 25i, all I had to go on was the quick-start guide with its tiny print and pictures of a unit different from the one I received. But this is the type of product you can't install without following the instructions, so I got out my magnifying glass and trudged along—into the first wall.
The device has four Ethernet 10/100 ports on the rear that are not labeled. Not a big deal, you might think, but you can perform the setup only through port A. My odds were 50-50: Port A was either on the far left or far right. I made the wrong choice and woke up in a dark dystopia with a jack in my head and a guy named Morpheus staring down at me. Okay, not really, but Cyberoam should not make the poor IT guy setting up its units guess. Sorting out even such simple gotchas takes time. After I connected to the other port A, I was able to log into the administration interface. I ran the network configuration wizard, which walked me through configuring Ethernet ports and some basic settings.
The CR 25i does not support SMTP authentication (which means I couldn't use it to send e-mail alerts about security conditions, because my server—as well as many others—requires SMTP authentication), yet I was forced to enter information for e-mail alerts. Even though I wouldn't be able to use the feature, the wizard refused to let me advance if I left the e-mail settings blank. I was also disappointed to find that not only are DHCP services off by default, but you have to configure them manually. The good news is that a latch holds the power cord in, so you won't accidentally disconnect the power when you've almost finished this onerous installation.
Identity-based security management is the key to the CR 25i, so you'll want to use those features, but you've got to do some planning first to determine which privileges (and restrictions) should be assigned to which users and groups. If you're already running a network directory service such as Active Directory or LDAP, then you can simply connect to whichever one you're using and begin assigning security profiles to users and groups. If not, you'll have to create users, passwords, and groups on the CR 25i itself and then install a small client on each workstation in your network.
Strangely, you download the client (available only for Windows and Linux, although others can run an HTTP only client) from the help menu. This is sort of a theme with the product's interface: Many common settings are buried three menus deep; you have to drill down that far just to turn on virus scanning! I was able to find everything I was looking for eventually, but compared with the GUIs of other UTMs I've reviewed this year, such as the SonicWALL TZ 180 and the eSoft InstaGate 404, this is competent and nothing more.