Cyberoam GettingStartedGuide



Comments



Description

User GuideVersion 10 Document version 10.0 -1.0-29/03/2010 Cyberoam User Guide Important Notice Elitecore has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Elitecore assumes no responsibility for any errors that may appear in this document. Elitecore reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice. USER’S LICENSE The Appliance described in this document is furnished under the terms of Elitecore’s End User license agreement. Please read these terms and conditions carefully before using the Appliance. By using this Appliance, you agree to be bound by the terms and conditions of this license. If you do not agree with the terms of this license, promptly return the unused Appliance and manual (with proof of payment) to the place of purchase for a full refund. LIMITED WARRANTY Software: Elitecore warrants for a period of ninety (90) days from the date of shipment from Elitecore: (1) the media on which the Software is furnished will be free of defects in materials and workmanship under normal use; and (2) the Software substantially conforms to its published specifications except for the foregoing, the software is provided AS IS. This limited warranty extends only to the customer as the original licenses. Customers exclusive remedy and the entire liability of Elitecore and its suppliers under this warranty will be, at Elitecore or its service center’s option, repair, replacement, or refund of the software if reported (or, upon, request, returned) to the party supplying the software to the customer. In no event does Elitecore warrant that the Software is error free, or that the customer will be able to operate the software without problems or interruptions. Elitecore hereby declares that the anti virus and anti spam modules are powered by Kaspersky Labs and Commtouch respectively and the performance thereof is under warranty provided by Kaspersky Labs and by Commtouch. It is specified that Kaspersky Lab does not warrant that the Software identifies all known viruses, nor that the Software will not occasionally erroneously report a virus in a title not infected by that virus. Hardware: Elitecore warrants that the Hardware portion of the Elitecore Products excluding power supplies, fans and electrical components will be free from material defects in workmanship and materials for a period of One (1) year. Elitecore's sole obligation shall be to repair or replace the defective Hardware at no charge to the original owner. The replacement Hardware need not be new or of an identical make, model or part; Elitecore may, in its discretion, replace the defective Hardware (or any part thereof) with any reconditioned product that Elitecore reasonably determines is substantially equivalent (or superior) in all material respects to the defective Hardware. DISCLAIMER OF WARRANTY Except as specified in this warranty, all expressed or implied conditions, representations, and warranties including, without limitation, any implied warranty or merchantability, fitness for a particular purpose, non-infringement or arising from a course of dealing, usage, or trade practice, and hereby excluded to the extent allowed by applicable law. In no event will Elitecore or its supplier be liable for any lost revenue, profit, or data, or for special, indirect, consequential, incidental, or punitive damages however caused and regardless of the theory of liability arising out of the use of or inability to use the product even if Elitecore or its suppliers have been advised of the possibility of such damages. In no event shall Elitecore’s or its supplier’s liability to the customer, whether in contract, tort (including negligence) or otherwise, exceed the price paid by the customer. The foregoing limitations shall apply even if the above stated warranty fails of its essential purpose. In no event shall Elitecore or its supplier be liable for any indirect, special, consequential, or incidental damages, including, without limitation, lost profits or loss or damage to data arising out of the use or inability to use this manual, even if Elitecore or its suppliers have been advised of the possibility of such damages. RESTRICTED RIGHTS Copyright 1999-2010 Elitecore Technologies Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of Elitecore Technologies Ltd. Corporate Headquarters Elitecore Technologies Ltd. 904 Silicon Tower, Off. C.G. Road, Ahmedabad – 380015, INDIA Phone: +91-79-66065606 Fax: +91-79-26407640 Web site: www.elitecore.com, www.cyberoam.com 2/280 Cyberoam User Guide Contents Preface .............................................................................................................................. 6 About this Guide .............................................................................................................. 7 Guide Organization..................................................................................................................... 7 Typographic Conventions ......................................................................................................... 9 Technical Support .................................................................................................................... 10 Introduction .................................................................................................................... 11 Cyberoam Management Interface ........................................................................................... 11 Connecting to Web Admin Console ...................................................................................... 11 Navigating through Web Admin console ............................................................................... 12 Common Icons and buttons in the Web Admin Console....................................................... 13 Status Bar.............................................................................................................................. 13 Tooltips .................................................................................................................................. 14 Navigating through Tables .................................................................................................... 15 Web Console Authorization and Access control ................................................................... 16 Common Web Admin Console tasks..................................................................................... 17 Log out procedure ................................................................................................................. 17 Getting Started ............................................................................................................... 18 Basics.............................................................................................................................. 20 System ............................................................................................................................ 21 Dashboard ................................................................................................................................. 21 Administration .......................................................................................................................... 23 Settings.................................................................................................................................. 23 Appliance Access .................................................................................................................. 23 Profile..................................................................................................................................... 25 Password............................................................................................................................... 27 Configuration ............................................................................................................................ 29 Language............................................................................................................................... 29 Time....................................................................................................................................... 29 Notification............................................................................................................................. 30 Messages .............................................................................................................................. 31 Web Proxy ............................................................................................................................. 33 Parent Proxy.......................................................................................................................... 34 Captive Portal ........................................................................................................................ 34 Theme ................................................................................................................................... 36 Maintenance .............................................................................................................................. 37 Backup & Restore.................................................................................................................. 37 Firmware................................................................................................................................ 39 Licensing ............................................................................................................................... 40 Services................................................................................................................................. 42 Updates ................................................................................................................................. 43 SNMP.......................................................................................................................................... 44 Cyberoam MIB....................................................................................................................... 44 Agent Configuration............................................................................................................... 47 Community ............................................................................................................................ 48 V3 User.................................................................................................................................. 50 System Graph ........................................................................................................................... 52 Packet Capture.......................................................................................................................... 60 Objects ............................................................................................................................ 64 Hosts .......................................................................................................................................... 64 3/280 Cyberoam User Guide IP Host................................................................................................................................... 64 IP Host Group........................................................................................................................ 67 MAC Host .............................................................................................................................. 69 Services ..................................................................................................................................... 72 Service Group........................................................................................................................ 74 Schedule.................................................................................................................................... 78 File Type .................................................................................................................................... 81 Certificate .................................................................................................................................. 84 Certificate Authority ............................................................................................................... 88 Certificate Revocation List..................................................................................................... 92 Network ........................................................................................................................... 94 Interface..................................................................................................................................... 94 Zone..................................................................................................................................... 102 Wireless WAN ......................................................................................................................... 106 Status................................................................................................................................... 106 Settings................................................................................................................................ 107 Gateway ................................................................................................................................... 111 Static Route............................................................................................................................. 118 Unicast................................................................................................................................. 118 Multicast .............................................................................................................................. 119 Source Route....................................................................................................................... 122 DNS .......................................................................................................................................... 125 DHCP........................................................................................................................................ 127 Server .................................................................................................................................. 127 Lease ................................................................................................................................... 129 Relay.................................................................................................................................... 130 ARP .......................................................................................................................................... 133 Dynamic DNS .......................................................................................................................... 138 Identity .......................................................................................................................... 140 Authentication......................................................................................................................... 140 Settings................................................................................................................................ 141 Authentication Server ..........................................................................................................144 Groups ..................................................................................................................................... 155 Users ........................................................................................................................................ 163 Clientless User .................................................................................................................... 172 Policy ....................................................................................................................................... 179 Access Time Policy .............................................................................................................179 Surfing Quota Policy............................................................................................................ 181 Data Transfer Policy ............................................................................................................ 184 Live Users................................................................................................................................ 188 Firewall.......................................................................................................................... 193 Rule .......................................................................................................................................... 196 Virtual Host.............................................................................................................................. 211 NAT Policy............................................................................................................................... 216 Spoof Prevention .................................................................................................................... 219 General Settings.................................................................................................................. 219 Trusted MAC ....................................................................................................................... 220 DoS........................................................................................................................................... 223 DoS Settings........................................................................................................................ 224 Bypass Rules....................................................................................................................... 226 4/280 Cyberoam User Guide Web Filter ...................................................................................................................... 229 Settings.................................................................................................................................... 229 Category .................................................................................................................................. 230 Policy ....................................................................................................................................... 234 Application Filter .......................................................................................................... 240 Category .................................................................................................................................. 240 Policy ....................................................................................................................................... 242 IM ................................................................................................................................... 247 IM Contact ............................................................................................................................... 247 IM Contact Group ................................................................................................................ 249 IM Rules ................................................................................................................................... 250 Login .................................................................................................................................... 251 Conversation ....................................................................................................................... 253 File Transfer ........................................................................................................................ 255 Webcam .............................................................................................................................. 258 Content Filter .......................................................................................................................... 261 QoS ................................................................................................................................ 262 Policy ....................................................................................................................................... 262 Policy ................................................................................................................................... 264 Logs & Reports............................................................................................................. 270 Configuration .......................................................................................................................... 270 Syslog Servers .................................................................................................................... 271 Log Settings......................................................................................................................... 273 Log Viewer............................................................................................................................... 277 5/280 Cyberoam UTM appliances accelerate unified security by enabling single-point control of all its security features through a Web 2. Default Web Admin Console username is ‘cyberoam’ and password is ‘cyber’ Cyberoam recommends that you change the default password immediately after installation to avoid unauthorized access.User guide. hosted in DMZ which are visible the external world and still have firewall protection. Content & Application Filtering. threats over applications viz.layer 8. threats over secure protocols viz. malware. HTTPS. Gateway Anti-Virus and AntiSpyware. enabling Administrators to apply access and bandwidth policies far beyond the controls that traditional UTMs support. Comprehensive Reporting over a single platform. data loss. viruses. Bandwidth Management. Gateway Anti-Spam. Mail server. identity theft. They also offer wireless security (WLAN) and 3G wireless broadband and analog modem support can be used as either Active or Backup WAN connection for business continuity. VPN. Cyberoam Unified Threat Management appliances offer identity-based comprehensive security to organizations against blended threats .0-based GUI. Cyberoam has enhanced security by adding an 8th layer (User Identity) to the protocol stack. Multiple Link Management.Cyberoam User Guide Preface Welcome to Cyberoam’s . without compromising productivity and connectivity. FTP server etc. Cyberoam integrates features like stateful inspection firewall. IM Management and Control. Instant Messengers. Layer 7 visibility. 6/280 . An extensible architecture and an ‘IPv6 Ready’ Gold logo provide Cyberoam the readiness to deliver on future security requirements. It thus offers security to organizations across layer 2 . Intrusion Prevention System. Advanced inspection provides L8 user-identity and L7 application detail in classifying traffic. and more. Data Leakage Prevention. Cyberoam provides increased LAN security by providing separate port for connecting to the publicly accessible servers like Web server.worms. adding VLAN subinterfaces and custom zones. They are used in defining firewall rules. defining profiles for role based access. Access time policy. Part IV System This part covers a various security appliance controls for managing system status information. various and using included diagnostics tools for troubleshooting. L2TP and VPN policies services which represent specific protocol and port combination for example. managing firmware versions.Cyberoam User Guide About this Guide This Guide provides information regarding the administration. schedule to control when the firewall rule. This Guide is organized into thirteen parts: Part I – Introduction This part covers various features of Web 2. IPSec. It includes configuring Cyberoam interfaces and DNS settings. Application filter policy. maintenance. virtual host. 7/280 . scheduling backups and restoring. All Days. and customization of Cyberoam and helps you manage and customize Cyberoam to meet your organization’s various requirements including creating groups and users and assigning policies to control web as well as application access.0 based graphical interface. individual topics correspond to security appliance management interface layout. Web filter policy. DNS service for TCP protocol on 53 port. which include: • • • • • host – IP. Work Hours file types – defining web filter policy. Part III Basics This part covers basic building blocks in Cyberoam. Within these parts. Access to services are allowed or denied through firewall rules. NAT policy. registering and managing the Cyberoam security appliance and its subscription licenses through registration portal. Part II – Getting started This part covers how to start using Cyberoam after after deployment. network and MAC addresses. Guide Organization The Cyberoam User Guide organization is structured into the thirteen parts that follow the cyberoam Web Admin Console structure. Part V Objects This part covers various Objects which are the logical building blocks for configuring various policies and rules. or QoS policy will be in effect for example. SMTP scanning rules certificates – VPN policies Part VI Network This part covers configuring the Cyberoam appliance for your network. Part IX Web Filter This part covers how to configure and manage Web filtering in Cyberoam through categories and policies. Part XIII Logs & Reports This part covers managing logging and reporting feature.Cyberoam User Guide configuring DHCP. Part X Application Filter This part covers how to configure and manage application filtering in Cyberoam through categories and policies. Detailed log information and reports provide historical as well as current analysis of network activity to help identify security issues and reduce network abuse. Part XI IM This part covers how to configure and manage restrictions on instant messaging services provided by the Yahoo and MSN messengers. system and network protection functions. It alco covers configuration of the 3G wireless WAN interface on the Cyberoam appliances that support the feature. Cyberoam provides extensive logging capabilities for traffic. Part VIII Firewall This part covers tools for managing how the Cyberoam appliance handles traffic through the firewall. 8/280 . Part XII QoS This part covers how to configure and manage bandwidth through QoS policy that allocates and limits the maximum bandwidth usage of the user and controls web and network traffic. Part VII Identity This part covers how to configure user level authentication and manage users and user groups. Client component is installed The end user Username uniquely identifies the user of the system Bold and shaded font typefaces Report Introduction Notation conventions System → Administration → Appliance Access it means.Cyberoam User Guide Typographic Conventions Material in this manual is presented in text. to open the required page click on System then on Administration and finally click Appliance Access Enter policy name.Server component is installed Machine where Cyberoam Software . or command-line notation. replace policy name with the specific name of a policy Or Click Name to select where Name denotes command button text which is to be clicked Refer to Customizing User database Clicking on the link will open the particular topic Topic titles Shaded font typefaces Subtitles Bold & Black typefaces Bold typeface Navigation link Name of a particular parameter / field / command button text Cross references Notes & points to remember Prerequisites Lowercase italic type Hyperlink in different color Bold typeface between the black borders Bold typefaces between the black borders Note Prerequisite Prerequisite details 9/280 . screen displays. Item Server Client User Username Part titles Convention Example Machine where Cyberoam Software . Road Ahmedabad 380015 Gujarat. Silicon Tower Off C. or requests concerning the software you purchased. Phone: +91-79-66065606 Fax: +91-79-26407640 Web site: www.com Web site: www. 10/280 . your registration status. comments. or similar issues to Customer care/service department at the following address: Corporate Office eLitecore Technologies Ltd. 904.Cyberoam User Guide Technical Support You may direct all questions.elitecore.com Cyberoam contact: Technical support (Corporate Office): +91-79-66065777 Email: [email protected]. India.com for the regional and latest contact information.cyberoam.com Visit www. User sessions and disconnect icon in the active VPN connections can be disconnected with a single click on the Manage column. open the browser and type LAN IP Address of Cyberoam in browser’s URL box.0 based eay-to-use graphical interface termed as Web Admin Console to configure and manage your Cyberoam appliance. You can configure the Cyberoam appliance for HTTP and HTTPS web-based administration from any Cyberoam interface but by default. Screen . The recommended minimum screen resolution for the management computer is 1024 X 768 and 32-bit true-color. 1 Cyberoam Management Interface Cyberoam version 10 introduced a new Web 2. Use the default user name ‘cyberoam’ and password ‘cyber’ if you are logging in for the first time after deployment. but by default appears in English.0 based graphical interface. You can connect to Web Admin Console using HTTP or a secure HTTPS connection from any management computer using web browser Microsoft Internet Explorer 7+ or Mozilla Firefox 1. If you are logging on for the first time after installation.Login screen Screen Elements Login User name Description Specify user login name. only HTTPS connection is enabled from WAN interface while HTTP and HTTPS both are enabled from LAN interface.Cyberoam User Guide Introduction This section describes various features of Web 2. Connecting to Web Admin Console The Log on procedure verifies validity of user and creates a session until the user logs off. Asterisks are the placeholders in the password field. A dialog box appears prompting you to enter username and password. To connect to the Web Admin Console you require an administrator account and password. The Web Admin Console supports multiple languages.5+. please use PART 11/280 . To get the log in window. but it does not navigate away from the current page. all the associated tabs are displayed as the horizontal menu bar on the top of the page. To view page associated with the tab. first click on the heading. select ‘Web Admin Console’ Logs on to Web Admin Console Click Login Table . To navigate to a new page. The left navigation bar expands and contracts dynamically when clicked on without navigating to a submenu. and then click on the submenu you want navigate to. When you click on a top-level heading in the left navigation bar.Cyberoam User Guide Password default username ‘cyberoam’ Specify user account Password If you are logging on for the first time after installation. related management functions are displayed as submenu items in the navigation bar itself. Menu consists of sub-menus and tabs. 12/280 . On clicking menu item in the navigation bar. On clicking submenu item. it automatically expands that heading and contracts the heading for the page you are currently on. Cyberoam functions are grouped in such a way that the navigation bar does not continue below the bottom of your browser. please use default password ‘cyber’ To administer Cyberoam.Login screen elements Log on to Login button Navigating through Web Admin console Navigation menu Navigation bar on the leftmost side provides access to various configuration pages. click the required tab. easy and puts your case right into the Technical Support queue. 13/280 . Cyberoam – Click page. icon to open the Cyberoam Appliance and Registration information • • • • • Online help – Each appliance includes a Web-based help online help which can be viewed from any of the page of Web Admin console.Clicking on edit icon displays a window for editing the configuration . The following describe the functions of common icons used in the Web Admin Console: • • • Edit Delete . – Opens a Reports page for viewing various usage reports. subnet mask and default gateway for Cyberoam at the time of deployment. – It provides immediate access to CLI by initiating a telnet connection with CLI Console without closing Web Admin console. Click icon to open the context-sensitive help for the page. to offer wide spectrum of 1000+ unique user identity-based reporting across applications and protocols and provide indepth network visibility to help organizations take corrective and preventive measures.Clicking on delete icon deletes a entry/record . • Logout – Click Logout icon to log out from the Web Admin Console.Clicking on the parent record displayes its child records Expand/Collapse icons Note Use F1 key for page specific help Use F10 key to return to Dashboard Status Bar The Status bar at the bottom of the window displays the status of actions executed in the Web Admin console. It is fast.Click to view to Dashboard – Network Configuration wizard will guide you step-by-step through configuration of Wizard the network parameters like IP address.a Logging and Reporting solution. It is installed automatically with the software. icon to open the customer login page for creating a Technical Support Support – Click Ticket. Cyberoam is Reports integrated with Cyberoam-iView .Cyberoam User Guide Common Icons and buttons in the Web Admin Console Icon bar The Icon bar on the upper rightmost corner of the every page provides access to several commonly used functions like: • • Dashboard . maximum. you can safely conclude that it does not have an associated Tooltip.minimum. Tooltips display the configuration summary . Not all UI elements have Tooltips. If a Tooltip does not display after hovering your mouse over an element for a couple of seconds. These Tooltips are small pop-up windows that display brief configuration summary describing the element when you hover your mouse over a UI element. 14/280 . and default values of the element. When applicable. This configuration information is generated directly from your appliance itself.Cyberoam User Guide Tooltips Version 10 has introduced embedded informative tool tips for many elements in the UI. can now be re-sorted by clicking on the headings for the various columns. configuration details and log entires are presented in a tabular format. Live Users. Many tables like Log Viewer.Cyberoam User Guide Navigating through Tables With the new user interface. On table columns that are sortable. Group etc. Table Navigation bar also includes an option to specify the number entries/records displayed per page. 15/280 . a tooltip will pop-up when you mouseover headings that states Click to sort ascending or Click to sort descending. Table Navigation Bar on the upper right top corner of the table provides navigation buttons for moving through table pages with large number of entries. Cyberoam User Guide Live Users and active VPN connections can be disconnected with a single click on the icon. read-write permission for entire configuration performed through either of the consoles. Full privileges i. update and delete system configuration and user information as well as can create multiple administrator level users. 16/280 . read-write permission for entire configuration performed through Web Admin console cyberoam cyber Web Admin console only It is recommened that you change the password of both the users immediately on deployment. Cyberoam has two types of user: Administrator Log in as “Administrator” User to maintain.e. control and administer Cyberoam. User “User” User is the user who accesses the resources through Cyberoam. This user can create. Web Console Authorization and Access control By default. Cyberoam appliances are shipped with two “Administrator” Users as: Username admin Password admin Console Access Web Admin console CLI console Privileges Full privileges for both the consoles i.e. 17/280 . QoS.Interface speed. schedules Network management . access time. Gateway. log off after you have finished working.Cyberoam User Guide Common Web Admin Console tasks Below given are the common tasks performed through Web Admin Console: • • • • • • • • • • • • • • System Administration and Configuration Firmware maintenance Backup and restore Firewall rules management Configure user authentication User and user groups management Objects management – hosts. MTU and MSS settings. data transfer Antivirus and anti spam filtering policies configuration VPN and SSL VPN access configuration IPS policies and signature IM controls Log out procedure To avoid un-authorized users from accessing Cyberoam. DDNS Web and application filtering categories and policies configuration Policy management – surfing quota. This will end the session and exit from Cyberoam. services. configure Cyberoam to communicate your ADS. View user surfing trends from Web Usage → Top Web User report View your organization’s Category wise surfing trends from Web Usage → Top Categories report View mail usage from Mail Usage → Top Mail Senders and Mail Receivers report 3. View Cyberoam Reports Monitor your Network activities using Cyberoam Reports. Customize You can create additional policies to meet your organization’s requirement. If your Network uses LDAP. 2. Refer to Access time policy for more details. Configure for Username based monitoring As Cyberoam monitors and logs user activity based on IP address. Cyberoam allows to: 1. Refer to Web and PART 18/280 . Control individual user surfing time by defining Surfing quota policy. 4. If your Network uses RADIUS. you can start using Cyberoam. Integration will identify access request based on User names and generate reports based on Usernames. Refer to Firewall for more details. Refer to Surfing Quota policy for more details. 4. you have to configure Cyberoam for integrating user information and authentication process. certain categories will be blocked or allowed for LAN to WAN traffic with or without authentication. • • • If your Network uses Active Directory Services and users are already created in ADS. Control user based per zone traffic by creating firewall rule. 1.Cyberoam User Guide Getting Started 2 Once you have deployed Cyberoam in your network and registered the copy of your Cyberoam. configure for Cyberoam to communicate with RADIUS. log on to Cyberoam-iView by clicking Reports on the topmost button bar from Web Admin Console and log on with default username ‘admin’ and password ‘admin’. 3. Schedule Internet access for individual users by defining Access time policy. To monitor and log user activities based on User names. 2. Start monitoring Once you have deployed Cyberoam successfully in your network you can monitor user activity in your Network. Control web access by defining Web and Application Filter Policies. configure for Cyberoam to communicate with LDAP. To view Reports. Depending on the Web and Application Filter Policy configured at the time of deployment. all the reports generated are also IP address based. 7. Limit total as well as individual upload and/or download data transfer by defining data transfer policy. Refer Data transfer policy for more details.Cyberoam User Guide Application Filter Policy for more details. Connecting to Cyberoam CLI 8. Refer to QoS policy for more details. From Web Admin Console a) Using Console Interface via remote login utility – TELNET b) Direct Console connection . 5. Allocate and restrict the bandwidth usage by defining QoS policy.attaching a keyboard and monitor directly to Cyberoam server 19/280 . 6. DNS service for TCP protocol on 53 port schedule to control when the rule will be in effect e. DMZ. Port A through Port J depending on the appliance model subinterfaces .VLAN PPPoE interfaces interface aliases and WWAN interface if Wireless WAN functionality is enabled Objects are the logical building blocks of the firewall rule.g. Interfaces and (Network/Address) Objects. which includes: • • • • • host . All Days. These objects are Zones. VPN custom zone Interface includes: • • • • • actual physical Ethernet interfaces or ports i. Zone is the logical grouping of Interface. This chapter describes the logical objects upon which Cyberoam is built.IP and MAC addresses services which represent specific protocol and port combination e.LAN. which includes: • • predefined zones . Work Hours certificates file types PART PAR 20/280 . LOCAL. WAN.g. This structure is used in defining firewall rules to allow or deny the access. Services and Schedules. Interfaces and (Network/Address) objects.Cyberoam User Guide Basics 3 The basic building blocks in Cyberoam are Zones.e. Dashboard Cyberoam displays Dashboard as soon as you logon to the Web Admin Console. Minimize or reposition each section (System Information. IPS alerts. such as SNMP.Cyberoam User Guide System 4 System allows configuration and administration of Cyberoam appliance for secure and remote management as well as administrative privilege that you can assign to admin users. License Information.) by dragging and dropping. are displayed. It also provides the basic system settings and language settings of the Web Admin console. Gateway status information. Optionally click Reset to restore the default dashboard setting. portal setting and themes through System.Dashboard PART 21/280 . Dashboard provides a quick and fast overview of all the important parameters of Cyberoam appliance that requires special attention such as password. access to critical security services. Each section has an icon associated with it for easy recognition when minimized. system resources usage. custom messages. and notifications of subscription expirations etc. Usage summary etc. Dashboard page is completely customizable. Configure several non-network features. Screen . is used to reset the Dashboard to factory default settings. the Cyberoam can also detect any unwanted applications and Spyware infected hosts that are already there in the network i.e. 22/280 .Cyberoam User Guide Customizable Dashboard allows to place the sections that are pertinent to the user and requires special attention for managing Cyberoam on the top and the information used less often moved to the bottom. There are three icons located at the top right corner on the Dashboard. Available sections on Dashboard are as follows: • • • • • • • • • • Appliance information License information DoS attack status Recent IPS Alerts Recent Spyware Alerts Recent Mail Viruses detected Recent HTTP Viruses detected Recent FTP Viruses detected System Status Gateway status Apart from preventing spyware from entering and infecting your network. network infected before Cyberoam was deployed and provides alert on Dashboard. They are as follows: • • • Reboot Appliance Shutdown Appliance Reset Dashboard is used to reboot the appliance. Note Use F10 key to return to Dashboard from any of the pages. is used to shutdown the appliance. Configure Port number. Default port: 443 SSL VPN Port . WAN. Administrator can also restrict access to various local services. Telnet. VPN: • Admin Services – HTTP. Default port: 80 Web Admin Console HTTPS Port . remote login security. Default port: 8443 Note SSL VPN Port configuration is not available for Cyberoam CR15i models. Settings Use Settings page to make modifications in the general port settings for accessing Web Admin console. DMZ. To manage the administration settings. SSH 23/280 . go to System → Administration → Settings. Various ports and login security can be configured using this submenu.Configure Port number (Web Admin Console secured). HTTPS. You can administer port numbers. Appliance Access Appliance Access allows to limit the Administrative access of the following Cyberoam services from various zones – LAN.Cyberoam User Guide Administration Administration page allows configuration of general settings in Cyberoam. Screen – Manage Administration Settings Web Admin Console HTTP Port . Make changes to the login parameters for restricting the local and remote users based on the time. local login security and local ACL services from Administration submenu.Configure Port number (Web Admin Console unsecured). Enable/disable following service from the specified zone: Windows/Linux Client.Enable/disable access to Cyberoam using following service from the specified zone: HTTP. SSL VPN Screen – Appliance Access Settings Default Access Control Configuration To manage the access to devices. HTTPS (TCP port 443). Captive Portal 24/280 . Admin Services . it will have a default Access configuration. Other Services – Web Proxy service will be enabled for LAN zone. HTTP (TCP port 80) service will be enabled for administrative functions in DMZ zone. Authentication Services . HTTPS (TCP port 443) services will be enabled for administrative functions in WAN zone. SSL VPN (TCP port 8443) service will be enabled for LAN. and data transfer restrictions. Admin Services .Windows/Linux Client (UDP port 6060) and Web Client Authentication (TCP port 8090) will be enabled for User Authentication Services in LAN zone. bandwidth. User Authentication Services are not required for any of the Administrative functions but required to apply user based internet surfing. go to System → Administration → Appliance Access.Cyberoam User Guide • • • Authentication Services – Windows/Linux Client. Ping Other Services – Web Proxy. Telnet and SSH Authentication Services . Custom Access Control Configuration Use access control to limit the access to Cyberoam for administrative purposes from the specific authenticated/trusted networks only. When Cyberoam is connected and powered up for the first time. Captive Portal Network Services – DNS.HTTP (TCP port 80). Network Services – Ping and DNS services will be enabled for LAN zone. HTTPS. Telnet (TCP port 23) and SSH (TCP port 22) services will be enabled for administrative functions in LAN zone. WAN and DMZ zone. Ping Other Services . select them and click the Delete button. Profiles allow assigning permissions to individual administrators depending on their role or job need in organization. Note You cannot delete default profiles. The profile separates Cyberoam features into access control categories for which you can enable none. and logs administration. 