Getting Started Guide

Page 1 of 36 10-95322-080511

Getting Started Guide


Page 2 of 36 10-95322-080511

Contents

Preface ............................................................................................................................. 5 Deploying Cyberoam ....................................................................................... 5 Accessing Cyberoam....................................................................................... 5

Web Admin Console ..............................................................................................................5 CLI Console via remote login utility - TELNET ......................................................................6 CLI Console using SSH client................................................................................................6

Verify Configuration ......................................................................................... 7

Check the latest available versions .......................................................................................7 Upgrade to the latest available version .................................................................................7

Firewall ............................................................................................................ 8

Zones .....................................................................................................................................8 Firewall rule............................................................................................................................8 Default Firewall rules .............................................................................................................9 Firewall rule processing order................................................................................................9 Manage firewall rules.............................................................................................................9 NAT(Network Address Translation).....................................................................................10

Virtual host..................................................................................................... 10 Configure Mail and Web server access ......................................................... 10 User Authentication ....................................................................................... 10

Active Directory (AD) Authentication ...................................................................................11 LDAP Authentication............................................................................................................11 RADIUS Authentication .......................................................................................................11 Windows NT Domain controller Authentication ...................................................................11 Cyberoam/Local Authentication...........................................................................................11 Generate Reports with user names.....................................................................................11

Content filtering ............................................................................................. 11

Block P2P applications for a particular user ........................................................................12 Block “Facebook” – a social networking service..................................................................12 Allow specific Messenger (IM) .............................................................................................13

Enable virus and spam scanning................................................................... 13 Quarantine management............................................................................... 14

Anti Virus Mail General Configuration ........................................................................14 Anti Spam Configuration General Configuration ........................................................14 Quarantine repository size...................................................................................................14

Actions for Spam mails.................................................................................. 14 Block mails using White lists and Black lists.................................................. 15 Archive mails ................................................................................................. 16

Archive all incoming mails ...................................................................................................17


Page 3 of 36 10-95322-080511

Archive mails of specific mail recipient or group of recipients .............................................17 Apply custom virus scanning policy ............................................................... 17

Bypass virus scanning of the trusted Websites ............................................. 18

Prevent virus scanning latency ...................................................................... 19 Virtual Private Network .................................................................................. 19

Configure gateway-to-gateway IPSec VPN connection ......................................................19 Configure remote VPN access using Cyberoam VPN Client ..............................................19 Configure VPN failover ........................................................................................................20

Reports.......................................................................................................... 20

Instant visibility into network resource usability ...................................................................20 Dashboard Alerts providing Attack VS User information.....................................................20 “Recent HTTP Viruses detected” section ............................................................................21 “Recent FTP Viruses detected” section...............................................................................21 “Recent IDP Alerts” section .................................................................................................22 Recent Mail Viruses detected - section ...............................................................................23 Analytical Reports................................................................................................................23 Sample Organization wise – Top 10 Sites Report by Hits...................................................24 Sample Blocked Categories report......................................................................................26 Web Trends .........................................................................................................................26 Category Trends ..................................................................................................................27 Category Type Trends .........................................................................................................28 Google Search Report .........................................................................................................29 Yahoo Search Report ..........................................................................................................29 Top Virus Senders ...............................................................................................................30 Compliance reports..............................................................................................................30

Password Management................................................................................. 30

CLI Console password.........................................................................................................30 Web Admin Console Password ...........................................................................................30

Manage Bandwidth........................................................................................ 31

Control bandwidth for group of users ..................................................................................31 Prioritize bandwidth usage of an Application.......................................................................31

Configure Multiple Gateways......................................................................... 31

Add Gateway .......................................................................................................................31 Define gateway weight for load balancing ...........................................................................31 Configure Source based routing..........................................................................................31 Configure Gateway Failover condition.................................................................................31

General Administration .................................................................................. 32

Restart Cyberoam management services ...........................................................................32 Add Alias..............................................................................................................................32 General Administration using Web Admin Console ............................................................32 General Administration using CLI Console..........................................................................32 Reboot or shutdown Cyberoam...........................................................................................32

User types ..................................................................................................... 33 High Availability ............................................................................................. 33

How high availability cluster works ......................................................................................34


Page 4 of 36 10-95322-080511

Configure Active-Passive HA cluster...................................................................................34 Points to remember ....................................................................................... 35


Page 5 of 36 10-95322-080511

Preface

Thank you for purchasing the award-winning Identity-based Cyberoam UTM. Welcome to Cyberoam Getting Started Guide! This document is designed to ensure that you are able to use the basic features of your Cyberoam. Getting Started Guide contains configuration guidelines on what is to be done after Cyberoam appliance is up and running in your network and addresses the most common use-case scenarios. In addition to this guide, you can access online help by clicking “Online Help” icon located on the right most corner of every page of GUI. Entire Cyberoam documentation set can be referred from http://docs.cyberoam.com. The configuration given in the document is to be performed from Web Admin console (GUI) of Cyberoam unless specified. Solutions provided in the document are applicable up to version 9.5.3 build 22.

