Sie sind auf Seite 1von 475

User Guide

Version 10

Document Version 10.04.5.0007 - 30/11/2013

User Guide Version 10 Document Version 10.04.5.0007 - 30/11/2013 0

Important Notice

Cyberoam Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Cyberoam Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document. Cyberoam Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice.

USER‟S LICENSE

Use of this product and document is subject to acceptance of the terms and conditions of Cyberoam End User License Agreement (EULA) and Warranty Policy for Cyberoam UTM Appliances.

You will find the copy of the EULA at http://www.cyberoam.com/documents/EULA.html and the Warranty Policy for Cyberoam UTM Appliances at http://kb.cyberoam.com.

RESTRICTED RIGHTS

Copyright 1999 - 2013 Cyberoam Technologies Pvt. Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of Cyberoam Technologies Pvt. Ltd.

Corporate Headquarters

Cyberoam Technologies Pvt. Ltd. 901, Silicon Tower, Off. C.G. Road, Ahmedabad 380006, INDIA Phone: +91-79-66065606 Fax: +91-79-26407640 Web site: www.cyberoam.com

Off. C.G. Road, Ahmedabad – 380006, INDIA Phone: +91-79-66065606 Fax: +91-79-26407640 Web site: www.cyberoam.com

Content

Preface

5

About this Guide

6

Introduction

10

Basics

11

Web Admin Console

11

Connecting to Web Admin Console

12

Navigating through Web Admin Console

13

Common Icons and buttons in the Web Admin Console

14

Status Bar

15

Tooltips

15

Navigating through Tables

17

Web Admin Console Authorization and Access control

17

Common Web Admin Console tasks

18

Log out procedure

18

Getting Started

19

Dashboard

20

System

24

Administration

24

Settings

24

Appliance Access

28

Profile

29

Profile Parameters

31

Access Denied Page

32

Password

33

Central Management

34

Configuration

36

Time

36

Notification

38

Messages

41

Web Proxy

47

Parent Proxy

48

Captive portal

49

Theme

51

Maintenance

51

Backup & Restore

51

Firmware

53

Licensing

54

Services

58

Updates

59

SNMP

61

Agent Configuration

62

Community

63

V3 User

65

Certificate

66

Certificate

67

Certificate Parameters

68

Certificate Authority

73

Certificate

Authority Parameters

76

Certificate Revocation List (CRL)

79

CRL Parameters

 

80

Diagnostics

81

Parameters 76 Certificate Revocation List (CRL) 79 CRL Parameters   80 Diagnostics 81 1

Tools

81

System Graph

84

Packet Capture

97

Connection List

103

Consolidated Troubleshoot Report (CTR)

106

Objects

107

Hosts

107

IP Host

108

IP Host Group

112

MAC Host

115

FQDN Host

118

FQDN Host Group

123

Country Host

125

Country Host Group

129

Services

132

Services

132

Service Group

135

Schedule

139

Schedule

139

File Type

142

File Type

142

Network

145

Interface

145

Interface

146

VLAN

156

Zone

160

Wireless LAN

164

Connected Client

165

Settings

169

Access Point

171

Rogue Access Point

175

Wireless WAN

178

Status

178

Settings

180

Gateway

186

Gateway

187

Static Route

196

Unicast

196

Multicast

201

Source Route

209

DNS

213

DNS

213

DNS Host Entry

215

DHCP

220

Server

220

Lease

224

Relay

226

ARP

228

ARP

228

Dynamic DNS

236

Dynamic DNS

236

Identity

238

Authentication

239

Authentication Server

240

Active Directory Authentication

241

LDAP Authentication

252

RADIUS Authentication

255

Server 240 Active Directory Authentication 241 LDAP Authentication 252 RADIUS Authentication 255 2