25/280 . To delete multiple profiles. For ease of use by default. A Delete – Click the Delete icon dialog box is displayed asking you to confirm the deletion. read only.Enable/disable following service from the specified zone: DNS. Cyberoam provides role-based administration capabilities. Edit Edit – Click the Edit icon Profile is displayed which has the same parameters as the Add Profile page.Cyberoam User Guide Network Services . You can: • • • • Add View in the Manage column against the profile to be modified. or read-write access. network administration. You cannot delete profile assigned to any Administrator user. Click OK to delete the profile. Cyberoam provides four profiles: • • • • Administrator – super administrator with full privileges Security Admin – read-write privileges for all features except Profiles and Log & Reports Audit Admin – read-write privileges for Logs & Reports only Crypto Admin – read-write privileges for Certificate configuration only To manage default and custom profiles. Profiles are a function of an organization's security needs and can be set up for special-purpose administrators in areas such as firewall administration. It allows an organization to separate super administrator's capabilities and assign through Profiles.Enable/disable following service from specified zone: SSL VPN. in the Manage column against a profile to be deleted. Web Proxy Note SSL VPN service is not available for Cyberoam CR15i models. To offer greater granular access control and flexibility. go to System → Administration → Profile. Profile Use Profile page to create profiles for various administrator users. Screen – Manage Profile Screen Elements Add Button Profile Name Edit Icon Delete Button Description Add a new profile Name of the profile Edit the profile Delete the profile Alternately. Table – Manage Profile screen elements Profile Parameters To add or edit profiles. Click Add Button to add a new profile. To update the details. click on the Profile or Edit icon against the profile you want to modify. go to System → Administration → Profile. click the delete icon against the profile you want to delete. go to System → Administration → Profile.Cyberoam User Guide Manage Profiles To manage default and custom profiles. in the Manage column Screen – Add Profile 26/280 . To allow modifications. Both the consoles – Web Admin console and CLI. We recommend that you change the password for this username immediately after deployment. Administrator can assign three levels of access rights for the every configured profile. Click on menu. You can either set a common access level for all the menus or individually select the access level for each of the menu.e.Cyberoam User Guide Screen Elements Profile Name Configuration Description Name to identify the profile Click on the access level you want to provide to a profile. icon against a menu to view the items under that For example. To change password. can be access with the same credentials. go to System → Administration → Password. Available Options: • None – No access to any page • Read-Only – View the pages • Read-Write – Add or Modify the details Access levels can be set for individual menus as well. by Cyberoam itself. Screen – Change Password 27/280 . This administrator is always authenticated locally i. Table – Add Profile screen elements Password Cyberoam is shipped with one global Super Administrator with the credentials – username & password as “admin”. if you set access level as Read-Only against the Web Filter. the user would only be able to view all the pages of Web Filter menu but would not be able to make any modifications. you should select ReadWrite option. admin Specify the current admin password Specify New admin password Confirm New admin password Click to reset the password to factory default password.Cyberoam User Guide Screen Elements Name Current Password New Password Confirm New Password Reset to Default Description Name of the administrator .e. Table – Change Password screen elements 28/280 . i. “admin”. To configure time settings in Cyberoam. Cyberoam supports Chinese and Hindi languages. go to System → Configuration → Time. Cyberoam themes and outlook for the Captive portal. mail server notification. Time Current date and time can be set according to the Cyberoam’s internal clock or Cyberoam can be configured to synchronize its internal clock with an NTP server.Cyberoam User Guide Configuration Configuration page allows basic configuration of Cyberoam including GUI localization. services and various custom categories in any of the supported languages. various policies. go to System → Configuration → Language. Administrator can configure the preferred GUI language. 29/280 . web and parent proxy settings. Cyberoam’s clock can be tuned to show the right time using global Time servers so that logs show the precise time and Cyberoam activities can also happen at a precise time. Screen – Language Listed elements of Web Admin Console will be displayed in the configured language: • • • • Dashboard Doclet contents Navigation menu Screen elements including field & button labels and tips Error messages Administrator can also specify description for firewall rule. To manage the language settings. customized messages. Language To cater to its non-English customers. 30/280 .Cyberoam User Guide Screen – Time Settings Screen Elements Current Time Time Zone Description Current system time Select time zone according to the geographical region in which Cyberoam is deployed. Click ‘Sync Now’ button to synchronize Cyberoam clock with the NTP Server. port and email address where the Cyberoam has to send alert emails. Use the pre-defined NTP servers or specify NTP server IP address to synchronize time with a specific NTP server. go to System → Configuration → Notification. Table – Time Settings screen elements Sync Status Notification Configure mail server IP address. To configure mail server settings. Set Date & Time Sync with NTP server Enable to set date and time Enable if you want Cyberoam to get time from an NTP server. Messages help Administrator to notify users about problems as well as Administrative alerts in areas such as access. Message up to 256 characters can be send to the User whenever the event occurs and send to the number of users simultaneously.e. incorrect password. Predefined messages To customize the default messages. user sessions. and successful log on and log off etc. Table – Mail Server Notification screen elements Prerequisite Mail server configuration will change automatically when change from the Network Configuration Wizard and vice versa.Cyberoam User Guide Parameters Screen – Mail Server Notification Screen Elements Mail Server Setting Mail Server IP Address Port Authentication Required Email Setting From Email Address Send Notification to Email Address Description Specify Mail server IP address and port number If Enabled. Messages Messages page allows Administrator to send messages to the various users. username and password. Specify the email address to which the notification is to be sent. specify authentication parameters i. You can: 31/280 . go to System → Configuration → Messages. Specify the email addresses from which the notification is to be sent. Cyberoam User Guide • • Edit – Click Edit icon displayed to the user. Save – Click Save icon changes. User is not allowed to access Table – Predefined Messages screen elements Loggedinfromsomewhereelse MaxLoginLimit SurfingtimeExhausted 32/280 . Message is sent if User has already logged in from other machine Message is sent if User has reached the maximum login limit Message is sent when User is disconnected because his/her allotted surfing time is exhausted The surfing time duration is the time in hours the User is allowed Internet access that is defined in Surfing time policy. to edit the default message and create customized message to be to save the edited message or Cancel icon to ignore the Screen – Predefined Messages Messages LoggedonsuccessfulMsg LoggedoffsuccessfulMsg SurfingtimeExpired NotAuthenticate DeactiveUser InvalidMachine NotCurrentlyAllowed Description/Reason Message is sent when User logs on successfully Message is sent when User logs off successfully Administrator has temporarily deactivated the User and will not be able to log in because User surfing time policy has expired Message is sent if User name or password are incorrect Administrator has deactivated the User and the User will not be able to log on Message is sent if User tries to login from the IP address not assigned to him/her Message is sent if User is not permitted to access at this time Access Time policy applied to the User account defines the allowed access time and not allowed access at any other time. If hours are exhausted. go to System → Configuration → Web Proxy. To use Cyberoam as a web proxy server. Click Add icon to add the HTTP trusted ports and remove to delete the trusted ports. you have to define non-standard ports as trusted ports. IPS policy is applicable on the traffic between proxy and WAN. configure Cyberoam LAN IP address as a proxy server IP address in your browser setting and enable access to web proxy services from Appliance Access section. icon Table – Web Proxy Settings screen elements Trusted Ports 33/280 .Cyberoam User Guide Web Proxy Cyberoam can also act as a web proxy server. Default port is 3128 Cyberoam allows the access to sites hosted on standard port only if deployed as Web Proxy. To allow access to the sites hosted on the non-standard ports. To configure Web Proxy settings in Cyberoam. Application Filter policy and Anti Virus policy as configured in User and Firewall rule. Screen – Web Proxy Settings Screen Elements Web Proxy Port Description Specify Web Proxy Port number. but not between user and proxy QoS policy is not applicable on the direct proxy traffics. Note Web Proxy will enforce Web Filter policy. Specify IP Address or FQDN. Specify Port number for Parent Proxy. This page can include your organization name and logo. Port. Screen – Parent Proxy Settings Screen Elements Parent Proxy Description Enable if the web traffic is blocked by the upstream Gateway. Specify Username & Password for authentication.Cyberoam User Guide Parent Proxy To configure Parent Proxy settings in Cyberoam. 34/280 . Cyberoam also supports customized page in languages other then English. Default port is 3128. Specify Domain Name or IP address for the Parent Proxy. Domain Name / IP Address Port Username & Password Table – Parent Proxy Settings screen elements Captive Portal Cyberoam provides flexibility to customize the Captive portal Login page. go to System → Configuration → Captive portal. To customize the Captive portal page. Username and Password. if Parent Proxy is enabled. When enabled all the HTTP requests will be sent to parent proxy server via Cyberoam. go to System → Configuration → Parent Proxy. Specify Label or Title for the "Username" textbox to be displayed on the Captive Portal login page. Change the Page title if required. Default: Password Specify Label or Caption for the "Login" button to be displayed on the Captive Portal login page. specify Image file name to be uploaded else click “Default”.Cyberoam User Guide Screen – Captive Portal Screen Elements Logo Description To upload the custom logo. Default: Login Page Title Login Page Message Login Page Footer User Name Caption Password Caption Button Caption 35/280 . Default: User Name Specify Label or Title for the "Password" textbox to be displayed on the Captive Portal login page. Use “Browse” button to select the complete path. The image size should not exceed 256 X 256 pixels. Specify message to be displayed in the footer of Captive Portal login page. Default title: Cyberoam Web Client Portal Specify message to be displayed on the Captive Portal login page. Cyberoam User Guide Color Scheme Preview Button Reset to Default Button Customize the color scheme of the Captive portal if required. navigation frame. 36/280 . Click to view the custom settings before saving the changes.e. Click to revert to default settings Table – Captive Portal screen elements Theme Theme page provides a quick way to switch between predefined themes for Web Admin Console. Specify the color code or click the square box to pick the color. Available themes: • • Cyberoam Standard Cyberoam Classic Screen – Manage Themes The default theme is “Cyberoam Standard”. which provides the color scheme and font style for entire GUI i. Each theme comes with its own custom skin. tabs and buttons. Once the backup is taken. Maximum two firmware images can be stored. through scheduled automatic backup and manual backups. No matter how well you treat your system. accidental deletion or file corruption. Backup stored on the system can be restored anytime from Backup & Restore page. There are many ways of taking backup and just as many types of media to use as well. firmware versions and Backup & Restore facility in Cyberoam. you cannot guarantee that your data will be safe if it exists in only one place. Administrator can upload new firmware image. Firmware image can be downloaded from the relevant sites. Backup & Restore Backup is the essential part of data protection. Administrator can take manual backup and alternately. Restoring data older than the current data will lead to the loss of current data. You can: • • Backup & Restore Schedule Backup 37/280 . you need to upload the file for restoring the backup. automatic backup can be scheduled on regular intervals. handling services.Cyberoam User Guide Maintenance Maintenance facilitates Licensing. Backups are necessary in order to recover data from the loss due to the disk failure. Cyberoam provides a facility of taking backup of only system data. no matter how much care you take. To backup and restore data in cyberoam. go to System → Maintenance → Backup & Restore. Backup consists of all the policies and all other user related information. boot from firmware or reset to the configuration to factory defaults. Various can be handled from this Maintenance page. specify configuration to be uploaded. Use “Browse” button to select the complete path.Cyberoam User Guide Backup & Restore Screen – Backup and Restore Screen Elements Backup Configuration Description • Backup Now – Click the ‘Backup Now’ button to take the manual backup of System Data until date. To restore the configuration. ‘Download Now’ button downloads the latest backup that is available. Table – Backup and Restore screen elements Restore Configuration Schedule Backup Screen – Schedule Backup 38/280 . • Download Now – Click ‘Download Now’ button to download backup for uploading. Depending on how much information you add or change will help you determine the schedule. Boot from firmware – Option to boot from the downloaded image – Appliance will be rebooted and will load default Boot with factory default configuration configuration. and displays the login page. configure FTP server IP address. You can simply upload the image or upload and boot from the image. Entire configuration will be lost if you opt for this option. closes all sessions. restarts. Table – Schedule Backup screen elements Backup Mode Firmware System → Maintenance → Firmware page displays the list of available firmware versions downloaded. Upload firmware – Administrator can upload the firmware. the firmware is deployed. Screen – Manage Firmware 39/280 . • Local – backup will be taken and stored on the appliance itself. This process might take few minutes as process also migrates the entire configuration.Active icon against a firmware suggests that the appliance is using the firmware. firmware image is uploaded and upgraded to the new version. it is best to schedule backup on regular basis. Active . Maximum of two firmware versions can be available simultaneously in Cyberoam and one of the two firmware versions is active i. Available options: • Daily – Daily Backup will be sent • Weekly – Weekly Backup will be sent • Monthly – Monthly Backup will be sent • Never – Backup will not be taken at all Select how and to whom backup files should be sent. username and password to be used. Available Options: • FTP -If backup is to be stored on FTP server. Click to specify the location of the firmware image or browse to locate the file.Cyberoam User Guide Screen Elements Backup Frequency Description Select System data backup frequency In general.e. Incase of Upload & Boot. Status .‘Unregistered’.‘Registered’ – Appliance registered Status . browse to http://customer. Gateway Anti-spam.‘Unsubscribed’ . Multi Link Manager and Reports Subscription modules . Web and Application Filtering Basic Module is pre-registered with the Appliance for the indefinite time period usage while Subscription Modules are to be subscribed before use. once the appliance or modules are registered online. Status . You can: • • • • View Appliance Registration Details Manage Module Subscription Online View Module Subscription Details Synchronize – Click ‘Synchronize’ button. – Appliance not registered Status . Bandwidth Management.‘Subscribed’ .Gateway Anti Virus.Subscription expired To manage the licensing options. Alternately.‘Expired’ .Cyberoam User Guide Licensing Cyberoam consist of two types of modules: • • Basic module – Firewall. VPN. Intrusion Prevention System. 40/280 .‘Trial’ .Module subscribed against the module in the Status . Subscription icon navigation menu indicates that the module is not subscribed. The details of appliance and subscription modules are automatically synchronized with Customer My Account and the updated details are displayed on the Licensing Page. go to System → Maintenance → Licensing.cyberoam. You can subscribe to any of the subscription modules: • • without key for free 15-days trial subscription with key On deployment.Trial subscription Status . You need to register appliance if you want to • • • • Avail 8 X 5 support Subscribe to any of the subscription modules subscribe for free trial of any of the subscription modules Register for 24 X 7 support Select System → Maintenance → Licensing to view the appliance registration details and various modules’ subscription details. Click the icon to navigate to the Licensing page and follow the screen steps to subscribe.com to subscribe the module. Appliance will be unregistered and all the modules will be unsubscribed.Module not subscribed. To register the appliance. You can subscribe to following modules: • • • • • • Web and Application Filter Intrusion Prevention System Gateway Anti Virus Gateway Anti-spam 8 X 5 Support 24 X 7 Support 41/280 .com and register. You can create customer account and register appliance in one step only. Once the appliance is registered.cyberoam. CR25i Number of user licenses purchased Name of the company under whose name appliance is to be registered Name of the contact person in the company under whose name appliance is registered Table – Appliance Registration screen elements Manage Module Subscription Online If the appliance is not registered. browse to http://customer.g. you need to create a Customer Account.Cyberoam User Guide Screen – Licensing Appliance Registration Details Screen Elements Model Licensed Users applicable) Company Name Contact Person (if Description Cyberoam Appliance Model which is registered and its appliance key e. subscribe other modules for the trial or with license keys. CR15i. if you do not synchronize the details. FTP Proxy To manage various services. Click to Restart the respective server. Action table Button Start Usage Starts the Server whose status is ‘Stopped’ 42/280 . POP3. Status of the module – Registered. go to System → Services → Services.Cyberoam User Guide Once you register the appliance or subscribe for any module.Name of the configured server/service Status . Screen – Manage Services Services . SMTP.Current status of the server Manage . Expired Module expiry date Table – View Subscription Modules screen elements Services You can view the current status and manage all the configured servers: • • • • • • • Anti Virus and Anti Spam Server Cyberoam Authentication server DHCP Server Domain Name Server IPS Server SNMP Web Proxy Server including HTTP. Subscribed. Unregistered. View the details of Subscription Modules Screen Elements Module Status Expiration Date Description Module that can be subscribed in cyberoam. IMAP.Click to Start or Stop the respective server. Trial. Unsubscribed. Web Admin console will not display the updated subscription details. Cyberoam User Guide Stop Restart Stops the server whose status is ‘Started’ Restarts server: Only for Authentication Server and Web Proxy Server Table – Manage Services screen elements Updates Updates page allows the administrator to configure automatic updates for Anti Virus definitions. Alternately. Version of the Module Status of the last update: Successful or Failure Mode of the Last update: Automatic or Manual Click ‘Sync Now’ button to update the module definitions. IPS Signatures and Web category database. go to System → Maintenance → Updates and click against the required checkbox followed by Apply. Screen – Manage Updates Screen Elements Module Version Last Update Status Last Update Mode Sync Now Button Description Module name whose definitions will be updated. Note Auto updates for Anti Virus signature are not available for Cyberoam CR15i and CR25i models To enable automatic updates. Table – Manage Updates screen elements 43/280 . these definitions can also be updated manually from this page itself. Cyberoam MIB The Cyberoam SNMP implementation is read-only. routers. Management software will poll the various network elements/agents and get the information stored in them. SNMPv2c and custom Management Information Base (MIB). It will not respond to requests from management stations that do not belong to one of its communities. To monitor Cyberoam system information and receive Cyberoam traps you must compile Cyberoam proprietary MIBs into your SNMP manager. agent is the network element. The agent will store information in a management information base (MIB). A SNMP device or agent may belong to more than one SNMP community. servers. Agent .A program at devices that can be set to watch for some event and send a trap message to a management station if the event occurs SNMP community .Cyberoam User Guide SNMP Simple Network Management Protocol (SNMP) is used as the transport protocol for network management. The Cyberoam appliance supports SNMPv1. printer) that runs the network management software.An SNMP community is the group that devices and management stations running SNMP belong to. SNMP collects information two ways. SNMP v1 and v2c compliant SNMP managers have read-only access to Cyberoam system information and can receive Cyberoam traps. The manager uses UDP port 161 to send requests to the agent and the agent uses UDP port 162 to send replies or messages to the manager. The agent is the software on the network element (host. Agents can reply and report events. Network management consists of a station or manager communicating with network elements such as hosts. The manager can ask for data from the agent or set variable values in the agent. In other words. or printers. if SNMP agent is installed on the devices: • • The SNMP management station/Manager will poll the network devices/agents Network devices/agents will send trap/alert to SNMP management station/Manager. SNMP allows network administrators to monitor the status of the Cyberoam appliance and receive notification of critical events as they occur on the network. SNMP terms • • • Trap . The community name is used to identify the group.An alert that is sent to a management station by agents. router. The Cyberoam appliance 44/280 . It helps define where information is sent. The tables below list the names of the MIB fields and describe the status information available for each one. The Webcat version installed on the Cyberoam Appliance The antivirus definition version installed on the Cyberoam Appliance The antispam definition version installed on the Cyberoam Appliance The IDP signature definition version installed on the Cyberoam Appliance System MIB fields MIB field (sysStatus) cyberoamOpMode systemDate cpuPercentageUsage diskCapacity diskUsage memoryCapacity memoryPercentageUsage swapCapacity swapPercentageUsage haMode liveUsers httpHits ftpHits pop3Hits (mailHits) Description The Cyberoam appliance Transparent or Bridge Current date The hard disk capacity (MB) The current hard disk usage (MB) The memory capacity (MB) The current memory utilization (as a percent). The current Cyberoam High-Availability (HA) mode (standalone. Cyberoam supports following read-only MIB objects/fields: Cyberoam Appliance MIB fields MIB field (sysInstall) applianceKey applianceModel cyberoamVersion wabcatVersion avVersion asVersion idpVersion Description Appliance key number of the Cyberoam Appliance in use Appliance model number of the Cyberoam Appliance in use The Cyberoam version currently running on the Cyberoam Appliance. The custom Cyberoam MIB is available for download from the Cyberoam Web site and can be loaded into any third-party SNMP management software. logged on users in Cyberoam Total HTTP hits Total TTP hits Total POP3 hits operation mode – The current CPU usage (as a percent) 45/280 . You can view more details about the information available from all Cyberoam MIB fields by compiling the cyberoam.e.Cyberoam User Guide replies to SNMP Get commands for MIB via configured interface and supports a custom Cyberoam MIB for generating trap messages.mib file into your SNMP manager and browsing the Cyberoam MIB fields. The swap capacity (MB) The current swap utilization (as a percent). A-P) The current live connected users i. The Cyberoam MIB contains fields that report current Cyberoam Appliance status information. Cyberoam User Guide imapHits (mailHits) smtpHits (mailHits) pop3Service (serviceStats) imapService (serviceStats) smtpService (serviceStats) ftpService (serviceStats) httpService (serviceStats) avService (serviceStats) asService (serviceStats) dnsService (serviceStats) haService (serviceStats) IDPService (serviceStats) analyzerService (serviceStats) snmpService (serviceStats) License MIB fields MIB field (sysLicesne) appRegStatus (liAppliance) appExpiryDate (liAppliance) supportSubStatus (lisupport) supportExpiryDate (lisupport) avSubStatus (liAntiVirus) supportExpiryDate (liAntiVirus) asSubStatus (liAntiSpam) supportExpiryDate (liAntiSpam) idpSubStatus (liIdp) supportExpiryDate (liIdp) asSubStatus Total IMAP hits Total SMTP hits The current status of POP3 service The current status of IMAP service The current status of SMTP service The current status of FTP service The current status of HTTP service The current status of AntiVirus service The current status of AntiSpam service The current status of DNS The current status of HA The current status of IDP service The current status of Analyzer The current status of SNMP Description Current Registration status of Cyberoam Appliance Expiry date of the Cyberoam Appliance. if Appliance is the Demo Appliance Current subscription status for Cyberoam Support Subscription Expiry date for Cyberoam Support. if subscribed Current subscription status for AntiVirus module Subscription Expiry date for AntiVirus module. if subscribed Current subscription status for AntiSpam module Subscription Expiry date for AntiSpam module. if subscribed Current subscription status for Web and Application 46/280 . if subscribed Current subscription status for IDP module Subscription Expiry date for IDP module. The configuration details include name. Disk usage exceed 90 % High Memory usage i. Use SNMPv3 user page to add. Cyberoam supports SNMPv1 and SNMPv2c protocols. managing and deleting the communities for protocols SNMPv1 and SNMPv2c. CPU usage exceed 90 % High Disk usage i. description.e.Cyberoam User Guide (liWebcat) supportExpiryDate (liWebcat) Alert MIB fields MIB field (sysAlerts) highCpuUsage highDiskUsage highMemUsage httpVirus (avAlerts) smtpVirus (avAlerts) pop3Virus (avAlerts) imap4Virus (avAlerts) ftpVirus (avAlerts) linkToggle (dgdAlerts) idpAlert1 (idpAlerts) synFlood (dosAlerts) tcpFlood (dosAlerts) udpFlood (dosAlerts) icmpFlood (dosAlerts) Filter module Subscription Expiry date for Web and Application Filter module. The community page is used for adding. Agent configuration page is used to configure agent name.e. Agent Configuration Use Agent configuration page to configure SNMP agents. memory usage exceed 90 % HTTP virus detected by Cyberoam SMTP virus detected by Cyberoam POP3 virus detected by Cyberoam IMAP virus detected by Cyberoam FTP virus detected by Cyberoam Change of link status (up or down) IDP alert DoS attack – SYN flood detected by Cyberoam DoS attack – TCP flood detected by Cyberoam DoS attack – UDP flood detected by Cyberoam DoS attack – ICMP flood detected by Cyberoam Use SNMP to configure agent. go to System → SNMP → Agent Configuration. location. contact person.e. agent port and manager port. 47/280 . To configure agents. manage and delete v3 users. agent port and the contact person for the program. if subscribed Description High CPU usage i. community and the SNMPv3 users. Cyberoam will use this port to send traps. The port number cannot be changed. Each Community can support SNMPv1. Table – Agent Configuration screen elements Manager Port Community Community is a group of SNMP Managers and SNMP Agent may belong to one or more than one community.Cyberoam User Guide Screen – Agent Configuration Screen Elements Name Description Location Contact Person Agent Port Description Name to identify the agent Agent Description Physical location of the Cyberoam appliance. Click OK to delete the Community. To delete multiple Communities. A dialog box is displayed asking you to confirm the deletion. Contact information of the person responsible for the maintenance of above specified Cyberoam appliance. Edit Edit – Click the Edit icon Community pop-up window is displayed which has the same parameter as the Add Community window. select them and click the Delete button. • 48/280 . SNMPv2c or both. Delete – Click the Delete icon in the Manage column against a community to be deleted. To configure communities. Default port number: 161 Remote SNMP Management station/Manager will use this port to connect to the Cyberoam appliance. You must specify a trap version for each community. Cyberoam sends traps to all the communities. Agent will not respond to the requests from management stations that does not belong its communities. You can: • • • Add View in the Manage column against the Community to be modified. go to System → SNMP → Community. in the Screen – Add Community 49/280 . Screen – Manage Communities Description Add a new community Name of the community IP address of the SNMP Manager that can use the settings in the SNMP community to monitor Cyberoam Configured SNMP protocol version support v1 or v2c. go to System → SNMP → Community. Configured trap support. Traps will be sent to the SNMP Managers who support the specified versions only Edit the Community Delete the Community Alternately.v1 or v2c. Click the Add button to add a new community. Table – Manage Communities screen elements Screen Elements Add Button Name Source Protocol Version Trap Edit Icon Delete Button Community Parameters To add or edit a community. To update the details. go to System → SNMP → Community.Cyberoam User Guide Manage Communities To manage communities. click on the Community or Edit icon Manage column against the community you want to modify. click the Delete icon against the community you want to delete. Click OK to delete the v3user. SNMP v1 and v2c compliant SNMP managers have read-only access to Cyberoam system information and can receive Cyberoam traps. select them and click the Delete button. Edit v3 Edit – Click the Edit icon User window is displayed which has the same parameter as the Add v3 user window. Community description. To delete multiple v3 users. go to System → SNMP → v3 User. Only the authenticated user can request the information. A Delete – Click the Delete icon dialog box is displayed asking you to confirm the deletion. You can: • • • • Add View in the Manage column against the v3 user to be modified. Table – Add Community screen elements Trap V3 User SNMP version 3 has the capability of using authentication.Cyberoam User Guide Screen Elements Name Description Source Protocol Version Description Name to identify the community. To manage v3 users. go to System → SNMP → v3 User. in the Manage column against a v3 user to be deleted. IP address of the SNMP Manager that can use the settings in the SNMP community to monitor Cyberoam. Traps will be sent to the SNMP Managers who support the specified versions only. Enable the required version for trap support. Manage v3 Users To manage v3 users. Enable the required SNMP protocol version support. Screen – Manage v3 Users Screen Elements Add Button User Name Edit Icon Delete Button Description Add a new v3 user Name of the v3 user Edit the v3 user Delete the v3 user 50/280 . click on the v3 user or Edit icon against the v3 user you want to modify. Click the Add button to add a new v3 user. click the Delete icon against the v3 user you want to delete. in the Manage column Screen – Add v3 User Screen Elements Name Password Confirm Password Description Name to identify the v3 user. Password for authentication Confirm password for authentication Table – Add v3 User screen elements 51/280 . Table – Manage v3 users screen elements V3 User Parameters To add or edit a v3 user.Cyberoam User Guide Alternately. To update the details. go to System → SNMP → v3 User. 9. Graph displays the percentage wise CPU and Memory usage. maximum. shows minimum. These graphs are same as displayed in Utility wise graphs. Load Average and Interface usage Info.Graph shows past two hour’s CPU usage in percentage. They are regrouped based on the time interval.Cyberoam User Guide System Graph Use System Graph to view Graphs pertaining to System related activities for different time intervals. Last two hour CPU Usage . It also displays load average and traffic statitistics on each interface. Live Graphs Live graphs allow Administrator to monitor the usage of resources of the last two hours. Graphs displays the memory used. Screen – Last two hour CPU usage X axis – Minutes Y axis – % use Legends Blue Color – CPU used by Users Orange Color – CPU used by System Green Color – CPU Idle time 10.Graph shows past two hour’s memory usage in percentage. In addition. Last two hour Memory Usage . 52/280 . Memory usage Info. Average and Current CPU usage. CPU usage Info. free memory and total memory available. Graphs can be viewed Utilities wise or period wise. Period wise graph will display following graphs for the selected period: Live Graph. Last two hour Load Average . Screen – Last two hour Load Average usage X axis – Time interval (minutes) Y axis – % use 53/280 . shows minimum.Cyberoam User Guide Screen – Last two hour Memory usage X axis – Time interval (minutes) Y axis – Memory used in Giga bytes Legends Orange Color – Memory used Green Color – Free Memory Black Color – Total Memory 3. maximum.Graph shows past two hour’ s average load on the system. Average and Current load. In addition. Collisions occurred while transmiting and receiving packets through the Interface 54/280 .Graph shows past two hour’ s following traffic statistics for all the Interfaces: a. Last two hour traffic statistics on each Interface . Packets dropped while transmiting and receiving packets through the Interface d. Errors occurred while transmiting and receiving packets through the Interface c. Bits received and transmitted through Interface b.Cyberoam User Guide Legends Blue Color – One minute Orange Color – Five minutes Green Color – Fifteen minutes 4. Cyberoam User Guide Screen – Last two hour Interface Usage 55/280 . Yesterday 3. Current 2.Cyberoam User Guide X axis – Time interval (minutes) Y axis – kbits/sec Legends Orange Color – Bits Received Green Color – Bits Transmitted Dark Blue Color – Received Errors Light Blue – Bits Transmitted but Dropped Red Color – Collisions Dark green Color – Transmitted Errors Yellow – Bits Received but Dropped CPU Info graphs CPU Info graphs allow Administrator to monitor the CPU usage by the Users and System components. Usage graphs can be viewed for: 1. Current Week 4. Current Month 5. Current Year Screen – Today’s CPU usage X axis – Hours Y axis – % use Legends 56/280 . Average and Current CPU usage by User and System and CPU Idle time. Graphs display percentage wise minimum. maximum. Current 2. Graphs display the average load on the System at the interval of one minute.Cyberoam User Guide Blue Color – CPU used by Users Orange Color – CPU used by System Green Color – CPU Idle time Memory Info graphs Memory Info graphs allow Administrator to monitor the Memory usage. five minute. Current Month 5. Current Week 4. Current Year Screen – Today’s Memory usage X axis – Hours Y axis – Memory used in Mega bytes Legends Orange Color – Memory used Green Color – Free Memory Black Color – Total Memory Load Average graphs Load Average graphs allow Administrator to monitor the load on the System. and fifteen minutes. Graphs displays the memory used. free memory and total memory available. Memory usage graphs can be viewed for: 1. Yesterday 3. 57/280 . 0 is considered as Critical for the System. Current Year Screen – Today’s Load Average usage X axis – Hours Y axis – Load average on the System Legends Blue Color – Average load at one minute Green Color – 5 minutes Orange Color – 15 minutes Interface Info graphs Interface Info graph displays following information for all the Interfaces: 1. Yesterday 3. Current day 2.Cyberoam User Guide Load Average of 1. Collisions occurred while transmiting and receiving packets through the Interface 58/280 . Current Month 5. Errors occurred while transmiting and receiving packets through the Interface 3. Bits received and transmitted through Interface 2. Current Week 4. Packets dropped while transmiting and receiving packets through the Interface 4.0 is considered as Normal while above 1. Load average graphs can be viewed for: 1. Weekly Graph is plotted at the average of 15 minutes. Monthly Graph is plotted at the average of 6 Hours Yearly Graph is plotted at the average of 1 Day 59/280 .Cyberoam User Guide Screen – Today’s Interface usage X axis – Duration Y axis – KBits/Sec Legends Orange Color – Bits Received Green Color – Bits Transmitted Dark Blue Color – Received Errors Light Blue – Bits Transmitted but Dropped Red Color – Collisions Dark green Color – Transmitted Errors Yellow – Bits Received but Dropped Note Today and Yesterday Graphs are plotted at the average of 5 minutes. user. View the list of Captured Packets Screen – View Captured Packets 60/280 . To capture information about dropped packets. You can: • • • • Configure Capture Filter – Click the Configure Button to configure general settings for capturing the packets. It will provide connection details and details on which module is dropping packets e. Clear – Click the Clear Button to clear the details of the packets captured.g. IPS along with information like firewall rule number. Display Filter – Click the “Display Filter” Button to specify the filter conditions for the packets.Cyberoam User Guide Packet Capture Packet capture displays dropped packets details on the specified interface. go to System → Packet Capture → Packet Capture. firewall. This will help Cyberoam administrators to troubleshoot errant firewall rules. Web and Application Filter policy number etc. View – Click on the packet to view the packet information. While the packet capturing is on.168.2 and port 137 Configure Capture Filter Configure Button Capture filter can be configured through following parameters: • Number of Bytes to Capture (per packet) • Wrap Capture Buffer Once Full • Enter BPF String Refer to Configure Capture Filter for more details. you would have to manually clear the buffer for further use.2048 KB Captured packets fill the buffer up to a size of 2048 KB. Capture Filter – There are various filter conditions for capturing the packets. Ether Type. Source IP Address of the packet Destination IP Address of the packet Type of Packet – ARP Request or UDP Source and Destination ports Firewall Rule ID Packet Status: Incoming. Consumed or Generated Reason for packet being dropped.packet capturing is on . For example.Cyberoam User Guide Screen Elements Packet Capture Description Displays following capturing configuration: Trace On Trace Off . if the buffer used exceeds the stipulated buffer size. Log can be filtered as per the following criteria: Interface Name. Start/Stop packet capturing Refresh the list of packets captured Clear Button is to clear the buffer Packet capture time Interface from which packet is coming Interface to which packet is sent Ether Type – IP or ARP EtherType is a field in an Ethernet frame.packet capturing is off. The BPF String is used for filtering the packet capture. It is used to indicate the protocol encapsulated in the Ethernet frame. Destination Port Refer to Display Filter for more details.host 192. Buffer Size : 2048 KB Buffer used : 0 . dst] Rule ID Status Reason 61/280 . Violation. Destination IP. Source IP.1. Packet Type. Source Port. In such a case. packet capturing stops automatically. if it is dropped Display Filter Button Start/Stop Button Refresh Button Clear Button Time In Interface Out Interface Ether Type Source IP Destination IP Packet Type Ports [src. Capture Filter . Forwarded. 1 net 10.10.0 dst net 10. Enable ‘Wrap Capture Buffer Once Full’ checkbox to Specify BPF string BPF (Berkeley Packet Filter) sits between link-level driver and the user space.10. For example. It includes a machine abstraction to make the filtering efficient. Screen – Configure Capture Filter Screen Elements Number of Bytes to Capture (per packet) Wrap Capture Buffer Once Full Enter BPF String Description Specify the number of bytes to be captured per packet.168.10.10.10.10.10.1 dst host 10. BPF is protocol independent and use a filterbefore-buffering approach.0 src net 10. host 192. Table – Captured Packets screen elements Configure Capture Filter Capture Filter page allows configuration of number of bytes to be captured per packet.10.2 and port 137 Refer to BPF String Parameters for filtering specific packets.1. Packet Information in Hex & ASCII values.10.10.Cyberoam User Guide Packet Information Hex & ASCII Detail Packet Information including header details and Cyberoam entities including firewall rules & policies.10.0 62/280 .1 src host 10.10. Table – Capture Filter screen elements BPF String Parameters How to drop packets of the specific host specific source host specific destination host specific network specific source network specific destination network Example host 10. It is used to indicate the protocol encapsulated in the Ethernet frame. Specify source IP and port number Specify destination IP and port number Table – Display Filter screen elements Packet Type Source IP & Port Destination IP & Port 63/280 .10.1 and port 21 host 10. proto TCP. source IP address & destination IP address. ether type. Select the Ethernet Type: IP or ARP EtherType is a field in an Ethernet frame. Select the packet type used from the list for filtering packets.10.10. Screen – Configure Display Filter Screen Elements Interface Name Ether Type Description Select the physical interface from the list for filtering packets log. proto UDP .Cyberoam User Guide specific port specific source port specific destination port specific host for the particular port the specific host for all the ports except SSH specific protocol particular interface specific port of a particular interface port 21 src port 21 dst port 21 host 10. ARP packet-capture interface eth1 packet-capture interface eth1 ‘port 21’ Display Filter Display Filter page restricts the packet capturing to specific type of packets only.10.1 and port not 22 proto ICMP. There are other filtering conditions such as the type of interface. 168. makes it easier to change addresses and increases readability. To PART 64/280 . you only need to make changes in a single location. By using hosts instead of numerical addresses.168. it allows to create a single entity called “Internal Mail Server” as a Host name with an IP address of 192. To configure IP Host. All Days. or QoS policy will be in effect for example. virtual host.Cyberoam User Guide Objects • • • • • 5 Objects are the logical building blocks of various policies and rules. the numbers of hosts equal to the ports in the Appliance are already created. Access to services are allowed or denied through firewall rules. Using Hosts reduces the error of entering incorrect IP addresses. network and MAC addresses.1. rather than in each configuration where the IP address appears. which include: host – IP. IPSec. MAC Host represents Ethernet MAC addresses. Work Hours file types – defining web filter policy. Object – IP Host represents various types of addresses. For example. Rather than repeated use of the IP address while constructing firewall rules or NAT Policies. They are used in defining firewall rules. Search in the Manage column against an IP Host to be deleted. an internal Mail Server with an IP address 192. Host Groups are used for grouping IP Hosts and thereby common policies can be applied on the hosts in a group. SMTP scanning rules certificates – VPN policies Hosts IP Host is a logical building block used in defining of firewall rules. virtual host and NAT policy. Edit IP Edit – Click the Edit icon Host window is displayed which has the same parameter as the Add IP Host window. A Delete – Click the Delete icon dialog box is displayed asking you to confirm the deletion.1. IP Host Hosts allow entities to be defined once and be re-used in multiple referential instances throughout the configuration. “Internal Mail Server” can then be easily selected in any configuration screen that uses Hosts as a defining criterion. Access time policy. You can: • • • • • Add View in the Manage column against the IP Host to be modified. Click OK to delete the IP Host. By default.15. Web filter policy. schedule to control when the firewall rule.15. NAT policy. including IP addresses. go to Objects → Hosts → IP Host. This host. DNS service for TCP protocol on 53 port. Application filter policy. L2TP and VPN policies services which represent specific protocol and port combination for example. networks. Note System hosts cannot be updated or deleted.##ALL_RW. ##ALL_SSLVPN_RW cannot be updated or deleted. Dynamic hosts which are automatically added on creation of VPN Remote access connections cannot be updated or deleted. Default hosts that are created for remote access connection . click the Delete icon against the host you want to delete. Alternately. ##ALL_SSLVPN_RW. ##WWAN1.Cyberoam User Guide delete multiple IP Hosts. ##WWAN1. ##ALL_IPSEC_RW. Network. Manage IP Hosts To manage IP hosts. select them and click the Delete button.##ALL_RW. Screen – Manage IP Host Screen Elements Add Button Host Name Host Type Description Add a new IP Host Name of the IP Host Type of IP Hosts Single or Range of IP. Table – Manage IP Host screen elements Address Detail Edit Icon Delete Button List also displays dynamic hosts which are automatically added on creation of VPN Remote access connections (IPSec and SSL) and the default hosts that are automatically created for remote access connection . ##ALL_IPSEC_RW. go to Objects → Hosts → IP Host. list of assorted IP addresses Configured IP addresses for the host Edit the IP Host Delete the IP Host. 65/280 . Available options: • Single IP address • Network IP address with subnet • IP Range • IP list to add assorted IP addresses. in the Manage column against Screen – Add IP Host Screen Elements Name Type Description Name to identify the IP Host. Select the type of host. To update the details. Create IP list when you want to create single firewall rule for multiple IP address. IP addresses can be added or removed from IP list. You can also add IP Host Group from the IP Host page itself. IP Address Host Group Table – Add IP Host screen elements 66/280 . host group membership. Click the Add button to add a new host. click on the host or Edit icon the host you want to modify. Specify IP Address based on the Host Type selected. which are not in a range.Cyberoam User Guide IP Host Parameters To add or edit an IP host. Select host group i. go to Objects → Hosts → IP Host. Please note only Class B IP addresses can be added in IP list.e. Use comma to specify assorted multiple IP addresses. Single host can be member of multiple host groups. 