Deploying Cyberoam

If Cyberoam is not already deployed in your network, refer to Appliance model specific Quick Start Guide to get step-by-step deployment help.

Accessing Cyberoam

Web Admin Console Browse to http://<IP address of Cyberoam> and log on with default username “cyberoam” and password “cyber”

http://docs.cyberoam.com/�

http://docs.cyberoam.com/default.asp?id=61&Lang=1&SID=�

http://docs.cyberoam.com/default.asp?id=61&Lang=1&SID=�


Page 6 of 36 10-95322-080511

CLI Console via remote login utility - TELNET Access Cyberoam CLI Console with the help of TELNET utility. To use TELNET, IP Address of the Cyberoam server is required. Use command “telnet <Cyberoam IP address>” to start TELNET utility from the command prompt and log on with default password “admin”

CLI Console using SSH client Access Cyberoam Console using any of the SSH client. Cyberoam server IP Address is required. Start SSH client and create new Connection with the following parameters: Hostname - <Cyberoam server IP Address> Username – admin Password – admin


Page 7 of 36 10-95322-080511

Verify Configuration

Verify configuration done through Network Configuration Wizard from Dashboard. Dashboard provides a quick and fast overview of all the important parameters of Cyberoam appliance including the current operating status of the Cyberoam appliance. Press F10 key to go to view Dashboard from any of the pages. Confirm: • subscription of all the modules from the License Information section • deployment mode from Appliance Information section • status of the default gateway from Gateway Status section

Check the latest available versions Go to http://csc.cyberoam.com and check for the currently available latest versions of Cyberoam, Web Category database (used for content filtering), IDP Signatures, and Anti Virus Signature database. Check and note down the versions used by your Cyberoam: • Anti Virus Signature database version - Anti Virus Mail General Configuration • IDP Signature database version - IDP Manage IDP used by your Cyberoam. • Web Category database from Dashboard (Press F10), Appliance Information section

Upgrade if the latest version is available. Upgrade to the latest available version Check for the latest version of Cyberoam available by clicking “Check for Upgrades” from Appliance Information section. Page lists all the available upgrades in the order in which Cyberoam should be upgraded. Please make sure to upgrade in the same sequence as listed on the page.

http://csc.cyberoam.com/�


Page 8 of 36 10-95322-080511

• Click Download against the version to be downloaded and follow the on-screen instructions to

save the upgrade file. • Upload the downloaded version from Help Upload Upgrade • Upgrade from CLI Console.

For detailed information on upgrade, refer http://kb.cyberoam.com/default.asp?id=346&Lang=1&SID=

Firewall

Zones Cyberoam provides zone-based security. Zone is the logical grouping of ports that have similar functions. Cyberoam provides 4 default zones types: LAN, DMZ, WAN and LOCAL Entire set of physical ports available on the Cyberoam appliance including their configured aliases are grouped in LOCAL zone. In other words, IP addresses assigned to all the ports fall under the LOCAL zone. To create additional LAN and DMZ zone types, refer to User Guide for details on creation of Zone. Firewall rule Firewall rule provides centralized management of security policies. From the single firewall rule, you can define and manage entire set of Cyberoam security policies. Zone based firewall rules are created to control (allow or block) the network traffic. If you wish to have more granular control, include user and/or service in the zone based firewall rule. From the firewall rule, you can: • Define inbound and outbound access based on source and destination hosts/Network • Enable scanning for HTTP, FTP, SMTP, POP3 or IMAP traffic - for email spam filtering,

virus security, spyware, malware and phishing protection • Define IDP policy - for protection against threats and attacks originating from external world

and internal network • Attach Gateway routing policy - for loading balancing and gateway failover protection

incase of multiple gateways • Specify Internet Access policy - for web access to control access of inappropriate web

sites, IM and P2P traffic • Schedule access • Attach bandwidth policy - to control and schedule bandwidth usage for individual user or

group and prioritize bandwidth usage for particular application

http://kb.cyberoam.com/default.asp?id=346&Lang=1&SID�


Page 9 of 36 10-95322-080511

Default Firewall rules Cyberoam automatically creates two default firewall rules based on the Internet Access policy (IAP) defined through Network Configuration Wizard at the time of Installation. Refer to Cyberoam User Guide for more details. Firewall rule processing order Cyberoam processes firewall rules from top to bottom and the first suitable matching rule found is applied. When a matching rule is found, traffic is immediately dropped or forwarded without being tested by the rest of the rules in the list. While adding multiple firewall rules, make sure specific rules are placed above the general rules. If general rule is placed above the specific rule, general rule will allow the traffic for which you have defined the deny rule later in the list. Manage firewall rules You can edit, delete, or change the rule order from Firewall Manage Rule Please note that you will not be able to delete default rules but can edit as per your requirement.