Firewall

257

VPN

262

Administrator Authentication

264

Groups

265

Groups

265

Users

274

Users

275

Clientless Users

288

Guest Users

300

General Settings

300

Guest Users

303

Single Guest User Parameters

312

Multiple Guest User Parameters

313

SMS Gateway

320

Policy

323

Access Time Policy

323

Surfing Quota Policy

326

Data Transfer Policy

328

Live Users

333

Live Users

333

Firewall

343

Rule

345

Manage Firewall Rule List

346

Firewall Rule Parameters

357

Virtual Host

368

Virtual Host

368

NAT Policy

376

NAT Policy

376

Spoof Prevention

378

General Settings

378

Trusted MAC

380

DoS

383

Settings

385

Bypass Rules

387

Web Filter

389

Settings

389

Settings

390

Category

391

Category

392

Search URL

396

URL Group

396

Policy

398

Policy

398

Application Filter

406

Application List

407

Application List

407

Category

412

Category

412

Policy

415

Policy

416

IM

422

IM Contact

422

IM Contact

422

IM Contact Group

425

IM Rules

427

Policy 416 IM 422 IM Contact 422 IM Contact 422 IM Contact Group 425 IM Rules

Login

427

Conversation

430

File Transfer

433

Webcam

436

Content Filter

439

Content Filter

439

QoS

440

Policy

440

Policy

442

Logs & Reports

449

Configuration

450

Syslog Servers

450

Log Settings

454

Log Viewer

462

Log Viewer

462

4-Eye Authentication

469

Settings

470

De-Anonymize

471

Log Viewer 462 Log Viewer 462 4-Eye Authentication 469 Settings 470 De-Anonymize 471 4

Preface

Welcome to Cyberoam‘s - User Guide.

Cyberoam Unified Threat Management appliances offer identity-based comprehensive security to organizations against blended threats - worms, viruses, malware, data loss, identity theft; threats over applications viz. Instant Messengers; threats over secure protocols viz. HTTPS; and more. They also offer wireless security (WLAN) and 3G wireless broadband and analog modem support can be used as either Active or Backup WAN connection for business continuity.

Cyberoam integrates features like stateful inspection firewall, VPN, Gateway Anti-Virus and Anti- Spyware, Gateway Anti-Spam, Intrusion Prevention System, Content & Application Filtering, Data Leakage Prevention, IM Management and Control, Layer 7 visibility, Bandwidth Management, Multiple Link Management, Comprehensive Reporting over a single platform.

Cyberoam has enhanced security by adding an 8th layer (User Identity) to the protocol stack. Advanced inspection provides L8 user-identity and L7 application detail in classifying traffic, enabling Administrators to apply access and bandwidth policies far beyond the controls that traditional UTMs support. It thus offers security to organizations across layer 2 - layer 8, without compromising productivity and connectivity.

Cyberoam UTM appliances accelerate unified security by enabling single-point control of all its security features through a Web 2.0-based GUI. An extensible architecture and an ‗IPv6 Ready‘ Gold logo provide Cyberoam the readiness to deliver on future security requirements.

Cyberoam provides increased LAN security by providing separate port for connecting to the publicly accessible servers like Web server, Mail server, FTP server etc. hosted in DMZ which are visible the external world and still have firewall protection.

Note

Default Web Admin Console username is ‗admin‘ and password is ‗admin‘

Cyberoam recommends that you change the default password immediately after installation to avoid unauthorized access.

Cyberoam recommends that you change the default password immediately after installation to avoid unauthorized access. 5

About this Guide

This Guide provides information regarding the administration, maintenance, and customization of Cyberoam and helps you manage and customize Cyberoam to meet your organization‘s various requirements including creating groups and users and assigning policies to control web as well as application access.

Guide Organization

The Cyberoam User Guide organization is structured into the thirteen parts that follow the Cyberoam Web Admin Console structure. Within these parts, individual topics correspond to security appliance management interface layout.

This Guide is organized into thirteen parts:

Part I Introduction

This part covers various features of Web 2.0 based graphical interface.

Part II Getting started

This part covers how to start using Cyberoam after deployment.

Part III Basics

This part covers basic building blocks in Cyberoam.

Part IV System

This part covers a various security appliance controls for managing system status information, registering and managing the Cyberoam security appliance and its subscription licenses through registration portal, managing firmware versions, defining profiles for role based access, scheduling backups and restoring, various and using included diagnostics tools for troubleshooting.

Part V Objects

This part covers various Objects which are the logical building blocks for configuring various policies and rules, which include:

host IP, network and MAC Addresses. They are used in defining firewall rules, virtual host, NAT policy, IPSec, L2TP and VPN policies

services which represent specific protocol and port combination for example, DNS service for TCP protocol on 53 port. Access to services are allowed or denied through firewall rules.

schedule to control when the firewall rule, Access time policy, Web filter policy, Application filter policy, or QoS policy will be in effect for example, All Days, Work Hours

file types defining web filter policy, SMTP scanning rules

certificates VPN policies

Work Hours  file types – defining web filter policy, SMTP scanning rules  certificates –

Part VI Network

This part covers configuring the Cyberoam appliance for your network. It includes configuring Cyberoam interfaces and DNS settings, adding VLAN sub interfaces and custom zones, configuring DHCP. It also covers configuration of the 3G wireless WAN interface on the Cyberoam appliances that support the feature.

Part VII Identity

This part covers how to configure user level authentication and manage users and user groups.