67/280 . All the IP addresses that are in the specified range of IP addresses.1.1.1.1.168. You can: • • • Add View in the Manage column against the IP Host Group to be modified. • Note Dynamic host groups which are automatically added on creation of VPN Remote access connections cannot be updated or deleted. if the search string is 192.8 falling in this range will be displayed. For example.Cyberoam User Guide Search IP Host Click the Search icon in the Address Detail column to search for specific IP address. starts with and contains. For example. all the IP addresses like 1.1. To configure host groups. Edit – Click the Edit icon Edit IP Host Group pop-up window is displayed which has the same parameters as the Add IP Host Group window.10. if the search string is 192.5 or 1. all the addresses exactly matching the string will be displayed. Screen – Search Address Detail Search Criteria is equal to Search Results All the IP addresses that exactly match with the IP address specified in the criteria. all the addresses starting with the number 192 will be displayed. All the IP addresses that starts with the specified criteria. Table – Search Address Detail screen elements starts with contains IP Host Group Host group is a grouping on hosts. For example.1.2-1.1. Firewall rule can be created for the individual host or host groups. A dialog box is displayed asking you to confirm the deletion.1. IP address can be searched on the following criteria: is equal to.1. To delete multiple IP Host Groups. Delete – Click the Delete icon in the Manage column against an IP Host Group to be deleted.1. if the search string is 1. go to Objects → Hosts → IP Host Group. Click OK to get the search results and Clear button to clear the results. Click OK to delete the IP Host Group. select them and click the Delete button. click the Delete icon against the host group you want to delete. Screen – Manage IP Host Group Screen Elements Add Button Name Description Edit Icon Delete Button Description Add a new IP Host Name of the IP Host Group Description of the Host Group Edit the IP Host Group Delete the IP Host Group Alternately.Cyberoam User Guide Manage IP Host Groups To configure host groups. To update the details. go to Objects → Hosts → IP Host Group. in the Screen – Add IP Host Group 68/280 . Click the Add button to add a new host group. click on the host group or Edit icon Manage column against the host group you want to modify. go to Objects → Hosts → IP Host Group. Table – Manage IP Host Group screen elements IP Host Group Parameters To add or edit a host group. go to Objects → Hosts → MAC Host. go to Objects → Hosts → MAC Host.Cyberoam User Guide Screen Elements Name Description Select Host Description Name to identify the IP Host group. Click the checkbox to select the hosts. Table – Add IP Host Group screen elements MAC Host To configure MAC Host. Table – Manage MAC Host screen elements 69/280 . select them and click the Delete button. • • Manage MAC Host To manage MAC hosts. click the Delete icon against the host you want to delete. To delete multiple MAC Hosts. A Delete – Click the Delete icon dialog box is displayed asking you to confirm the deletion. Edit Edit – Click the Edit icon MAC Host pop-up window is displayed which has the same parameters as the Add MAC Host window. Search in the Manage column against a MAC Host to be deleted. You can: • • • Add View in the Manage column against the MAC Host to be modified. Screen – Manage MAC Host Screen Elements Add Button Host Name Host Type Address Detail Edit Icon Delete Button Description Add a new MAC Host Name of the MAC Host Type of MAC Hosts – single or multiple Configured MAC Addresses Edit the MAC Host Delete the MAC Host Alternately. Single host can be a member of multiple host groups. IP Host Group description 'Host' List displays all the hosts including default hosts. Click OK to delete the MAC Host. All the selected hosts are moved to 'Selected host' list. Cyberoam User Guide MAC Host Parameters To add or edit a MAC host. Select the MAC Host Type. Table – Add MAC Host screen elements MAC Address Search MAC Host Host MAC Address in the Address Detail column to search for specific MAC addresses. starts with and contains. To update the details. Screen – Search MAC Address Detail Search Criteria is equal to Search Results All the MAC addresses that exactly match with the MAC 70/280 . Click the Add button to add a new host. Available options: • MAC Address – Single MAC address • MAC list – Multiple MAC addresses Specify MAC Address based on the Host Type selected in the form of 00:16:76:49:33:CE Use comma to configure multiple addresses. click on the host or Edit icon the host you want to modify. go to Objects → Hosts → MAC Host. Click the Search icon MAC address can be searched on the following criteria: is equal to. in the Manage column against Screen – Add MAC Host Screen Elements Host Name Host Type Description Name to identify the MAC Host. Click OK to get the search results and Clear button to clear the results. For example. all the MAC hosts not containing the string “Test” are displayed. For example. only MAC hosts with the name exactly matching “Test” are displayed. containing the string are displayed. All the MAC addresses that contain the string specified in the criteria. if the search string is Test. starts with contains Screen – Search MAC Host Search Criteria is Search Results All the MAC hosts that exactly match with the string specified in the criteria. if the search string is 10. Hosts can be searched on the following criteria: is. if the search string is BC. All the MAC hosts that contain the string specified in the criteria. All the MAC addresses that starts with the specified search criteria. Click OK to get the search results and Clear button to clear the results. Table – Search MAC Address Detail screen elements MAC Host Name Click the Search icon to search for specific MAC hosts. starting with the number 10 will be displayed. if the search string is Test. all the MAC hosts containing the string “Test” are displayed. For example. all the addresses like 10:15:18:A1:BC:22. Table – Search MAC Host screen elements is not contains 71/280 . contains and does not contain. if the search string is Test. all the addresses exactly matching the string will be displayed. if the search string is Test. All the users/user groups that do not match with the string specified in the criteria. For example. all MAC hosts except with the name exactly matching “Test” are displayed.Cyberoam User Guide address specified in the criteria. all the MAC addresses like 10:15:18:A1:BC:22. if the search string is 10:11:13:17:A1:BC. For example. does not contain All the MAC hosts that do not contain the string specified in the criteria. is not. For example. For example. • Note Service used by firewall rule cannot be deleted Manage Service To manage services. Cyberoam provides several standard or default services and allows creating: • • Custom service definitions Firewall rule for custom service definitions To manage and configure services. ICMP or UDP as well as protocol-related options such as port numbers. To delete multiple services. Edit Edit – Click the Edit icon service pop-up window is displayed which has the same parameters as the Add service window in the Manage column against a service to be deleted. you can add them as custom services. Default services cannot be updated or deleted. These predefined services are defaults. Services are definitions of certain types of network traffic and combine information about a protocol such as TCP.View the details of default and custom services. and cannot be updated or deleted. 72/280 .Cyberoam User Guide Services Services represent types of Internet data transmitted via particular protocols or applications. go to Objects → Services → Services. If you require service definitions that are different from the predefined services. A Delete – Click the Delete icon dialog box is displayed asking you to confirm the deletion. Click OK to delete the service. go to Objects → Services → Services. Protect your network by configuring firewall rules to • • • block services for specific zone limit some or all users from accessing certain services allow only specific user to communicate using specific service Certain well-known traffic types have been predefined in services. select them and click the Delete button. Service allows you to identify traffic based on the attributes of a given protocol. You can use services to determine the types of traffic allowed or denied by the firewall. in the Manage column against the service to be modified. You can: • • • Add View . click the Delete icon against the service you want to delete. protocol number or ICMP type and code based on the protocol selected.Manage Service screen elements Service Parameters To add or edit a service. go to Objects → Services → Services. in the Manage column 73/280 . Click the Add button to add a new service. click on the service or Edit icon against the service you want to modify.Cyberoam User Guide Screen – Manage Service Screen Elements Add Button Name Protocol Details Edit Icon Delete Button Description Add a new Service Name of the Service Protocol used for the service Details of the ports. Alternately. Edit the service Delete the service. Table . To update the details. Available options: • TCP/UPD – Enter Source and Destination port. icon Table . A service group can contain default services as well as custom services in any combination. You can enter multiple ports for the same service. • ICMP – Select ICMP Type and Code. Use to configure firewall rules to: • • • block group of services for specific zone limit some or all users from accessing group of services allow only specific user to communicate using group of service To make it easier to add firewall rules. You can: • Add 74/280 .e. A service can be member of multiple groups i. service can be included in multiple service groups.Cyberoam User Guide Screen . Click Add icon to add multiple source and destination ports and to delete the ports. remove icon • IP – Select Protocol Number for the service. Click Add to add ICMP type and ICMP code and remove icon to delete the parameters.Add Service Screen Elements Name Service Type Description Name to identify the Service Select a protocol for the service. To manage service groups. go to Objects → Services → Service Group. Click Add icon to add multiple protocols and remove icon to delete the protocols.Add Service screen elements Service Group Service Group is a grouping of services. You can enter multiple types and codes for the same service. Custom and default services can be grouped in a single group. create groups of services and then add one firewall to allow or block access for all the services in the group. You can select multiple ports for the same service. 75/280 . go to Objects → Services → Service Group. To update the details. click the Delete icon against the service group you want to delete. Delete – Click the Delete icon A dialog box is displayed asking you to confirm the deletion. • • Note You cannot delete default Service Groups. go to Objects → Services → Service Group. select them and click the Delete button. Manage Service Group To manage service groups. Search in the Manage column against a Service Group to be deleted. Table – Manage Service Group screen elements Service Group Parameters To add or edit a service group. click on the service group or Edit icon in the Manage column against the service group you want to modify. Click the Add button to add a new service group.Cyberoam User Guide • • View in the Manage column against the Service Group to be modified. To delete multiple Service Groups. Service group assigned to firewall rule cannot be deleted. Click OK to delete the Service Group. Screen – Manage Service Group Screen Elements Add Button Name Description Edit Icon Delete Button Description Add a new Service Group Name of the Service Group Description of the Service Group Edit the service group Delete the service group Alternately. Edit – Click the Edit icon Edit Service Group pop-up window is displayed which has the same parameter as the Add Service Group window. Table – Add Service Group screen elements Search Service Group Click the Search icon in the Name column to search for specific Service group name. is not. contains. Single service can be member of multiple groups.Cyberoam User Guide Screen – Add Service Group Screen Elements Group Name Description Select Service Description Name to identify the Service Group Service Group Description ‘Service List’ displays all the services including default services. You can also search for a particular service. Screen – Search Service Group Search Criteria Search Results 76/280 . Click the checkbox to select the service. does not contain. All the selected services are moved to the 'Selected Service’ list. Click OK to get the search results and Clear button to clear the results. Address can be searched on the following criteria: is. if the search string is Test. For example. For example. All the service groups that do not match with the string specified in the criteria.Cyberoam User Guide is All the service groups that exactly match with the string specified in the criteria. all the service groups containing the string “Test” are displayed. if the search string is Test. all the service groups not containing the string “Test” are displayed. All the service groups that do not contain the string specified in the criteria. For example. only service groups with the name exactly matching “Test” are displayed. all service groups except with the name exactly matching “Test” are displayed. For example. All the service groups that contain the string specified in the criteria. if the search string is Test. Table – Search Service Group screen elements is not contains does not contain 77/280 . if the search string is Test. go to Objects → Schedule → Schedule. in the Manage column against a Schedule to be deleted. Work hours (6 Day week). Types of Schedules: • • Recurring – use to create policies that are effective only at specified times of the day or on specified days of the week.use to create firewall rules that are effective once for the period of time specified in the schedule. Screen – Manage Schedule 78/280 .Cyberoam User Guide Schedule Schedule defines a time schedule for applying firewall rule or Internet Access policy i. You can: • • • Add View in the Manage column against the Schedule to be modified. One-time . All Time on Weekdays. Cyberoam provides following pre-defined schedules and can be applied to firewall rules and various policies: Work hours (5 Day week). Edit Edit – Click the Edit icon Schedule pop-up window is displayed which has the same parameter as the Add Schedule window. All Time on Weekends.e. Manage Schedule To manage schedules. To delete multiple Schedules. • Note Schedule assigned to firewall rule or any policies. Click OK to delete the Schedule. All Days 10:00 to 19:00.cannot be deleted. select them and click the Delete button. One time schedule can be implemented through firewall only. used to control when firewall rules or Internet Access policies are active or inactive. A Delete – Click the Delete icon dialog box is displayed asking you to confirm the deletion. To manage schedules. All Time on Sunday. go to Objects → Schedule → Schedule. Cyberoam User Guide Screen Elements Add Button Name Type Description Edit Icon Delete Button Description Add a new Schedule Name of the Schedule Type of Schedule – Recurring or One Time Description of the Schedule Edit the Schedule Delete the schedule Alternately. Click the Add button to add a new schedule. To update the details. click the Delete icon against the schedule you want to delete. It cannot be applied to any of the policies but can be implemented through firewall rule only 79/280 . click on the schedule or Edit icon column against the schedule you want to modify. in the Manage Screen – Add Schedule Screen Elements Name Description Type Description Name to identify the Schedule Specify Schedule Description Select “Schedule Type” Available Options: • Recurring – use to create access time policies that are effective only at specified times of the day or on specified days of the week • One Time – use to create firewall rules that are effective once for the period of time specified in the schedule. go to Objects → Schedule → Schedule. Table – Manage Schedule screen elements Schedule Parameters To add or edit a schedule. Stop time cannot be greater than start time.Specify Start and Stop date. select the days of the week and specify time for the schedule to be active. This is applicable for the one time schedule only. Also. Table – Add Schedule screen elements 80/280 .Cyberoam User Guide • Start & End Date . You can use these or even create new categories to suit your needs. You can: • • • Add View in the Manage column against the File Type Category to be Edit – Click the Edit icon modified. time of day. go to Objects → File Type → File Type. Cyberoam provides five default File Type categories which cannot be modified or deleted and also allows to add custom file types if required. Edit File Type pop-up window is displayed which has the same parameters as the Add File Type window. Custom file type category is given priority over default category while allowing/restricting the access and is implemented through Web Filter policy. • Note Category used by Web filter policy cannot be deleted Manage File Type Categories To manage file type categories. To delete multiple File Type Categories. For example. For your convenience. in the Manage column against a File Type Category to be Delete – Click the Delete icon deleted. individual user. Click OK to delete the File Type Category. go to Objects → File Type → File Type. and many other criteria. 81/280 . Cyberoam allows filtering Internet content based on file extension. you can restrict access to particular types of files from sites within an otherwise-permitted category. Cyberoam provides several default File Types categories. A dialog box is displayed asking you to confirm the deletion. Depending on the organization requirement.Cyberoam User Guide File Type File type is a grouping of file extensions. allow or deny access to the categories with the help of policies by groups. select them and click the Delete button. To manage file type categories. Cyberoam User Guide Screen – Manage File Type Category Screen Elements Add Button Name File Extensions Description Edit Icon Delete Button Description Add a new File Type Category Name of the File Type Category File types included in Category Description of the File Type Category Edit the File Type Category Delete the File Type Category Alternately. To update the details. Screen – Add File Type Category 82/280 . Table – Manage File Type Category screen elements File Type Category Parameters To add or edit a file type category. go to Objects → File Type → File Type. Click the Add button to add a new file type category. click on the file type category or Edit icon in the Manage column against the file type category you want to modify. click the Delete icon against the file type category you want to delete. bmp. For example. File Type Category Description Table – Add File Type Category screen elements Description 83/280 . jpeg.Cyberoam User Guide Screen Elements Name File Extensions Description Name to identify the File Type Category Specify the file extensions to be included in the category. Multiple extensions can be entered using comma. which can be used in various VPN policies. If you are using third party CA. To manage certificates. you have to submit a request to CA for issuing a certificate. revoking. You can: • Add – You can add two types of certificates as: Third Party Certificate and Self Signed Certificate. This way it is possible to verify that a public key really belongs to the communicating party only and not forged by someone with malicious intentions. you have to generate a self-signed certificate. downloading and deleting certificates. This eliminates the need of having your own certificate authority. which can be used in various VPN policies. If you are using Cyberoam as CA. • • • • • Manage Certificates To manage certificates. in the Manage column against a Certificate. Certificate page allows you to generate self-signed certificate. If you are using Cyberoam as CA. you have to upload to use it in VPN policy. To use Certificates for authentication with Cyberoam in various VPN policies. Click OK to delete the Certificate. which involve updating and regenerating. you have to submit a request to CA for issuing a certificate. you have to generate a self-signed certificate. You can also use Cyberoam to act as a certificate authority and sign its own certificates. If you are using third party CA. You can use Cyberoam to act as a certificate authority and sign its own certificates. in the Manage column against the Certificate to be modified. Once CA issues a certificate. A dialog box is Delete – Click the Delete icon displayed asking you to confirm the deletion. Certificates are generated by the third party trusted CA. This eliminates the need of having your own certificate authority. go to Objects → Certificate → Certificate. Edit Edit – Click the Edit icon Certificate window is displayed which has the same parameters as the Add Certificate window. you must have valid CA and a certificate. Revoke – Click to revoke self signed certificate if lost. They create certificates by signing public keys and identify the information of the communicating parties with their own private keys. Once CA issues a certificate. To delete multiple certificates.Cyberoam User Guide Certificate A digital certificate is a document that guarantees the identity of a person or entity and is issued by the Certificate Authority (CA). you have to upload to use it in VPN policy. You need to upload CA if you are using external CA. You also need to upload the certificate. stolen or updated. CA will verify the details and then send the signed certificate. View Download – Click to download the self signed certificate or CSR. 84/280 . you have to submit the request to CA. go to Objects → Certificate → Certificate. This page also allows you to manage certificates. If you are using third party CA. select them and click the Delete button. upload certificate or generate certificate signing request. Edit the Certificate details Delete the Certificate Alternately.self signed or certificate signing request (CSR) or Upload (third party certificate) Select to download Certificate or CSR. go to Objects → Certificate → Certificate. stolen or updated. Revoked certificate is automatically added to the Certificate Revocation List (CRL). You can download revoked certificate and circulate if required. To update the details. Click the Add button to add a new certificate. click the Delete icon against the certificate you want to delete.If the Certificate Authority is available in Cyberoam.If the Certificate Authority is not available in Cyberoam. in the 85/280 . .Cyberoam User Guide Screen – Manage Certificate Screen Elements Add Button Name Valid From Valid Up To Certificate Authority Description Add a new Certificate Name of the Certificate Valid activation date for the certificate Certificate expiry date Certificate Authority if applicable. Select to revoke self signed certificate if lost. Type Download Icon Revoke Icon . Table – Manage Certificate screen elements Edit Icon Delete Button Certificate Parameters To add or edit a certificate. click on the certificate or Edit icon Manage column against the certificate you want to modify. Certificate Type . Cyberoam User Guide Screen – Add Certificate (Upload Certificate) Screen – Add Certificate (Generate Self Signed Certificate) Screen – Add Certificate (Generate Certificate Signing Request Certificate) 86/280 . Password must be at least 10 characters long. period up to which the certificate will be considered as valid. Validity period is the certificate life i. Use Browse to select the complete path Generate Self Signed Certificate Certificate Name Name to identify the certificate. Re-enter password for confirmation Specify certificate ID. Minimum validity period is one day. the less chance that it will be compromised but requires more time to encrypt and decrypt data than smaller keys. IP address. period up to which the certificate will be considered as valid. the less chance that it will be compromised but requires more time to encrypt and decrypt data than smaller keys. Valid Up To Specify certificate validity period using Calendar. Valid Up To Specify certificate validity period using Calendar. Minimum validity period is one day. Password for a Certificate used for authentication Re-enter password for confirmation Specify certificate to be uploaded. Generally the larger the key. You can specify any one of the Key Length Password Confirm Password Certificate ID 87/280 . Select key length. DER ASN1 DN/X.509 (applicable when Authentication Type is Digital Certificate) Key Length Password Confirm Password Certificate ID Once the certificate is created. Re-enter password for confirmation Specify certificate ID. Password must be at least 10 characters long. Select key length. Key length is the number of bits used to construct the key. Password for a Certificate used for authentication. Use Browse to select the complete path Private Key Specify private key for the certificate. Generally the larger the key. Generate Certificate Signing Request Certificate Name Name to identify the certificate.e.Cyberoam User Guide Screen Elements Actions Upload Certificate Certificate Name Password Confirm Password Certificate Description Name to identify the Certificate. Key length is the number of bits used to construct the key. Email address.e. You can specify any one of the following: DNS. Validity period is the certificate life i. Password for a Certificate used for authentication. you need to download and send this certificate to the remote peer with whom the connection is to be established. you can upload it for use in VPN. After your CA has issued a certificate or have local certificate. you are not required to upload CA in Cyberoam: • VeriSign 88/280 . Using this CA. DER ASN1 DN/X. Email address. Specify your organization name. This domain will be certified to use the Certificate. this would be the name of the state/province where Cyberoam is installed. such as VeriSign. CA is responsible for revoking the certificate. In case private key is lost or stolen or the information is changed. Use unique Domain name only Specify Common Name. Using Third Party CA involves uploading: • • • CA and root certificate Certificate CRL (Certificate Revocation List) If the remote peer is using certificate issued by the following 3rd party CA. this would be the name of the Locality where Cyberoam is installed. Select the Locality for which the Certificate will be used.Cyberoam User Guide Country following: DNS. Generally. CA also maintains the list of valid and revoked certificates. Select the State/Province for which the Certificate will be used. Additionally. the communicating parties need to have a copy of the CA’s public key. Use unique Domain name only Specify your department/unit name. signed by commercial providers. This domain will be certified to use the Certificate. Specify Email address Table – Add Certificate screen elements State/Province Locality Organization Organization Unit Common Name Email Address Certificate Authority Cyberoam provides a facility to generate a local certificate authority as well as import certificates. you can generate self-signed certificate and use it in VPN policy. Generally. Generally.509 (applicable when Authentication Type is Digital Certificate) Select the Country for which the Certificate will be used. Each communicating party may be required to present its own certificate signed by a CA verifying the ownership of the corresponding private key. which will use this certificate and domain name. A certificate signed by a Certificate Authority (CA) identifies the owner of a public key. which will use this certificate and domain name. IP address. You can use Cyberoam’s default CA and can modify and re-generate it as per your requirement if you are not using any external CA. this would be the name of the country where Cyberoam is installed. go to Objects → Certificate → Certificate Authority. click the Delete icon against the certificate authority you want to delete. Click OK to delete the Certificate Authority. go to Objects → Certificate → Certificate Authority. Screen – Manage Certificate Authority Screen Elements Add Button Name Local Edit Icon Delete Button Description Add a new Certificate Authority Name of the Certificate Authority Whether CA is local or third party Edit the Certificate Authority Delete the Certificate Authority Alternately. click Download button to download the certificate Authority. in the Manage column against a Certificate Authority. • Download – Click the Edit icon in the Manage column against the Default Certificate Authority to modify the certificate authority. Note Default CA will be regenerated automatically when it is updated.Cyberoam User Guide • • Entrust Microsoft To manage Certificate Authorities. To delete multiple certificate Authorities. • Manage Certificate Authorities To manage certificate authorities. You can: • • • Add View in the Manage column against the Certificate Authority to be Edit – Click the Edit icon modified. A Delete – Click the Delete icon dialog box is displayed asking you to confirm the deletion. Table – Manage Certificate Authority screen elements 89/280 . Once the details are modified. Edit Certificate Authority window is displayed which has the same parameters as the Add Certificate Authority window. select them and click the Delete button. and private key are stored in separate files. 90/280 . go to Objects → Certificate → Certificate Authority. • DER: A binary format for encoding certificates. Alternately. use Browse button to select the path. Specify full path from where the certificate is to be uploaded. Table – Add Certificate Authority screen elements Authority Name Default CA Parameters To edit default certificate authority. in the Manage column against the certificate authority you Screen – Add Certificate Authority Screen Elements Authority Name Certificate Format Description Name to identify the Certificate Authority Select format of the root certificate to be uploaded Available options: • PEM (Privacy Enhanced Mail): A format encoding the certificate in ASCII code. Click on the default certificate to update and regenerate the default certificate. request. The certificate. The certificate. To update the details. go to Objects → Certificate → Certificate Authority.Cyberoam User Guide Note You cannot delete default CA. Click the Add button to add a new certificate authority. request. and private key are stored in separate files. Certificate Authority Parameters To add or edit a certificate authority. click on the certificate authority or Edit icon want to modify. Select the State/Province for which the Certificate will be used. Specify Email address Password for a Certificate Authority Re-enter password for confirmation Table – Default Certificate Authority screen elements State/Province Locality Organization Organization Unit Common Name Email Address CA Password Confirm Password 91/280 . which will use this certificate and domain name. Select the Locality for which the Certificate will be used. Use unique Domain name only Specify Common Name. Generally this would be the name of the state/province where Cyberoam is installed. Generally this would be the name of the country where Cyberoam is installed. This domain will be certified to use the Certificate. This name cannot be changed Select the Country for which the Certificate will be used. Specify your organization name.Cyberoam User Guide . Use unique Domain name only. Generally this would be the name of the Locality where Cyberoam is installed. Specify your department/unit name. This domain will be certified to use the Certificate. Screen – Default Certificate Authority Screen Elements Authority Name Country Description Default. which will use this certificate and domain name. hence it is necessary to update the CRL at regular interval. Go to Objects → Certificate → Certificate Authority and click Default. VPN connection cannot be established using revoked certificates. To delete multiple Certificate Revocation list. select them and click the Delete button. in the Manage column against the Certificate Revocation list. To manage CRL. Click Download to download the zip file. lost or updated are revoked by CA and CA publishes such revoked certificates in Revocation list. Certificates which are stolen. You can: • • • • Add View Download – Click Download button to download CRL.Cyberoam User Guide Download Certificate Authority If you are using local CA. Certificate Revocation List (CRL) tab is a way to check the validity of an existing certificate. It will display details of the default CA. Click OK to delete the Certificate Revocation list. Delete – Click the Delete icon A dialog box is displayed asking you to confirm the deletion. go to Objects → Certificate → CRL. Table – Manage Certificate Revocation List screen elements Add Certificate Revocation List If you are using External Certificate Authority. Certificate Revocation List CA maintains the list of valid and revoked certificates. you need to upload the CRL obtained from External 92/280 . Manage Certificate Revocation List Screen – Manage CRL Screen Elements Add Button CRL Name Local Download Delete Button Description Add a new Certificate Revocation list Name of the Certificate Revocation list Whether CA is local or third party Download the Certificate Revocation list Delete the Certificate Revocation list Alternately. click the Delete icon against the CRL you want to delete. you need to download CA and forward to the remote peer. Select Objects → Certificate → CRL and to view the list of CRLs. Use Browse to select the complete path Table – Add Certificate Revocation List screen elements Download CRL Cyberoam creates the Default CRL with name Default.crl. It downloads the tar file.Cyberoam User Guide Certificate Authority. Once you revoke the certificate. the details of the revoked certificate are added to the default file and regenerated. untar the file to check the details. Screen – Add Certificate Revocation List Screen Elements Authority Name Certificate Description Name to identify the Certificate Revocation list Specify CRL file to be uploaded. 93/280 . Click “Download” link against the default CRL. You can download and distribute if required. If virtual subinterfaces are configured for VLAN implementation. Note PART 94/280 . Status – If PPPoE connection is established. Zone and Zone Type . If virtual subinterface is configured for the physical interface. This menu covers how to configure your Cyberoam to operate in your network. Edit virtual subinterface page is displayed which has the same parameters as the Add virtual subinterface window. Alias cannot be created for the Virtual Subinterface. go to Network → Interface → Interface. Virtual subinterface configuration can be updated or deleted. zone membership of port. You can: • Update Physical Interface/Port details – The default Physical interface can only be updated. If PPPoE is configured. in the Manage column against the Alias to be modified. • • • • • • Update Wireless WAN Connection – Wireless WAN is the default interface along with other physical interfaces. WAN port will be displayed as the PPPoE Interface. Basic network settings include configuring Cyberoam interfaces and DNS settings.Physical interfaces/ports are available on Cyberoam. it is also displayed beneath the physical interface. More advanced configuration includes adding VLAN subinterfaces and custom zones to the Cyberoam network configuration.Cyberoam User Guide Network 6 Network establishes how Cyberoam connects and interacts with your network and allows configuring network specific settings. It also describes how to use DHCP to provide convenient automatic network configuration for your clients. they are nested and displayed beneath the physical interface. Edit Edit Alias – Click the Edit icon Alias page is displayed which has the same parameters as the Add Alias window. View Add Alias – Click to configure alias IP address for the physical interface. in the Manage column against the IP address and Click the Interface Name or Edit icon netmask of physical interface to be modified.Displays port to zone relationship i.e. if the device is supported in Cyberoam. Add VLAN interface in the Manage column against the virtual Edit VLAN interface – Click the Edit icon subinterface to be modified. Interface Use Network → Interface to view port wise network (physical interface) and zone details. Interface . Basic network settings include configuring Cyberoam interfaces and DNS settings. It also describes how to use DHCP to provide convenient automatic network configuration for your clients. status will be displayed as “Connected” To manage interfaces. Cyberoam User Guide Updating Interface will also remove all its dependent configurations including: Interface Zone Binding, DNS, Gateway, Interface Based Hosts, VLAN Interfaces, Dynamic DNS. Stops the DHCP Server to update the details. It needs to be manually restarted. Disconnects all tunnels and updates all the VPN Policies. Tunnels need to be manually reconnected. • • Toggle Drill Down icon - Click the physical interface. icon to view the virtual subinterfaces defined for the said in the Manage column against a virtual subinterface or Alias Delete – Click the Delete icon to be deleted. A dialog box is displayed asking you to confirm the deletion. Click OK to delete the virtual subinterface or Alias. To delete multiple virtual subinterfaces or Aliases, select them and click the Delete button. A virtual subinterface cannot be deleted, if virtual subinterface is member of any zone or a firewall rule is defined for the virtual subinterface. Note Deleting Interface will also remove all its dependent configurations including: Interface Zone Binding, DHCP Server or Relay, Interface Based Firewall Rule, ARP – Static and Proxy, Virtual Hosts, Virtual Host based Firewall Rules, Interface based Hosts and References from Host Groups, Unicast and Multicast Routes. Manage Interfaces - Physical, Aliases & Virtual Subinterfaces To manage interfaces, go to Network → Interface → Interface. Screen – Manage Interface Screen Elements Add Alias Button Add VLAN Button Name Status Description Add a new Alias. Add a new Virtual Subinterface. Interface Name. Ports in case of Physical Interfaces & WWAN name in case of wireless WAN connection. Interface connection status Available Options: Connected, Unplugged or Disabled. IP Assignment type – Static, PPPOE, DHCP or Wireless Modem. IP Address and the Netmask MAC Address selected. Type of Zone the interface or subinterface is bound to. IP Assignment IP/ Netmask MAC Address Zone Name 95/280 Cyberoam User Guide MTU MSS Interface Speed Edit Icon Delete Button Configured Maximum Transmission Unit Maximum Segment size specified Configured Interface Speed Edit the Interface, Alias or Virtual Subinterface. Delete the Alias or Virtual Subinterface. Alternately, click the Delete icon against the alias or subinterface you want to delete. Table – Manage Interface screen elements Edit Physical Interface Go to Network → Interface → Interface. Click the Interface Name or Edit icon Manage column against the interface you want to modify. in the Screen – Edit Physical Interface Screen Elements Physical Interface Description Physical Interface e.g. Port A, Port B It cannot be modified Select Zone to which Interface belongs To unbind, select “None” Select IP Assignment type. Available Options: Network Zone IP Assignment 96/280 Cyberoam User Guide • Static – Static IP Addresses are available for all the zones • PPPOE – PPPOE is available only for WAN Zone. If PPPoE is configured, WAN port will be displayed as the PPPoE Interface. • DHCP – DHCP is available only for WAN Zone. Specify IP Address Specify Network Subnet mask. Enable to override appliance DNS and use DNS received from the external DHCP server This option is available only for WAN Zone and when IP assignment is configured as DHCP Configure primary and secondary DNS server IP address For “Static” IP assignment - Specify the gateway name and IP address through which the traffic is to be routed. For “PPPoE” IP assignment – Specify PPPoE account user name and password, Access Concentrator name, Service name, LCP Echo Interval, LCP failure attempts. Cyberoam will initiate only those sessions with Concentrator, which can provide the specified service. Access IP Address Netmask Obtain DNS from Server Primary & Secondary DNS Gateway Detail (Only when Network Zone is “WAN”) LCP Echo Interval It is time to wait before sending echo request to check whether the link is alive or not. Default – 20 seconds LCP failure Cyberoam will wait for the LCP echo request response for the LCP Echo interval defined after every attempt. It declare PPPoE link as closed if it does not receive response after defined number of attempts. Default – 3 attempts Advanced Settings Interface Speed Select Interface speed for synchronization. Speed mismatch between Cyberoam and 3rd party routers and switches can result into errors or collisions on interface, no connection or traffic latency, slow performance. Available options: Auto Negotiated 10 Mbps - Full duplex 10 Mbps - Half duplex 100 Mbps - Full duplex 100 Mbps - Half duplex 1000 Mbps - Full duplex 1000 Mbps - Half duplex Default - Auto Negotiate Specify MTU value (Maximum Transmission Unit) MTU is the largest physical packet size, in bytes, that a network MTU 97/280 Cyberoam User Guide can transmit. This parameter becomes an issue when networks are interconnected and the networks have different MTU sizes. Any packets larger than the MTU value are divided (fragmented) into smaller packets before being sent. Default - 1500 Input range - 576 to 1500 Click to override default MSS. MSS defines the amount of data that can be transmitted in a single TCP packet. Default value is 1460 Input range - 576 to 1460 Table – Edit Physical Interface screen elements Override MSS Note A new dynamic IP address will be leased to the PPPoE Interface, each time a new PPP session is established with Access Concentrator. IP address in Firewall rules will automatically change when the new IP address is leased. If multiple gateways are defined then IP address in the failover condition will automatically change when the new IP address is leased. As IP address to PPPoE interface is assigned dynamically: Network Configuration from CLI Console will not display the PPPoE interface configuration. You will not be able to change the IP address of the PPPoE interface from CLI Console using Network Configuration. Alias Parameters Alias allows to configure multiple IP addresses onto a physical interface. It is another name for the interface that will easily distinguish this interface from other interfaces. To add or edit an alias, go to Network → Interface → Interface. Click the Add button to add a new alias. To update the details, click on the alias name or Edit icon column against the alias you want to modify. in the Manage Screen – Add Alias 98/280 Cyberoam User Guide Screen Elements Physical Interface Alias Description Select Physical Interface for which Alias is to be added. Select type of IP address to be assigned to Alias Available options: • Single • Range Specify IP address Select the network subnet mask Table – Add Alias screen elements IP address Netmask VLAN A LAN is a local area network and is defined as all devices in the same broadcast domain. Routers stop broadcasts while switches just forward them. VLAN is a virtual LAN. In technical terms, VLAN is a broadcast domain configured on switch on a port-by-port basis. Normally, it is a router that creates a broadcast domain but with VLANs, a switch can create the broadcast domain. VLAN allow you to segment your switched network so that broadcast domains are smaller, leaving more bandwidth for your end nodes. Devices that are in one VLAN can communicate with each other but cannot communicate with the devices in another VLAN. The communication among devices on a VLAN is independent of the physical network. For devices on different VLANs to communicate, a layer 3 device (usually a router) must be used. A VLAN segregates devices by adding 802.1Q VLAN tags to all of the packets sent and received by the devices in the VLAN. VLAN ID/tags are 4-byte frame extensions that contain a VLAN identifier as well as other information. Advantages • • • • Increased Port density Logical segmentation of Network irrespective of physical placement Granular security on heterogeneous LANs Improved Network throughput as VLAN confines broadcast domain Cyberoam and VLAN support Cyberoam support VLANs for constructing VLAN trunks between an IEEE 802.1Q-compliant switch or router and the Cyberoam Appliances. Normally, the Cyberoam Appliance internal interface connects to a VLAN trunk on an internal switch, and the external interface connects to an upstream Internet router. Cyberoam can then apply different policies for traffic on each VLAN that connects to the internal interface. In a typical VLAN configuration, 802.1Q-compliant VLAN layer-2 switches or layer-3 routers add VLAN IDs to packets. Packets passing between devices in the same VLAN can be handled by layer-2 switches. Packets passing between devices in different VLANs must be handled by a layer3 device such as router or layer-3 switch. 99/280 Traffic from each domain is given a different VLAN ID. including zone membership. interface for the WAN zone. Cyberoam adds VLAN IDs to packets leaving a VLAN interface or remove VLAN IDs from incoming packets and add a different VLAN IDs to outgoing packets. Cyberoam can also apply authentication. VLAN Interface Parameters To add or edit VLAN interfaces. a single Cyberoam appliance can provide security services and control connections between multiple domains. access rule controls. Screen – Add VLAN Interface 100/280 .e. go to Network → Interface → Interface. which are logical interfaces nested beneath a physical interface/port. Cyberoam can recognize VLAN IDs and apply security policies to secure network between domains. You add virtual interfaces to the Cyberoam’s internal interface that have VLAN IDs matching the VLAN IDs of packets in the VLAN trunk. Cyberoam supports up to 4093 interfaces.Cyberoam User Guide Cyberoam appliance functions as a layer-3 device to control the flow of packets between VLANs. such as the Internet. and firewall rule features for network. Cyberoam then directs packets with VLAN IDs to interfaces with matching VLAN IDs. Using VLANs. Click Add VLAN Button to add a new VLAN interface or Edit Icon to modify the details of the VLAN interface. You can define virtual interfaces on all the Cyberoam interfaces except the external interface i. Every unique VLAN ID requires its own virtual interface. Cyberoam can also remove VLAN IDs/tags from incoming VLAN packets and forward untagged packets to other networks. security services. and spam scanning. various policies. VLAN support on Cyberoam is achieved by means of virtual interface. routing. virus. Virtual interface has most of the capabilities and characteristics of a physical interface. This option is available only for WAN Zone and when IP 101/280 . Enable to override appliance DNS and use DNS received from the external DHCP server. Netmask Obtain DNS from Server Specify subnet mask for the interface. the virtual subinterface will not receive the VLAN tagged traffic. IP Assignment Select IP Assignment type. Specify VLAN ID. you can add virtual subinterfaces with the same VLAN ID to different physical interface. Virtual subinterface created will remain unused until it is included in a zone. Virtual subinterfaces added to the same interface cannot have the same VLAN ID. Select a Zone to assign to the virtual subinterface. IP Address Specify IP address for the interface. Virtual subinterface will be the member of the selected zone. physical VLAN ID However. Zone Note Zone membership can be defined at the time of defining virtual subinterface or later whenever required. Virtual subinterface will be the member of selected physical Interface/Port. Only static IP address can be assigned. DMZ or custom zone. WAN port will be displayed as the PPPoE Interface. One can also create a custom zone for Virtual subinterface and Virtual subinterface can be the member of this custom zone Virtual subinterface cannot be the member of WAN zone.Cyberoam User Guide Screen Elements Physical Interface Description Select parent Interface for the virtual subinterface. Available Options: • Static – Static IP Addresses are available for all the zones • • PPPOE – PPPOE is available only for WAN Zone. • • DHCP – DHCP is available only for WAN Zone. The interface VLAN ID can be any number between 2 and 4094. The VLAN ID of each Virtual subinterface must match the VLAN ID of the packet. Virtual subinterface can be the member of LAN. Only static IP address can be assigned and Subnet ID should be unique across all the physical/virtual subinterfaces. If PPPoE is configured. If the IDs do not match. Cyberoam User Guide Primary & Secondary DNS Gateway Detail (Only when Network Zone is “WAN”) assignment is configured as DHCP Configure primary and secondary DNS server IP address For “Static” IP assignment - Specify the gateway name and IP address through which the traffic is to be routed. For “PPPoE” IP assignment – Specify PPPoE account user name and password, Access Concentrator name, Service name, LCP Echo Interval, LCP failure attempts. Cyberoam will initiate only those sessions with Access Concentrator, which can provide the specified service. LCP Echo Interval It is time to wait before sending echo request to check whether the link is alive or not. Default – 20 seconds LCP failure Cyberoam will wait for the LCP echo request response for the LCP Echo interval defined after every attempt. It declare PPPoE link as closed if it does not receive response after defined number of attempts. Default – 3 attempts Table – Add VLAN Interface screen elements If custom zone is created for Virtual subinterface, two default firewall rules for the zone are automatically created depending on zone type of the custom zone. For example, if the zone type for the virtual subinterface is LAN, 2 default firewall rules under Virtual subinterface to WAN zone are automatically created based on the default LAN to WAN zone firewall rules. Zone A Zone is a logical grouping of ports/physical interfaces and/or virtual subinterfaces if defined. Zones provide a flexible layer of security for the firewall. With the zone-based security, the administrator can group similar ports and apply the same policies to them, instead of having to write the same policy for each interface. Default Zone Types LAN – Depending on the appliance in use and network design, Cyberoam allows to group one to six physical ports in this zone. Group multiple interfaces with different network subnets to manage them as a single entity. Group all the LAN networks under this zone. By default the traffic to and from this zone is blocked and hence the highest secured zone. However, traffic between ports belonging to the same zone will be allowed. DMZ (DeMilitarized Zone) - This zone is normally used for publicly accessible servers. Depending on the appliance in use and network design, Cyberoam allows to group one to five physical ports in this zone. WAN - This zone is used for Internet services. It can also be referred as Internet zone. VPN - This zone is used for simplifying secure, remote connectivity. It is the only zone that does 102/280 Cyberoam User Guide not have an assigned physical port/interface. Whenever the VPN connection is established, port/interface used by the connection is automatically added to this zone and on disconnection; port is automatically removed from the zone. Like all other default zones, scanning and access policies can be applied on the traffic for this zone. Local – Entire set of physical ports available on the Cyberoam appliance including their configured aliases are grouped in LOCAL zone. In other words, IP addresses assigned to all the ports fall under the LOCAL zone. To manage zones, go to Network → Interface → Zone. You can: • • • Add - Cyberoam provides single zone of each type i.e. LAN, WAN and DMZ. These are called System Zones. Administrator can add LAN and DMZ zone types. View in the Manage column against the zone to be modified. Edit zone Edit – Click the Edit icon page is displayed which has the same parameters as the Add zone window. VPN and Local zones cannot be updated. in the Manage column against a server to be deleted. A Delete – Click the Delete icon dialog box is displayed asking you to confirm the deletion. Click OK to delete the server. To delete multiple servers, select them and click the Delete button. • Manage Zones To manage zones, go to Network → Interface → Zone. Screen – Manage Zones Screen Elements Add Button Name Interface Type Appliance Access Description Edit Icon Delete Button Description Add a new Zone. Name of the Zone. Physical interface bound to the zone. Type of Zone selected – LAN, WAN, DMZ, Local or VPN. Name of access activated under a zone. Zone Description Edit the Zone Delete the Zone. Alternately, click the Delete icon against the zone you want to delete. Table – Manage Zones screen elements 103/280 Cyberoam User Guide Zone Parameters To add or edit a zone, go to Network → Interface → Zone. Click the Add button to add a custom zone. To update the details, click on the zone or Edit icon against the zone you want to modify. in the Manage column Screen – Add Zones Screen Elements Name Type Description Name to identify the zone Select Zone Type – LAN, DMZ Available Options: • LAN – Depending on the appliance in use and network design, Cyberoam allows to group one to six physical ports in this zone. Group multiple interfaces with different network subnets to manage them as a single entity. Group all the LAN networks under this zone. By default the traffic to and from this zone is blocked and hence the highest secured zone. However, traffic between ports belonging to the same zone will be allowed. • DMZ (DeMilitarized Zone) - This zone is normally used for publicly accessible servers. Depending on the appliance in use and network design, Cyberoam allows to group one to five physical ports in this zone. By default, entire traffic will be blocked except LAN to Local zone service likes Administration, Authentication, and Network. Member Ports 'Port' List displays all the ports. 