Specify IDP policy Attach content filtering policy

Assign bandwidth policy

Enable/disable virus and spam scanning Enable/disable

traffic logging

Control access time by defining schedule

Specify service to be allowed/disallowed

Define action for the service traffic

Specify routing policy if you have defined multiple WAN links


Page 10 of 36 10-95322-080511

NAT(Network Address Translation)

NAT rule changes the source IP address of the packet i.e. the IP address of the connection initiator is changed. Apply NAT whenever it is required to send the outgoing traffic with a specific IP address. For example, multiple public IP address for WAN port - 202.134.168.202, 202.134.168.208. To route the traffic of a Group of users through 202.134.168.208 only, you need to create NAT rule for Group of users.

Virtual host

Virtual Host maps services of a public IP address to services of a host in a private network. A Virtual host can be a single IP address or an IP address range or Cyberoam interface itself. Cyberoam will automatically respond to the ARP request received on the WAN zone for the external IP address of Virtual host. You must create firewall rule for the Virtual host to function and to allow traffic to flow between virtual host and network.

Configure Mail and Web server access

To configure Cyberoam to provide the access of internal resources i.e. mail and web server hosted in LAN, you need to create: • Virtual host from (Firewall Virtual Host Create) • WAN to LAN firewall rule for respective virtual host to allow the inbound traffic (when servers

are hosted in LAN) • WAN to DMZ firewall rule for respective virtual host to allow the inbound traffic (when servers

are hosted in DMZ) Refer Configure one-to-one IP address mapping to access devices on Internal network for step-by-step configuration.

User Authentication

Edit Insert

Move

Delete Enable/Disable Rule

Schedule Deactive

Last Action Status

http://kb.cyberoam.com/default.asp?id=900&Lang=1&SID=�


Page 11 of 36 10-95322-080511

Active Directory (AD) Authentication Configure from User Authentication settings. Refer to article (http://kb.cyberoam.com/default.asp?id=525&Lang=1&SID=) for more details. LDAP Authentication Configure from User Authentication settings. Refer to article (http://kb.cyberoam.com/default.asp?id=707&Lang=1&SID=) for more details. RADIUS Authentication Configure from User Authentication settings. Refer to article (http://kb.cyberoam.com/default.asp?id=339&Lang=1&SID=) for more details. Windows NT Domain controller Authentication Configure from User Authentication settings. Refer to article http://kb.cyberoam.com/default.asp?id=534&Lang=1&SID= for more details. Cyberoam/Local Authentication Configure from User Authentication settings. If you want Cyberoam to authenticate users, add users and configure group membership for users. Cyberoam supports various user types, refer to User types for details on user types and how to add users. Generate Reports with user names You need to configure authentication to generate reports with user names. It is easy to monitor user activity and identify the source and destination of the traffic with user name rather than with IP address.

Content filtering

Content filtering is used to limit the access of the contents available to the user based on combination of categories, keywords, URLs, domain names and file types. Fine-tune the default Internet Access Policy (IAP) for controlling access as per your requirement.

Access control For How and from

Block Category All the users (Blanket block)

Update “Allow All” default policy from Policies Internet Access Policy Manage Policy: Category - specify category to be blocked Strategy - Deny

Group/User

1. Create policy from Policies Internet Access Policy Create Policy Policy Type – Allow Category - specify category to be blocked Strategy - Deny 2. Attach IAP created in step 1 to the user Group 2. Create LAN to WAN Identity based rule from Firewall Create Rule Select user for whom the category is to be blocked






Page 12 of 36 10-95322-080511

Block Uncategorized URL/sites

All the users (Blanket block)

1. Create Custom category from Categories Web Category Create Custom and specify the URL to be blocked Under Domain Management 2. Update “Allow All” default policy from Policies Internet Access Policy Manage Policy and add category created in step 1

Group/User

1. Create Custom category from Categories Web Category Create Custom and specify the URL to be blocked Under Domain Management 2. Create policy from Policies Internet Access Policy Create Policy Policy Type – Allow Category - specify category created in step 1 Strategy - Deny 3. Attach IAP created in step 2 to the user Group 4. Create LAN to WAN Identity based rule from Firewall Create Rule Select user for whom the category is to be blocked

Block P2P applications for a particular user Create following Internet Access Policy (IAP) and firewall rule for the user as follows: Step 1. Create IAP from Policies Internet Access Policy Create Policy • Specify policy name, policy type (Allow) • Click Add button to add categories for blocking • In Select Category, under Application Protocol Category column, select “P2P Applications” • Select “Deny” for Strategy • Select the appropriate schedule. User will not be able to access any of the “P2P Applications”

during the time specified in the schedule. Step 2. Include IAP created in step 1 in the user Group from Group Manage Group Step 3. Create User based Firewall rule from Firewall Create Rule • Source: LAN, Any Host • Click “Check Identity” to enable User based Firewall rule and select the user whose “P2P