Part VIII Firewall

This part covers tools for managing how the Cyberoam appliance handles traffic through the firewall.

Part IX Web Filter

This part covers how to configure and manage Web filtering in Cyberoam through categories and policies.

Part X Application Filter

This part covers how to configure and manage application filtering in Cyberoam through categories and policies.

Part XI IM

This part covers how to configure and manage restrictions on instant messaging services provided by the Yahoo and MSN messengers.

Part XII QoS

This part covers how to configure and manage bandwidth through QoS policy that allocates and limits the maximum bandwidth usage of the user and controls web and network traffic.

Part XIII Logs & Reports

This part covers managing logging and reporting feature. Cyberoam provides extensive logging capabilities for traffic, system and network protection functions. Detailed log information and reports provide historical as well as current analysis of network activity to help identify security issues and reduce network abuse.

historical as well as current analysis of network activity to help identify security issues and reduce

Typographic Conventions

Material in this manual is presented in text, screen displays, or command-line notation.

 

Conven

 

Item

tion

 

Example

Server

 

Machine where Cyberoam Software - Server component is installed

Client

 

Machine where Cyberoam Software - Client component is installed

User

 

The end user

 

Username

 

Username uniquely identifies the user of the system

Part titles

Bold and

shaded font

 
 

typefaces

Report

 

Topic titles

Shaded font

 

typefaces

Introduction

 

Subtitles

Bold & Black typefaces

Notation conventions

 

Navigation link

Bold typeface

System Administration Appliance Access it means, to open the required page click on System then on Administration and finally click Appliance Access

Name of a particular parameter / field / command button text

Lowercase

Enter policy name, replace policy name with the specific name of a policy Or Click Name to select where Name denotes command button text which is to be clicked

italic type

Cross

Hyperlink in

Refer to Customizing User database Clicking on the link will open the particular topic

references

different color

Notes & points to remember

Bold typeface

 

between the

   
 

black borders

Note

Prerequisites

Bold typefaces

 
   
 

between the

Prerequisite

black borders

Prerequisite details

Bold typefaces         between the Prerequisite black borders Prerequisite details 8

Cyberoam User Guide

Technical Support

You may direct all questions, comments, or requests concerning the software you purchased, your registration status, or similar issues to Customer care/service department at the following address:

Corporate Office Cyberoam Technologies Pvt. Ltd. 901, Silicon Tower Off C.G. Road Ahmedabad 380006 Gujarat, India. Phone: +91-79-66065606 Fax: +91-79-26407640 Web site: www.cyberoam.com

Cyberoam contact:

Technical support (Corporate Office): +91-79-66065777 Email: support@cyberoam.com Web site: www.cyberoam.com

Visit www.cyberoam.com for the regional and latest contact information.

Web site: www.cyberoam.com Visit www.cyberoam.com for the regional and latest contact information. 9

Cyberoam User Guide

Introduction

Cyberoam appliances use Layer 8 technology to help organizations maintain a state of readiness against today's blended threats and offer real-time protection.

Cyberoam Unified Threat Management appliances offer identity-based comprehensive security to organizations against blended threats - worms, viruses, malware, data loss, identity theft; threats over applications viz. Instant Messengers; threats over secure protocols viz. HTTPS; and more. They also offer wireless security (WLAN) and 3G wireless broadband. Analog modem support can be used as either Active or Backup WAN connection for business continuity.

Cyberoam integrates features like stateful inspection firewall, VPN, Gateway Anti-Virus and Anti- Spyware, Gateway Anti-Spam, Intrusion Prevention System, Content & Application Filtering, Data Leakage Prevention, IM Management and Control, Layer 7 visibility, Bandwidth Management, Multiple Link Management and Comprehensive Reporting over a single platform.

Cyberoam has enhanced security by adding an 8th layer (User Identity) to the protocol stack. Advanced inspection provides L8 user-identity and L7 application detail in classifying traffic, enabling Administrators to apply access and bandwidth policies far beyond the controls that traditional UTMs support. It thus offers security to organizations across layer 2 - layer 8, without compromising productivity and connectivity.

Cyberoam UTM appliances accelerate unified security by enabling single-point control of all its security features through a Web 2.0-based GUI. An extensible architecture and an ‗IPv6 Ready‘ Gold logo provide appliance the readiness to deliver on future security requirements.

Cyberoam appliances provides increased LAN security by providing separate port for connecting to the publicly accessible servers like Web server, Mail server, FTP server etc. hosted in DMZ which are visible the external world and still have firewall protection.