104/280 Cyberoam User Guide Click the checkbox to select the ports. All the selected ports are moved to 'Selected port' list. You can also search for a particular port. Appliance Access defines the type of administrative access permitted on zone. Admin Services – Enable Administrative Services that should be allowed through Zone • HTTP – Allow HTTP connection to the Web Admin console through this zone • HTTPS – Allow secure HTTPS connection to the Web Admin console through this zone • Telnet – Allow Telnet connection to CLI through this zone • SSH – Allow SSH connection to CLI through this zone Authentication Services – Enable Authentication Services that should be allowed through Zone • Windows/Linux Clients • Web Client Network Services – Enable Network Services that should be allowed through Zone • DNS – Allow this zone to respond to DNS requests • PING – Allow this zone to respond to pings Other Services – Enable other Services that should be allowed through Zone • Web Proxy • SSL VPN Appliance Access Note SSL VPN service is not available for Cyberoam CR15i models. Table – Add Zones screen elements Note If DMZ uses private IP address, use NATing to make them publicly accessible. It is not possible to add zone if Cyberoam is deployed as Bridge. Local and VPN zone cannot be updated or deleted. 105/280 Cyberoam User Guide Wireless WAN Wireless WAN is wide area network (WAN) for data that is typically provided by the cellular carriers to transmit a wireless signal over a range of several miles to a mobile device. WWAN connectivity allows a user with a laptop and a WWAN support to use the web, or connect to a VPN from anywhere within the regional boundaries of cellular service. They are popularly known as "wireless broadband". To configure WWAN: 1. Enable WWAN from CLI with command: cyberoam wwan enable 2. Re-login to Web Admin console 3. Configure WWAN Initialization string and gateway from Network → Wireless WAN → Settings page • • • • • • • Once WWAN is enabled from CLI, a default interface named WWAN1 is created with the default IP address 0.0.0.0 and is the member of the WAN zone. As WWAN interface is a member of WAN zone: All the services enabled for the WAN zone from the Appliance Access page are automatically applicable on WWAN1 connection too. All the firewall rules applied on WAN zone will be applied on WWAN interface A default host named ##WWAN1 is created and firewall rule and VPN policies can be created for the default host. WWAN1 gateway is added as Backup gateway When the Wireless WAN is disabled from CLI, Wireless WAN menu, default host ##WWAN1and WWAN gateway options will be removed from Web Admin Console. Note Wireless WAN is not supported in Bridge Mode. DHCP Server configuration is not supported for WWAN interface. If Cyberoam backup is taken from a system where WWAN is enabled and restored on a system where it is not enabled, WWAN configuration would still be visible. Status The page displays the status of the Wireless WAN connection. Along with details of the WWAN connection, the page also provides the facility to connect and disconnect the WWAN connection. View Connection Status To view and manage WWAN connection, go to Network → Wireless WAN → Status. 106/280 Status of the Connection.Cyberoam User Guide Screen – WWAN Status Screen Elements Connect/Disconnect Button Status Description Click the button to connect or disconnect the WWAN connection. Configure WWAN Connection To configure WWAN connection. Good. Format: HH:MM::SS Table – WWAN Status screen elements Signal Strength IP Address Gateway IP Bytes Uploaded Bytes Downloaded Time Duration Settings The page allows configuration of Wireless WAN connection. This process may take some time. Very Good. Available Options: • Connected • Connected as Explicit Gateway • Disconnected • Connecting… • Device not supported. Point to the Signal strength icon to know the connection strength Options: Excellent. go to Network → Wireless WAN → Settings. Low IP address assigned to the device IP address assigned as the gateway Number of Bytes uploaded (in KB) Number of Bytes downloaded (in KB) Time period since WWAN is connected. • Device not found. Status messages can be of following types. 107/280 . strings should be entered in proper order. • Manual Dial & Backup Gateway . • Auto Dial & Backup Gateway – When auto-dial is configured and gateway is added as backup. Cyberoam automatically connects to the ISP and this gateway takes part in Load balancing as per the weight configurations.When auto-dial is configured and gateway is added as Active.When Manual Dial is Dial 108/280 . on the event of failover. cyberoam auto-dials to the ISP and all the traffic passes through that Wireless WAN link. Cyberoam does not automatically connect to ISP. Administrator needs to initiate dial action. There can be more than one string and in such case. • Manual Dial & Active Gateway – When manual dial is configured and gateway is added as Active.Cyberoam User Guide Screen – WWAN Settings Screen Elements General Settings Interface Name Phone Number User Name Password Initialization String Description Name of the interface Specify Phone number for connection Specify Username for the connection Specify Password Specify initialization string for the specific wireless modem. Types of Dialing of WWAN connection Available Options: • Auto Dial & Active Gateway . Select number of times redial should be attempted. Backup gateway will take over and traffic will be routed through the backup gateway only when the selected gateway fails.60 seconds Hold Down time is the time before the backup gateway stops working. Cyberoam will select gateway for load balancing. Range: 1 . Cyberoam distributes traffic across links in proportion to the ratio of weights assigned to individual link. Action on Activation Hold Down Time 109/280 .Backup gateway will take over and traffic will be routed through the backup gateway only when the Default gateway fails. This weight determines how much traffic will pass through a particular link relative to the other link. Configure weight for the backup gateway. • If Any Gateway Fails – Backup gateway will take over and traffic will be routed through backup gateway when any of the active gateways fail. once the Active gateway resumes after failure. When more than two gateways are configured and one gateway goes down. Available Options: • If Default Gateway Fails .Backup gateway will take over and traffic will be routed through backup gateway when all the configured active gateways fail. Only then. the traffic is switched over to the available gateways according to the ratio of the weights assigned to the available gateways. Select “Inherit weight of the failed active gateway” if you want Backup gateway to inherit the parent gateway’s (Active gateway) weight or select “User pre-configured weight” and specify weight. Name to identify the Gateway Specify IP Address of the Gateway Specify Type of Gateway: Active or Backup Depending on the weight. Cyberoam does not automatically connect the ISP. • If ALL the Gateways Fail . Admin needs to go to the Web Console and perform the "Connect" action. This weight determines how much traffic will pass through a particular link relative to the other link. This delay in time is configured for cases when the active gateway connection is not stable.Cyberoam User Guide Redial Tries Gateway Settings Gateway Name Gateway IP Address Type Active Gateway Weight configured and gateway is added as backup. Specify the Hold Down time (in seconds). traffic passes through Wireless WAN interface. on event of failover. Cyberoam distributes traffic across links in proportion to the ratio of weights assigned to individual link. Backup Gateway Activate This Gateway Select Gateway Activation Condition Dropdown will list all the configured gateways. Any packets larger than the MTU value are divided (fragmented) into smaller packets before being sent. that a network can transmit. in bytes.576 to 1500 MSS defines the amount of data that can be transmitted in a single TCP packet.576 to 1460 Table – WWAN Settings screen elements MSS 110/280 . Default .1500 Input range .Cyberoam User Guide Other Settings MTU Specify MTU value (Maximum Transmission Unit) MTU is the largest physical packet size. Default value is 1460 Input range . This parameter becomes an issue when networks are interconnected and the networks have different MTU sizes. You can change this configuration any time and configure additional gateways. Optimal utilization of all the gateways is also necessary. Designed to provide business continuity for an organization of any size. Capable of automatic failover in the event of link failure. At the time of installation. Cyberoam supports only one gateway. By default. communication with outside Network is not possible. traffic is routed through Active gateway Backup – Routes the traffic only when active gateway fails Weight Weight assigned to the Gateway and used for load balancing. Cyberoam’s Multilink Manager helps assure that your network is always connected to the Internet.Cyberoam User Guide Gateway Gateway routes traffic between the networks and if gateway fails. Gateway Name Name of the Gateway assigned at the time of installation. Gateway IP Address IP address of the Gateway assigned at the time of installation. you even have an option to control which 111/280 . DSL and cable connections from one or multiple Internet service providers. By default. all the gateways defined through Network Configuration Wizard will be defined as “Active” gateway. But simply adding one more gateway is not an end to the problem. You can use Multi Link Manger to configure multiple gateways for load balancing and failover. Cyberoam provides a powerful solution for routing and managing traffic across multiple Internet connections. Administrators can set weight and define how the traffic should be directed to providers to best utilize their bandwidth investments. T3s. Cyberoam’s Multilink Manager optimizes the use of multiple Internet links. to cope with gateway failure problems. such as T1s. However. Cyberoam also provides an option for supporting multiple gateways. Cyberoam gives you an option to configure multiple WAN interfaces to allow to connect Cyberoam appliance to more than one Internet Service Provider (ISP). you configured the IP address for a default gateway through Network Configuration Wizard. Cyberoam Multi Link Manger provides link failure protection by detecting the dead gateway and switching over to the active link and also provides a mechanism to balance traffic between various links. Ethernet Port Gateway/WAN port Gateway Type Active – By default. When you configure multiple external interfaces. Weight determines how much traffic will pass through a particular link relative to the other link. Gateway failover Gateway failover provides link failure protection i. Cyberoam employs weighted round robin algorithm for load balancing to enable maximum utilization of capacities across the various links. If more than one link is configured as backup link. To achieve WAN failover between multiple links: • • • • Configure links in Active-Backup setup define Active gateway/interface define Backup gateway/interface – traffic through this link is routed only when active interface is down define failover rule In the event of Internet link failure. The transition is seamless and transparent to the end user with no disruption in service i.e.e. How it works Load balancing is determined by the load metric i. traffic is distributed among the links in the ratio of the weights assigned to them. Backup gateway can inherit the parent gateway’s (Active gateway) weight or can be 112/280 . Weight can be selected based on: • • Link capacity (for links with different bandwidth) Link/Bandwidth cost (for links with varying cost) Weighted load balancing feature enables Network Managers to optimize network traffic and balance the load between multiple links/interfaces. define gateways as Active Assign appropriate weight to each gateway. This safeguard helps provide uninterrupted.Cyberoam User Guide interface an outgoing packet uses. Administrator can set weight and define how the traffic should be directed to providers to best utilize their bandwidth investments.e. It distributes traffic among various links. Cyberoam distributes traffic across links in proportion to the ratio of weights assigned to individual link. the Multilink Manager automatically sends traffic to available Internet connections without administrator intervention.e. Each link is assigned a relative weight and Cyberoam distributes traffic across links in proportion to the ratio of weights assigned to individual link. no downtime. optimizing utilization of all the links to accelerate performance and cut operating costs. the traffic is switched over to the active link. Load Balancing Load balancing is a mechanism that enables balancing traffic between various links. On failover. weight. Using link load balancing provides organizations a way to achieve: • • • • Traffic distribution that does not overburden any link Automatic ISP failover Improved User performance because of no downtime Increased bandwidth scalability To achieve outbound traffic load balancing between multiple links: • • configure links in active-active setup i. continuous Internet connectivity to users. This weight determines how much traffic will pass through a particular link relative to the other link. when one link goes down. Screen – Manage Gateway Screen Elements Name IP address Interface Type Activate on Failure of Weight Description Gateway Name IP Address of Gateway Ethernet Port number selected as Interface Type of Gateway – Active or Backup Activation condition. In other words. Edit • Manage Gateways To manage gateways. if Gateway is configured as Backup Gateway. Edit Failover Rules – Click the Edit icon Gateway page is displayed through which you can configure Failover rules. Cyberoam regularly checks the health of a given connection. weight that is configured will be displayed.Cyberoam User Guide configured. zero will be displayed when inactive Status Edit Icon Gateway Failover Timeout Configuration or Deactive Status of Gateway – Active Edit the Gateway Configure Gateway Failover timeout in seconds. traffic is again routed through the Active gateway. You can: • • View in the Manage column against the Gateway. go to Network → Gateway → Gateway. 113/280 . assuring fast reconnection when Internet service is restored. go to Network → Gateway → Gateway. Weight assigned to the Gateway. For backup gateway. Gateway Failback During a link failure. To update gateway details. without the administrator’s intervention. When the connection is restored and gateway is up again. in the Manage column against the Gateway to be modified. backup gateway fails back on Active gateway. This is the time period for which Cyberoam waits before the Gateway Failover occurs. For active gateway. Edit – Click the Edit icon Gateway page is displayed. Failover Rules can only be configured when there are two or more Gateways. Click the Edit icon in the Manage column against the Gateway to be modified.1-3600 seconds Table – Manage Gateway screen elements Gateway Parameters To edit a gateway. Screen – Edit Gateway (Active Gateway) Screen – Edit Gateway (Backup Gateway) Screen Elements Name IP Address Interface Type Description Gateway Name Specify IP Address Specify Ethernet port number as Interface Specify Gateway Type.Cyberoam User Guide Default time . Available Options: • Active – Default gateway • Backup – A gateway that can be used in an 114/280 .60 seconds Input Range . go to Network → Gateway → Gateway → Edit. Edit Gateway page is displayed. This weight determines how much traffic will pass through a particular link relative to the other link. When more than two gateways are defined and one gateway goes down. the traffic is switched over to the available gateways according to the ratio of the weights assigned to the available gateways. Available Options: • Specific Gateway .Backup gateway will take over and traffic will be routed through backup gateway when all the configured active gateways fail Manual failover If you select “Manually”.Dropdown will list all the configured gateways. This weight determines how much traffic will pass through a particular link relative to the other link. Select “Inherit weight of the failed active gateway” if you want Backup gateway to inherit the parent gateway’s (Active gateway) weight or select “User pre-configured weight” and specify weight. This takeover process will not require administrator’s intervention. Specify the Hold Down time (in seconds). Cyberoam distributes traffic across links in proportion to the ratio of weights assigned to individual link.Cyberoam User Guide active/passive setup. Cyberoam distributes traffic across links in proportion to the ratio of weights assigned to individual link. Action on Activation Hold Down Time 115/280 . Administrator will have to manually change the gateway if the active gateway fails. Backup Gateway Activate This Gateway Select Gateway Manually Activation Condition: Automatically or Automatic failover From the dropdown list specify when the backup gateway should take over from active Gateway. Cyberoam will select gateway for load balancing. • ANY – Backup gateway will take over and traffic will be routed through backup gateway when any of the active gateway fails • ALL . where traffic is routed through Backup gateway only when Active gateway is down Note This option is available only when two or more Gateways are configured Active Gateway Weight Depending on the weight. Configure weight for the backup gateway. Backup gateway will take over and traffic will be routed through the backup gateway only when the selected gateway fails. Click the Edit icon in the Manage column against the Gateway.60 seconds Hold Down time is the time before the backup gateway stops working. go to Network → Gateway → Gateway. Table – Edit Gateway screen elements Configure Gateway Failover The transition from dead link to active link is based on the failover rule defined for the link. traffic is automatically sent through another available link. Failover rule specifies: • • how to check whether the link is active or dead what action to take when link is not active Failover rule has the form: IF Condition 1 AND/OR Condition 2 then Action Depending on the outcome of the condition.Cyberoam User Guide Range: 1 . Selection of the gateway and how much traffic is to be routed through each gateway depends on number of configured active and backup gateways. To configure failover rules. This delay in time is configured in such cases where the active gateway connection is not stable. traffic is shifted to any other available gateway. By default.Configure Gateway Failover 116/280 . Cyberoam periodically sends the ping request to check health of the link and if link does not respond. once the Active gateway resumes after failure. Cyberoam creates Ping rule for every gateway. Screen . Cyberoam User Guide Screen – Add Gateway Failover Rule Screen Elements Add Button IF Then Condition Description Add a new Failover Rule. If Host does not respond to the request. Select the protocol depending on the service to be tested on the host.e. PING (ICMP). Specify communication Protocol i. stops sending traffic to the Host and sends traffic through another available Host. click the Delete icon against the rule you want to delete. Specify whether all of the rule conditions must be met before the specified action occurs (AND) or whether at least one must be met (OR) by selecting AND or OR A request on the specified port is send to the Host. Table – Configure Gateway Failover screen elements Edit Icon Delete Button 117/280 . Edit the Failover Rule Delete the Failover Rule Alternately. Cyberoam considers the Host as ‘dead’. UDP. Specify Port number for communication Specify Host Host must be represented by the computer or Network device which is permanently running or most reliable. TCP. select them and click the Delete button. 118/280 . A static route causes packets to be forwarded to a destination other than the configured default gateway. A dialog box is displayed asking you to confirm the deletion. go to Network → Static Route → Unicast. Edit – Click the Edit icon Edit Unicast Route pop-up window is displayed which has the same parameters as the Add Unicast Route window. in the Manage column against a Unicast Route to be Delete – Click the Delete icon deleted. go to Network → Static Route → Unicast. Unicast This page allows you to manage unicast routes in Cyberoam. • Manage Unicast Routes To manage unicast routes. The gateway address specifies the next-hop router to which traffic will be routed. provide the interface and the approximate distance for routing. and provide a (gateway or next hop) IP address for those packets. To configure unicast static routes. To manage unicast routes. Distance between the source and the destination. define the destination IP address and netmask of packets that the Cyberoam is intended to intercept. Also. Screen – Manage Unicast Route Screen Elements Add Button IP/Netmask Gateway Interface Distance Description Add a new Unicast route. Click OK to delete the Unicast route. Destination Network IP Address and the Subnet mask Destination Gateway IP Address. By specifying through which interface the packet will leave and to which device the packet should be routed. You can: • • • Add View in the Manage column against the Unicast Route to be modified. To delete multiple routes.Cyberoam User Guide Static Route A route provides the Cyberoam with the information it needs to forward a packet to a particular destination. Interface selected. static routes control the traffic exiting the Cyberoam. go to Network → Static Route → Unicast. distance learning. corporate communications. Applications like videoconferencing. IP Multicast delivers source traffic to multiple receivers without adding any additional burden on the source or the receivers. Virtual Subinterfaces and Aliases. Alternately. Table – Add Unicast Route screen elements Multicast This page is used to configure and manage multicast routes in Cyberoam. stock quotes. Range of value is from 0 to 255. Delete the Unicast route. To update the details.Cyberoam User Guide Edit Icon Delete Button Edit the Unicast route. 119/280 . and distribution of software. and news use IP multicasting. Specify Distance for routing. click on the unicast route or Edit icon in the Manage column against the unicast route you want to modify. Screen – Add Unicast Route Screen Elements Destination IP Netmask Gateway Interface Distance Description Specify Destination IP Address Specify Subnet Mask Specify Gateway IP Address Select Interface from the list including Physical Interfaces. Table – Manage Unicast Route screen elements Unicast Route Parameters To add or edit a unicast route. click the Delete icon against the route you want to delete. Click the Add button to add a new unicast route. IP Multicast Internet Protocol (IP) multicast is a bandwidth-conserving technology that reduces traffic by simultaneously delivering a single stream of information to thousands of recipients and homes. Multicast forwarding With multicast forwarding. nodes and routers must be multicastcapable. IP Multicast Addresses Multicast addresses specify an arbitrary group of IP hosts that have joined the group and want to receive traffic sent to this group.255. For multicast forwarding to work across inter-networks.255.0. Hosts that are interested in receiving data flowing to a particular group must join the group. A multicast-capable node must be able to: • Send and receive multicast packets. a router forwards multicast traffic to networks where other multicast devices are listening. In such case.0. Multicast forwarding prevents the forwarding of multicast traffic to networks where there are no nodes listening. The source address for multicast datagrams is always the unicast source address. the only efficient way of sending information to more than one receiver simultaneously is by using IP Multicast. source is required to send more than one copy of a packet or individual copy to each receiver. Multicast Group Multicast is based on the concept of a group.0 to 239. Hosts must be a member of the group to receive the data stream. IP Class D Addresses The Internet Assigned Numbers Authority (IANA) controls the assignment of IP multicast addresses.Cyberoam User Guide If IP multicast is not used. This address range is only for the group address or destination address of IP multicast traffic.255. Multicast addresses fall in Class D address space ranging from 224. uses large portion of the available bandwidth. 120/280 . In these applications. This group does not have any physical or geographical boundaries—the hosts can be located anywhere on the Internet. high-bandwidth applications like Video or Stock where data is to be send more frequently and simultaneously. An arbitrary group of receivers expresses an interest in receiving a particular data stream. 121/280 . Source Interface selected. To manage multicast routes. Enable and Click Apply to allow the router to forward packets to other networks where other multicast devices are active and listening. Source IP Address. Screen – Manage Multicast Route Screen Elements Add Button Source IP Multicast IP Source Interface Destination Interface Description Add a new multicast route. • • • • Manage Multicast Routes To manage multicast routes. Destination Interface selected. so that multicast packets can be forwarded to the network of the node. Add View in the Manage column against the Multicast Route to be modified.Cyberoam User Guide • Register the multicast addresses being listened to by the node with local routers. • Multicast Forwarding – Enable/Disable Multicast Forwarding. Edit – Click the Edit icon Edit Multicast Route pop-up window is displayed which has the same parameters as the Add Multicast Route window. To delete multiple multicast routes. in the Manage column against a Multicast Route to be Delete – Click the Delete icon deleted. Range of IP Address selected for Multicast route. Click OK to delete the Multicast route. select them and click the Delete button. go to Network → Static Route → Multicast. IP multicasting applications that receive multicast traffic must inform the TCP/IP protocol that they are listening for all traffic to a specified IP multicast address. IP multicasting applications that send multicast traffic must construct IP packets with the appropriate IP multicast address as the destination IP address. go to Network → Static Route → Multicast. A dialog box is displayed asking you to confirm the deletion. You can: 122/280 .0. Alternately.0 .239. To configure explicit source routes. Source Routing is the technique by which the sender can explicitly mention the route through which the packet travels. To update the details.255) Select Destination Interface from the list. For example.2. click on the multicast route or Edit icon in the Manage column against the multicast route you want to modify. Table – Add Multicast Route screen elements Source Route A route provides the Cyberoam with the information it needs to forward a packet to a particular destination. You can select more than one destination interface. Click the Add button to add a new multicast route. Delete the Multicast route. Specify range of Multicast IP Address. go to Network → Static Route → Source Route. Table – Manage Multicast Route screen elements Multicast Route Parameters To add or edit a multicast route. Screen – Add Multicast Route Screen Description Source IP Address Source Interface Multicast Address Destination Interface Description Specify Source IP Address Select Source Interface from the list. click the Delete icon against the route you want to delete. (224.Cyberoam User Guide Edit Icon Delete Button Edit the Multicast route. go to Network → Static Route →Multicast. Click the checkbox against the interface.255.255. select them and click the Delete button.Cyberoam User Guide • • • Add View in the Manage column against the Source Route to be modified. in the Manage column against the source route you want to 123/280 . To delete multiple source routes. Network IP Address and the Subnet mask Gateway IP Address Edit the source route Delete the source route Alternately. Table – Manage Source Routes screen elements Source Route Parameters To add or edit an explicit source route for packets. Click the Add button to add a new source route. click on the source route or Edit icon modify. Click OK to delete the source route. Delete – Click the Delete icon A dialog box is displayed asking you to confirm the deletion. Edit – Click the Edit icon Edit Source Route pop-up window is displayed which has the same parameters as the Add Source Route window. click the Delete icon against the host you want to delete. go to Network → Static Route → Source Route. • Manage Source Routes To manage source routes. in the Manage column against a Source Route to be deleted. Screen – Manage Source Routes Screen Elements Add Button Network Gateway Edit Icon Delete Button Description Add a new Explicit source route. To update the details. go to Network → Static Route → Source Route. Table – Add Source Route screen elements 124/280 .Cyberoam User Guide Screen – Add Source Route Screen Elements Gateway Network ID Netmask Description Select the Gateway from the list. Specify Subnet Mask. Specify Network ID. DNS server is configured at the time of installation. Screen – Configure DNS Screen – Add DNS Server Screen Elements Obtain DNS from DHCP Description Click “Obtain DNS from DHCP” to override the appliance DNS with the DNS address received from DHCP server.Cyberoam User Guide DNS The Domain Name System (DNS) is a system that provides a method for identifying hosts on the Internet using alphanumeric names called fully qualified domain names (FQDNs) instead of using difficult to remember numeric IP addresses. Configure DNS To configure DNS. In other words. it translates domain names to IP addresses and vice versa. If multiple DNS are defined. go to Network → DNS → DNS. You can add additional IP addresses of the DNS servers to which Cyberoam can connect for name resolution. Option is available if enabled from Network Configuration Wizard 125/280 . they are queried in the order as they are entered. Cyberoam User Guide IP Address List Click Add Button to specify IP Address in the list. select the IP address and click Remove Button. Select the IP Address and Click Move Down Button to move down in the list. query will be resolved according to the order specified. Order of the list indicates the preference of the server. To remove IP address from list. Use Ctrl or Shift Key to select multiple IP Address from the list. If more than one Domain name server exists. Table – Configure DNS Move Down Button 126/280 . Change the Order Use Move Up & Move Down buttons to change the order of DNS. You can: • • • • Add View in the Manage column against the Server to be modified. Server Each internal Interface can act as a DHCP server. To delete multiple servers. Hence if Cyberoam is configured as DHCP server. Manage DHCP Servers To manage DHCP servers. The DHCP Relay Agent enables DHCP clients to obtain IP addresses from a DHCP server on a remote subnet. or which is not located on the local subnet. Relay Agent makes it possible for DHCP broadcast messages to be sent over routers that do not support forwarding of these types of messages. Screen – Manage DHCP Servers 127/280 . Click OK to delete the server. Edit Edit – Click the Edit icon server window is displayed which has the same parameters as the Add server window. it provides a mechanism for allocating IP address dynamically so that addresses can be re-used. Host can have different IP address every time it connects to the network. Instead of requiring administrators to assign. clients would only be able to obtain IP addresses from the DHCP server which is on the same subnet. A Delete – Click the Delete icon dialog box is displayed asking you to confirm the deletion.Cyberoam User Guide DHCP Dynamic Host Configuration Protocol (DHCP) automatically assigns IP address for the hosts on a network reducing the Administrator’s configuration task. you will not be able to configure it as a Relay agent and vice-versa. by default. Furthermore. All DHCP messages are IP broadcast messages. Deploying DHCP in a single segment network is easy. and therefore all the computers on the segment can listen and respond to these broadcasts. Cyberoam acts as a DHCP server and assigns a unique IP address to a host. go to Network → DHCP → Server. This is because the DHCP broadcast messages do not. If DHCP Relay Agent is not configured. To manage DHCP servers. You can disable or change this DHCP Server configuration. Cyberoam cannot act as DHCP server and DHCP Relay Agent simultaneously. In other words. DHCP does it all automatically. cross the router interfaces. But things get complicated when there is more than one subnet on the network. in the Manage column against a server to be deleted. DHCP ensures that duplicate addresses are not used. releases the address as host leaves and re-joins the network. go to Network → DHCP → Server. track and change (when necessary) for every host on a network. select them and click the Delete button. The DHCP Relay Agent allows you to place DHCP clients and DHCP servers on different networks. in the Screen – Add DHCP Server 128/280 . click on the DHCP server or Edit icon Manage column against the DHCP server you want to modify. click the Delete icon against the DHCP server you want to delete. Table – Manage DHCP Server screen elements DHCP server Parameters To add or edit a DHCP server. To update the details. Type of Lease – Static or Dynamic IP Address range for Dynamic Lease type and MAC–IP Mapping list for Static Lease type Edit the DHCP Server Delete the DHCP Server Alternately. go to Network → DHCP → Server. Click the Add button to add a DHCP server.Cyberoam User Guide Screen Elements Add Button Interface Lease Type Lease Range Edit Icon Delete Button Description Add a new DHCP Server Internal interface – Port C or Port A (LAN or DMZ). 1 to 43200 seconds (30 days). to add more than one MAC-IP mapping pair Click Add icon to delete MAC-IP mapping pair. Can be configured only if lease type is “Dynamic” Click “Use Cyberoam’s DNS settings” to use Cyberoam DNS or Specify IP address of Primary and Secondary DNS servers Specify IP address of Primary and Secondary WINS servers Table – Add DHCP server screen elements Lease Type Subnet Mask Domain Name Gateway Default Lease Time Max Lease Time Conflict Detection DNS Server WINS Server Lease Cyberoam acting as a DHCP server assigns or leases an IP address from an address pool to a host DHCP client.1 to 43200 seconds (30 days). DHCP service can be configured on virtual subinterface but cannot be configured on Interface alias Select Lease Type. MAC and IP address.Cyberoam User Guide Screen Elements Interface Description Select internal interface i.If you always want to assign specific IP addresses to some or all clients.e. Default . 00:08:76:16:BC:21). Port C or Port A (LAN or DMZ).. and Remove icon Select subnet mask for the server. Input range . • Static . Specify host name. It is also possible to configure multiple IP range for a same interface. if enabled the already leased IP will not be leased again. Input range .120 minutes Enable IP conflict detection to check the IP before leasing i. Default .g. For defining. you can define static MAC address to IP address mappings. Specify domain name that the DHCP server will assign to the DHCP Clients. The IP address is leased for a determined period of time or until the client relinquishes the address. DHCP client must ask the DHCP server for new settings after the specified maximum lease time. The MAC address is usually specified in a hexadecimal digits separated by colons (e.Specify range of IP address from which DHCP server must assign to the clients and subnet mask for the IP address range. 129/280 . you should know the MAC address of the client’s network card. Available Options: • Dynamic . MAC-IP mapping.e.10 minutes Specify maximum lease time. Specify IP address for default Gateway or click “Use Interface IP as Gateway” Specify default lease time and maximum lease time. You can: • • • Add View in the Manage column against the Relay Agent to be modified. Deploying DHCP in a single segment network is easy. Edit – Click the Edit icon Edit Relay Agent pop-up window is displayed which has the same parameters as the Add Relay Agent window.Cyberoam User Guide To view a list of leased IP address. and therefore all the computers on the segment can listen and respond to these broadcasts. If DHCP Relay Agent is not configured. in the Manage column against a Relay Agent to be deleted. The DHCP Relay Agent makes it possible for DHCP broadcast messages to be sent over routers that do not support forwarding of these types of messages. • Manage DHCP Relay Agents To manage DHCP relay agents. go to Network → DHCP → Relay. or which is not located on the local subnet. cross the router interfaces. 130/280 . select them and click the Delete button. Delete – Click the Delete icon A dialog box is displayed asking you to confirm the deletion. The DHCP Relay Agent enables DHCP clients to obtain IP addresses from a DHCP server on a remote subnet. go to Network → DHCP → Relay. Screen – DHCP Leased IP list The following information is available in the leased IP list: • • • Leased IP address Lease start and end time MAC address and host name List will display dynamically leased IP addresses only. clients would only be able to obtain IP addresses from the DHCP server which is on the same subnet. by default. Relay The DHCP Relay Agent allows place DHCP clients and DHCP servers on different networks. This is because the DHCP broadcast messages do not. All DHCP messages are IP broadcast messages. Click OK to delete the Relay Agent. things get complicated when there is more than one subnet on the network. To configure Cyberoam as a relay agent. To delete multiple Relay Agents. However. go to Network → DHCP → Lease. Table – Manage DHCP Relay Agent screen elements DHCP Relay Agent Parameters To add or edit a DHCP relay agent. click on the relay agent or Edit icon column against the relay agent you want to modify. To update the details. Hence. you will not be able to configure it as a server and vice-versa. if Cyberoam is configured as DHCP Relay Agent. go to Network → DHCP → Relay. click the Delete icon against the relay agent you want to delete. DHCP Relay agent can be configured on virtual subinterface but cannot be configured on Interface alias. Cyberoam cannot act as DHCP server and DHCP Relay Agent simultaneously. in the Manage Screen – Add DHCP Relay Agent Description Select internal interface Each internal Interface can act as a DHCP Relay Agent. Click the Add button to add a relay agent. Specify DHCP Server IP Address Screen Elements Interface DHCP Server IP 131/280 .Cyberoam User Guide Screen – Manage DHCP Relay Agent Screen Elements Add Button Interface DHCP Server IP Edit Icon Delete Button Description Add a new Relay Agent Internal Interface which is configured as Relay Agent DHCP Server IP Address Edit the Relay Agent Delete the Relay Agent Alternately. Table – Add DHCP Relay Agent screen elements 132/280 .Cyberoam User Guide DHCP requests arriving on the interface selected in above step will be forwarded to this DHCP server. It will also remove any dynamically cached references to that IP address that might be present. and will not allow additional static mappings of that IP address. It is used by hosts that are directly connected on a local network and uses either or both unicast and broadcast transmissions directly to each other. it maps layer 3 (IP addresses) to layer 2 (physical or MAC addresses) to enable communications between hosts residing on the same subnet.Cyberoam User Guide ARP ARP (Address resolution protocol is a protocol that TCP/IP uses to translate IP address into MAC address (physical network address). If entry is not available in the table. go to Network → ARP → ARP. Host finds the physical address of another host on its network by sending an ARP query packet that includes the IP address of the receiver. Cyberoam performs the ARP lookup in the static ARP table. ARP traffic is vital to communication on a network and is enabled on Cyberoam interfaces by default. As a broadcast protocol. Consider an example when IP1 is mapped with MAC1 and IP1-MAC1 pair is bounded to Port A. If there is any mismatch in IP address or MAC address Cyberoam considers it as an ARP poisoning attempt and does not update its ARP Cache. an ARP cache is maintained to store and reuse previously learned ARP information. In other words. Cyberoam will lookup in the ARP Cache and adds MAC address to ARP Cache if required. To minimize the broadcast traffic. MAC address MAC1 MAC1 MAC2 MAC2 MAC1 MAC1 MAC1 Port A Any other Port than Port A A Any Other Port No static ARP A Any other Port than Port A ARP Configuration To configure ARP in Cyberoam. the Cyberoam appliance will not update its ARP table dynamically and will not respond to that IP-MAC pair on any other port. When the Cyberoam appliance receives the ARP request on a particular port. Static ARP entry allows to bind the MAC address to the designated IP address and port. ARP attempt No Yes Yes Yes No No Yes poisoning IP address IP1 IP1 IP1 IP1 IP3 IP2 IP2 . These entries will be stored in static ARP as well as ARP Cache table. Similarly IP2 is mapped with MAC1 and IP2-MAC1 pair is bounded to Port A. 133/280 . Once the MAC address is bound to a port and IP address. it can create excessive amounts of network traffic on your network. it can change but can still be associated with the physical address in the ARP Cache. go to Network → ARP → ARP. Flushing the ARP Cache allows new information to be gathered and stored in the ARP Cache Enable to log the poisoning attempts Log Possible ARP Poisoning Attempts Table – ARP Configuration screen elements Static ARP To manage Static ARP. • Manage Static ARP To manage Static ARP. 134/280 . in the Manage column against a Static ARP to be deleted. To delete multiple Static ARPs. Click OK to delete the Static ARP. select them and click the Delete button.2 minutes Input range .Cyberoam User Guide Screen – ARP Configuration Screen Elements ARP Cache Entry Time Out Description Specify time interval after which the entries in the cache should be flushed. As the IP address is linked to a physical address.1 to 500 minutes It becomes necessary to flush the ARP cache if the host IP address on the network changes. A Delete – Click the Delete icon dialog box is displayed asking you to confirm the deletion. Default . Edit Edit – Click the Edit icon Static ARP pop-up window is displayed which has the same parameters as the Add Static ARP window. You can: • • • • Add View Search in the Manage column against the Static ARP to be modified. go to Network → ARP → ARP. click the Delete icon against the static ARP you want to delete.Cyberoam User Guide Screen – Manage Static ARP Screen Elements Add Button IP Address MAC Address Interface Edit Icon Delete Button Description Add a new Static ARP IP Address of the host Physical Address of the host Physical Interface of the host Edit the Static ARP Delete the Static ARP Alternately. Table – Manage Static ARP screen elements Static ARP Parameters To add or edit static ARP. To update the details. click Edit icon want to modify. go to Network → ARP → ARP. in the Manage column against the ARP entry you Screen – Add Static ARP 135/280 . Click the Add button to add a static ARP. 136/280 . Port C or Port D If enabled.2-1. Port A.1. For example. it is enabled. all the addresses exactly matching the string will be displayed.1. Specify MAC address of the host Specify the physical Interface.1. For example. contains. A pop-up window is displayed that has filter criteria for search.1. starts with. if the search string is 10. All the addresses that are in the IP range specified in the search string.1. Click OK to get the search results and Clear button to clear the results. By default. if the search string is 192. All the IP addresses that starts with the specified criteria.168.1. Address can be searched on the following criteria: is equal to. Click OK to get the search results and Clear button to clear the results.1. starts with.8 falling in this range will be displayed.Cyberoam User Guide Screen Elements IP Address MAC Address Interface Add as Trusted MAC entry in Spoof Prevention Description Specify IP address of the host outside the firewall. contains. adds MAC/IP pair in the trusted MAC list. Table – Search IP Address screen elements starts with contains MAC Address Click the Search icon in the MAC Address column to search specific address. Table – Add Static ARP screen elements Search ARP IP Address in the IP Address column to search specific address. all the IP addresses like 1. Screen – Search IP Address Search Criteria is equal to Search Results All the IP addresses that exactly match the IP address specified in the criteria.1. all the addresses like 10.5 or 1. if the search string is 1.1.1.10. Port B.1. For example.1. starting with the number 10 will be displayed. Address can be searched on the following criteria: is equal to. A pop-up window Click the Search icon is displayed that has filter criteria for search.1. Cyberoam User Guide Screen – Search IP Address Search Criteria is equal to Search Results All the MAC addresses that exactly match the MAC address specified in the criteria. all the MAC addresses like 10:15:18:A1:BC:22. All the MAC addresses that starts with the specified search criteria. if the search string is 10:15:18:A1:BC:22. starting with the number 10 will be displayed. all the addresses like 10:15:18:A1:BC:22. if the search string is 10. containing the string are displayed. For example. All the MAC addresses that contain the string specified in the criteria. all the addresses exactly matching the string will be displayed. For example. For example. Table – Search MAC Address screen elements starts with contains 137/280 . if the search string is BC. com) to your dynamic IP address. select them and click the Delete button. click the Delete icon against the host you want to delete. External Interface selected Service Provider with whom Hostname is registered Recently updated IP Address Recently updated Status Time of the recent update Reason for failure Edit the Host & Service Provider Details Delete the Host & Service Provider Details Alternately. You can: • • • • Add View in the Manage column against the DDNS to be modified. A Delete – Click the Delete icon dialog box is displayed asking you to confirm the deletion.Cyberoam User Guide Dynamic DNS Dynamic DNS (Domain Name System) is a method of keeping a static domain/host name linked to a dynamically assigned IP address allowing your server to be more easily accessible from various locations on the Internet.com. Table – Manage Dynamic DNS screen elements 138/280 . go to Network → Dynamic DNS → Dynamic DNS. or elitecore. Powered by Dynamic Domain Name System (DDNS). Screen – Manage Dynamic DNS Screen Elements Add Button Name Interface Service Provider Last Updated IP Last Updated Status Last Updated Time Failure Reason Edit Icon Delete Button Description Add new Host & Service Provider Details Name of the Host on DDNS server. you can now access your Cyberoam server by the domain name.cyberoam.g. DDNS will tie a domain name (e. mycyberoam. in the Manage column against a DDNS to be deleted. Manage Dynamic DNS To manage Dynamic DNS. To delete multiple DDNS. To manage Dynamic DNS. Edit Edit – Click the Edit icon DDNS window is displayed which has the same parameters as the Add DDNS Details window. go to Network → Dynamic DNS → Dynamic DNS. not the dynamic IP address. Click OK to delete the DDNS. after every 10 minutes.Cyberoam User Guide DDNS Account Parameters To add or edit DDNS. To update the details. DDNS server will check for any changes in your server IP address Interface IP Address IP Edit Checking Interval Service Provider’s Details Service Provider Login Name Password Select Service provider with whom you have registered your hostname. For example. if time interval is set to 10 minutes. IP address of the selected interface will be bound to the specified host name Select IP Address source: Port IP or NATed Real IP Specify the time interval after which DDNS server should check and edit the IP address of your server if changed. cyber.20 minutes. go to Network → Dynamic DNS → Dynamic DNS. Click the Add button to add a DDNS. Specify your DDNS account’s Login name Specify your DDNS account’s Password Table – Add DDNS Account screen elements 139/280 .com Select External Interface. click on the DDNS name or Edit icon Manage column against the DDNS you want to modify. Default . domain name that you registered with your DDNS service provider for example. in the Screen – Add DDNS Account Screen Elements Host Details Host Name Description Name to identify the host that you want to use on DDNS server i.e. As Cyberoam monitors and logs user activity based on IP address. all the reports are also generated based on IP address. Cyberoam must be able to identify a user making a request. Configuration for local authentication. or a single policy to number of users (Group). In order to authenticate user. User is denied the access if secondary server is also not able to authenticate the user. default access policy is automatically applied which will allow complete network traffic to pass through Cyberoam. you must select at least one database against which Cyberoam should authenticate users. Users are allowed or disallowed access based on username and password. User level authentication can be performed using the local user database on the Cyberoam. 