Applications” category (created in step 1) is to be blocked • Destination: WAN, Any Host • Service: All Services

Block “Facebook” – a social networking service Facebook (www.facebook.com) is a social networking website and is categorized in “DatingAndMatrimonials” category. So to block the site you need to deny access for the site. Go to Policies Internet Access Policy Manage Policy and update “Allow All” default Internet Access policy. Select “DatingAndMatrimonials” in Web Category field and “Deny” in Strategy field. Above solution will work only if you have not changed LAN to WAN, Allow All default firewall rule.


Page 13 of 36 10-95322-080511

Allow specific Messenger (IM) Consider the example where one wants allow access of yahoo messenger only and block all other messengers. 1. Update “Allow All” default policy from Policies Internet Access Policy Manage Policy to allow access to yahoo messenger while deny “Chat” category.

2. Create LAN to WAN firewall rule and apply “Allow All” IAP (updated in step 1)

Enable virus and spam scanning

Cyberoam scans incoming and outgoing HTTP, FTP, IMAP, POP3, and SMTP traffic, blocking malicious programs at the entry.

What From

Enable HTTP virus scanning Firewall Manage Rule Enable scanning from LAN to WAN firewall rule

Enable SMTP/FTP virus scanning when Mail server/FTP server deployed in LAN

Firewall Manage Rule Enable SMTP/FTP scanning from WAN to LOCAL firewall rule

Enable SMTP/FTP virus scanning when Mail server/FTP server deployed in DMZ

Firewall Manage Rule Enable SMTP/FTP scanning from WAN to LOCAL firewall rule and LAN to DMZ firewall rule

Restrict virus scanning based on mail size

Anti Virus Mail General Configuration


Page 14 of 36 10-95322-080511

Set Over size mail action for virus scanning

Anti Virus Mail General Configuration

Restrict spam scanning based on mail size

Anti Spam Mail General Configuration

Set Over size mail action for spam scanning


Enable spam scanning for authenticated traffic


Block password protected attachments (for all the recipients)

Update default policy from Anti Virus SMTP Default Scan policy Specify “All” for Block File Types Enable “Protected Attachment” for Receiver’s Action and Notify Administrator

Quarantine management

Cyberoam quarantines virus infected and SMTP spam mails. If you are Network Administrator, you can view quarantined mails from: Anti Virus Mail General Configuration Anti Spam Configuration General Configuration As a Network Administrator, you can also educate your network users to view and manage their own quarantine space. Individual network user can log on to User My Account and go to Quarantine Mails option and view the list of their quarantined mails.

Quarantine repository size Cyberoam reserves 5GB for Quarantine repository. To maintain the total size of Quarantine repository, Cyberoam removes older mails once the repository is filled by 80% i.e. once the repository level crosses 4GB, Cyberoam automatically deletes the oldest quarantined mails.

Actions for Spam mails

Cyberoam tags suspected spam mail as a Probable Spam while mail tagged as Spam is actually a spam mail. You can reject, drop, accept, change the mail recipient or add a prefix to the mail subject and forward the spam mails. Spam actions can be specified from Spam policy. You can define different actions for: • Spam and Probable spam mails


Page 15 of 36 10-95322-080511

• SMTP and POP3/IMAP spam mails

Block mails using White lists and Black lists

Step 1. Create White list from Anti Spam Configuration Address Groups with the following parameters:

Parameters Value Name Whitelist Group Type Email Address Email Address Type all the email address from which

mails are to be allowed


Page 16 of 36 10-95322-080511

Step 2. Create Black list from Anti Spam Configuration Address Groups with the following parameters:

Parameters Value Name Blacklist Group Type IP Address Email Address Type all the email address from which

mails are to be blocked

Update Global Policy (Anti Spam Spam Policy Global Policy) and use white list and black list to allow and block spam mails.

Archive mails

The email communications that pertain to the organization’s business activity are subject to regulatory requirements. This act necessitates retaining email correspondence. Cyberoam’s “Copy-to” provides an in-house email archiving solution for building your email repository. By specifying email address in “Send copy to email address(s)” field, you can transparently co-deliver and archive all the mails to the pre-defined mail address.


Page 17 of 36 10-95322-080511

Archive all incoming mails If you want to archive all the mails, update Anti Spam Global policy from Anti Spam → Spam Policy → Global Policy and configure email id in “Send copy to email address(s)” field.