2. This will allow you to monitor user activity in your Network based on default policy.Cyberoam User Guide Identity 7 Once you have deployed Cyberoam. Register user Authentication Cyberoam provides policy-based filtering that allows to define individual filtering plans for various users of your organization. In other words. LDAP or RADIUS server. Administrator can configure authentication based on the type of user – Firewall. When the user attempts to access Cyberoam. VPN and SSL VPN and with multiple servers. user will be able to login only if authenticated by either of the PART 140/280 . You can assign individual policies to users (identified by IP address). authentication request is forwarded to the secondary authentication server only if primary server is not able to authenticate the user. Cyberoam supports user authentication against: • • • • an Active Directory an LDAP server an RADIUS servers an internal database defined in Cyberoam To filter Internet requests based on policies assigned. Cyberoam requests a user name and password and authenticates the user’s credentials before giving access. Administrator can configure two authentication servers with one serving as a Primary Authentication Server and other as a Secondary Authentication Server. To set up user database: 1. an External ADS server. When user tries to login. Two different servers can be used for authentication simultaneously. you have to configure Cyberoam for integrating user information and authentication process. To monitor and log user activities based on User names or logon names. if external authentication is required. Integration will identify access request based on User names and generate reports based on Usernames. 3. LDAP or RADIUS. Integrate ADS. Cyberoam detects users as they log on to Windows domains in your network via client machines. Cyberoam User Guide configured authentication server. This assures secure access to the network’s internal resources and guarantees that only the authenticated users are able to login successfully. Settings User Authentication process is initiated, when the client tries to login with the login credentials. Cyberoam provides an authentication mechanism wherein users registered on two different servers can be authenticated. Administrator can configure authentication based on the type of – Administrator, Firewall, VPN and SSL VPN and with multiple servers. User level authentication can be performed using local user database, RADIUS, LDAP, Active Directory or any combination of these. Combination of external and local authentication is useful in the large networks where it is required to provide guest user accounts for temporary access while a different authentication mechanism like RADIUS for VPN and SSL VPN users provides better security as password is not exchanged over the wire. In case of multiple servers, administrator can designate primary and optionally the secondary server. If primary server cannot authenticate the user then only secondary server will try to authenticate. If secondary server also cannot authenticate the user then Cyberoam refuses the access. By default, primary authentication method is “Local” while secondary authentication method is “None”. To configure and manage user authentication settings, go to Identity → Authentication → Settings. Screen – Authentication Settings 141/280 Cyberoam User Guide Screen Elements Description Administrator would Administrator Authentication Primary Authentication Primary Authentication method for Method always be “Local” Secondary Authentication Method Primary and secondary authentication method cannot be same. Select the Secondary Server for administrator. Authentication request is forwarded to the secondary server only when primary server fails to authenticate user or primary server is down. Default method - “None” Primary and secondary authentication method cannot be same. You can also add and configure a new external server directly from the Authentication Settings page itself. Firewall Authentication Primary Authentication Method Select the Primary Server to authenticate firewall users. Default method - “Local” Primary and secondary authentication method cannot be same. You can also add and configure a new external server directly from the Authentication Settings page itself. Select the Secondary Server to authenticate firewall users. Authentication request is forwarded to the secondary server only when primary server fails to authenticate user or primary server is down. Default method - “None” Primary and secondary authentication method cannot be same. You can also add a new external server directly from the Authentication Settings page. Select the default group for firewall authentication Specify ‘Maximum Session timeout’ duration in minutes. Range is from 3 to 1440 minutes. Authentication Session timeout is the idle period in minutes after which a user must re-authenticate. Enable the ‘Unlimited’ checkbox to allow the users to remain checked in. Enable the HTTPS Redirection checkbox to access the Captive portal page through secure channel. Select Keep Alive Request. Available Options: Secondary Method Authentication Default Group Maximum Session Timeout HTTPS Redirection Keep Alive Request Captive Portal For 142/280 Cyberoam User Guide • Enable – Click Enable option to keep the connections alive. • Disable - Click Disable option to close the connection i.e. terminate the data transmission after the request is served. Keep-Alive request are constantly exchanged between server and client to check the connectivity between them. More number of concurrent HTTP Captive Portal users, more number of keep-alive requests. Hence, Cyberoam recommends to disable Keep-alive request if there are more number of concurrent HTTP Captive Portal users. Default - Enabled User Inactivity timeout is the inactive/idle period in minutes after which a user must re-authenticate. Enable and specify timeout duration in minutes. Acceptable Range - 3 to 1440 minutes. Default - Disabled Data Transfer Threshold Specify threshold value in KB for Data Transfer. VPN (IPSec / L2TP / PPTP) Authentication Primary VPN Authentication Select the Primary Server to authenticate VPN users. Method Default method - “Local” You can also add a new external server directly from the Authentication Settings page. Primary and secondary authentication method cannot be same. Select the Secondary Server for VPN authentication. Select the Secondary Server to authenticate firewall users. Authentication request is forwarded to the secondary server only when primary server fails to authenticate user or primary server is down. Default method - “None” Primary and secondary authentication method cannot be same. You can also add and configure a new external server directly from the Authentication Settings page itself. SSL VPN Authentication (Option not available for CR15i models) Primary SSL VPN Select the Primary Server to authenticate SSL VPN users. Authentication Method Default method - “Local” You can also add and configure a new external server directly from the Authentication Settings page itself. User Inactivity Timeout Secondary Authentication Method VPN 143/280 Cyberoam User Guide Secondary SSL Authentication Method VPN Primary and secondary authentication method cannot be same. Select the Secondary Server for SSL VPN authentication. Select the Secondary Server to authenticate firewall users. Authentication request is forwarded to the secondary server only when primary server fails to authenticate user or primary server is down. Default method - “None” Primary and secondary authentication method cannot be same. You can also add and configure a new external server directly from the Authentication Settings page itself. Table – Settings Screen Elements Authentication Server External Authentication Servers can be integrated with Cyberoam for providing secure access to the users of those servers. To manage external authentication servers, go to Identity → Authentication Authentication Server. • • • • Add View – View the details of ADS/LDAP/RADIUS Servers in the Manage column against the Server to be modified. Edit Edit – Click the Edit icon Server window is displayed which has the same parameters as the Add Server window. in the Manage column against Server to be deleted. A dialog Delete – Click the Delete icon box is displayed asking you to confirm the deletion. Click OK to delete the Server. To delete multiple Servers, select them and click the Delete button. → Manage Authentication Servers To manage external authentication servers, go to Identity → Authentication Authentication Server. → Screen – Manage External Authentication Server Screen Elements Add Button Name Description Add an external server Name of the Server 144/280 Cyberoam User Guide IP Port Type Domain Edit Icon Delete Button IP Address of the server Port through which server communicates Type of Server – ADS, LDAP or RADIUS Domain Name for the ADS Server Edit the Server details Delete the Authentication Server Alternately, click the Delete icon against the server you want to delete. Table – Manage Authentication Server screen elements Authentication Server Parameters Screen Elements Server Type Description Select the service with which you want to use your network. Available Options: • Active Directory • LDAP Server • RADIUS Server Table – Add Authentication Server screen elements Active Directory Authentication Cyberoam – ADS integration feature allows Cyberoam to map the users and groups from ADS for the purpose of authentication. This enables Cyberoam to identify the network users transparently. Cyberoam communicates with Windows Directory Services – Active directory (AD) to authenticate user based on groups, domains and organizational units. Whenever the existing user(s) in ADS logs on for the first time after configuration, user is automatically created in Cyberoam and assigned to the default group. If the Groups are already created in Cyberoam, User(s) will be created in the respective Groups i.e. the ADS User Groups will be mapped to Cyberoam User Groups. In case user is already created and there is change in expiry date or group name, user will be logged in with the changes. User has to be authenticated by Cyberoam before accessing any resources controlled by Cyberoam. This authentication mechanism allows Users to access using their Windows authentication tokens (login/user name and password) in the Windows-based directory services. User sends the log on request/user authentication request to ADS and ADS authenticates user against the directory objects created in ADS. Once the user is authenticated, Cyberoam communicates with ADS to get these additional authorization data such as user name, password, user groups, and expiry date as per the configuration, which is used to control the access. Note If ADS is down, the authentication request will always return ‘Wrong username/password’ message. 145/280 go to Identity → Authentication → Authentication Server. Read & Execute. To configure and manage ADS. Cyberoam needs to communicate with ADS server for authentication. FQDN and Search DN is available from the ADS server. Name to identify the server Specify ADS server IP address. NetBIOS Name. FQDN and Search DN – The details of NetBIOS Name. If a user is required to authenticate using ADS. You can: • • • Configure – Configure ADS Server to communicate with Cyberoam. in the Manage column against the AD server you want to Screen – Add Active Directory Server Screen Elements Server Type Description Select the Active Directory Service. click on the Server or Edit icon modify. in the Manage column against the ADS Server for Import AD Group – Click Import icon which you want to import the Active Directory Group. → Authentication Configure ADS To configure ADS. Select server type as Active Directory. To update the details. Server Name Server IP 146/280 . Click Add Button and select the server type as ‘Active Directory’ to add a server.Cyberoam User Guide It is necessary to have shared NETLOGON directory on ADS with the following permissions: Read. go to Identity → Authentication Server. List Folder Contents. In case user is already created and there is change in expiry date or group name. Table – Add Active Directory Server screen elements NetBIOS Domain ADS Username Password Integration Type Domain Name Search Queries Test Connection Note Whenever the existing user(s) in ADS logs on. but as ADS server is used for authenticating users it is necessary to check whether Cyberoam is able to connect to ADS or not.e.Cyberoam User Guide Port Specify Port number through which server communicates. refer to NetBIOS name. Default port is 389 Specify NetBIOS Name Specify Username for the user with Administrative privileges for ADS server Specify Password for the user with Administrative privileges for ADS server Select implementation type of Integration. user will be logged in with the changes. user is automatically created in Cyberoam and assigned to the default group If the Groups are already created in Cyberoam. Use the “Move Up” and “Move Down” buttons to move the search queries in the list. Cyberoam will decide the user group based on the order of the groups defined in Cyberoam. Cyberoam searches Group ordered list from top to bottom to determine the user group membership. Available Options: • Loose integration – users are imported in default group of Cyberoam while in tight integration. ADS User Groups will be mapped to Cyberoam User Groups and users are imported in the respective groups. FQDN and Search DN Click “Test connection” button to check the ADS-Cyberoam connectivity. • Tight integration – if user is a member of multiple AD groups. 147/280 . Specify Domain name to which the query is to be added. User(s) will be created in the respective Groups i. Integration type is used in setting the user group membership. It provides an added layer of protection by authenticating user based on the group membership apart from authentication attribute. The first group that matches is considered as the group of the user and that group policies are applied to the user. Click “Add” button to enter the search query. Note Connection to ADS is enabled automatically during Active Directory setup. If you do not know search DN. the ADS User Groups will be mapped to Cyberoam User Groups. Cyberoam will not allow to import those groups which are already in Cyberoam. Cyberoam will fetch AD groups from the specified Base DN. Specify Base DN. Screen – Define Base DN Step 2. Screen – Select AD Groups to Import 148/280 . Select the Groups to be imported in Cyberoam. Use <Ctrl> + Click to select multiple groups. Follow the on-screen steps: Step 1.Cyberoam User Guide Import AD group Once you have configured and added AD details select Identity → Authentication → against the AD server from which AD Authentication Server and click Import Group icon groups are to be imported. Web Filter. If common policies are not to be applied. If you want to specify different policy for different groups. Select various policies (Surfing Quota. Same policy is attached to all the imported groups. specify policies to be applied to each group. do not enable “Attach to all the Groups” Screen – Define policies for the Groups Step 4. View the summary of the groups and policies to be imported. Application Filter. 149/280 . do not enable the policy. QoS. You can also go back and change the configuration. Data transfer and SSL VPN policy) and user authentication time out to be applied on the group members. For example if you want to specify different Web Filter policy to different groups. Screen – Define specific policy for a Group Step 5.Cyberoam User Guide Step 3. All the imported groups are appended at the end of the list. Cyberoam will decide the user group based on the order of the groups defined in Cyberoam. Once you close the Wizard. The first group that matches is considered as the group of the user and that group policies are applied to the user. 150/280 . Manage Groups page will be opened. View Results page displays successful message if groups are imported and policies are successfully attached else appropriate error message will be displayed.Cyberoam User Guide Screen – Groups imported and specific policies attached to specific Group Step 6. Cyberoam searches Group ordered list from top to bottom to determine the user group membership. Screen – Groups imported and common policies attached successfully If user is a member of multiple AD groups. User can log on using their Windows authentication tokens. Cyberoam provides a facility to create user(s) on first logon automatically.Cyberoam User Guide Re-ordering of groups to change the membership preference is possible using Wizard. NetBIOS Name. Cyberoam sends the user authentication request to LDAP and LDAP server authenticates user as per supplied tokens. 151/280 . Whenever the existing user(s) in LDAP logs on for the first time after configuration. (login/user name and password). This reduces Administrator’s burden of creating the same users in Cyberoam. Group membership of each User and expiry day as defined in LDAP server. To update the details. DC=com LDAP Authentication When Cyberoam is installed in Windows environment with LDAP server. Cyberoam allows implementing LDAP integration in two ways: • Tight Integration – It provides an added layer of protection by authenticating user based on the group membership apart from authentication attribute. go to Identity → Authentication → Authentication Server. user is automatically created in Cyberoam and is assigned to the default group. FQDN and Search DN On the AD server: • • • Go to Start → Programs → Administrative Tools → Active Directory Users and Computers Right Click the required domain and go to Properties tab Search DN will be based on the FQDN. click on the Server or Edit icon in the Manage column against the LDAP server you want to modify.com and Search DN will be DC=elitecore. In the given example FQDN is elitecore. User has to be authenticated by Cyberoam before granting access the Internet. One needs to configure both Group Name attribute and authentication attribute for authentication. it is not necessary to create users again in Cyberoam. Click Add Button and select the server type as ‘LDAP’ to add a server. • To configure LDAP. Loose Integration – It uses authentication attribute for authenticating users. Integration type is Version Anonymous Login Base DN Authentication Attribute Integration Type 152/280 . If enabled. By default. 2 Enable “Anonymous Login” if identity (username and password) and authentication of Administrator is required to logon to LDAP server to retrieve information. If you are not aware about Base DN. It is the attribute used to perform user search. specify domain or local administrator username and password to logon to LDAP server. A base DN usually takes one of the three forms: Organization name. dc=com Set authentication attribute.Cyberoam User Guide Screen – Add LDAP Server Screen Elements Server Type Server Name Server IP Port Description Select LDAP Server. indicating the starting point for searching user in the directory service. If you want to use a different attribute (such as givenname). For example. Select implementation type of Integration. For example dc=Cyberoam. Specify the base distinguished name (Base DN) of the directory service. Default port is 389 Select LDAP version. specify the attribute name in this field. If Anonymous Login is disabled. Specify Port number through which Server communicates. click Get Base DN to retrieve base DN. Company’s Internet Domain name or DNS domain name. referred to as the "Base DN". The top level of the LDAP directory tree is the base. Name to identify the server Specify LDAP Server IP address. you connect as the anonymous user on LDAP server and there is no need to supply username and password. LDAP uses uid attribute to identify user entries. RADIUS can store technical information used by network devices such as protocols supported. In addition to user information. Together this information constitutes a user profile that is stored in a file or database on the RADIUS server. go to Identity → Authentication → Authentication Server.e. One needs to configure both Group Name attribute and authentication attribute for authentication. in the Manage column against the RADIUS server you want to 153/280 . Click Add Button and select the server type as ‘RADIUS’ to add a server. click on the Server or Edit icon modify. Click “Test connection” button to check the LDAP-Cyberoam connectivity. RADIUS servers provide authentication. authorization. you must have a functioning RADIUS server on the network. To configure RADIUS. telephone numbers. Group membership of each User and expiry day as defined in LDAP server. user is automatically created in Cyberoam and assigned to the default group If the Groups are already created in Cyberoam. User(s) will be created in the respective Groups i. and so on. routing information. Table – Add LDAP Server screen elements Test Connection Note Whenever the existing user(s) in LDAP logs on. It provides an added layer of protection by authenticating user based on the group membership apart from authentication attribute. and accounting functions but Cyberoam uses only the authentication function of the RADIUS server.Cyberoam User Guide used in setting the user group membership. Before you can use RADIUS authentication. RADIUS Authentication RADIUS stands for Remote Authentication Dial In User Service and is a protocol for allowing network devices to authenticate users against a central database. To update the details. the LDAP User Groups will be mapped to Cyberoam User Groups. IP addresses. which is to be used to encrypt information passed to Cyberoam Select Integration type.Cyberoam User Guide Screen – Add RADIUS Server Screen Elements Server Type Server Name Server IP Authentication Port Description Select RADIUS Server. User(s) will be created in the respective Groups i. Integration type is used in setting the user group membership. 154/280 . Default port .1812 Specify share secret. Specify Port number through which Server communicates. Shared Secret Integration Type Test Connection Button Table – Add RADIUS Server screen elements Note Whenever the existing user(s) in RADIUS logs on.e. the RADIUS User Groups will be mapped to Cyberoam User Groups. Select Tight Integration with Cyberoam if you want to use vendor specific attribute for setting the user group membership and specify group name attribute Click Test connection button to check the RADIUS-Cyberoam connectivity. Specify RADIUS Server IP address. user is automatically created in Cyberoam and assigned to the default group If the Groups are already created in Cyberoam. Name to identify the RADIUS Server. Various policies that can be grouped are: • • • • • • Surfing Quota policy which specifies the duration of surfing time and the period of subscription Access Time policy which specifies the time period during which the user will be allowed access Web Filter and Application Filter Policy which specifies the access strategy for the user and sites QoS policy which specifies the bandwidth usage limit of the user Data Transfer policy which specifies the data transfer quota of the user SSL VPN policy which determines the access mode and controls access to private network resources. To manage user groups. You can uncheck the checkbox against the column which is not to be displayed. select them and click the Delete button. Search Customize Display Columns – Click the ‘Select Columns’ list to customize the columns to be displayed. in the Manage column against a User group to be deleted. go to Identity → Groups → User Group. You can: • • • • • Add View in the Manage column against the user group to be modified. Instead of attaching individual policies to the user. all the columns are selected and visible. create group of policies and simply assign the appropriate Group to the user and user will automatically inherit all the policies added to the group which simplifies the user configuration. A Delete – Click the Delete icon dialog box is displayed asking you to confirm the deletion.Cyberoam User Guide Groups Group is a collection of users having common policies that can be managed as a single unit and a mechanism of assigning various policies to a number of users in one operation/step. To delete multiple User groups. Note SSL VPN Policies are not available in User Group configuration for Cyberoam CR15i models. By default. A group can contain default as well as custom policies. Click OK to delete the User Group. go to Identity → Groups → Group. 155/280 . Users that belong to a particular group are referred to as a group user. • Manage Groups To manage user groups. Edit Edit – Click the Edit icon User Group page is displayed which has the same parameters as the Add User Group window. L2TP access disabled for all the group users .User MAC Binding disabled for all the group users . Point to the policy link to view or edit the policy details. QoS Policy applied.Cyberoam User Guide Screen – Manage Groups Screen Elements Add Button Group Name Web Filter Policy Description Add a new User Group. Name of the group Web Filter Policy applied Point to the policy link to view or edit the policy details. (Not applicable Clientless Group) Data Transfer Policy (Not applicable Clientless Group) QoS Policy to to 156/280 . to Point to the policy link to view or edit the policy details. to Point to the policy link to view or edit the policy details.PPTP access enabled for all the group users Login Restriction applied – Any. MAC Binding (Not applicable Clientless Group) L2TP (Not applicable Clientless Group) PPTP (Not applicable Clientless Group) Login Restriction Edit Icon to . Edit the User Group. Selected Nodes or Range.PPTP access disabled for all the group users .User MAC Binding enabled for all the group users . Access Time Policy applied. Surfing Quota Policy applied. to Point to the policy link to view or edit the policy details. Data Transfer Policy applied. Point to the policy link to view or edit the policy details. Application Filter Policy Surfing Quota Policy (Not applicable Clientless Group) Access Time Policy.L2TP access enabled for all the group users . Application Filter Policy applied. User of this group needs to log on using Cyberoam Client to access the Internet. Click Add Button to add a new user group or Edit Icon to modify the details of the user group. Policies Web Filter Select the Web Filter Policy from the list. Alternately.Cyberoam User Guide Delete Button Delete the User Group. Access control is placed on IP address. 157/280 . Select Group Type. • Clientless .User of this group need to log on using Cyberoam Client to access the Internet and is symbolically represented as Group name(C). Available Options: • Normal . Screen – Add Group Screen Elements Group Name Group Type Description Name to identify the group. Table – Manage Groups screen elements User Group Parameters To add or edit user group details. click the Delete icon against the server you want to delete. go to Identity → User Group. Surfing Quota Select the Surfing Quota Policy from the list. Access Time (Not applicable Clientless Group) Select the Access Time Policy from the list. Unlimited policy is automatically applied to Clientless Group.Cyberoam User Guide Application Filter Select the Application Filter Policy from the list. to Data Transfer (Not applicable Clientless Group) Select the Data Transfer Policy from the list. to 158/280 . you are mapping user with a group of MAC addresses. By binding User to MAC address. to If user is not to be provided the SSL VPN access then select “No Policy Applied”. MAC Binding (Not applicable to 159/280 . (Option not available for Cyberoam CR15i models) Spam Digest (Option not available for Cyberoam CR15i models) Configure Spam Digest. Enable/disable “MAC Binding”. Digest provides a link to User My Account from where user can access his quarantined messages and take the required action. Available Options: • Enable – User group will receive the spam digest daily and overrides Group setting. • Disable – User group will not receive spam digest and overrides Group setting. If configured. Cyberoam will mail the spam digest every day to the user. Spam digest is an email and contains a list of quarantined spam messages filtered by Cyberoam and held in the user quarantine area. SSL VPN (Not applicable Clientless Group) Select SSL VPN policy from the dropdown list.Cyberoam User Guide QoS Select the QoS Policy from the list. Available Options: • Any Node . Click the Show Group Members button to view the list of users in the current group.Cyberoam User Guide Clientless Group) L2TP (Not applicable Clientless Group) PPTP (Not applicable Clientless Group) Login Restriction (Not applicable Clientless Group) Enable if group users can get access through L2TP connection to Enable if group users can get access through PPTP connection to Select the appropriate option to specify the login restriction for the user group. Specify IP Address range. nodes and remove icon • Node Range – Select to allow range of IP Address. Click the Add Member(s) button to add users to the current group. 160/280 . to Add Member(s) Button Select all the users that are to be added into the group. Show Group Members Button is only visible once the group is created. Table – Add Group screen elements Note User configuration . Show Group Members You can also search for users based on username.MAC binding and policies is given precedence over Group configuration.Select to allow user to login from the specified to add more nodes only. Add Member(s) Button is only visible once the group is created. Specify IP address and click Add icon to delete nodes. A pop-up window is displayed and a list of users with their username and group are seen.Select to allow user to login from any of the nodes in the network • Selected Nodes . You can also search for users based on current group and username. if the search string is Test. QoS. You can customize the number of columns to be displayed as per your requirement. All the Groups that do not contain the string specified in the criteria. only Groups with the name exactly matching “Test” are displayed. PPTP and Login Restriction. For example. For example. Data Transfer. contains and does not contain. Web Filter. Click OK to get the search results and Clear button to clear the results. Group can be searched on the following criteria: is. if the search string is Test. if the search string is Test. if the search string is Test. all the Groups containing the string “Test” are displayed. Go to Identity Groups Group and click on the ‘Select Column’ list to customize the number of columns to be displayed. Application Filter. Access Time.Cyberoam User Guide Search Groups Click the Search icon in the Group columns to search for groups with specific Group. all the Groups not containing the string “Test” are displayed. A pop-up window is displayed that has filter conditions for search. 161/280 . User Group page displays details of the user groups in the following columns: Group Name. All the Groups that contain the string specified in the criteria. All the Groups that do not match with the string specified in the criteria. For example. For example. L2TP. MAC Binding. is not. Screen – Search Groups Search Criteria is Search Results All the Groups that exactly match with the string specified in the criteria. all Groups except with the name exactly matching “Test” are displayed. Table – Search Groups screen elements is not contains does not contain Customize Display Columns By default. Surfing Quota. Cyberoam User Guide to be displayed on the page. Drag & drop the column to customize the view in desired order. 162/280 . You can also select the order in which the Select the columns columns will be displayed. By binding User to MAC address. Symbolically represented as User name (C) If User is configured for Single sign on. you can enable UserMAC address binding. To improve the security of your network and provide spoofing protection.Cyberoam User Guide Users Users are identified by an IP address or a user name and assigned to a user group. Clientless does not require Cyberoam client component (client.exe) on the User machines.exe) on the User machine or user can use HTTP Client component and all the policy-based restriction are applied. User types Cyberoam supports five types of Users: • • • • • Normal Clientless Single Sign on Thin Client User WWAN User Normal User has to logon to Cyberoam. MAC addresses are 48 bit values that are expressed in 6-byte hex-notation separated by colon for example 01:23:45:67:89:AB. you are mapping user with a group of MAC addresses. Decision matrix for creation of User Feature User Login required Type of Group Normal Clientless Apply Login restriction Apply Surfing Quota policy Apply Access Time policy Apply QoS policy Apply Web Filter Policy Apply Application Filter policy Normal User Yes Yes No Yes Yes Yes Yes Yes Yes Clientless User No No Yes Yes No No Yes Yes Yes Single Sign on User No Yes No Yes No No Yes Yes Yes 163/280 . Symbolically represented as User name (S) Use the given decision matrix below to choose which type of the user should be created. Requires Cyberoam client (client. All the users in a group inherit the policies defined for that group. he/she is automatically logged to the Cyberoam. Media Access Control (MAC) address is a unique identifier (hardware address) assigned to a host by the manufacturer for identification and is intended to be immutable. It means a user would be able to login through a group of pre-specified machines only making it more difficult for a hacker using random MAC addresses or spoofing a MAC address to gain access to your network. whenever User logs on to Windows. in the Manage column against a User to be deleted. By default. To delete multiple Users. in the Manage column against the User to be modified. Edit User Edit – Click the Edit icon page is displayed which has the same parameters as the Add User window. Select the users Search Customize Display Columns – Click the ‘Select Columns’ list to customize the columns to be displayed. all the columns are selected and visible. Screen – Manage Users 164/280 . You can: • • • • • • • • Add View Import Export – Click the ‘Export’ button to download the user details in a CSV file. Click OK to delete the User. You can uncheck the checkbox against the column which is not to be displayed. select them and click the Delete button. A Delete – Click the Delete icon dialog box is displayed asking you to confirm the deletion.Cyberoam User Guide Apply Data Transfer policy Yes No Yes To manage users. go to Identity → User → User. and click the Change Status button. Change Status – User Status can be changed from connected to disconnected and visa versa. go to Identity → User → User. • Manage Users To manage users. User Group Nodes. Point to the group link to view or edit the group details.If L2TP Configuration disabled . QoS Policy applied to the user Point to the policy link to view or edit the policy details.Active user Web Filter Policy applied Point to the policy link to view or edit the policy details.If PPTP Configuration disabled .If MAC Binding enabled . Unique username to identify the user. Name for the User. Access Time Policy applied Point to the policy link to view or edit the policy details. Table – Manage Users screen elements 165/280 . Application Filter Policy applied Point to the policy link to view or edit the policy details. Unique user id for the user.If MAC Binding disabled . MAC Address list Edit the User Delete the User Alternately. User Group under which user is placed.Cyberoam User Guide Screen Elements Add Button User ID Name Username Type Profile Group Description Add a new User. Surfing Quota Policy applied to the user Point to the policy link to view or edit the policy details. Status of the User .Deactive user Status Web Filter Policy . Data Transfer Policy applied to the user Point to the policy link to view or edit the policy details.If L2TP Configuration enabled . Profile applied to the Administrator if the User Type is Administrator.If PPTP Configuration enabled Login Restriction applied – Any. click the delete icon against the user you want to delete. Type of User selected – User or Administrator. Selected Nodes or Range. Application Filter Policy Surfing Quota Policy Access Time Policy Data Transfer Policy QoS Policy MAC Binding L2TP PPTP Login Restriction MAC Address Edit Icon Delete Button . Click User Type list to select the type of user.Cyberoam User Guide User Parameters To add or edit user details. in the Manage column against Screen – Add User Screen Elements Username Name Password Confirm Password User Type Description Specify username. click on the username or Edit icon the user you want to modify. Click Add Button to register a new user. which uniquely identifies user and will be used for login. go to Identity → User → User. You must use the same spelling. Specify Name of the User Specify Password Specify Password again for confirmation. Profile 166/280 . This option is only available for Administrator user type. Password is case sensitive. To update the details. Available options: User or Administrator Select the Profile from the list. Select the Web Filter Policy from the list. 167/280 . Application Filter Select the Application Filter Policy from the list. You can also create a new policy directly from this page itself and attach to the user. Surfing Quota Select the Surfing Quota Policy from the list. You can also create a new policy directly from this page itself and attach to the user.Cyberoam User Guide Depending on user group type default Web Admin Console access control will be applied. You can create a new profile directly from this page itself and attach to the user. Email Policies Group Web Filter Specify Email ID of the user Select Group in which user is to be added. You can also create a new policy directly from this page itself and attach to the user. User will inherit all the policies assigned to the group. You can also create a new policy directly from this page itself and attach to the user. Data Transfer Select the Data Transfer Policy from the list. 168/280 .Cyberoam User Guide Access Time Select the Access Time Policy from the list. QoS Select the QoS Policy from the list. You can also create a new policy directly from this page itself and attach to the user. You can also create a new policy directly from this page itself and attach to the user. Simultaneous Logins Note The specified setting will override the global setting specified in the client preferences. MAC Binding MAC Address List Enable/disable “MAC Binding”. • Disable – User will not receive spam digest and overrides Group setting. Available Options: • Enable – User will receive the spam digest daily and overrides Group setting. If user is not to be provided the SSL VPN access then select “No Policy Applied”. Spam digest is an email and contains a list of quarantined spam messages filtered by Cyberoam and held in the user quarantine area. Specify number of concurrent logins that will be allowed to user OR Click ‘Unlimited’ for allowing unlimited Concurrent logins. L2TP PPTP Spam Digest (Option not available for Cyberoam CR15i models) Enable if you want to allow user to get access through L2TP connection Enable if you want to allow user to get access through PPTP connection Configure Spam Digest. If configured. Specify MAC addresses for example 01:23:45:67:89:AB. 169/280 .Cyberoam User Guide SSL VPN (Option not available for Cyberoam CR15i models) Select SSL VPN policy from the dropdown list. Digest provides a link to User My Account from where user can access his quarantined messages and take the required action. you are mapping user with a group of MAC addresses. By binding User to MAC address. Cyberoam will mail the spam digest every day to the user. Optional fields in any order: password. Specify IP Address range. A pop-up window is displayed that has filter conditions for 170/280 . Blank rows will be ignored 8. Format of header row: 2. Username or Group columns to search for users with specific name. you can upload CSV file. User MAC binding and policies configuration is given priority over Group configuration. • Selected Nodes . Select the appropriate option to specify the login restriction for the user. If groupname is not included in the header row. Header (first) row should contain field names. name 3. Select the complete path for migrating user’s information file. mailquota 4. Subsequent rows should contain values corresponding to the each field in header row 5. Number of fields in each row should be same as in the header row 6. 01:23:45:67:89:AC or specify each address in new line. Click the Import Button to import User’s File. If password field is not included in the header row then it will set same as username 9. All the columns can be searched on the following criteria: is. Table – Add User screen elements Login Restriction Note User configuration is given precedence over Group configuration i.Select to allow user to login only from the nodes assigned to the group. CSV file format and processing: 1. if you already have User details in a CSV file.Select to allow user to login from the specified to add more nodes only.Cyberoam User Guide Once you enable MAC binding.Select to allow user to login from any of the nodes in the network • User Group Node(s) . User Name or User Group Click the Search icon in the Name. Error will be displayed if data is not provided for any field specified in the header 7. contains and does not contain. Available Options: • Any Node . administrator will be able to configure group at the time of migration Search User. username or Group. is not. groupname. To configure multiple MAC addresses use comma for example 01:23:45:67:89:AB. Import User Information Instead of creating user again in Cyberoam. Compulsory first field: username. nodes and remove icon • Node Range – Select to allow range of IP Address. user will be able to login through prespecified machines only. name. Specify IP address and click Add icon to delete nodes.e. QoS. all the Names/Usernames/Groups not containing the string “Test” are displayed. Group.Cyberoam User Guide search. only Names/Usernames/Groups with the name exactly matching “Test” are displayed. For example. User page displays details of the users in the following columns: User ID. Screen – Search User / Username / Group Search Criteria is Search Results All the Names/Usernames/Groups that exactly match with the string specified in the criteria. all Names/Usernames/Groups except with the name exactly matching “Test” are displayed. For example. Web Filter. All the Names/Usernames/Groups that do not match with the string specified in the criteria. Profile. all the Names/Usernames/Groups containing the string “Test” are displayed. Access Time. Click OK to get the search results and Clear button to clear the results. Go to Identity Users of columns to be displayed. if the search string is Test. L2TP. Application Filter. Table – Search User screen elements is not contains does not contain Customize Display Columns By default. For example. PPTP. Data Transfer. For example. Login Restriction and MAC Address. if the search string is Test. You can customize the number of columns to be displayed as per your requirement. All the Names/Usernames/Groups that do not contain the string specified in the criteria. if the search string is Test. Status. Name. MAC Binding. All the Names/Usernames/Groups that contain the string specified in the criteria. Type. User and click on the ‘Select Column’ list to customize the number 171/280 . Surfing Quota. if the search string is Test. create clientless users when your network has few Non-windows machines. Edit – Click the Edit icon Edit Clientless User page is displayed which has the same parameters as the Add Clientless User window. Change Status – Clientless User Status can be changed from connected to disconnected and visa versa.Cyberoam User Guide Select the columns to be displayed on the page. Drag & drop the column to customize the view in desired order. To manage Clientless users. Search Delete – Click the Delete icon in the Manage column against a User to be deleted. It is possible to add a single clientless user or multiple users. VOIP boxes or servers. As clientless users can bypass Cyberoam login. all the columns are selected and visible. Clientless User Clientless Users are the users who can bypass Cyberoam Client login to access Internet and are managed by Cyberoam server itself. A dialog • • • • 172/280 . By default. You can also select the order in which the columns will be displayed. go to Identity → User → Clientless User. You can: • • • • Add Add Range View in the Manage column against the Clientless User to be modified. Customize Display Columns – Click the ‘Select Columns’ list to customize the columns to be displayed. Select the users and click the Change Status button. You can uncheck the checkbox against the column which is not to be displayed. Web filter policy to be applied to the traffic You can also view and edit the details of web filter policy from the Clientless User Page itself. To delete multiple Users. Application filter policy to be applied to the traffic You can also view and edit the details of application filter policy from the Clientless User Page itself. Click Add Button to register a new clientless user or Edit Icon to modify the details of the clientless user. Configured Digest Setting – Enable. go to Identity → User → Clientless User. Unique username to identify the User. Screen – Manage Clientless Users Screen Elements Add Button ID Username Group Status Description Add a new Clientless User. Table – Manage Clientless Users screen elements Application filter QoS Spam Digest Edit Icon Delete Button Clientless User Parameters To add or edit clientless user details. 173/280 . Group Name to which user belongs.Active user Name of the user. Click OK to delete the User. Disable or Apply Group’s Setting. Manage Clientless Users To manage Clientless users. User ID for Clientless User. QoS policy to be applied to the traffic You can also view and edit the details of QoS policy from the Clientless User Page itself. Status of the Clientless User .Cyberoam User Guide box is displayed asking you to confirm the deletion. go to Identity → User → Clientless User. click the delete icon against the clientless user you want to delete. select them and click the Delete button.Deactive user Name Web filter . Edit the Clientless User Delete the Clientless User Alternately. Specify IP Address. If you change the policies for the user. Change Policies Parameters To change the policies applied to the clientless user. 174/280 . Configure Spam Digest. which uniquely identifies user and will be used for login. Cyberoam will mail the spam digest every day to the user. Add Icon Remove Icon Click the Add Icon to add a new Clientless User. • Apply Group’s Settings . Available Options: • Enable – User will receive the spam digest daily and overrides Group setting. Icon to delete a Clientless User Click the Remove Table – Add Clientless user screen elements You can change the policies applied to the user by updating the user details. • Disable – User will not receive spam digest and overrides Group setting. If configured. user specific policies will take precedence over user group policies.Cyberoam User Guide Screen – Add Clientless User Screen Elements Username IP Address Group Name Email Spam Digest (Option not available for Cyberoam CR15i models) Description Specify username. Digest provides a link to User My Account from where user can access his quarantined messages and take the required action. Name of the User. Spam digest is an email and contains a list of quarantined spam messages filtered by Cyberoam and held in the user quarantine area. Specify Email ID. Select Group for Clientless User. go to Identity → User → Clientless User and click Edit icon against the user whose policies are to be changed.User will receive Spam Digests as per configured for the Group user belongs to. if required. Policy applied here will take the precedence over the group policy. Change the group. 175/280 . if required Email ID of the user. Email Policies Web Filter Application filter Application filter policy applied to the user.Cyberoam User Guide Screen – Add Clientless User (Change Policies) Screen Elements Username Name IP Address Group Description Name with which user logs in. Change the policy. Name of the User IP Address from which user logs in Group in which user is added. Web filter policy applied to the user. User will inherit all the policies assigned to the group. QoS QoS Policy applied to the user. Policy applied here will take the precedence over the group policy. if required. Spam Digest (Option not available for Cyberoam CR15i models) Configure Spam Digest. Available Options: • Enable – User will receive the spam digest daily and overrides Group setting. If configured. Digest provides a link to User My Account from where user can access his quarantined messages and take the required action. Policy applied here will take the precedence over the group policy. go to Identity → User → Clientless User and click Add Range button to configure following parameters: 176/280 . Cyberoam will mail the spam digest every day to the user. Table – Edit Clientless User screen elements Add Multiple Clientless Users To add multiple Clientless users.Cyberoam User Guide Change the policy. if required. • Disable – User will not receive spam digest and overrides Group setting. Change the policy. Spam digest is an email and contains a list of quarantined spam messages filtered by Cyberoam and held in the user quarantine area. only Names/Usernames/Groups with the name exactly matching “Test” are displayed. user specific policies will take precedence over user group policies. Table – Add Multiple Clientless User screen elements Search User. is not. For example. Click OK to get the search results and Clear button to clear the results. Refer to Change Policies to change the policies. Username or Group columns to search for clientless users with specific name. contains and does not contain. You can change the policies applied to the user by updating the user details. Screen – Search User / Username / Group Search Criteria is Search Results All the Names/Usernames/Groups that exactly match with the string specified in the criteria. A pop-up window is displayed that has filter conditions for search. is not 177/280 . All the Names/Usernames/Groups that do not match with the string specified in the criteria. Users will inherit all the policies assigned to the group. User Name or User Group Click the Search icon in the Name. If you change the policies for the user. username or Group. All the columns can be searched on the following criteria: is.Cyberoam User Guide Screen – Add Multiple Clientless User Screen Elements From To Group Description Specify Starting IP Address for the range Specify Ending IP Address for the range. if the search string is Test. Select Group for users. if the search string is Test. L2TP. if the search string is Test. Data Transfer. all the Names/Usernames/Groups not containing the string “Test” are displayed. Clientless User page displays details of the rule in the following columns: Group Name. MAC Binding. You can customize the number of columns to be displayed as per your requirement. to be displayed on the page. Go to Identity Users Clientless User and click on the ‘Select Column’ list to customize the number of columns to be displayed. Web Filter. QoS. Access Time.Cyberoam User Guide contains For example. Table – Search Clientless User screen elements does not contain Customize Display Columns By default. For example. PPTP and Login Restriction. all the Names/Usernames/Groups containing the string “Test” are displayed. Surfing Quota. if the search string is Test. Drag & drop the column to customize the view in desired order. all Names/Usernames/Groups except with the name exactly matching “Test” are displayed. All the Names/Usernames/Groups that contain the string specified in the criteria. Application Filter. All the Names/Usernames/Groups that do not contain the string specified in the criteria. For example. 178/280 . You can also select the order in which the Select the columns columns will be displayed. You can also define custom policies to define different levels of access for different users to meet your organization’s requirements. 179/280 . Control individual user surfing time by defining Surfing quota policy. See Schedules for more details.Cyberoam User Guide Policy Cyberoam allows controlling access to various resources with the help of Policy. These predefined policies are immediately available for use until configured otherwise.days and time . An example would be “only office hours access” for a certain set of users. Edit Edit – Click the Edit icon Policy pop-up window is displayed which has the same parameter as the Add Policy window in the Manage column against a Policy to be deleted. Access Time Policy Access time is the time period during which user can be allowed/denied the Internet access. Allowed only during Work Hours. To delete multiple Policies. Cyberoam comes with several predefined policies. go to Identity → Policy → Access Time. Limit total as well as individual upload and/or download data transfer by defining data transfer policy.for the Internet access with the help of schedules. Access time policy enables to set time interval . Click OK to delete the Policy. (See Surfing quota policy for more details) 3. To manage Access Time Policies. Schedule Internet access for individual users by defining Access Time Policy. You can: • • • • Add View in the Manage column against the Policy to be modified. A Delete – Click the Delete icon dialog box is displayed asking you to confirm the deletion. (See Data transfer policy for more details). select them and click the Delete button. allows access during the schedule Deny strategy . Denied all the time. (See Access time policy for more details) 2. disallows access during the schedule Cyberoam comes with the following predefined policies: Allowed all the time. A time interval defines days of the week and times of each day of the week when the user will be allowed/denied the Internet access. Cyberoam allows defining following types of policies: 1. Two strategies based on which Access time policy can be defined: • • Allow strategy . Denied during Work hours.By default. These predefined policies are immediately available for use until configured otherwise.By default. Screen – Manage Access Time Policy Screen Elements Add Button Name Strategy Schedule Description Edit Icon Delete Button Description Add a new Access Time Policy Name for the Policy Type of Strategy selected: Allow or Deny Type of Schedule selected Policy Description Edit the Access Time Policy Delete the Access Time Policy. Click the Add button to add a new policy. go to Identity → Policy → Access Time. click on the delete icon against the policy you want to delete.Cyberoam User Guide Manage Access Time Policies To manage Access Time Policies. in the Manage Screen – Add Access Time Policy 180/280 . go to Identity → Policy → Access Time. To update the details. click on the policy or Edit icon column against the policy you want to modify. Table – Manage Access Time Policies screen elements Access Time Policy Parameters To add or edit an access time policy. Alternately. To manage surfing quota policies. Click OK to delete the Policy. To delete multiple policies. Available Options: • Allow – Allows the Internet access during the scheduled time interval • Deny – Does not allow the Internet access during the scheduled time interval Select Schedule. Edit Edit – Click the Edit icon Policy pop-up window is displayed which has the same parameter as the Add Policy window. 1 Month Unlimited Access. Manage Surfing Quota Policies To manage surfing quota policies. access allowed/denied for the scheduled time interval. You can also define custom policies to define different levels of access for different users to meet your organization’s requirements. 1 month 100 hours. Single policy can be applied to number of Groups or Users. A Delete – Click the Delete icon dialog box is displayed asking you to confirm the deletion. in the Manage column against a Policy to be deleted. Monthly 100 hours Cyclic. Depending on the policy strategy. Weekly 7 hours Cyclic. Cyberoam comes with the following predefined policies: Unlimited Internet Access. Daily 1 hour Cyclic. select them and click the Delete button. go to Identity → Policy → Surfing Quota. Specify Policy Description Table – Add Access Time Policy screen elements will be Schedule Description Note Changes made in the policy becomes effective immediately on saving the changes Surfing Quota Policy Surfing quota policy defines the duration of Internet surfing time. You can: • • • • Add View in the Manage column against the Policy to be modified. Only Recurring schedule can be applied. go to Identity → Policy → Surfing Quota. These predefined policies are immediately available for use until configured otherwise.Cyberoam User Guide Screen Elements Name Strategy Description Name to identify the Policy Specify strategy to be applied during the scheduled time interval. Surfing time duration is the allowed time in hours for a Group or an Individual User to access Internet. 181/280 . Surfing quota policy: • • Allows allocating Internet access time on a cyclic or non-cyclic basis. Cyberoam User Guide Screen – Manage Surfing Quota Policy Screen Elements Add Button Name Time Allowed Days Allowed Cycle Type Cycle Time Description Edit Icon Delete Button Description Add a new Surfing Quota Policy Name for the Policy Maximum Time for which the policy is active Maximum number of days for which the policy is active Type of Cycle: Cyclic or Non-Cyclic Hours for which the cycle is active Policy Description Edit the Surfing Quota Policy Delete the Surfing Quota Policy Alternately. go to Identity → Policy → Surfing Quota. click on the delete icon against the policy you want to delete. Click the Add button to add a new policy. Table – Manage Surfing Quota Policies screen elements Surfing Quota Policy Parameters To add or edit a surfing quota policy. To update the details. click on the policy or Edit icon Manage column against the policy you want to modify. in the 182/280 . e. At the end of each Cycle. cycle hours will to reset to zero every week even if cycle hours are unused. Daily. if you do not want to restrict the total surfing hours. cycle hours are reset to zero i. Maximum hours define the upper limit of total surfing hours allowed i. Monthly and Yearly.e. Available Options: • Cyclic – Restricts surfing hours up to cycle hours defined on predefined time duration. • Non Cyclic – Surfing hour restriction is defined by total allotted days and time Specify Cycle Hours. Validity defines the upper limit of total surfing days allowed i.Cyberoam User Guide Screen – Add Surfing Quota Policy Screen Elements Name Cycle Type Description Name to identify the Policy. Select Cycle type. ‘Cycle Hours’ cannot be configured if ‘Cycle Type’ is non cyclic. Specify Validity in number of days. if you do not want to restrict the total surfing days Specify Maximum Hours. restricts total surfing hours to maximum hours. OR Click Unlimited Hours. for ‘Weekly’ Cycle type.e. OR Click Unlimited Days. Duplicate names are not allowed. Weekly.e. Cycle hours define the upper limit of surfing hours for cyclic types of policies i. Specify Policy Description Table – Add Surfing Quota Policy screen elements Cycle Hours Validity Maximum Hours Description 183/280 . restricts total surfing days to valid allotted days. You can also define custom policies to define different levels of access for different users to meet your organization’s requirements. Bandwidth being the limited resource. Single policy can be applied to number of Groups or Users. Edit Edit – Click the Edit icon Policy pop-up window is displayed which has the same parameter as the Add Policy window. bandwidth shortage and congestion problems is common. Data transfer policy: • • Allows limiting data transfer on a cyclic or non-cyclic basis. go to Identity → Policy → Data Transfer. Data transfer restriction can be based on: • • Total Data transfer (Upload+Download) Individual Upload and/or Download Cyberoam comes with the following predefined policies: 100 MB Total Data Transfer policy.Cyberoam User Guide Data Transfer Policy Once the user log on. These predefined policies are immediately available for use until configured otherwise. Manage Data Transfer Policies To manage data transfer policies. select them and click the Delete button. Daily 10 MB. A Delete – Click the Delete icon dialog box is displayed asking you to confirm the deletion. Click OK to delete the Policy. go to Identity → Policy → Data Transfer. Bandwidth is limited using the Bandwidth policy while data transfer policy defines the upper limit for data transfer carried out by the user. To delete multiple policies. Cyberoam allows limiting data transfer allowed to individual user according to the requirement. You can: • • • • Add View in the Manage column against the Policy to be modified. the bandwidth is available and the total available bandwidth is shared among all the active users at the particular time. in the Manage column against a Policy to be deleted. To manage data transfer policies. Screen – Manage Data Transfer Policy Screen Elements Add Button Name Cycle Type Description Add a new Data Transfer Policy Name for the Policy Type of Cycle: Cyclic or Non-Cyclic 184/280 . download and total data transfer Cyclic Data transfer limit in MB including upload. download and total data transfer Edit the Data Transfer Policy Delete the Data Transfer Policy Alternately. Duplicate names are not allowed. Table – Manage Data Transfer Policies screen elements Data Transfer Policy Parameters To add or edit a data transfer policy.Cyberoam User Guide Absolute Limit Cycle Limit Edit Icon Delete Button Absolute Data transfer limit in MB including upload. click on the policy or Edit icon Manage column against the policy you want to modify. go to Identity → Policy → Data Transfer. Restriction based on Total Data Transfer and Cyclic Policy Cycle Period Specify Cycle Period. Cycle period defines the duration for 185/280 . Click the Add button to add a new policy. • Non Cyclic – Surfing hour restriction is defined by total allotted days and time duration Based on the options selected for the Restriction and Cycle Type. in the Screen – Add Data Transfer Policy Screen Elements Name Restriction Based On Cycle Type Description Name to identify the Policy. To update the details. click the delete icon against the policy you want to delete. Specify whether the data transfer restriction is on total data transfer or on individual data transfer (upload and download) Select Cycle type Available Options: • Cyclic – Restricts surfing hours up to cycle hours defined on predefined time duration. specify the following details. OR If you do not want to restrict maximum data transfer.Cyberoam User Guide cyclic types of policies i. Day. User will be disconnected if limit is reached. User will be disconnected if limit is reached. Day. It is the Data Transfer maximum download data transfer allowed to the user and if the limit is reached user will not be able to log on until the policy is renewed. It is the data transfer allowed to the user and if the limit is reached. OR If you do not want to restrict maximum upload data transfer. It is the upper limit of upload data transfer allowed to the user per cycle. click Unlimited Upload Data Transfer. click Unlimited Upload Data Transfer. OR If you do not want to restrict maximum data transfer. OR If you do not want to restrict upload data transfer per cycle. Restriction based on Individual Data Transfer and Cyclic Policy Cycle Period Specify Cycle Period. OR If you do not want to restrict maximum upload data transfer. Month and Year. click Unlimited Cycle Download Data transfer Maximum Upload Data Specify Maximum Upload Data Transfer limit. Week. Cycle period defines the duration for cyclic types of policies i. click Unlimited Cycle Upload Data transfer Cycle Download Data Specify Cycle Download Data Transfer limit. It is the upper Transfer limit of download data transfer allowed to the user per cycle. It is the data transfer allowed to the user and if the limit is reached user will not be able to log on until the policy is renewed. click Unlimited Maximum Data Transfer. click Unlimited Maximum Data Transfer Restriction based on Total Data Transfer and Non-Cyclic Policy Maximum Data Transfer Specify Maximum Data Transfer limit. user will not be able to log on until the policy is renewed. Restriction based on Individual Data Transfer and Non-Cyclic Policy Maximum Upload Data Specify Maximum Upload Data Transfer limit. Cycle Data Transfer 186/280 . OR If you do not want to restrict maximum download data transfer. OR If you do not want to restrict data transfer per cycle. User will be disconnected if limit is reached. click Unlimited Cycle Data transfer Maximum Data Transfer Specify Maximum Data Transfer limit. Month and Year. click Unlimited Download Data Transfer. It is the Transfer maximum upload data transfer allowed to the user and if the limit is reached user will not be able to log on until the policy is renewed. It is the Transfer maximum upload data transfer allowed to the user and if the limit is reached user will not be able to log on until the policy is renewed.e. Specify Cycle Data Transfer limit. OR If you do not want to restrict download data transfer per cycle. It is the limit of data transfer allowed to the user per cycle. Week.e. Cycle Upload Data Transfer Specify Cycle Upload Data Transfer limit. Maximum Download Specify Maximum Download Data Transfer limit. It is the maximum download data transfer allowed to the user and if the limit is reached user will not be able to log on until the policy is renewed. click Unlimited Download Data Transfer Specify Policy Description Table – Add Data Transfer Policy screen elements Note Maximum data transfer limit cannot be greater than Cycle data transfer limit. 187/280 . OR If you do not want to restrict maximum download data transfer.Cyberoam User Guide Maximum Transfer Download Data Description Specify Maximum Download Data Transfer limit. If the User is a thin client user. he/she is visible on Live User page as User name (W).exe) on the User machine or user can use HTTP Client component and all the policy-based restriction are applied. Search in the Manage column against a live user to be Disconnect – Click the Disconnect icon disconnected. A dialog box is displayed asking you to specify a customized message for the user that is to be disconnected. Click OK to disconnect the User. Symbolically represented as User name (C). go to Identity → Live Users → Live User. Clientless . • • • • Identity → Live Users → Live Users page displays list of currently logged on users and their important parameters. Live user details can be updated from this page itself. WWAN User .Cyberoam User Guide Live Users Live users in Cyberoam can be managed from a single page. whenever user logs on. select them and click the Disconnect button. Thin Client User . he/she is automatically logged to the Cyberoam.If User is configured for Single sign on. Requires Cyberoam client (client. clientless users and single sign on users are visible from the Live Users. Edit Edit – Click the Edit icon User pop-up window is displayed. To disconnect multiple live users.exe) on the User machines. All the active normal users. Manage Live Users To view and disconnect live users in Cyberoam. Screen – Live Users Screen Elements User ID Username Description User ID for User. User types Cyberoam supports five types of Users: • Normal . Symbolically represented as User name (S).Clientless does not require Cyberoam client component (client. Administrator can disconnect these users from this page directly. whenever User logs on to Windows. 188/280 .If a wireless user is configured and connected. You can: • • • • View in the Manage column against the Live User to be modified. Unique username to identify the User. Single Sign on .Normal User has to logon to Cyberoam. he/she is visible on Live Users page as User name (T). go to Identity → User → Live User. Click Edit Icon to modify the details of the live user. But.Cyberoam User Guide Client Type Host ID MAC Address Start Time Upload / Download Data Transfer Rate (bits/sec) Edit Icon Disconnect Group Name to which user belongs. Name of the User Specify IP Address. IP address from which user has logged on MAC address of the machine from which user had logged in. 189/280 . Displayed only if configured. Specify Email ID. Select the Web filter policy You can also add and edit the details of web filter policy from the Clientless User Page itself. which uniquely identifies user and will be used for login. policy details can only be modified once the User is created. Select Group for Clientless User. Screen – Edit Live User Screen Elements Username Name IP Address Group Email Policies Web filter Description Specify username. Session start time or login time Data uploaded and Download during the sessions Bandwidth used during the session Edit the Live User Disconnect the Live User Table – Manage Live Users screen elements Live User Parameters To edit user details. ‘Allow All’ Application filter Policy is applied to the user.Cyberoam User Guide By default. You can also create a new policy directly from this page itself and attach to the user. By default. 190/280 . Application filter Select the Application filter policy You can also add and edit the details of application filter policy from the Clientless User Page itself. But. ‘Allow All’ Web filter Policy is applied to the user. Access Time (Not applicable to Clientless user) Select the Access Time Policy from the list. policy details can only be modified once the User is created. Surfing Quota (Not applicable to Clientless user) Select the Surfing Quota Policy from the list. Data Transfer Select the Data Transfer Policy from the list. You can also create a new policy directly from this page itself and attach to the user. L2TP (Not applicable to Clientless user) PPTP (Not applicable to Clientless user) Simultaneous Logins (Not applicable to Clientless user) MAC Binding (Not applicable to Clientless user) MAC Address List (Not applicable to Clientless user) Enable if you want to allow user to get access through L2TP connection Enable if you want to allow user to get access through PPTP connection Specify number of concurrent logins that will be allowed to user OR Click ‘Unlimited’ for allowing unlimited Concurrent logins.Cyberoam User Guide (Not applicable to Clientless user) You can also create a new policy directly from this page itself and attach to the user. QoS Select the QoS Policy You can also add and edit the details of QoS policy from the Clientless User Page itself. user will be able to login through prespecified machines only. For example 01:23:45:67:89:AB. To configure multiple MAC addresses use comma. But. 01:23:45:67:89:AC Select the appropriate option to specify the login restriction for the user. By binding User to MAC address. Once you enable MAC binding. Enable/disable “MAC Binding”. The specified setting will override the global setting specified in the client preferences. policy details can only be modified once the User is created. Specify MAC addresses for example 01:23:45:67:89:AB. you are mapping user with a group of MAC addresses. Login Restriction (Not applicable to 191/280 . all Usernames except with the name exactly matching “Test” are displayed. • Selected Nodes . For example. All the Names/Usernames/Groups that do not contain the string specified in the criteria. is not.Select to allow user to login from any of the nodes in the network. All the Usernames that contain the string specified in the criteria. nodes and remove icon • Node Range – Select to allow range of IP Address and specify IP Address range. contains and does not contain. All the Usernames that do not match with the string specified in the criteria. For example. For example. A pop-up window is displayed that has filter conditions for search. Table – Edit Live Users screen elements Search Live Users Click the Search icon in the Username columns to search for users with specific username. if the search string is Test. if the search string is Test. Table – Search Live Users screen elements is not contains does not contain 192/280 . if the search string is Test. only Usernames with the name exactly matching “Test” are displayed.Select to allow user to login only from the nodes assigned to her group.Cyberoam User Guide Clientless user) Available Options: • Any Node . All the columns can be searched on the following criteria: is. all the Usernames containing the string “Test” are displayed. Specify IP address and click Add icon to delete nodes. all the Names/Usernames/Groups not containing the string “Test” are displayed. if the search string is Test.Select to allow user to login from the specified to add more nodes only. For example. • User Group Node(s) . Search Criteria is Search Results All the Usernames that exactly match with the string specified in the criteria. Click OK to get the search results and Clear button to clear the results. Refer to Licensing section for details.for loading balancing and gateway failover protection incase of multiple gateways Define Web filtering policy . The responsibility of firewall is to grant access from Internet to DMZ or Service Network according to the Rules and Policies configured. Refer to Licensing section for details. To control access based on custom web categories. you can define and manage entire set of Cyberoam security policies. malware and phishing protection. Firewall rule provides centralized management of security policies. Cyberoam allows to define one of the following access policies through PART 193/280 .for email spam filtering and virus security and also get spyware. To apply antivirus protection and spam filtering. Cyberoam decides on how to process the access request. FTP. will check whether the user is allowed access or not.to control and schedule bandwidth usage per user.for protection against threats and attacks originating from external world and internal network. however. Refer to Licensing section for details. access is allowed or denied based on the action configured in the rule. you need to subscribe for Web and Application Filter module. you need to subscribe for Web and Application Filter module. If Identity (User) is found in the Live User Connections and all other matching criteria are fulfilled.Cyberoam User Guide Firewall 8 A firewall protects the network from unauthorized access and typically guards the LAN and DMZ networks against malicious access. group or prioritize bandwidth usage for particular application. Default Firewall rules At the time of deployment. If Identity match is also specified. VOIP. By default. Schedule access Attach QoS policy . Define Applications filtering policy – for controlling access to application like IM and P2P. • • • • • • How it works Firewall rules control traffic passing through the Cyberoam. SMTP. From the firewall rule. it checks for the source address. To apply IPS policy you need to subscribe for Intrusion Prevention System module. you can: • • • Monitor and scan VPN traffic Define inbound and outbound access based on source and destination hosts/network Enable scanning for HTTP.for web access control and block access to inappropriate web sites. When Cyberoam receives the request. Depending on the instruction in the rule. you need to subscribe for Gateway Anti Virus and Gateway Anti Spam modules individually. destination address and the services and tries to match with the firewall rule. Cyberoam blocks any traffic to LAN.e. It also keeps watch on state of connection and denies any traffic that is out of connection state. POP3 or IMAP traffic . Attach Gateway routing policy . Refer to Licensing section for details. From a single firewall rule. To control access based on custom web categories. firewalls may also be configured to limit the access to harmful sites for LAN users. Define IPS policy . firewall will search in the Live Users Connections for the Identity check i. Cyberoam User Guide Network Configuration Wizard: • • • Monitor only General Internet policy Strict Internet policy Default firewall rules for “Monitor only” policy 1. Masquerade and Allow entire LAN to WAN traffic for all the authenticated users after applying following policies: Web Filter & Application Filter Policy – User specific QoS – User specific IPS – General policy Anti Virus & Anti Spam policy .Scan SMTP. POP3.Scan SMTP. POP3. AdultContent.Scan SMTP. PhishingandFraud. IMAP and HTTP traffic without scanning 2. Masquerade and allow entire LAN to WAN traffic for all the authenticated users after applying following policies: Web Filter & Application Filter policy – User specific QoS – User specific Anti Virus & Anti Spam policy . Violence. IMAP and HTTP traffic Default firewall rules for “General Internet policy” policy 1. MilitancyandExtremist. CrimeandSuicide. Masquerade and allow entire LAN to WAN traffic for all the users after applying following policies: Web Filter & Application Filter Policy – Applies ‘General Corporate Policy’ to block Porn. IMAP and HTTP traffic Default firewall rules for “Strict Internet policy” policy 1. 194/280 . Masquerade and allow entire LAN to WAN traffic for all the authenticated users after applying following policies Web Filter & Application Filter policy – User specific QoS policy – User specific Anti Virus & Anti Spam policy – Allows SMTP. IMAP and HTTP traffic 2. POP3. Drugs. Nudity. POP3. URL TranslationSites. Weapons categories IPS – General policy Anti Virus & Anti Spam policy . Virus and Spam policy will not be effective until the Gateway Anti Virus and Gateway Anti-spam modules are subscribed respectively. POP3. Masquerade and allow entire LAN to WAN traffic for all the users without scanning SMTP. Gambling. Drop entire LAN to WAN traffic for all the users Note Default Firewall rules can be modified but cannot be deleted. IPS policy will not be effective until the Intrusion Prevention System (IPS) module is subscribed. IMAP and HTTP traffic 2. 195/280 . the entire traffic is dropped. User.Cyberoam User Guide If Access Policy is not set through Network Configuration Wizard at the time of deployment. Custom rules take precedence. Additional firewall rules for any of the zones can be defined to extend or override the default rules. Custom rules evaluate network traffic’s source IP addresses. IP protocol types. For example. destination IP addresses. rules can be created that block certain types of traffic such as FTP from the LAN to the WAN. and compare the information to access rules created on the Cyberoam appliance. or restrict use of certain protocols such as Telnet to authorized users on the LAN. and override the default Cyberoam firewall rules. or allow certain types of traffic from specific WAN hosts to specific LAN hosts. 196/280 .2. now you can: • • Restrict the bandwidth usage to 256kb for the user John every time he logs on from the IP 192.22 Processing of firewall rules is top downwards and the first suitable rule found is applied.168. User Service Attach the following Unified Threat Control policies to the firewall rule as per the defined matching criteria: • • • • • • • Intrusion Prevention System (IPS) Anti Virus Anti Spam Web Filter Application Filter QoS Routing policy i. define user and application based routing To create a firewall rule. while adding multiple rules. the packet is immediately dropped or forwarded without being tested by the rest of the rules in the list. Firewall rule matching criteria now includes: • • • Source and Destination Zone and Host.22 Restrict the bandwidth usage to 1024kb for the user Mac if he logs on in working hours from the IP 192. Otherwise.e.Cyberoam User Guide Rule Cyberoam’s Identity based firewall allows creation of firewall rules embedding user identity into the firewall rule matching criteria.168. It also allows to bind identity and device by embedding device MAC address through MAC Host in firewall rule. you should: • • • Define matching criteria Associate action to the matching criteria Attach the threat control policies For example. When a packet matches the rule. Hence.2. it is necessary to put specific rules before general rules. The direction of traffic is determined by source and destination zone. The same zone cannot be defined as both the source or destination zone. a general rule might allow a packet that you specifically have a rule written to deny later in the list. in the Manage column against a Firewall rule to be deleted. it is necessary to put specific rules before general rules. click the “Clear All Filters” button. Customize Display Columns – Click the ‘Select Column’ list to customize the columns to be displayed. For example. select them be deleted. Default Firewall rules cannot delete multiple rules. all the firewall rules created for LAN zone to WAN zone will be displayed. This helps in removing filters on multiple columns at a time. Change Rule order – Rules are ordered by their priority. Otherwise.Cyberoam User Guide Screen – Firewall Rule To configure firewall rules. the new firewall can be inserted using the Insert icon having same zones. Delete – Click the Delete icon A dialog box is displayed asking you to confirm the deletion. You can uncheck the checkbox against the column which is not to be displayed. a general rule might allow a packet that you specifically have a rule written to deny later in the list. By default. while adding multiple rules. in the Manage column against a firewall rule to insert a new Insert – Click the Insert icon firewall rule between the same source and destination zone. Clear All Filters – To clear all the search filters applied on the source. When a packet matches the rule. if you select LAN and WAN. the packet is immediately dropped or forwarded without being tested by the rest of the rules in the list. they are processed from the top down and the first suitable rule found is applied. View Firewall Rules between two Zones – To view firewall rules for the selected zones. Hence. all the columns are selected and visible. Click OK to delete the rule. select zones For example. You can: • • • • Add View Search in the Manage column against the firewall rule to be modified. To and click the Delete button. When the rules are applied. Edit Edit – Click the Edit icon firewall rule window is displayed which has the same parameters as the Add firewall rule window. • • • • • • 197/280 . if you have a Firewall rule created from LAN to WAN zone. go to Firewall → Rule → Rule. destination or identity columns. Cyberoam User Guide Note You cannot delete or disable default rules. Manage Firewall rules Use to: • • • • • • Enable/disable SMTP. Firewall → Rule page displays list of firewall rules and provides a way to manage rules. POP3. IMAP. Screen – Manage Firewall Rule 198/280 . Rules are created for a pair of source and destination zone which determines the traffic direction. FTP and HTTP scanning Disable rule Delete rule Change rule order Insert rule Select display columns Firewall rules control the traffic flowing through Cyberoam. QoS policy to be applied to the traffic Point to the policy link to view or edit the policy details. Firewall rule logging Status: .Active . Source Destination Service Identity Action Web filter Application filter NAT IPS QoS Scan . user based policies will be applied to the traffic.Deactive Schedule Logging 199/280 .SMTP scanning .IMAP scanning . – Active Rule – Disable Rule . Action to be taken when the rule matches a connection attempt.HTTP scanning . NAT policy to be applied to the traffic Point to the policy link to view or edit the policy details. disable rule instead of deleting it.The icon against the firewall rule suggests that rule is only active during a specified schedule. Web filter policy to be applied to the traffic Point to the policy link to view or edit the policy details. Application filter policy to be applied to the traffic Point to the policy link to view or edit the policy details. IPS policy to be applied to the traffic Point to the policy link to view or edit the policy details. If you do not want to apply the firewall rule temporarily.POP scanning . Source Host to which the rule is applied Destination Host to which the rule is applied.FTP scanning Green – Scanning Enabled Red – Scanning Disabled Schedule to be applied when the rule is active Point to the schedule link to view or edit the schedule details.Cyberoam User Guide Screen Elements Add button ID Name Enable Description Add new firewall rule Firewall rule ID which is generated automatically at the time of creation Firewall rule name to identify the firewall rule Click to activate/deactivate the rule. Service for which rule is created If Identity is configured. click the Delete icon against the rule you want to delete. Table .Manage Firewall rule screen elements Firewall Rule Parameters To add or edit a firewall rule.Add Firewall rule 200/280 . To update the details. Click the Add button to add a new in the Manage column against the rule rule. go to Firewall Rule Rule.Cyberoam User Guide Description Routing through Gateway Backup Gateway Edit Icon Insert Icon Move Icon Delete Button Firewall rule description Routing policy applied to the traffic Backup gateway for the traffic Edit firewall rule Insert a new rule before the existing rule Change the order of the rule Delete firewall rule Alternately. Screen . click on the Rule or Edit icon you want to modify. ##ALL_IPSEC_RW. Click to attach the user identity. ##ALL_SSLVPN_RW. Specify source and destination host or network address to which the rule applies.Cyberoam User Guide Screen Elements General Settings Name Description Zone Attach Identity (Only if source zone is LAN/DMZ/VPN) Description Specify name to identify the Firewall Rule. Host dropdown list also displays MAC based host and dynamic hosts and host groups which are automatically added on creation of VPN Remote Access connections (IPSec and SSL). It will also display the default hosts created for remote access connection ##ALL_RW. Enable attach identity to apply following policies per user: • Web policy and Application policy for Content Filtering (User’s policy will be applied automatically but will not be effective till the Web and Application Filtering module is subscribed) • Schedule Access • IPS (User’s IPS policy will be applied automatically but will not be effective till the IPS module is subscribed) • Anti Virus scanning (User’s anti virus scanning policy will be applied automatically but it will not be effective till the Gateway Anti Virus module is subscribed) • Anti Spam scanning (User’s anti spam scanning policy will be applied automatically but it will not be effective till the Gateway Anti Spam module is subscribed) • QoS policy . Specify description of the rule Specify source and destination zone to which the rule applies. ##WWAN1(when WWAN is enabled) Network/Host 201/280 .User’s QoS policy will be applied automatically • Policy selected in the ‘Route through Gateway’ field is the static routing policy that is applicable only if more then one gateway is defined and used for load balancing. • Limit access to available services. Attach identity allows you to check whether the selected user/user group from the selected zone is allowed the access of the selected service or not. Cyberoam User Guide You can define new IP host, MAC host, host group and virtual host directly from the firewall rule itself. Service/Service group Services represent types of Internet data transmitted via particular protocols or applications. Select service/service group to which the rule applies. If Virtual host is selected as Destination host, you will be able to configure services only if the selected virtual host is not port forwarded. You can also add a new custom service or service group directly from the firewall rule itself and attach. Protect by configuring rules to block services at specific zone limit some or all users from accessing certain services allow only specific user to communicate using specific service. 202/280 Cyberoam User Guide Schedule Select Schedule for the rule. You can also add a new schedule directly from the firewall rule itself and attach. Action Select rule action • Accept – Allow access • Drop – Silently discards • Reject – Denies access and ‘ICMP port unreachable’ message will be sent to the source When sending response it might be possible that response is sent using a different interface than the one on which request was received. This may happen depending on the Routing configuration done on Cyberoam. For example, If the request is received on the LAN port using a spoofed IP address (public IP address or the IP address not in the LAN zone network) and specific route is not defined, Cyberoam will send a response to these hosts using default route. Hence, response will be sent through the WAN port. Select the NAT policy to be applied It allows access but after changing source IP address i.e. source IP address is substituted by the IP address specified in the NAT policy. This option is not available if Cyberoam is deployed as Bridge Apply NAT (Only if Action is ‘ACCEPT’) Advanced Settings 203/280 Cyberoam User Guide Toggle Drill Down icon – Click to apply different protection settings to the traffic controlled by firewall. You can: • Enable load balancing and failover when multiple links are configured. Applicable only if Destination Zone is WAN • Configure antivirus protection and spam filtering for SMTP, IMAP, POP3, and HTTP policies. To apply antivirus protection and spam filtering, you need to subscribe for Gateway Anti Virus and Gateway Anti Spam modules individually. Refer to Licensing section for details. • Implement Intrusion Prevention System. To apply IPS policy you need to subscribe for Intrusion Prevention System module. Refer to Licensing section for details. • Configure content filtering policies. To apply content filtering you need to subscribe for Web and Application Filter module. Refer to Licensing section for details. • Apply QoS policy Security Policies Web filter policy Select web filter policy for the rule. One can apply web filter policy on LAN to WAN rule only. It controls web access control and block access to inappropriate web sites. You can also add a new web filter policy directly from the firewall rule itself and attach. Apply Category QoS Web Based Click to restrict bandwidth for the URLs categorized under the Web category. A three step configuration is required as follows: 1. Create QoS policy from menu item “QoS → Policy → Add” 2. Assign above created QoS policy to the Web category from menu item “Web Filter → Category”. Policy can be assigned to the default as well as custom web categories. 3. Enable “Web Category based QoS Policy” from Firewall rule Above configured policy will be applicable, whenever the URL falling under the Web category is accessed. Select Application Filter Policy for the rule. One can apply policy on LAN to WAN rule only. It controls access to application like IM and P2P, VOIP. You can also add a new Application Filter policy directly from the firewall rule itself and attach. Application policy filter 204/280 Cyberoam User Guide IPS Policy Select IPS policy for the rule. To use IPS, you have to subscribe for the IPS module. Refer to Licensing for more details. You can also add a new IPS policy directly from the firewall rule itself and attach. IM Scanning AV & scanning AS Click ‘IM Scanning’ Checkbox to enable IM scanning. If enabled, all the messaging applications’ traffic is scanned. Click the protocol for which the virus and spam scanning is to be enabled. By default, HTTP scanning is enabled. To implement Anti Virus and Anti Spam scanning, you have to subscribe for the Gateway Anti Virus and Anti Spam modules individually. Refer to Licensing for more details. QoS and Routing policy QoS Policy Select QoS policy for the rule. Only the Firewall Rule based QoS policy can be applied. QoS policy allocates & limits the maximum bandwidth usage of the user. You can also add a new QoS policy directly from the firewall rule itself and attach. 