Archive mails of specific mail recipient or group of recipients If you want to archive mails for the specific recipient or group of recipients • Create Anti Spam Custom policy from Anti Spam → Spam Policy → Create Custom Policy

and configure email id in “Send copy to email address(s)” field • Create spam rule for specific recipient or group of recipients whose mails you want to archive

from Anti Spam → Spam Rules and attach above policy

Apply custom virus scanning policy

If you want to apply specific virus scanning policy for a particular mail recipient - [email protected] • Define virus scanning policy from Anti Virus → SMTP → Create Custom Scan Policy and

define scanning parameters required for the recipient [email protected] • Define mail scanning rule for the recipient from Anti Virus → SMTP → Email Scanning Rules

and attach policy created in above step.

All the mails received by [email protected] will also be delivered at the email address configured in the accnt_archive policy


Page 18 of 36 10-95322-080511

Bypass virus scanning of the trusted Websites

When you bypass scanning of trusted websites, Cyberoam does not scan files downloaded from this URL. Use this feature to bypass virus scanning your organization’s site. Define the URL’s which are to be bypassed from virus scanning from Anti Virus → HTTP → Configuration.


Page 19 of 36 10-95322-080511

Prevent virus scanning latency

Virus scanning is a resource-intensive process. Exempt virus scanning of the files downloaded from the trusted sites to prevent scanning latency. Bypass scanning of trusted sited from Anti Virus → HTTP → Configuration.

Virtual Private Network

Cyberoam can be used to establish VPN connection and supports following protocols to authenticate and encrypt traffic: • Internet Protocol Security (IPSec) • Layer Two Tunneling Protocol (L2TP) • Point-to-Point Tunneling Protocol (PPTP)

Configure gateway-to-gateway IPSec VPN connection Configuring Cyberoam_1 as Gateway Step 1. Create VPN policy from VPN → Policy → Create Policy and define phase 1 and phase 2 parameters. Please make sure you select “Yes” in “Allow Re-keying” field. Use the default values for all other the fields. Step 2. Create IPSec connection from VPN → IPSec Connection → Create Connection and define authentication method and source and destination addresses of the VPN tunnel. Step 3. Activate connection from VPN → IPSec Connection → Manage Connection Step 4. Repeat the above given steps on Cyberoam_2. Step 5. Once both the gateways are configured successfully, go to VPN → IPSec Connection → Manage Connection and establish the connection. Connection can be established from either of the Gateways. Cyberoam provides VPN interoperability with number of third party IPSec VPN Gateways, refer to http://kb.cyberoam.com/default.asp?id=388&Lang=1&SID= for list of supported gateways and how to establish connection with them. Configure remote VPN access using Cyberoam VPN Client This is commonly called a "road warrior" configuration, because the client is typically a laptop being used from remote locations, and connected over the internet using service providers and dialup connections. The most common use of this scenario is when you are at home or on the road and want access to the corporate network. For step by step configuration, refer to http://kb.cyberoam.com/default.asp?id=786&Lang=1&SID= If you are using Cyberoam IPSec VPN Client for the first time, download Client from http://www.cyberoam.com/vpnhelp.html.



http://www.cyberoam.com/vpnhelp.html�


Page 20 of 36 10-95322-080511

Configure VPN failover You will need to configure VPN failover condition to keep your VPN connection always ON. To configure connection failover, you have to: • Create Connection Group from VPN → Connection Failover → Create Connection Group.

Connection Group is the grouping of all the connections that are to be used for failover. The order of connections in the Group defines fail over priority of the connection.

• Define Fail over condition in the Group itself Your primary VPN connection will failover to the very next active Connection in the Group if Connection group is created including the primary connection. For example, if the connection established using 4th Connection in the Group is lost then 5th Connections will take over provided the 5th connection is active.

Reports

Instant visibility into network resource usability You can analyze system resources usage summary, summary on network activities and surfing pattern from Dashboard.

Dashboard Alerts providing Attack VS User information Dashboard serves the purpose of a ready-reference providing the instant visibility into the source / target user without in-depth search. Dashboard displays recent HTTP and FTP virus attack, Mail virus attack and IDP attack detected by Cyberoam.


Page 21 of 36 10-95322-080511

“Recent HTTP Viruses detected” section

“Recent FTP Viruses detected” section


Page 22 of 36 10-95322-080511

“Recent IDP Alerts” section Administrator can get the information of threat origin even in DHCP environment as username is included in the IDP alerts. In DHCP environment, where IP address is allocated dynamically, without username it is practically impossible to track the threat origin.


Page 23 of 36 10-95322-080511

Recent Mail Viruses detected - section

Analytical Reports Analytical reports provide details on each and every activity for your network including users receiving virus and spam mails, spam and virus mail senders, users becoming victims of IDP attacks as well as details on IDP attackers. Additionally, extensive reports that can help to analyze all the User activities like sites surfed, amount of data transferred and surfing time, carried out by user, group and so on are also provided to take the corrective actions by tuning the policies based on the user behavior.