205/280 Cyberoam User Guide Route Through Gateway Select routing policy. Option is available only if more than one gateway is configured. This option is not available if Cyberoam is deployed as Bridge. Specify the backup gateway. The traffic will be routed through the configured gateway incase gateway configured in “Route Through Gateway” goes down. Option is available only if “Load Balance” is not selected for “Route Through Gateway”. Backup Gateway Log Traffic Log Traffic Click to enable traffic logging for the rule i.e. traffic permitted and denied by the firewall rule. Table - Add Firewall rule screen elements Search Rules Use the search facility for searching firewall rules having specific users or hosts. The search string can be either an IP address or a string. Source Host IP Address Click the Search icon to search firewall rules for specific source host. It can be searched on the following criteria: is equal to, starts with and contains. Click OK to get the search results and Clear button to clear the results. Screen – Search Source Host 206/280 Click OK to get the search results and Clear button to clear the results. all the addresses starting with the number 192 will be displayed. is not. All the IP addresses that starts with the specified criteria. Click OK to get the search results and Clear button to clear the results. All the IP addresses that starts with the specified criteria. All the IP addresses that are in the specified range of IP addresses. if the search string is 192.1. if the search string is “192. For example. all the IP addresses like 1. contains and does not contain.1.5 or 1.10.2-1.1.168. if the search string is 1.1. All Hosts satisfying the will be displayed irrespective of Screen – Search Destination Host Search Criteria is equal to Search Results All the IP addresses that exactly match with the IP address specified in the criteria. all the addresses starting with the number 192 will be displayed.2-1. 207/280 . all the IP addresses like 1. all the addresses exactly matching the string will be displayed. For example. starts with and contains.1.1.1. if the search string is 192. For example.1.1. It can be searched on the following criteria: is equal to.1”.1.1.Cyberoam User Guide Search Criteria is equal to Search Results All the IP addresses that exactly match with the IP address specified in the criteria.1. if the search string is 1. It can be searched on the following criteria: is.10. For example.168.1. Table – Search Destination Host screen elements starts with Contains User/User Group Click the Search icon to search firewall rules for specific user.1.1.1.1. starts with contains Table – Search Source Host screen elements Destination Host IP Address Click the Search icon to search firewall rules for specific destination host. all the addresses exactly matching the string will be displayed. For example.5 or 1.1. if the search string is 192. For example. All the IP addresses that are in the specified range of IP addresses.8 falling in this range will be displayed.1.8 falling in this range will be displayed. Click the move rule against the rule whose order is to be changed. a general rule might allow a packet that you specifically have a rule written to deny later in the list. For example. Click on the rule to be moved and then drag & drop the rule in the desired order. All the users/user groups that do not contain the string specified in the criteria. if the search string is Test. Click close to save the order. all the users/user groups containing the string “Test” are displayed. 208/280 . all users/user groups except with the name exactly matching “Test” are displayed. All the users/user groups that do not match with the string specified in the criteria. while adding multiple rules. When a packet matches the rule. all the users/user groups not containing the string “Test” are displayed. Go to Firewall Rule Rule. For example. they are processed from the top down and the first suitable rule found is applied. if the search string is Test. Otherwise. When the rules are applied. For example. if the search string is Test. For example. Table – Search User/User Group screen elements is not contains does not contain Change Firewall Rule order Rule order defines the rule processing priority. the packet is immediately dropped or forwarded without being tested by the rest of the rules in the list. All the users/user groups that contain the string specified in the criteria. it is necessary to put specific rules before general rules. only users/user groups with the name exactly matching “Test” are displayed. if the search string is Test.Cyberoam User Guide Screen – Search User/User Group Search Criteria is Search Results All the users/user groups that exactly match with the string specified in the criteria. Hence. Select the checkbox against the column that is to be displayed. Action and Manage.Cyberoam User Guide Screen – Move Firewall Rule Customize Display Columns By default. Source. Destination. Identity. Service. You can customize the number of columns to be displayed as per your requirement. 209/280 . You can also select the order in which the Select the columns columns will be displayed. Manage Firewall Rules page displays details of the rule in the following columns: ID. Go to Firewall Rule of columns to be displayed. Enable. Drag & drop the column to customize the view in desired order. Rule and click on the ‘Select Column’ list to customize the number to be displayed on the page. Click OK to customize the selected columns. Cyberoam User Guide 210/280 . Default LAN to WAN (Any Host to Any Host) firewall rule will allow traffic to flow between the virtual host and the network. To configure a Virtual Host.Click the Edit icon Virtual Host pop-window window is displayed which has the same parameters as the Add Virtual Host window. • Manage Virtual host To manage virtual hosts. A Delete – Click the Delete icon dialog box is displayed asking you to confirm the deletion. Public port used when Port Forwarding is configured. click the Delete icon against the host you want to delete.Cyberoam User Guide Virtual Host Virtual Host maps services of a public IP address to services of a host in a private network. go to Firewall → Virtual Host → Virtual Host. You can: • • • Add View in the Manage column against the Virtual host to be modified. Mapped port number on destination network when Port Forwarding is enabled. Table – Manage Virtual host screen elements 211/280 . Click OK to delete the rule. select them and click the Delete button. Screen – Manage Virtual Host Screen Elements Add Button Host Name Public Address Mapped Address Public Port Mapped Port Edit Icon Delete Button Description Add a new Virtual Host Name of Virtual Host. go to Firewall → Virtual Host → Virtual Host. in the Manage column against a Virtual Host to be deleted. Mapped IP address type is the IP address of the internal server/host. Delete the Virtual Host Alternately. Public IP address through which Internet users access internal Server/host. A Virtual host can be a single IP address or an IP address range or Cyberoam interface itself. Cyberoam will automatically respond to the ARP request received on the WAN zone for the external IP address of Virtual host. Edit the Virtual Host details. To delete multiple virtual hosts. Edit Edit. Screen – Add Virtual host Screen Elements Name External IP Description Name to identify the Virtual Host. Alias or Virtual LAN (VLAN) subinterface is required to be mapped to the destination host or network • IP address . click on the virtual host or Edit icon the Manage column against the host you want to modify.. Available options: • Interface IP .Specified IP address range is mapped to a corresponding range of mapped IP address. If “IP” or “IP Range” option is selected.Cyberoam User Guide Virtual Host Parameters To add or edit a virtual host.Select when any of the Cyberoam Port. Click the Add in button to add a new virtual host. • IP address range . The IP range defines the start and end of an address range. Cyberoam automatically responds to 212/280 .Specified IP address is mapped to a corresponding mapped single or range of IP address. go to Firewall Virtual Host → Virtual Host. Public IP address is the IP address through which Internet user’s access internal server/host. To update the details. The start of the range must be lower than the end of the range. If single IP address is mapped to a range of IP address. Cyberoam uses round robin algorithm to load balance the requests. Cyberoam User Guide the ARP request received on the WAN zone for the external IP address. if mapped IP address represents any internal server then the zone in which server resides physically. Mapped IP Mapped IP is the IP address to which the external IP address is mapped. Specify mapped port number on the destination network to which the public port number is mapped. Click to specify whether port mapping should be single or range of ports. Mapped IP address is the IP address of the internal server/host. Physical Zone LAN. If Port Forwarding is enabled. LAN zone is configured but can be changed if required. following options are available. Port Forwarding Enable Port Forwarding Protocol Port Type External Port Mapped Port Description Click to enable service port forwarding. Available options: • IP address – External IP address is mapped to the specified IP address. For example. VPN or custom zone of the mapped IP addresses. Select the protocol TCP or UDP that you want the forwarded packets to use. WAN. Specify public port number for which you want to configure port forwarding. DMZ. • IP address range – External IP address range is mapped to the specified IP Address range. Table – Add Virtual host screen elements 213/280 . By default. This is the actual private IP address of the host being accessed using the virtual host. Virtual host Description. 1 Mapped IP address – 10. ARP – Static & Proxy 5.192. For Cyberoam to reply to the ARP requests received on any other zones than WAN zone for External IP address.1. Cyberoam automatically creates a loopback firewall rule for the zone of the mapped IP address. Different virtual hosts cannot have same external IP address if port forwarding in enabled in one virtual host and disabled for another virtual host.10. 214/280 . Virtual Hosts and Virtual Host based Firewall Rules 6. Virtual host with the same pair of External IP and Port cannot be created.10.1. Alias based Firewall Rules 4.1 Virtual_host2 External IP address .168.15 Mapped IP address – 10.10.2 Port forward – External port – 42 Mapped port – 48 Virtual_host1 External IP address .1. Multicast Once the virtual host is added successfully. Check creation of loopback rule from Firewall → Rule.1 Port forward – External port – 42 Mapped port – 48 Virtual_host1 External IP address .1.1. If port forwarding is not enabled in virtual host then firewall rule with “All Services” is created.192.15192. For example.10.168.Cyberoam Console of CLI Console.20 Description Different virtual hosts can have same External IP address only if port forwarding is enabled for different external port.192. Firewall rule is created for the service specified in virtual host. Virtual host restrictions: • • • • • Virtual host name cannot be same as host or host group name. Example Virtual_host1 External IP address .10.10. The number of IP addresses in External IP address range and Mapped IP address range must be same.10.168. Routes – Unicast.168. Interface based Hosts and reference from host groups 7. create proxy ARP from option .168.15 Mapped IP address – 10.192. External IP address range cannot be mapped with a single Mapped IP address. The number of ports in External ports range and Mapped port range must be same.192.1. Virtual host cannot be created with overlapping IP address. Interface-zone binding 2.168. DHCP Server or Relay 3. if virtual host is created for the LAN mapped IP zone then LAN-to-LAN firewall rule is created for the virtual host.12 Port forward – External port – 25 Mapped port – 35 Virtual_host2 External IP address .1 Mapped IP address – 10.Cyberoam User Guide Note Deleting Virtual host will remove all its dependent configurations including: 1.10. 15 Mapped IP address – 10.18 Virtual_host1 External IP address .Cyberoam User Guide Mapped IP address – 10.168.1.10.1510.10.10.10.External port – 25 Mapped port – 25 Virtual host cannot be created with overlapping ports.15 Mapped IP address – 10.10.External port – 20-80 Mapped port – 20-80 Virtual_host2 External IP address .20 Virtual_host2 External IP address .192.10.10.168.10.1.192.18 Mapped IP address – 10.168.1 Port forward . 215/280 .2 Port forward .10.192.10.1. You can: • • • Add View in the Manage column against the NAT Policy to be modified. select them and click the Delete button. go to Firewall → NAT Policy → NAT Policy. When a client sends an IP packet to the router. Screen – Manage NAT policy 216/280 . Edit Edit – Click the Edit icon NAT Policy pop-up window is displayed which has the same parameters as the Add NAT Policy window. NAT translates the public address into the original address and forwards it to the client.Cyberoam User Guide NAT Policy Network Address Translation (NAT) is the process of rewriting the source addresses of IP packets as they pass through a router or firewall. Click OK to delete the NAT Policy. Using NAT eliminates the need for public IP addresses for all computers on your LAN. • Manage NAT policy To manage NAT policies.e. Use NAT to change or remap source or destination address of the packet. To delete multiple NAT Policies. NAT translates the sending address to a different.e. To manage NAT Policy. go to Firewall → NAT Policy → NAT Policy. NAT also allows you to conceal the addressing scheme of your network. When a response packet is received. source IP address is substituted by the IP address specified in the NAT policy. Mostly NAT is used to enable multiple hosts on a private network to access the Internet using a single public IP address. It is a way to conserve IP addresses available from the pool of Public IP addresses for the Internet. A Delete – Click the Delete icon dialog box is displayed asking you to confirm the deletion. public IP address before forwarding the packet to the Internet. NAT policy tells firewall rule to allow access but only after changing source IP address i. in the Manage column against a NAT Policy to be deleted. NAT policy tells firewall rule to allow access but after changing source IP address i. source IP address is substituted by the IP address specified in the NAT policy. click on the Policy or Edit icon column against the policy you want to modify.Cyberoam User Guide Screen Elements Add Button Name IP Mapped To Edit Icon Delete Button Description Add a NAT Policy Name of the NAT Policy Source IP/Range will be replaced with the specified IP/Range Edit the NAT Policy Delete the NAT Policy Alternately. To update the details. Table – Manage NAT policy screen elements NAT Policy Parameters To add or edit NAT policies. go to Firewall → NAT Policy → NAT Policy. click the Delete icon against the policy you want to delete. Click the Add button to add a new policy. specify IP address for source natting Available Options: • IP Address – will replace source IP address with the specified IP address • IP Range – will replace source IP address with any of the IP address from the specified range You can search and select a particular IP Address based on the Host IP Address 217/280 . Under IP Host. in the Manage Screen – Add NAT policy Screen Elements Name Map Source IP To Description Name to identify the NAT Policy Select Masquerade or IP Host for NAT Policy Available Options: • MASQ – will replace source IP address with Cyberoam’s WAN IP address • IP Host – will replace source IP address with specified IP address or range. Alternately. 218/280 . an IP address or range can also be added using “Add IP Address” link.Cyberoam User Guide name. Table – Add NAT policy screen elements Note Deafult MASQ policy cannot be updated or deleted. Using MAC address filtering makes it more difficult for a hacker to guess and use a random MAC address or spoof a MAC address to gain access to your network as the traffic does not even reach your firewall.Cyberoam User Guide Spoof Prevention You can configure MAC and/or IP address pair entry in IP-MAC trusted list to improve the security of your network. To make the restriction more granular. it is disabled. It prevents hosts which try to violate trusted IP-MAC. If enabled. When disabled. General Settings To enable spoof prevention for LAN. traffic from any IP address not in the trusted list will be allowed even if it is coming from the trusted MAC address. MAC Filter – Packets will be dropped if the MAC addresses not configured in the “Trusted MAC” list. WAN and DMZ zones. it is also possible to filter packets based on IP-MAC pair. IP-MAC Pair Filter – Packets will be dropped if IP and MAC do not match with any entry in the IP-MAC trusted list. one can enable restriction on the zones. Screen – General Settings 219/280 . go to Firewall → Spoof Prevention → General Settings. Cyberoam provides 3 ways to prevent spoofing using IP-MAC trusted list: • • • IP spoofing – Packets will be dropped if matching route entry is not available. It is enabled automatically when Spoof Prevention is enabled. By default. Similarly. Enable “Restrict Unknown IP on Trusted MAC” if you want to drop traffic from any IP address not in the trusted list for the trusted MAC address. To manage Trusted MAC list. it is not enabled for any zone. Click OK to delete the Trusted MAC. • If enabled. By default. User gets access to the network only if the MAC Address and/or IP address is on the trusted MAC list else the request is rejected. go to Firewall → Spoof Prevention → Trusted MAC. it is to be enabled for atleast one zone. IP-MAC pair filter Cyberoam will drop the request considering it as a spoofed request if • MAC address differs for the trusted IP address • IP address differs for the trusted MAC address But. You can: • • • • Add View Import in the Manage column against a Trusted MAC to be deleted. When a user attempts to access the network. By enabling filtering. it is to be enabled for atleast one zone. Table – General Settings LAN Yes WAN No DMZ Yes Yes Yes Yes Yes No Yes Trusted MAC You can enable MAC address and/or IP address pair filtering to improve security. • If enabled. packets will be dropped and logged.Cyberoam User Guide Zone IP Spoofing If enabled: • Enable at least for one zone • Cyberoam will reverse lookup for the route of source network and if not available. By default. please make sure to include MAC addresses of all your internal devices. To delete multiple Trusted MACs. select them and click the Delete button. Delete – Click the Delete icon A dialog box is displayed asking you to confirm the deletion. the request will be allowed if IP or MAC address does not exist at all in the list. Cyberoam checks the MAC address and/or IP address from the list. it is not enabled for any zone. By default. As Cyberoam will drop all the requests from the MAC address not configured in the trusted list. It is also possible to import the trusted MAC list through CSV (Comma Separated Value) file. it is not enabled for any zone. Request is dropped if IP-MAC pair does not exist in the trusted list. 220/280 . you define the devices that can access your network. MAC filter • It restricts the access of your network to the external hosts. incase of static IP association. Click the Add button to add a Trusted MAC. click the Delete icon against the trusted MAC you want to delete.Cyberoam User Guide Manage Trusted MAC list To manage Trusted MAC list. DHCP or no IP association IP address bound to MAC address. Delete the Trusted MAC Alternately. go to Firewall → Spoof Prevention → Trusted MAC. Screen – Manage Trusted MAC list Screen Elements Add Button MAC Address IP Association IP Address Delete Button Description Add a Trusted MAC MAC address of the user Static. go to Firewall → Spoof Prevention → Trusted MAC. Screen – Add Trusted MAC list Screen Elements MAC Address Description MAC Address to be added to a trusted MAC list 221/280 . Table – Manage Trusted MAC screen elements Trusted MAC List Parameters To add Trusted MAC list. • • • • • • • First row of the CSV file has to be the header row: MAC Address. Specify the IP Address for IP-MAC binding. IP Association. Available Options: • None – No IP address is binded with the MAC address. IP-Address is not required and if it is given. Use comma to add multiple IP addresses. 4. 2. it will be ignored For Invalid MAC / IP Address or IP Association entry will be discarded Use comma to insert Multiple staic IP Addresses Screen – Import Trusted MAC Address 222/280 .Cyberoam User Guide IP Association Specify IP Association if you want to implement IP-MAC pair filtering. Packets will be rejected if either MAC or IP address does not match. Use comma as a seperator to configure multiple IP address. • Static – IP address to be binded to the MAC address. Entry will be updated automatically when the leased IP address is updated. 3. Click the Import button to import a CSV file. Cyberoam provides a facility to import the trusted list from a CSV (Comma Separated Value) file. The format for the CSV file should be as follows: 1. 5. • DHCP – MAC will be binded to the IP address leased by the Cyberoam DHCP server as and when the IP is leased. IP Address The rest of the rows are values corresponding to the header fields Blank rows will be ignored Error Message display only for invalid rows Format of values: Compulsory fields: MAC Address and IP Association Optional fields: IP Address IP Association must be Static or DHCP or None For Static IP Association. Table – Add Trusted MAC list IP Addresses Import Trusted MAC Address Instead of adding the trusted entries individually. IP Address must be available For None/DHCP type of IP Association. traffic from the remaining IP addresses will not be affected at all. in the next phase user will be able to send only 100 packets per second. Packet rate per Destination Maximum of packets allowed from a particular user at a given time. This includes protection from several kinds of “Denial of Service attacks”. Cyberoam will accept traffic from the user only after 223/280 .Cyberoam User Guide DoS Cyberoam provides several security options that cannot be defined by the firewall rules. DoS attacks are typically executed by sending many request packets to a targeted server (usually Web. beyond which they become disabled. making the system unusable. attackers send a very high volume of redundant traffic to a system so it cannot examine and allow permitted network traffic.e. How it works When the burst rate is crossed. Denial of Service (DoS) attack is a method hackers use to prevent or deny legitimate users access to a service. So in the next phase. Burst rate per Source Maximum number of packets allowed to a particular user at a given time. initially user will be able to send 200 packets per second but once the 200 packets are received. Packet rate per Source Total number of connections or packets allowed to a particular user. Cyberoam will consider it as an attack and drop 50 (150 -100) packets. Their goal is not to steal the information but disable or deprive a device or network so that users no longer have access to the network services/resources. or Mail server). Because Cyberoam applies threshold value per IP address. Time taken to re-allow traffic from the blocked source/destination = time taken to subside the attack + 30 seconds For example. Cyberoam considers it as an attack. which floods the server's resources. FTP. Best way to protect against the DoS attack is to identify and block such redundant traffic. These attacks disable computers and circumvent security. Cyberoam will continue to drop the packets till the attack subsides. traffic from the particular source/destination will only be dropped while the rest of the network traffic will not be dropped at all i. Packet rate per Destination Total number of connections or packets allowed from a particular user. Packet rate per Source – 100 packets per second Burst rate per Source – 200 packets per second When user starts sending requests. Hence. Cyberoam provides DoS attack protection by dropping all the excess packets from the particular source/destination. if user sends 150 packets per second. All servers can handle traffic volume up to a maximum. and Burst Rate 224/280 . DoS Settings Define the attack definition from Firewall → DoS → Settings (Attack definition can be defined both for source and destination) Configure DoS Settings Screen – DoS Settings Screen Elements SYN Flood Description Configure Packet Rate (packets/minute) (packets/second) for source and destination.Cyberoam User Guide 30 seconds of dropping the packets. Hence it is very important to configure appropriate values for both source and destination IP address. if source rate is 2500 packets/minute and the network consists of 100 users then each user is allowed packet rate of 2500 packets per minute. These values depend on various factors like: Network bandwidth Nature of traffic Capacity of servers in the network These values are applicable to the individual source or destination i. For example. Configuring high values will degrade the performance and too low values will block the regular requests.e. requests per user/IP address and not globally to the entire network traffic. Threshold values Cyberoam uses packet rate and brust rate values as a threshold value to detect DoS attack. TCP attack sends huge amount of TCP packet so that the host/victim computer cannot handle. Destination Traffic Dropped displays number of packets dropped in case destination packet rate control is applied. Click ‘UDP Flood’ to view the real time updates on flooding. Source Traffic Dropped displays number of source packets dropped in case source packet rate control is applied. It displays UDP Flood TCP Flood ICMP Flood 225/280 . It hooks up one system’s UDP character-generating service. Destination Traffic Dropped displays number of packets dropped in case destination packet rate control is applied. A SYN flood attack creates so many halfopen connections that the system becomes overwhelmed and cannot handle incoming requests any more. Configure Packet Rate (packets/minute) and Burst Rate (packets/second) for source and destination. Click ‘SYN Flood’ to view the real time updates on flooding. It displays the source IP address . Click ‘ICMP Flood’ to view the real time updates on flooding. The connection is created when the victim host receives a connection request and allocates for it some memory resources.which was used for flooding and IP address which was targeted. Source Traffic Dropped displays number of source packets dropped in case source packet rate control is applied.Cyberoam User Guide Click “Apply Flag” checkbox to apply the SYN flood definition and control allowed number of packets. SYN Flood is the attack in which large numbers of connections are send so that the backlog queue overflows.which was used for flooding and IP address which was targeted. Configure Packet Rate (packets/minute) and Burst Rate (packets/second) for source and destination. Click “Apply Flag” checkbox to apply the TCP flood definition and control the allowed number of packets. the two systems are tied up exchanging a flood of meaningless data. Once the link is made. User Datagram Protocol (UDP) Flood links two systems. with another system’s UDP echo service. Destination Traffic Dropped displays number of packets dropped in case destination packet rate control is applied. Source Traffic Dropped displays number of source packets dropped in case source packet rate control is applied. It displays the source IP address . Click “Apply Flag” checkbox to apply the UDP flood definition and control the allowed number of packets. Configure Packet Rate (packets/minute) and Burst Rate (packets/second) for source and destination. Click “Apply Flag” checkbox to apply the ICMP flood definition and control allowed number of packets. Click OK to delete the DoS Bypass Rule. An ICMP redirect packet is used by routers to inform the hosts what the correct route should be. ARP attack sends ARP requests at a very high rate to the server. he or she can alter the routing tables on the host and possibly weaken the security of the host by causing traffic to flow via another path. Cyberoam protects by dropping such invalid ARP requests. Click “Apply Flag” checkbox to enable. Screen – Manage DoS Bypass Rules 226/280 . You can also bypass DoS inspection of the traffic coming from certain hosts of VPN zone. VPN zone traffic is also subjected to DoS inspection. go to Firewall → DoS → Bypass Rules. You can: • • • Add View in the Manage column against the DoS Bypass Rule to be Edit – Click the Edit icon modified. Because of this. server is overloaded with requests and will not be able to respond to the valid requests. To manage Bypass Rules. • Manage DoS Bypass Rules To manage bypass rules.Cyberoam User Guide the source IP address . ICMP attack sends huge amount of packet/traffic so that the protocol implementation of the host/victim computer cannot handle. go to Firewall → DoS → Bypass Rules. If an attacker is able to forge ICMP redirect packets. By default. To delete multiple DoS Bypass rules. A dialog box is displayed asking you to confirm the deletion.which was used for flooding and IP address which was targeted. select them and click the Delete button. Edit DoS Bypass Rule pop-up window is displayed which has the same parameter as the Add DoS Bypass Rule window in the Manage column against a DoS Bypass Rule to be Delete – Click the Delete icon deleted. Table – DoS Settings screen elements Dropped Source Routed Packets Disable Packet ICMP Redirect Disable ARP Flooding Bypass Rules Cyberoam allows you to bypass the DoS rule in case you are sure that the specified source will not be used for flooding or ignore if flooding occurs from the specified source. This will block any source routed connections or any packets with internal address from entering your network. in the Manage Screen – Add Bypass Rule Screen Elements Source IP Address Description Specify Source IP/Netmask. Specify * if you want to bypass entire network rt Source Port Destination IP Address Destination Port 227/280 . To update the details. Specify * if you want to bypass entire network Specify Port Number for Source. Click the Add button to add a new rule. click the Delete icon against the rule you want to delete. click on the Rule or Edit icon column against the rule you want to modify. go to Firewall → DoS → Bypass Rules. Specify * if you want to bypass entire network Specify Port Number for Destination.Cyberoam User Guide Screen Elements Add Button Source Source Port Destination Destination Port Protocol Edit Icon Delete Button Description Add a DoS Bypass Rule Source IP/Netmask to be bypassed Source Port Number to be bypassed Destination IP/Netmask to be bypassed Destination Port Number to be bypassed Protocols to be bypassed Edit the DoS Bypass Rule Delete the DoS Bypass Rule Alternately. Specify * if you want to bypass entire network Specify Destination IP/Netmask. Table – Manage DoS Bypass rule screen elements DoS Bypass Rules Parameters To add or edit DoS Bypass Rule. if you select TCP protocol then DoS rules will not be applied on the TCP traffic from the specified source to destination. For example. Table – Add DoS bypass rule screen elements 228/280 .Cyberoam User Guide Protocol Select protocol whose traffic is to be bypassed if generated from the specified source to destination. The traffic coming from the web is filtered by various policies and categories. Altavista and Bing search results. thus helping you against malicious sites. Enable to protect against pharming attacks and direct users to the legitimate web sites instead of fraudulent web sites. Safe Search – This feature allows you to enforce safe searching into your search engines.Cyberoam User Guide Web Filter Settings 9 Web Filter menu allows to configure and manage Web Filtering in Cyberoam. Use this page to enable Safe Search feature and Pharming protection useful in filtering Web traffic. AdultContent and Nudity categories is denied in Web Filter Policy. Pharming attacks require no additional action from the user from their regular web surfing activities. Yahoo. Configure web filter settings from Web Filter → Settings → Settings. Pharming attack succeeds by redirecting the users from legitimate web sites instead of similar fraudulent web sites that has been created to look like the legitimate site. This will be applicable only when access to Porn. Pharming Protection – This feature allows you stop Pharming by various attacker sites by Domain Name resolution. Click “Save” button after changing the configuration. Table – Configure Settings screen elements Enable Pharming Protection PART 229/280 . Screen – Configure Settings Screen Elements Enforce Safe Search Description Enable safe search so that web sites containing pornography and explicit sexual content are blocked from the Google. Users accessing any URLs falling under the SAP Web category will get 512 kbps. define a QoS policy of 512 kbps and assign this policy to the SAP Web category and firewall rule. Custom web category is given priority over default category while allowing/restricting the access. The page allows you to manage default web categories and create custom web categories. You can use these or even create new web categories to suit your needs.Cyberoam User Guide Category Web category is the grouping of Domains and Keywords used for Internet site filtering. to reserve 512 kbps for SAP applications. To manage web categories. individual user. go to Web Filter → Category → Category. • Manage Web Categories To manage web categories. To use the default web categories. and many other criteria. You can also add or remove specific domains or keywords in the category. Each category is classified according to the type of sites in the category. 230/280 . go to Web Filter → Category → Category. It is also possible to restrict the bandwidth based on the web category. select them and click the Delete button. time of day. the add-on module Web and Application Filter should be registered. Cyberoam provides a database of default Web categories. Delete – Click the Delete icon in the Manage column against a Web Category to be deleted. allow or deny access to the categories with the help of policies by groups. You can: • • • • Add View Search in the Manage column against the category to be modified. To delete multiple Web Categories. Edit Edit – Click the Edit icon Web Category pop-up window is displayed which has the same parameters as the Add Web Category window. Depending on the organization requirement. 512 kbps bandwidth will be shared among all the users when more than one user is accessing. Domains and any URL containing the keywords defined in the Web category will be blocked. Cyberoam also provides pre-defined categories which can be to block the malicious and objectionable contents. For example. Click OK to delete the Web Category. A dialog box is displayed asking you to confirm the deletion. Categories are grouped in to four types and specifies whether the surfing those categories is considered as productive or not: • • • • Neutral Productive Non-working Un-healthy For your convenience. Table – Manage Web Categories screen elements Web Category Parameters To add or edit a web category. Neutral. Edit the web category. 231/280 . Type of Policy – Default OR Custom Category Classification – Unhealthy. To update the details. click the Delete icon against the category you want to delete. Non-working. Alternately. Click the Add button to add a new web category. Delete the web category. go to Web Filter → Category → Category.Cyberoam User Guide Screen – Manage Web Categories Screen Elements Add Button Name Type Classification QoS Policy Edit Icon Delete Button Description Add a custom Web Category Name of the Web Filter Category. Productive. click on the web category or Edit icon in the Manage column against the web category you want to modify. QoS Policy applied on the category. Remove icon Advanced Settings Action (Only applicable adding a Category) 'Policies' List displays all the policies available. Available Options: Neutral. Remove icon Specify Keywords to include it under a web category. Productive. Select the classification type for the category. Healthy Select QoS policy if want to apply bandwidth restriction from the “QoS Policy” dropdown list Specify URL to include it under a web category. to add more than one keyword and You can use Add icon to delete the keyword specified. Custom category name and default category name cannot be same. Non-working. Category cannot be added to default policies from this page. Click the checkbox to select the policies. Classification QoS Policy URL Keyword while 232/280 .Cyberoam User Guide Screen – Add Web Category Screen Elements Name Description Name to identify the web category name. All the selected policies are moved to 'Selected Policies' list. to add more than one URL and You can use Add icon to delete the URL specified. Category can be searched on the following criteria: is. A pop-up window is displayed that has filter conditions for search. all the categories not containing the string “Test” are displayed. if the search string is Test. all categories except with the name exactly matching “Test” are displayed. you can set your custom message for Denied service. For example. Enable/disable the ‘Override Default Denied Message’ checkbox. if the search string is Test. For example.Cyberoam User Guide Denied Message Category. Click OK to get the search results and Clear button to clear the results. if the search string is Test. only categories with the name exactly matching “Test” are displayed. does not contain. Screen – Search Web Categories Search Criteria is Search Results All the categories that exactly match with the string specified in the criteria. will be automatically added to the selected policies. Table – Search Web Categories screen elements is not contains does not contain 233/280 . is not. if the search string is Test. For example. all the categories containing the string “Test” are displayed. All the categories that do not contain the string specified in the criteria. All the categories that contain the string specified in the criteria. If enabled. All the categories that do not match with the string specified in the criteria. For example. contains. Table – Add Web Category screen elements Description Search Category Click the Search icon in the Application Filter Category column to search for specific web categories. once created. Specify Category Description. For example. or individual file extensions within a category with the help of policy. Click OK to delete the Web Filter Policy. video and streaming content) Allow/deny access to an entire application category. To delete multiple Web Filter Policies. Access to the specified categories depends on the strategy defined for each category. Cyberoam comes with the following predefined policies: Allow All. select them and click the Delete button. 234/280 . Deny all and General Corporate Policy. Access to the specified categories depends on the strategy defined for each category. To manage web filter policies. Edit Web Filter Policy page is displayed which has the same parameters as the Add Web Filter Policy window. go to Web Filter → Policy → Policy. You can: • • • • Add View Search in the Manage column against the Web Filter Policy to be Edit – Click the Edit icon modified. These predefined policies are immediately available for use until configured otherwise. Deny: By default. Add Web Filter Policy Rules in the Manage column against a Web Filter Policy to be Delete – Click the Delete icon deleted. It specifies which user has access to which sites and allows defining powerful security policies based on almost limitless policy parameters like: • • • • • • Individual users Groups of users Time of day Location/Port/Protocol type Content type Bandwidth usage (for audio. CIPA. denies access to all the categories except the specified categories. • • Manage Web Filter Policies To manage Web Filter Policies. A dialog box is displayed asking you to confirm the deletion. Two strategies based on which Web Filter Policy can be defined: • • Allow: By default.mp3 extensions. go to Web Filter → Policy → Policy. allows access to all the categories except the specified categories. you can define a policy that blocks access to all audio files with .Cyberoam User Guide Policy Web Filter Policy controls user’s web access. You can also define custom policies to define different levels of access for different users to meet your organization’s requirements. To update the details.Cyberoam User Guide Screen – Manage Web Filter Policies Screen Elements Add Button Web Filter Policy Name Default Strategy Reporting Description Edit Icon Delete Button Description Add a new Web Filter Policy Name of Web Filter Policy Default Strategy: Allow or Deny Reporting: Enabled or Disabled Policy Description Edit the Web Filter Policy Delete the Web Filter Policy Alternately. go to Web Filter → Policy → Policy. click the Delete icon against the policy you want to delete. Click the Add button to add a new web filter policy. in the Manage 235/280 . Table – Manage Web Filter Policies screen elements Web Filter Policy Parameters To add or edit a web filter policy. click on the policy or Edit icon column against the policy you want to modify. But Cyberoam allows to bypass reporting of certain users. By default.Cyberoam User Guide Screen – Add Web Filter Policy Screen Elements Name Template Description Name to identify the Policy. Internet usage reports will not include access details of all the users to whom this policy will be applied. users will not be able to bypass and access blocked sites using URL translation or HTTP proxy websites hosted on HTTPS. Enable the ‘Enable Reporting’ checkbox to create Bypass reporting web filter policy. Enable the ‘Enable Certificate based categorization for HTTPS’ check box to enable filtering of HTTPS traffic based on domain names using site X. Internet usage report is generated for all the users. Select a template if you want to create a new policy based on an existing policy and want to inherit all the categories restrictions from the existing policy. Enable Reporting Enable Certificate based categorization for HTTPS 236/280 . If enabled. Duplicate names are not allowed.509 certificates. SSLv3 and TLS protocols. Specify the file size (in MB) in the textbox against Download File Size Restriction to configure the maximum allowed file download size. Edit Web Filter Policy window is displayed for modifications. Specify Policy Description. Specify 0 if there has to be no restriction on the maximum file size for download.Cyberoam User Guide Download Restriction File Size In other words. Rules can be added for custom policies only. You can also search the category name from the search text box provided. To add Web Filter Policy rules. in the Manage column against go to Web Filter → Policy → Policy. Screen – Add Web Filter Policy Rules Screen Elements Category Name Description Select Web Category or File Type Category to be added. Web Filter Policy Rule Parameters Web Filter Policy rules can be added to custom web filter policies. Description Table – Add Web Filter Policy screen elements Once the policy is created. User will not be allowed to download file greater than the configured size. Add rules after policy is added successfully. 237/280 . policy rules can be added to schedule the implementation of the policy. You can select more than one category by selecting the checkbox. You can add or delete rules from this page. Click the Edit icon the Web Filter Policy to which rules are to be added. if enabled Cyberoam will block attempts to by web content filtering and sites hosted on SSLv2. contains. Screen – Search Web Filter Policies Search Criteria is Search Results All the policies that exactly match with the string specified in the criteria. A pop-up window is displayed that has filter conditions for search. all policies except with the name exactly matching “Test” are displayed. Table – Add Web Filter Policy Rule screen elements Search Policy Click the Search icon in the Web Filter policy column to search for specific policies. does not contain. For example. if the search string is Test. if the search string is Test. is not. All the policies that do not match with the string specified in the criteria. all the policies containing the string “Test” are displayed. All the policies that contain the string specified in the criteria.Allow OR Deny Select the Schedule for categories selected.Cyberoam User Guide Action Schedule Specify Action for the categories selected . Policy can be searched on the following criteria: is. only policies with the name exactly matching “Test” are displayed. For example. if the search string is Test. For example. is not contains 238/280 . Click OK to get the search results and Clear button to clear the results. For example. Table – Search Web Filter Policies screen elements 239/280 . if the search string is Test. all the policies not containing the string “Test” are displayed.Cyberoam User Guide does not contain All the policies that do not contain the string specified in the criteria. The traffic coming from the web is filtered by various policies and categories. Network Services. Category Cyberoam provides certain default Application category that can be used in filtering policy. does not contain. contains. Each of the categories contains sub categories and can be viewed by clicking the icon against the category. IM. To view and search application categories. Internet Protocol. You can also add custom category as per your network requirement. Proxy. Gaming. VOIP. P2P. Streaming Media Search Category Click the Search icon in the Category Name column to search for specific application categories. General Internet.Cyberoam User Guide Application Filter 10 Application Filter menu in Cyberoam allows to configure and manage filtering on various applications. go to Application Filter → Category → Category. Screen – Manage Application Filter Categories Category Names File Transfer. go to Application Filter → Category → Category. PART 240/280 . Address can be searched on the following criteria: is. is not. You can: • • View Search View Categories To view and search application categories. Remote Access. All the categories that do not contain the string specified in the criteria. only categories with the name exactly matching “Gaming” are displayed. For example. For example. For example. For example. all the categories not containing the string “Gam” are displayed. all categories except with the name exactly matching “Gaming” are displayed. Table – Search Categories screen elements is not contains does not contain 241/280 . All the categories that do not match with the string specified in the criteria. All the categories that contain the string specified in the criteria.Cyberoam User Guide A pop-up window is displayed that has filter conditions for search. all the categories containing the string “Gam” are displayed. Screen – Search Categories Search Criteria is Search Results All the categories that exactly match with the string specified in the criteria. if the search string is Gaming. if the search string is Gam. if the search string is Gaming. if the search string is Gam. Click OK to get the search results and Clear button to clear the results. A dialog box is displayed asking you to confirm the deletion. go to Application Filter → Policy → Policy. Access to the specified categories depends on the strategy defined for each category. These two predefined policies are immediately available for use until configured otherwise. allows access to all the categories except the specified categories. Edit Application Filter Policy page is displayed for modifications. Cyberoam comes with the following predefined policies for applications: Allow All and Deny All. select them and click the Delete button. To manage application filter policies. 242/280 . You can also define custom policies to define different levels of access for different users to meet your organization’s requirements. denies access to all the categories except the specified categories. Access to the specified categories depends on the strategy defined for each category. in the Manage column against an Application Filter Policy to Delete – Click the Delete icon be deleted. It specifies which user has access to which applications and allows defining powerful security policies based on almost limitless policy parameters like: • • • Individual users Groups of users Time of day Two strategies based on which Application Filter Policy can be defined: • • Allow: By default. Click OK to delete the Application Filter Policy. Edit Application Filter Policy page is displayed which has the same parameters as the Add Application Filter Policy window. go to Application Filter → Policy → Policy. To delete multiple Application Filter Policies. You can: • • • • Add View Search in the Manage column against the Application Filter Policy to be Edit – Click the Edit icon modified.Cyberoam User Guide Policy Application Filter Policy controls user’s application access. • • Manage Application Filter Policies To manage application filter policies. in the Manage column against the Add Application Filter Policy Rules – Click the Edit icon Application Filter Policy to which Application categories are to be added. Deny: By default. Click the Add button to add an application filter policy.Cyberoam User Guide Screen – Manage Application Filter Policies Screen Elements Add Button Name Action Description Edit Icon Delete Button Description Add a new Application Filter Policy Name of Application Filter Policy Default Action: Allow or Deny Policy Description Edit the Application Filter Policy Delete the Application Filter Policy Alternately. Table – Manage Application Filter Policies screen elements Application Filter Policy Parameters To add or edit an application filter policy. click the Delete icon against the policy you want to delete. click on the policy or Edit icon in the Manage column against the policy you want to modify. Screen – Add Application Filter Policy 243/280 . To update the details. go to Application Filter → Policy → Policy. Specify Policy Description. To add application in the filter policy rules. Application Filter Policy Rule Parameters Application Filter Policy rules can be added to custom application filter policies. policy rule can be scheduled for implementation. Edit Application Filter Policy window is displayed for modifications. Table – Add Application Filter Policy screen elements Once the policy is created. Click the Edit icon Manage column against the Application Filter Policy to which rules are to be added. Duplicate names are not allowed. Select the template for the policy. You can add or delete rules from this page. 244/280 . go to Application Filter → Policy → Policy. Select Application Category from the list of available categories.Cyberoam User Guide Screen – Edit Application Filter Policy (Policy Rule) Screen Elements Name Description Template Select Categories (Only available once the policy is created) Description Name to identify the Policy. Add rule after policy is created successfully. You can also select more than one application using the checkbox. Click OK to get the search results and Clear button to clear the results. Select the Applications under the Category selected. Action Schedule Table – Add Application Filter Policy Rule screen elements Search Policy Click the Search icon in the Application Filter policy name column to search for specific policies. You can search for the application using the Search textbox. A pop-up window is displayed that has filter conditions for search. contains.Cyberoam User Guide Screen – Add Application Filter Policy Rule Screen Elements Select Categories Select Application Description Select Application Category from the list of available categories. Select the Action: Allow OR Deny Select the Schedule from the list of schedules available. Policy can be searched on the following criteria: is. Screen – Search Policies 245/280 . does not contain. is not. For example.Cyberoam User Guide Search Criteria is Search Results All the policies that exactly match with the string specified in the criteria. All the policies that do not contain the string specified in the criteria. if the search string is Test. For example. All the policies that contain the string specified in the criteria. all the policies containing the string “Test” are displayed. all the policies not containing the string “Test” are displayed. only policies with the name exactly matching “Test” are displayed. all policies except with the name exactly matching “Test” are displayed. All the policies that do not match with the string specified in the criteria. if the search string is Test. if the search string is Test. For example. is not contains does not contain Table – Search Policies screen elements 246/280 . For example. if the search string is Test. The rules can be set on groups as well as users individually. Screen – Manage IM Contacts Screen Elements Add Button Protocol Description Add a new IM contact Protocol suggests the messenger application in use. Click OK to delete the IM Contact. select them and click the Delete button. A Delete – Click the Delete icon dialog box is displayed asking you to confirm the deletion. in the Manage column against the contact to be deleted. You can add an IM contact or IM contact group for configuring rules. Yahoo or MSN PART 247/280 . IM Contact IM Contact is used to register various Yahoo and MSN messaging application users. The traffic coming from the web in form of files and chat is filtered by various rules and content filtering strategies. various IM rules can be created for monitoring them. Any of the email id created through Yahoo or MSN are valid for creating IM Contacts. A Contact can be created for a user having access any of the two IM applications. go to IM → IM Contact → IM Contact. Along with the contacts. You can: • • • Add View in the Manage column against the contact to be modified. IM Contact Groups can also be created. Once the users are registered. Edit IM Edit – Click the Edit icon Contact pop-up window is displayed which has the same parameters as the Add IM Contact window. To manage IM contacts. • Manage IM Contacts To manage IM contacts. These contacts can be either Yahoo or MSN Email IDs. To delete multiple contacts. IM Contact page is used to create and manage contacts in Cyberoam.Cyberoam User Guide IM 11 IM (Instant Messaging) allows to configure and manage restrictions on instant messaging services provided by the Yahoo and MSN messengers. go to IM → IM Contact → IM Contact. Edit the IM Contact details Delete the IM Contact Alternately. Available Options: Yahoo or MSN Username to identify the IM contact. Click the Add button to add IM contact. Table – Manage IM Contacts screen elements Note Contact cannot be deleted. Select the IM group to which the IM contact will be assigned. IM Contact Parameters To add or edit an IM contact. To update the details.Cyberoam User Guide Username Edit Icon Delete Button Username provided for the IM contact. The username can either be an email address or name of the user. go to IM → IM Contact → IM Contact. click on the contact or Edit icon against the contact you want to modify. IM Username IM Group Table – Add IM Contact screen elements 248/280 . if contact is member of a Contact Group. in the Manage column Screen – Add IM Contact Screen Elements Protocol Description Select the application used for instant messaging. click the Delete icon against the contact you want to delete. Edit the IM Contact Group Delete the IM Contact Group Alternately. To update the details. filtering rules can be applied to a number of contacts simultaneously. go to IM → IM Contact → IM Contact Group. Click OK to delete the IM Contact Group. To manage IM contact groups. You can: • • • Add View in the Manage column against the contact group to be modified. go to IM → IM Contact → IM Contact Group. Screen – Manage IM Contact Groups Screen Elements Add Button Name Description Edit Icon Delete Button Description Add a new IM Contact Group Name of the IM Contact Group IM Contact Group Description. go to IM → IM Contact → IM Contact Group. Table – Manage IM Contact Groups screen elements IM Contact Group Parameters To add or edit an IM contact group. These contact groups have IM Contacts. A dialog box is displayed asking you to confirm the deletion. Contacts that belong to a particular group are referred to as group contacts. To delete multiple contact groups. Edit – Click the Edit icon Edit IM Contact Group pop-up window is displayed which has the same parameters as the Add IM Contact Group window.Cyberoam User Guide IM Contact Group Group is a collection of users that are managed as a single unit. select them and click the Delete button. Delete – Click the Delete icon in the Manage column against the contact group to be deleted. Click the Add button to add IM contact group. IM Contact Group page is used to create and manage contact groups in Cyberoam. By creating a group. click the Delete icon against the contact group you want to delete. click on the contact group or Edit icon 249/280 . • Manage IM Contact Groups To manage IM contact groups. A single IM contact can be added to multiple contact groups and rules to the user gets applied in the order in which they are created. Click the checkbox to select the contacts. All the selected contacts are moved to 'Selected IM Contact' list.Cyberoam User Guide in the Manage column against the contact group you want to modify. It specifies which users have access to IM applications. 'IM Contact' List displays all the IM Contacts. Group Conversation – Group conversations between multiple users can be allowed/denied individual contacts or contacts within groups. Specify Description Table – Add IM Contact group screen elements Description IM Rules IM Rule controls user’s instant messaging access. Individual rules for Conversation (chats). File Transfer. Content Filtering Virus Scanning Archiving Maintaining Logs 250/280 . Screen – Add IM Contact Group Screen Elements Group Name Select IM Contact Description Name to identify the IM Group. Processing of IM rules is top downwards and the first suitable rule found is applied. Single IM Contact can be a member of multiple IM contact groups. Webcam access and Login can be defined based on parameters like: • • • • • • One-to-One Conversation – One-to-One conversations can be allowed/denied between individual contacts or contacts within groups. Screen – Manage Login Rules Screen Elements Add Button Participant Action Edit Icon Delete Button Description Add a Login Rule Username or IM Contact name of the participant for whom the login rule is established. Type of Action selected logging the user – Allow or Deny Edit the Login Rule. click the Delete icon against the rule you want to delete. go to IM → IM Rules → Login.Cyberoam User Guide Allow/deny access can be set for an IM contact or entire IM contact group. For example. IM Contact Group. If IM access between contacts is restricted by configuring rules. you can define a rule that blocks access to all one-to-one conversations between an IM contact group and a user group. an access restriction message is displayed in the conversation window. A Delete – Click the Delete icon dialog box is displayed asking you to confirm the deletion. • Manage Login Rules To manage login rules for contacts. Login Login page allows you to configure and manage login rules for IM Contact. Delete the Login Rule. Table – Manage Login Rules screen elements 251/280 . select them and click the Delete button. Click OK to delete the Login rule. or even normal users or user groups. go to IM → IM Rules → Login. You can: • • • Add View in the Manage column against the login rule to be modified. To delete multiple Login rules. To manage login rules for contacts. Edit Edit – Click the Edit icon Login Rule pop-up window is displayed which has the same parameters as the Add Login Rule window. Alternately. in the Manage column against a Login rule to be deleted. User and User Group. go to IM → IM Rules → Login. Login Privacy Disclaimer Specify Action for logging the contact – Allow OR Deny If the Login is allowed. the logs can be viewed from Logs & Reports → Log Viewer. click on the rule or Edit icon you want to modify. Select ‘IM’ from ‘Log Modules’ list Logging 252/280 . you can enable the Privacy Disclaimer checkbox to inform the IM contacts about the privacy policy. in the Manage column against the rule Screen – Add Login Rule Screen Elements User / IM Contact Description Select the Participant for whom the Login Rule is to be defined. To update the details. Default Privacy Disclaimer is displayed when the contact logs into the IM application. Click the Add button to add login rule.Cyberoam User Guide Login Rule Parameters To add or edit a login rule. if the log has to be maintained for the contacts. If logging is enabled. Available Options: • • • • IM Contact IM Contact Group User User Group You can also add above contacts from the Add Login Rule Page itself. Enable Logging. login action configured and name of User or Group logged in. Table – Add Login Rule screen elements Conversation Conversation page allows to configure and manage conversation rules between any of the two identities: IM Contact. Edit Conversation Rule pop-up window is displayed which has the same parameters as the Add Conversation Rule window. The IM conversation between these two contacts can be monitored and logged. • Manage Conversation Rules To manage default and custom conversation rules between contacts. Screen – Manage Conversation Rules Screen Elements Add Button Participant Description Add a Conversation Rule Username or IM Contact name of the participants between whom the rule is established. meta data is logged into cyberoam. in the Manage column against a conversation rule to be Delete – Click the Delete icon deleted. A dialog box is displayed asking you to confirm the deletion. You can: • • • Add View in the Manage column against the conversation rule to be Edit – Click the Edit icon modified. go to IM → IM Rules → Conversation. • Meta Data – Meta Data contains the information about the Login time. To delete multiple conversation rules. select them and click the Delete button. Click OK to delete the conversation rule. 253/280 . Cyberoam provides a default conversation rule that can be applied. go to IM → IM Rules → Conversation. IM Contact Group. To manage default and custom conversation rules between contacts. User and User Group. This rule allows all the conversations but logs the content of the conversation. logout time.Cyberoam User Guide Logging Level If logging is enabled. Select ‘IM’ from ‘Log Modules’ list Logging Level selected – Full Data or Meta Data • Full Data – Full Data contains the entire information about conversation including the content of the chat. Table – Manage IM Conversation Rules screen elements Logging Level Edit Icon Delete Button Conversation Rule Parameters To add or edit a conversation rule. logout time.Cyberoam User Guide Action Logging Type of Action selected – Allow or Deny Conversation Logs – On or Off If logging is enabled. Delete the Conversation Rule. name of User or Groups between whom the conversation happened and duration of the conversation. click on the rule or Edit icon Manage column against the rule you want to modify. Available Options: • IM Contact • IM Contact Group 254/280 . • Meta Data – Meta Data contains the information about the login time. in the Screen – Add Conversation Rule Screen Elements Between User / IM Contact Description Select the Participants between whom the Conversation Rule is to be defined. go to IM → IM Rules → Conversation. To update the details. the login time. logout time. click the Delete icon against the rule you want to delete. the logs can be viewed from Logs & Reports → Log Viewer. Click the Add button to add conversation rule. Alternately. Edit the Conversation Rule. name of User or Groups between whom the conversation happened and duration of the conversation. if the log has to be maintained for the conversation. name of User or Groups between whom the conversation happened and duration of the conversation. logout time.Allow OR Deny Enable Content Filtering. Enable Logging. User and User Group. Select ‘IM’ from ‘Log Modules’ list Select the Logging Level. You can: 255/280 . Available Options: • Full Data – Full Data contains the entire information about conversation including the content of the chat. If file transfer access between contacts is restricted and contact tries to tries to transfer a file. • Meta Data – Meta Data contains the information about the Login time. the logs can be viewed from Logs & Reports → Log Viewer. IM Contact Group. name of User or Groups between whom the conversation happened and duration of the conversation. If logging is enabled. One-to-One Conversation Group Conversation Content Filter Logging Specify Action for the one-to-one conversation . an access restriction message is displayed in the conversation window. the Login time. The files transfers between these two identities is monitored and logged.Allow OR Deny Specify Action for the group conversation or chat .Cyberoam User Guide • User • User Group You can also add above contacts from the Add Conversation Rule Page itself. Logging Level Table – Add IM Conversation Rule screen elements File Transfer File Transfer page allows to configure and manage file transfer rules between any of the two identities: IM Contact. go to IM → IM Rules → File Transfer. To manage file transfer rules between contacts. if the Logging is enabled. logout time. • Manage File Transfer Rules To manage file transfer rules between contacts. go to IM → IM Rules → File Transfer. Delete the File Transfer Rule. Table – Manage File Transfer Rules screen elements Logging Level Edit Icon Delete Button 256/280 . Edit – Click the Edit icon Edit File Transfer Rule pop-up window is displayed which has the same parameters as the Add File Transfer Rule window. click the Delete icon against the rule you want to delete. the logs can be viewed from Logs & Reports → Log Viewer. Screen – Manage File Transfer Rules Screen Elements Add Button Participant Action Virus Scanning Archiving Logging Description Add a File Transfer Rule Username or IM Contact name of the participants between whom the rule is established. Type of Action selected – Allow or Deny Virus Scanning – On or Off Archiving of Files – On or Off File Transfer logs – On or Off If logging is enabled. A dialog box is displayed asking you to confirm the deletion. Name of User or Groups between whom the conversation happened and duration of the conversation.Cyberoam User Guide • • • Add View in the Manage column against the file transfer rule to be modified. Edit the File Transfer Rule. Alternately. select them and click the Delete button. Select ‘IM’ from ‘Log Modules’ list If logging is enabled. logout time. meta data is logged into cyberoam. • Meta Data – Meta Data contains the information about the Login time. To delete multiple File Transfer rules. in the Manage column against a file transfer rule to be Delete – Click the Delete icon deleted. Click OK to delete the File Transfer rule. click on the rule or Edit icon column against the rule you want to modify. in the Manage Screen – Add File Transfer Rule Screen Elements Between User / IM Contact Description Select the Participants between whom the File Transfer Rule is to be defined. Enable Logging. Click the Add button to add file transfer rule. Available Options: • • • • IM Contact IM Contact Group User User Group You can also add above contacts from the Add File Transfer Rule Page itself. If logging is enabled. go to IM → IM Rules → File Transfer. Enable Archiving. Virus Scanning Archiving Logging Enable Virus Scanning. Select ‘IM’ from ‘Log Modules’ list 257/280 . the logs can be viewed from Logs & Reports → Log Viewer. if the log has to be maintained for the transfer of files.Cyberoam User Guide File Transfer Rule Parameters To add or edit a file transfer rule. if the file transferred between contacts is to be scanned. if the files are to be archived for further information. To update the details. go to IM → IM Rules → Webcam. The video conversations via webcam between these two contacts is monitored and logged. logout time. an access restriction message is displayed in the conversation window. IM Contact Group. Edit – Click the Edit icon Edit Webcam Rule pop-up window is displayed which has the same parameters as the Add Webcam Rule window. To delete multiple Webcam rules. To manage webcam rules between contacts. If video conversation access between contacts is restricted and the contact tries to use the webcam.Cyberoam User Guide Logging Level If logging is enabled. Type of Action selected for Webcam viewing – Allow or Deny Video Conversation logs – On or Off 258/280 . select them and click the Delete button. • Meta Data – Meta Data contains the information about the File Transferred including Login time. Table – Add File Transfer Rule screen elements Webcam Webcam page allows to configure and manage webcam rules between any of the two identities: IM Contact. • Manage Webcam Rules To manage webcam rules between contacts. Delete – Click the Delete icon A dialog box is displayed asking you to confirm the deletion. Screen – Manage Webcam Rules Screen Elements Add Button Participant Webcam Logging Description Add a Webcam Rule Username or IM Contact name of the participants between whom the rule is established. go to IM → IM Rules → Webcam. in the Manage column against a webcam rule to be deleted. file transfer action defined and name of User or Groups between whom the file transfer happened. User and User Group. Click OK to delete the Webcam rule. meta data is logged into cyberoam. You can: • • • Add View in the Manage column against the webcam rule to be modified. in the Manage column against Screen – Add Webcam Rule Screen Elements Between User / IM Contact Description Select the Participants between whom the Webcam Rule is to be defined. • Meta Data – Meta Data contains the information about the Login time. meta data is logged into cyberoam. click the Delete icon against the rule you want to delete. To update the details. Delete the Webcam Rule. Name of User or Groups between whom the conversation happened and duration of the conversation. Click the Add button to add webcam rule.Cyberoam User Guide Logging Level If logging is enabled. Alternately. click on the rule or Edit icon the rule you want to modify. Select ‘IM’ from ‘Log Modules’ list If logging is enabled. 259/280 . the logs can be viewed from Logs & Reports → Log Viewer. logout time. Edit the Webcam Rule. Table – Manage Webcam Rules screen elements Edit Icon Delete Button Webcam Rule Parameters To add or edit a webcam rule. go to IM → IM Rules → Webcam. Available Options: • • • • IM Contact IM Contact Group User User Group You can also add above contacts from the Add Webcam Rule Page itself. if the log has to be maintained for the contacts. webcam rule defined. the logs can be viewed from Logs & Reports → Log Viewer. If logging is enabled.Cyberoam User Guide Webcam Logging Specify Action for the webcam viewing or video chat . name of User or Groups between whom the video conversation happened and duration of the conversation. meta data is logged into cyberoam. Table – Add Webcam Rule screen elements Logging Level 260/280 . logout time.Allow OR Deny Enable Logging. Select ‘IM’ from ‘Log Modules’ list If logging is enabled. • Meta Data – Meta Data contains the information about the Login time. if encountered in any of the chat conversation.Cyberoam User Guide Content Filter Content Filtering feature in Cyberoam is applied to Instant Messaging applications wherein content can be removed from the conversation if encountered. all the strings starting with AB would be dropped from the conversation and an error message would be displayed. terrorism are specified in the keywords list. all such strings would be dropped from the conversation and an error message would be displayed You can add multiple keywords. if the strings like ammunition. If content filtering is enabled from IM conversation rule. Configure Settings To configure content filtering expressions. For example. if the string AB* is specified in the RegEx list. Screen – Configure Content Filter Settings Screen Elements RegEx Settings Description Specify Regular Expressions to be removed from the IM applications. the configured keywords are removed and an error message is displayed for the same. Specify Keywords to be removed from the IM applications. more keywords and remove icon Keyword Settings Table – Configure Content Filter Settings screen elements 261/280 . For example. go to IM → Content Filter → Content Filter. You can add multiple regular expressions. Content Filter page allows you specify list of keywords and regular expressions to be blocked. Click Add icon to delete to add more expressions and remove icon expressions. Click Add icon to add to delete keywords. It restricts the bandwidth for any entity to which the firewall rule is applied. Guaranteed rates also assure minimum bandwidth to critical users to receive constant levels of bandwidth during peak and nonpeak traffic periods. By borrowing excess bandwidth when available. Strict . Types of Policy Two types of bandwidth restriction can be placed: 1. QoS policy allocates & limits the maximum bandwidth usage of the user and controls web and network traffic. up to the burst-able rate.In this type of bandwidth restriction. user is allocated the guaranteed amount of bandwidth and can draw bandwidth up to the defined burst-able limit. Firewall Rule . It enables to assign fixed minimum and maximum amounts of bandwidth to the users. Guaranteed represents the minimum guaranteed bandwidth and burst-able represents the maximum bandwidth that the user can use. if available.Cyberoam User Guide QoS 12 Bandwidth is the amount of data passing through a media over a period of time and is measured in terms of kilobytes per second (kbps) or kilobits per second (kbits) (1 Byte = 8 bits). policy is to be assigned through firewall rule.It restricts the bandwidth of a particular user. Web Category – It restricts the bandwidth for the URL categorized under the Web category. Implementation strategy Policy can be implemented in two ways depending on policy Type: • • Total (Upstream + Downstream) Individual Upstream and Individual Downstream PART 262/280 . user cannot exceed the defined bandwidth limit 2. To implement restriction. To configure QoS policy: • • • • Define for whom you want to create policy Define Type of policy Define the Implementation strategy of the policy Define Bandwidth Usage Policy Policy can be defined/created for: • • • User . The primary objective of QoS (Quality of Service) policy is to manage and distribute total bandwidth on certain parameters and user attributes. Committed . users are able to burst above guaranteed minimum limits.In this type of bandwidth restriction. if available. 263/280 . separate for both Bandwidth Usage Policy can be configured for two types of bandwidth usage: • • Individual – Allocated bandwidth is for the particular user only Shared – Allocated bandwidth is shared among all the users who have been assigned this policy Cyberoam provides certain predefined QoS policies. if available Burst-able bandwidth Individual Upstream and Individual Downstream Individual Guaranteed and Brustable bandwidth i.Cyberoam User Guide Strict policy In this type of bandwidth restriction. if available Individual guaranteed bandwidth is 20 kbps Individually get 20 kbps guaranteed (minimum) bandwidth Individual brustable bandwidth is 50 kbps Individually get maximum bandwidth up to 50 kbps. Two ways to implement strict policy: • • Total (Upstream + Downstream) Individual Upstream and Individual Downstream Implementation on Total (Upstream Downstream) + Bandwidth specified Total bandwidth Example Total bandwidth is 20 kbps upstream and downstream combined cannot cross 20 kbps Upstream and Downstream bandwidth is 20 kbps then either cannot cross 20 kbps Individual Upstream and Individual Downstream Individual bandwidth i. user cannot exceed the defined bandwidth limit.e. You can also define custom policies to meet your organization’s requirements. These predefined policies are immediately available for use until configured otherwise. separate for both Committed policy Implementation on Total (Upstream + Downstream) Bandwidth specified Guaranteed bandwidth Example Guaranteed bandwidth is 20 kbps upstream and downstream combined will get 20 kbps guaranteed (minimum) bandwidth Burst-able bandwidth is 50 kbps upstream and downstream combined can get up to 50 kbps of bandwidth (maximum).e. Manage QoS Policies To manage QoS Policies. Click OK to delete the QoS Policy. go to QoS → Policy → Policy. Screen – Manage QoS Policies 264/280 .Click the Edit icon and manage schedules. go to QoS → Policy → Policy. A Delete – Click the Delete icon dialog box is displayed asking you to confirm the deletion. To delete multiple QoS Policies. Edit QoS Policy page is displayed which has Schedule details. select them and click the Delete button.Cyberoam User Guide Policy To manage QoS Policies. in the Manage column against the QoS Policy to add Add Schedule . in the Manage column against a QoS Policy to be deleted. You can: • • • • • Add View in the Manage column against the QoS Policy to be modified. Edit Edit – Click the Edit icon QoS Policy page is displayed which has the same parameters as the Add QoS Policy window. Table – Manage QoS Policies screen elements Download Bandwidth (in KB) (Min/Max) Upload Bandwidth (in KB) (Min/Max) Edit Icon Delete Button QoS Policy Parameters To add or edit a QoS policy. Click the Add button to add QoS policy. 8/16 for min/max size Download Bandwidth provided in KB For e. 8/16 KB for min/max size Upload Bandwidth provided in KB For e. To update the details. click on the policy or Edit icon policy you want to modify. click the Delete icon against the policy you want to delete.g.g. For e.Cyberoam User Guide Screen Elements Add Button Name Restriction Type Total Bandwidth (Min/Max) (in KB) Description Add a new QoS Policy QoS Policy Name Restriction Type based on Bandwidth Usage and Policy implemented Total Bandwidth provided including Upload and Download in KB.g. in the Manage column against the Screen – Add a QoS Policy 265/280 . 8/16 KB for min/max size Edit the QoS Policy Delete the QoS Policy Alternately. go to QoS → Policy → Policy. restricts the bandwidth for the URL categorized under the Web category Select any one option to specify policy type Available Options: • Strict . user is allocated the guaranteed amount of bandwidth and can draw bandwidth up to the defined burst-able limit. Policy Type (Option available only for User or Firewall rule (IP address) based policy) 266/280 .In this type of policy. Available Options: • User .restricts the bandwidth of any entity to which firewall rule is applied. • Web Category .Cyberoam User Guide Screen – Add a QoS Policy (Schedule wise) Screen Elements Policy Name Policy Based On Description Name to identify the Policy. user cannot exceed the defined bandwidth limit.restricts the bandwidth of a particular user. • Committed . Duplicate names are not allowed.In this type of policy. Select any one option to specify for whom the policy is to be created. if available. • Firewall Rule . Guaranteed represents the minimum guaranteed bandwidth and burst-able represents the maximum bandwidth that the user can use. Total Bandwidth (KB) / Guaranteed-Burst-able(KB) Bandwidth Usage (Option available only for User or Firewall rule (IP address) based policy) Description Table – Add a QoS Policy screen elements Policy Scheduling Schedule wise QoS Policy details can be added to override the default QoS policy details. These details can only be added after the QoS policy is created. Priority can be set from 0 (highest) to 7 (lowest). select them and click the Delete button. Implementation On (Option available only for User or Firewall rule (IP address) based policy) Priority Set the bandwidth priority. See Implementation strategy for more details. if available. against a QoS policy to manage Schedule 267/280 . To delete multiple schedules. Select any one to specify the bandwidth usage. Guaranteed rates also assure minimum bandwidth to critical users to receive constant levels of bandwidth during peak and non-peak traffic periods. Specify allowed Total or Individual and Guaranteed-Burst-able bandwidth depending on Policy Type and Implementation strategy. users are able to burst above guaranteed minimum limits. Click Edit icon manage Schedule wise QoS Policy Details.Cyberoam User Guide It enables to assign fixed minimum and maximum amounts of bandwidth to the users. By borrowing excess bandwidth when available. • Individual – Allocated bandwidth is for the particular user only • Shared – Allocated bandwidth is shared among all the users who have been assigned this policy Specify Policy Description. Click Edit icon wise QoS Policy Details. You can: • • • Add View in the Manage column against a Schedule to be deleted. Select any one option to specify implementation strategy of policy. up to the burst-able rate. Set the priority for SSH/Voice/Telnet traffic to be highest as this traffic is more of the interaction. Click OK to delete the Schedule. Go to QoS → Policy → Policy. A Delete – Click the Delete icon dialog box is displayed asking you to confirm the deletion. against a QoS policy to configure and Manage Schedules Go to QoS → Policy → Policy. g. Alternately.g.g. Click the Add Screen – Add a QoS Policy Schedule 268/280 . 8/16 KB for min/max size Upload Bandwidth provided in KB For e. For e. against a QoS policy. Table – Manage Schedules screen elements Upload Bandwidth (in KB) (Min/Max) Download Bandwidth (in KB) (Min/Max) Delete Button Policy Schedule Parameters Go to QoS → Policy → Policy and click Edit icon button to configure Schedule wise QoS Policy Detail. click the Delete icon against the policy schedule you want to delete.Cyberoam User Guide Screen – Add a QoS Policy Schedule Screen Elements Add Button Schedule Policy Type Bandwidth (in KB) (Min/Max) Description Add a new QoS Policy Detail Schedule for Policy selected Type of Policy: Strict or Committed Total Bandwidth provided including Upload and Download in KB. 8/16 for min/max size Download Bandwidth provided in KB For e. 8/16 KB for min/max size Delete the QoS Policy Detail. Cyberoam User Guide Screen Elements Policy Name Policy Type Description Displays policy name Displays default Policy Type set at the time of creation of policy. Note Configured policy type will override the default policy and will be applicable only for the selected scheduled time interval Implementation On Displays default Implementation strategy set at the time of creation of policy. modify if required. select schedule and click View details link to view the schedule details. Modify if required. Note Configured policy type will override the default policy and will be applicable only for the selected scheduled time interval Total Bandwidth in KB Displays allocated Total or Individual and Guaranteed -Burstable bandwidth depending on Policy Type and Implementation strategy. If you are not sure about the schedule details. Only Recurring schedule can be applied. modify if required. Note The modified bandwidth restriction will be applicable only for the selected time interval Schedule Select Schedule during which the default policy. Table – Add a QoS Policy Schedule screen elements 269/280 . and stores them in files or prints.Cyberoam User Guide Logs & Reports 13 Cyberoam provides extensive logging capabilities for traffic. The Cyberoam Syslog support requires an external server running a Syslog daemon on any of the UDP Port. URL and HTTP content blocking • Signature and anomaly attack and prevention • Spam filtering • IM logs • Administrator logs • User Authentication logs Cyberoam supports multiple syslog servers for remote logging. One can also specify logging location if multiple syslog servers are defined. When configuring logging to a Syslog server. Logging to a central syslog server helps in aggregation of logs and alerts. Cyberoam can either store logs locally or send logs to external syslog servers for storage and archival purposes. This form of logging is the best as it provides a Central logging facility and a protected long-term storage for logs. This is useful both in routine troubleshooting and in incident handling. Maximum five syslog servers can be defined from Logging page of Web Admin Console. The Cyberoam captures all log activity and includes every connection source and destination IP address. Cyberoam appliance can also send a detailed log to an external Syslog server in addition to the standard event log. PART 270/280 . severity and log file format. IP service. Cyberoam can either store logs locally or send to the syslog servers. Detailed log information and reports provide historical as well as current analysis of network activity to help identify security issues and reduce network abuse. The syslog is a remote computer running a syslog server. one needs to configure the facility. system and network protection functions. Traffic Discovery logs can be stored locally only. Cyberoam can log many different network activities and traffic including: • Firewall log • Anti-virus infection and blocking • Web filtering. A SYSLOG service simply accepts messages. and number of bytes transferred. Configuration Syslog is an industry standard protocol/method for collecting and forwarding messages from devices to a server running a syslog daemon usually via UDP Port 514. Cyberoam User Guide Syslog Servers To configure and manage syslog server. A • Delete . Click Add Button to add a new server or Edit Icon to modify the details of the server. Table –Manage Syslog Server screen elements Syslog Server Parameters To add or edit syslog server details. go to Logs & Reports → Configuration → Syslog server. in the Manage column against a server to be deleted. click the delete icon against the server you want to delete. go to Logs & Reports → Configuration → Syslog Server. You can: • Add • View in the Manage column against the server to be modified. Screen – Manage Syslog Servers Screen Elements Add Button Name Server IP Port Facility Severity Format Edit icon Delete Button Description Add a new syslog server Name of the syslog server IP address of server Server port Facility configured for log messages Severity level configured for logged messages Log format Edit server details Delete Server Alternately. 271/280 . Edit • Edit – Click the Edit icon Server pop-up window is displayed which has the same parameter as the Add Server window. Click OK to delete the server. go to Logs & Reports → Configuration → Syslog server.Click the Delete icon dialog box is displayed asking you to confirm the deletion. Manage Syslog servers To manage syslog servers. Daemon logs (Information of Services running in Cyberoam as daemon) • KERNEL – Kernel log • LOCAL0 – LOCAL7 – Log level information • USER . Messages from the Cyberoam will be sent to the server. For example. Cyberoam will send messages using the configured port Default: 514 Select syslog facility for log messages to be send to the syslog server. Cyberoam logs all messages at and above the logging severity level you select. it can be helpful in identifying the device that recorded the log file.168.Logging on the basis of users who are connected to Server Specify severity levels of logged messages.1. It is defined by the syslog protocol. select ‘ERROR’ to log Port Facility Severity Level 272/280 .Cyberoam User Guide Screen – Add Syslog Server Screen Elements Name IP address Description Specify unique name for syslog server Specify IP address of the syslog server. Facility indicates to the syslog server the source of a log message. You can configure facility to distinguish log messages from different Cyberoams. Severity level is the severity of the message that has been generated.254 Specify the port number for communication with the syslog server. Default: 192. In other words. Cyberoam supports following syslog facilities for log messages received from remote servers and network devices: Available Options: • DAEMON . Cyberoam User Guide all messages tagged as ‘ERROR. Cyberoam supports following syslog levels: • EMERGENCY .’ ‘ALERT’ and ‘EMERGENCY’ and select ‘DEBUG’ to log all messages.level messages Cyberoam produces logs in the specified format.Debug . 273/280 . Cyberoam currently produces logs in its own standard format Table – Add Syslog Server screen elements Once you add the server.Informational • DEBUG .’ as well as any messages tagged with ‘CRITICAL.Action must be taken immediately • CRITICAL . which are to be send to the syslog sever. If multiple servers are configured various logs can be send on different servers.Critical condition • ERROR .Warning condition • NOTICE . Logs & Reports → Configuration → Log Settings.Error condition • WARNING . configure logs to be sent to the syslog server. go to Logs & Reports → Configuration → Log Settings and enable all those logs.System is not usable • ALERT .Normal but significant condition • INFORMATION . Format Log Settings Once you add the server. local ACL traffic. Firewall logs can be disabled or send to the remote syslog server only but cannot be stored locally. source routed and fragmented traffic. Administrator can choose between on-appliance (local) logging. ICMP redirected packets. invalid fragmented traffic and traffic whose packets Cyberoam is not able to relate to any connection.Cyberoam User Guide Screen – Configure Log Settings To record logs you must enable the respective log and specify logging location. Cyberoam logs many different network activities and traffic including: Firewall Log Firewall Log records invalid traffic. 274/280 . DoS attack. Syslog logging or disabling logging temporarily. Firewall Rules Log records the entire traffic for firewall Invalid Traffic Log Log records the dropped traffic that does not follow the protocol standards. Enabling logging for SMTP will also enable logging for POP3 and IMAP4 on local server. Content Filtering Logs HTTP filtering log.e. POP3 and IMAP4 traffic. HTTP and FTP logs can be disabled or send to the remote log server only. go to Firewall → DoS → Settings and click ‘Apply Flag’ against SYN Flood.Cyberoam User Guide Local ACL Log Log records the entire (allowed and dropped) incoming traffic DoS attack Log The DoS Attack Log records attacks detected and prevented by the Cyberoam i. TCP flood. 275/280 . IMAP4 spam and probable spam mails. go to Firewall → DoS → Settings and click ‘Apply Flag’ against ‘Disable ICMP redirect Packets' Dropped Source Routed Packet Log Log records all the dropped source routed packets. To generate log. FTP. To generate log. SMTP. dropped TCP. and ICMP flood individually Dropped ICMP Redirected Packet Log Log records all the dropped ICMP redirect packets. UDP and ICMP packets. Anti Virus Logs Virus detected in HTTP. UDP flood. To generate log. Anti Spam Logs SMTP. go to Firewall → DoS → Settings and click ‘Apply Flag’ against ‘Drop Source Routed Packets’ Dropped Fragmented traffic Log records the dropped fragmented traffic MAC filtering Log records the dropped packets when filtering is enabled from Spoof prevention IP-MAC pair filtering Log records the dropped packets when filtering is enabled from Spoof prevention IP Spoof Prevention Log records the dropped packets when filtering is enabled from Spoof prevention IPS Logs Records detected and dropped attacks based on unknown or suspicious patterns (anomaly) and signatures. POP3. Cyberoam User Guide Event Logs Admin Events. Authentication Events and System Events 276/280 . Source IP Address Destination IP Address Signature ID of the signature Message for the detected Signature. • Admin . Conversation. • Anti Spam – Anti Spam event log provides information about the spam mails encountered in Cyberoam. Signatures Detect Username of the user that triggered the signature. only VPN logs are available for logging. Firewall Rule applied Message ID of the message Table – IPS Logs screen elements 277/280 . View list of IPS events To view list of IPS events. This page gives concentrated information about all the events that occurred under respective modules.Admin logs provide information about administrator event and tasks. • Web Filter – Web Filter event log provides information about the users that were detected accessing restricted URLs and the action taken by Cyberoam.Authentication logs provide information about all the authentication logs including firewall. Logging.Cyberoam User Guide Log Viewer Event Viewer page allows to view the logs for event modules like IPS. • IM – IM logs provide information about Instant messaging logs that are enabled. Web Filter and Anti Virus. Screen Elements Time Log Comp Action User Name Source IP Destination IP Signature ID Signature Message Firewall Rule Message ID Description Time when the event occured. VPN and My Account authentication. • Anti Virus – Anti Virus event log provides information about the Virus encountered in Cyberoam. • Firewall – Firewall logs provides information about how much traffic passes through a particular Firewall rule and through which interfaces. • System – System logs provide information about all the system related logs. File Transfer and Webcam. • Authentication . For now. Select IPS from the list of event modules. go to Logs & Reports → Event Viewer → Event Viewer. Event Modules • IPS – IPS event log provides information about the signatures that were detected. Message for the Virus detected. IMAP4 spam or Probable spam Username on the user on whose sytem. Screen Elements Time Log Comp User Name Source IP Destination IP Description Time when the event occured. go to Logs & Reports → Event Viewer → Event Viewer. Message ID of the message Table – Anti Spam Logs screen elements View list of Anti Virus events To view list of antivirus events. Screen Elements Time Action User Name Source IP Destination IP Category URL Bytes Transfer Message ID Description Time when the event occured. Select Web Filter from the list of event modules. Source IP Address Destination IP Address Category under which the URL comes.Cyberoam User Guide View list of Web Filter events To view list of web filter events. Allowed or Denied Username of the user that accessed the URL. go to Logs & Reports → Log Viewer → Log Viewer. Message ID of the message Table – Web Filter Logs screen elements View list of Anti Spam events Screen Elements Time Log Comp User Name Source IP Destination IP Email Sender Email Receiver Email Subject Message Message ID Description Time when the event occured. SMTP. POP3. Select Anti Virus from the list of event modules. URL accessed. IMAP or POP3 type of mail Username of the user virus was detected. No. of bytes transferred. Source IP Address Destination IP Address Spam Email sender IP address Spam Email recipient IP address Subject of the Email. spam was detected. Source IP Address Destination IP Address 278/280 . Message for the Virus detected. Firewall Rule Allowed or Denied Username of user on which Firewall rule is applied Firewall Rule ID Interface through which the traffic is coming in Interface through which the traffic is going out Source IP Address Destination IP Address Name of the Virus detected. Table – Firewall Events screen elements View list of Admin Logs Screen Elements Time Log Comp Status Username IP address Message Message ID Description Time when the event occured. CLI.Allowed or Denied Type of Protocol used – Yahoo or MSN Username of the user IP address of the user Cyberoam User involved in IM conversation 279/280 .Cyberoam User Guide Virus Message Message ID Name of the Virus detected. Login Rule action defined . CCC Successful or failed Username of the admin user IP address of the admin user Message for the type of Admin event.GUI. Webcam.Conversation. CONSOLE. Type of IM Action . Message ID of the message Table – Anti Virus Logs screen elements View list of Firewall logs Screen Elements Time Log Comp Action User Name Firewall Rule In Interface Out Interface Source IP Destination IP Bytes Rx/Tx Message Description Time when the event occured. Type of Log Components . File transfer. Message for the Virus detected. Message ID of the message Table – Admin Logs screen elements View list of IM Logs Screen Elements Time IM Action Rule Action Protocol User Name IP Address Suspect Description Time when the event occured. Client Auth. VPN Authentication. LDAP or RADIUS) Message for the type of authentication event.Firewall Authentication. Mechanism Message Message ID View list of System Logs Screen Elements Time Log Comp Status Username Message Message ID Description Time when the event occurred Type of Log Components . My Account Authentication Successful or failed Username of the user IP address of the user Authentication client which is used for authentication: Web Client.Cyberoam User Guide Non-suspect Message Message ID Other user involved in IM conversation with Cyberoam user Message for the type of IM event Message ID of the message Table – IM Logs screen elements View list of Authentication Logs Screen Elements Time Log Comp Description Date and Time when the event occurred Type of Log Components . SSL VPN Authentication.IPSec. Message ID of the message Table – System Logs screen elements 280/280 . L2TP or SSL VPN Successful or failed Username of the user Message for the type of system event. Corporate Client or CTA Type of Authentication Mechanism: Local or External Server (AD. Message ID of the message Table – Authentication Logs screen elements Status Username IP address Auth. PPTP.
Copyright © 2024 DOKUMEN.SITE Inc.