Want to know From Does “Joe” receive SMTP Spam mails? Anti Spam>SMPT Spam Reports>Top 10 Spam

Receivers Click Show All

How many virus mails did “Abraham” receive

Anti Virus>HTTP>Top 10 users Click Show All


Page 24 of 36 10-95322-080511

List of IDP attack victims IDP>Top 10 Victims Is “Margaret” user accessing Chat category?

Web Surfing>Search Search by “Chat” category and <xyz> user

How many users are attempting to access blocked sites?

Web Surfing>Blocked attempts>Top 10 Blocked-User Drill down from username to view the list of blocked categories, sites and the URL wise attempt details that user has tried to access.

Which top 10 Categories accessed? Web Surfing>Organization wide>Top 10 Categories (By Hits) Drill down from Category name

Which applications are accessed through a 172.168.2.59?

Traffic Discovery>Report by LAN IP Address Traffic Discovery>Report by WAN IP Address

Sample Organization wise – Top 10 Sites Report by Hits


Page 25 of 36 10-95322-080511


Page 26 of 36 10-95322-080511

Sample Blocked Categories report

Web Trends Web Trends track and reports surfing activity i.e. hits and displays the usage pattern over a period of time (hourly/weekly/monthly) in the form of graph.


Page 27 of 36 10-95322-080511

Category Trends Category Trends tracks and reports on category wise hits i.e. category wise surfing activity and displays the usage pattern in the form of graph.


Page 28 of 36 10-95322-080511

Category Type Trends Category Type Trends tracks and reports on category type wise hits i.e. category type wise surfing activity and displays the usage pattern in the form of graph. Category Type is defined by Administrator.


Page 29 of 36 10-95322-080511

Google Search Report Google Search Report displays the keywords searched by using Google search engine. It displays username, date and time of the search.

Yahoo Search Report Yahoo Search Report displays the keywords searched by using Yahoo search engine. It displays username, date and time of the search.


Page 30 of 36 10-95322-080511

Top Virus Senders

Compliance reports

Many business and organizations require protecting their critical applications as well as customer (patient) data, controlling access to that date and proving how they have done. For this, they need to meet regulatory requirements such as HIPAA, GLBA, SOX, FISMA and PCI. Cyberoam provides 45+ compliance reports and can be accessed from Reports > Compliance Reports. HIPAA - Health Insurance Portability & Accountability Act for Health care Industry regulations i.e. healthcare providers and insurance companies. GLBA - The Gramm-Leach-Bliley Act regulations for on financial institutions including banks, mortgage brokers, lenders, credit unions, insurance and real-estate companies. SOX - Sarbanes-Oxley for publicly held companies. PCI - Payment Card Industry regulations for organization that processes credit or debit card information, including merchants and third-party service providers that store, process or transmit credit card/debit card data. FISMA – The Federal Information Security Management Act regulations for all information systems used or operated by a US Government federal agency or by a contractor or other organization on behalf of a US Government agency.

Password Management

CLI Console password 1. From Web Admin Console, go to System → Reset Console Password and change CLI Console password 2. From CLI console, go to Option 2 System Settings, Option 1 Set Console Password to change the CLI Console password from CLI Console. Web Admin Console Password From CLI console, go to option 5 Cyberoam Management, Option 3 Reset Management Password to reset Web Admin Console password to the default password.


Page 31 of 36 10-95322-080511

Manage Bandwidth

Control bandwidth for group of users • Create User based Bandwidth policy from Policies → Bandwidth Policy → Create Policy • Create user group from Group → Add group and attach the bandwidth policy created for the

group • Create Identity based firewall rule from Firewall → Create Rule and select the user group.

Prioritize bandwidth usage of an Application • Create Firewall rule based Bandwidth policy from Policies → Bandwidth Policy → Create

Policy. Set the priority as required. Priority can be set from 0 (highest) to 7 (lowest) • Create firewall rule from Firewall → Create Rule and select service and bandwidth policy

created in above step.

Configure Multiple Gateways

Please note that multiple gateways can be configured only if Cyberoam is deployed as a Gateway. Add Gateway One unused WAN port is required for each Gateway. Go to System → Gateway → Manage Gateway(s) and click Add to specify Gateway IP address and port. Define gateway weight for load balancing Assign weight to the Gateway if load balancing is required. Cyberoam distributes traffic across links in proportion to the ratio of weights assigned to individual link. This weight determines how much traffic will pass through a particular link relative to the other link. • Set weight as 0 (zero) to disable load balancing and pass the traffic through the default

gateway • Set same weight to all the gateways to distribute traffic equally among all the links • Set different weights to various gateways to distribute traffic in the ratio of the proportions of

the weight set Configure Source based routing Configure source based routing if it is required to route traffic of a particular network/subnet from the specific gateway. Go to System → Gateway → Manage Gateway(s) and click the Gateway for which the source based routing is defined. Page displays the details of the Gateway; click “Add Network” to add the network IP address. Configure Gateway Failover condition Go to System → Gateway → Manage Gateway(s). Select the Gateway for which failover condition is to be configured and click Failover Conditions. Specify communication protocol, port number, and host. A request on the specified port is send to the Host. If Host does not respond to the request, Cyberoam considers the Gateway as ‘dead’, stops sending traffic to the dead gateway and sends traffic through another available gateway.


Page 32 of 36 10-95322-080511

Cyberoam sends alert mail to the Administrator on change of gateway status.

General Administration

Restart Cyberoam management services Cyberoam management services can be restarted from CLI Console. Add Alias Alias refers to assigning multiple IP addresses to an Interface. You can add alias from System Configure Network Manage Interface. General Administration using Web Admin Console Apart from Network management, following configurations can be performed only from Web Admin Console: • DNS and DHCP • firewall rules • content filtering categories and policies • user authentication method and integration with external authentication servers • access control • antivirus and anti spam filtering policies • VPN connection policies • multiple gateways • user and user groups • bandwidth and internet access policy • IDP policies and signature

In addition, Dashboard, reports including traffic discovery and bandwidth usage graphs can be viewed only from Web Admin Console. General Administration using CLI Console Use CLI console for troubleshooting and diagnose network problems in details. Additionally you can also: • Restart management services • Restart and shutdown Cyberoam • View log information • Update MTU and MSS value • Configure static and dynamic routes • Upgrade Cyberoam and restore backup • Restore to factory default settings • Reset and change password • Enable/disable LAN Bypass (only if Cyberoam is deployed as Bridge)

For more details, refer version specific Console Guide available on http://docs.cyberoam.com/ Reboot or shutdown Cyberoam You can reboot or shutdown Cyberoam from CLI Console

http://docs.cyberoam.com/�


Page 33 of 36 10-95322-080511

User types

User is identified by an IP address or a user name and must be member of a group. User will inherit its group policies. User can be assigned explicit policies which will override its group policies. Cyberoam supports three types of Users:

1. Normal 2. Clientless 3. Single Sign on

Feature Normal User Clientless User Single Sign on User

User required to log on to Cyberoam before accessing network resources

Yes No No

Group membership Normal Clientless

Yes No

No Yes

Yes No

Apply Login restriction Yes Yes Yes Apply Surfing Quota policy Yes No No Apply Access Time policy Yes No No Apply Bandwidth policy Yes Yes Yes Apply Internet Access policy Yes Yes Yes Apply Data Transfer policy Yes No Yes

• Add normal user from User User Add User • Add multiple clientless users from User Clientless Users Add Multiple • Add single clientless user from User Clientless Users Add Single

For more details on adding clientless users, refer to http://kb.cyberoam.com/default.asp?id=69&Lang=1&SID= By default, normal users are added under Open Group while clientless users in the Clientless Open Group. You can change the group membership of the User. Create new groups as per your requirement from Group Group

High Availability

Using High availability for hardware failover and load balancing, involves installing two Cyberoam appliances – Primary and Auxiliary appliance, with the same number of interfaces and same version installed on both the appliances. Cyberoam offers high availability by using Virtual MAC address shared between a primary and auxiliary appliance linked together as a “cluster”. Appliances - primary and auxiliary appliance, must be physically connected over a dedicated HA link port. Cluster appliances use this link to communicate cluster information and to synchronize with each other.

Active-Passive Continuous connectivity - Failover

Yes

Load balance traffic No



Page 34 of 36 10-95322-080511

Traffic processing Primary appliance Auxiliary appliance process only when primary appliance or any of the monitored links fails.

How high availability cluster works Appliances - primary and auxiliary appliance, are physically connected over a dedicated HA link port to operate as an HA Cluster. Cluster appliances use this link to communicate cluster information and to synchronize with each other. When you configure HA cluster, Cyberoam assigns a Virtual MAC address to one of the appliance in the cluster. Entire network traffic is forwarded to the cluster appliance which has the virtual MAC address. The appliance which has virtual MAC address is referred as Primary Appliance while other peer is referred as Auxiliary Appliance. Primary appliance regularly sends keep-alive request through HA link, which is answered by Auxiliary appliance. If keep-alive request is not returned by primary appliance, the device is considered to have failed. In this case, Auxiliary appliance takes ownership of the virtual MAC address from primary appliance, and becomes primary appliance temporarily. Primary appliance automatically takes over from the Auxiliary appliance once it starts functioning. Configure Active-Passive HA cluster The appliance from which HA is enabled acts as a primary appliance while the peer appliance acts as auxiliary appliance. Auxiliary appliance takes over primary appliance when primary appliance fails. Step A: Configuring Auxiliary appliance 1. Create firewall rule to allow HA service traffic from Firewall Create Rule as • Source: DMZ/Any Host • Destination: LOCAL/Dedicated HA link port • Service: HA Service • Action: Accept

Step B: Configuring Primary appliance 1. Create firewall rule to allow HA service traffic from Firewall Create Rule as • Source: DMZ/Any Host • Destination: LOCAL/Dedicated HA link port • Service: HA Service • Action: Accept

2. Add a HA administrator from User User Add User to log HA events under this name in Audit log

3. Configure HA cluster from System HA Configure HA and select Active-Passive in HA Configuration Mode field.


Page 35 of 36 10-95322-080511

Points to remember

• If you are integrating Cyberoam with Active Directory for authentication, use Active Directory as your DNS. You are required to define Active Directory as DNS both in Cyberoam as well as all the desktops.

• If you have configured Cyberoam as DHCP server for leasing IP addresses, make sure DHCP server is enabled for autostart. If not, then IP address will be leased only after rebooting Cyberoam.


Page 36 of 36 10-95322-080511

IMPORTANT NOTICE Elitecore has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Elitecore assumes no responsibility for any errors that may appear in this document. Elitecore reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice. USER’S LICENSE The Appliance described in this document is furnished under the terms of Elitecore’s End User license agreement. Please read these terms and conditions carefully before using the Appliance. By using this Appliance, you agree to be bound by the terms and conditions of this license. If you do not agree with the terms of this license, promptly return the unused Appliance and manual (with proof of payment) to the place of purchase for a full refund. LIMITED WARRANTY Software: Elitecore warrants for a period of ninety (90) days from the date of shipment from Elitecore: (1) the media on which the Software is furnished will be free of defects in materials and workmanship under normal use; and (2) the Software substantially conforms to its published specifications except for the foregoing, the software is provided AS IS. This limited warranty extends only to the customer as the original licenses. Customers exclusive remedy and the entire liability of Elitecore and its suppliers under this warranty will be, at Elitecore or its service center’s option, repair, replacement, or refund of the software if reported (or, upon, request, returned) to the party supplying the software to the customer. In no event does Elitecore warrant that the Software is error free, or that the customer will be able to operate the software without problems or interruptions. Elitecore hereby declares that the anti virus and anti spam modules are powered by Kaspersky Labs and the performance thereof is under warranty provided by Kaspersky Labs. It is specified that Kaspersky Lab does not warrant that the Software identifies all known viruses, nor that the Software will not occasionally erroneously report a virus in a title not infected by that virus. Hardware: Elitecore warrants that the Hardware portion of the Elitecore Products excluding power supplies, fans and electrical components will be free from material defects in workmanship and materials for a period of One (1) year. Elitecore's sole obligation shall be to repair or replace the defective Hardware at no charge to the original owner. The replacement Hardware need not be new or of an identical make, model or part; Elitecore may, in its discretion, replace the defective Hardware (or any part thereof) with any reconditioned product that Elitecore reasonably determines is substantially equivalent (or superior) in all material respects to the defective Hardware. DISCLAIMER OF WARRANTY Except as specified in this warranty, all expressed or implied conditions, representations, and warranties including, without limitation, any implied warranty or merchantability, fitness for a particular purpose, non-infringement or arising from a course of dealing, usage, or trade practice, and hereby excluded to the extent allowed by applicable law. In no event will Elitecore or its supplier be liable for any lost revenue, profit, or data, or for special, indirect, consequential, incidental, or punitive damages however caused and regardless of the theory of liability arising out of the use of or inability to use the product even if Elitecore or its suppliers have been advised of the possibility of such damages. In the event shall Elitecore’s or its supplier’s liability to the customer, whether in contract, tort (including negligence) or otherwise, exceed the price paid by the customer. The foregoing limitations shall apply even if the above stated warranty fails of its essential purpose. In no event shall Elitecore or its supplier be liable for any indirect, special, consequential, or incidental damages, including, without limitation, lost profits or loss or damage to data arising out of the use or inability to use this manual, even if Elitecore or its suppliers have been advised of the possibility of such damages.

RESTRICTED RIGHTS Copyright 2000 Elitecore Technologies Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of Elitecore Technologies Ltd. Information supplies by Elitecore Technologies Ltd. Is believed to be accurate and reliable at the time of printing, but Elitecore Technologies assumes no responsibility for any errors that may appear in this documents. Elitecore Technologies reserves the right, without notice, to make changes in product design or specifications. Information is subject to change without notice

CORPORATE HEADQUARTERS Elitecore Technologies Ltd. 904 Silicon Tower, Off. C.G. Road, Ahmedabad – 380015, INDIA Phone: +91-79-66065606 Fax: +91-79-26407640

Web site: www.elitecore.com , www.cyberoam.com

http://www.elitecore.com/�

http://www.cyberoam.com/�

Documents

Getting Started Guide