Layer 8 Security:

Cyberoam's features are built around its patent pending Layer 8 technology. The Layer 8 technology implements the human layer of networking by allowing organizations control traffic based on users instead of mere IP addresses. Layer 8 technology keeps organizations a step ahead of conventional security solutions by providing full business flexibility and security in any environment including WIFI and DHCP.

Note

All the screen shots in the Cyberoam User Guides have been taken from NG series of appliances. The feature and functionalities however remains unchanged across all Cyberoam appliances.

from NG series of appliances. The feature and functionalities however remains unchanged across all Cyberoam appliances.

Cyberoam User Guide

Basics

Appliance can be accessed and administered from:

1. Web Admin Console

2. CLI Console

Web Admin Console can be accessed using HTTP or a secure HTTPS connection from any computer using web browser as:

3. HTTP login: http://<IP address of the appliance>

4. HTTPS login: https://<IP address of appliance>

CLI Console Use CLI console for troubleshooting and diagnose network problems in details. For more details, refer version specific Console Guide available on http://docs.cyberoam.com/

CLI Console can be accessed via remote login utility TELNET as:

TELNET login: TELNET <IP address of the appliance>

Refer to Console Guide on how to configure appliance from CLI Console.

Note

Default password for CLI Console is ―admin‖.

Web Admin Console

This section describes various features of Web 2.0 based graphical interface.

Version 10 of the Cyberoam appliance introduced a new Web 2.0 based easy-to-use graphical interface termed as Web Admin Console to configure and manage your appliance. User sessions

and

active VPN connections can be disconnected with a single click on the

and active VPN connections can be disconnected with a single click on the disconnect icon in

disconnect icon in

the

Manage column.

You can connect to Web Admin Console using HTTP or a secure HTTPS connection from any management computer using web browser Microsoft Internet Explorer 7+ or Mozilla Firefox 1.5+. The recommended minimum screen resolution for the management computer is 1024 X 768 and 32-bit true-color.

You can configure the appliance for HTTP and HTTPS web-based administration from any of the

interfaces but by default, only HTTPS connection is enabled from WAN interface while HTTP and HTTPS both are enabled from LAN interface. To connect to the Web Admin Console you require an administrator account and password. The Web Admin Console supports multiple languages,

but by default appears in English. To cater to its non-English customers, apart from English,

Chinese-Traditional, Chinese-Simplified, French, Hindi and Japanese languages are also

supported. Administrator can choose the preferred GUI language at the time of logging. Listed elements of Web Admin Console are displayed in the configured language:

Dashboard Doclet contents

logging. Listed elements of Web Admin Console are displayed in the configured language:  Dashboard Doclet

Cyberoam User Guide

Navigation menu

Screen elements including field & button labels and tips

Error messages

Administrator can also specify description for firewall rule, various policies, services and various custom categories in any of the supported languages. To view description in any of the language other than English, it is required to enable UTF - 8 Character encoding in the Web Browser.

Dashboard is displayed as soon as you logon to the Web Admin Console. Dashboard provides a quick and fast overview of all the important parameters of your appliance.

Connecting to Web Admin Console

The log-on procedure authenticates the user and creates a session until the user logs-off.

To get the login window, open the browser and type LAN IP Address of Cyberoam in browser‘s URL box. A dialog box appears prompting you to enter username and password.

Note

Use the default username ―admin‖ and password ―admin‖, if you are logging-in for the first time after the deployment of appliance.

Dots are the placeholders in the password field.

appliance. Dots are the placeholders in the password field. Screen – Login Screen Screen Element Description

Screen Login Screen

Screen Element

Description

 

Specify user login name.

Username

If you are logging on for the first time after installation, please use default username ‗admin‘

 

Specify user account Password

Password

If you are logging on for the first time after installation, please use default password ‗cyber‘

Language

Select the language. The available options are Chinese-Simplified, Chinese-Traditional, English,

Language Select the language. The available options are Chinese-Simplified, Chinese-Traditional, English, 12

Cyberoam User Guide

 

French, Hindi and Japanese.

  French, Hindi and Japanese. By default, the language is English. Log on to To administer

By default, the language is English.

Log on to

To administer Cyberoam, select ‗Web Admin Console‘

 

Logs on to Web Admin Console

Login button

Click Login.

Table Login screen elements

Navigating through Web Admin Console

Navigation menu Navigation bar on the leftmost side provides access to various configuration pages. Menu consists of sub-menus and tabs. On clicking menu item in the navigation bar, related management functions are displayed as submenu items in the navigation bar itself. On clicking submenu item, all the associated tabs are displayed as the horizontal menu bar on the top of the page. To view page associated with the tab, click the required tab.

The left navigation bar expands and contracts dynamically when clicked on without navigating to a submenu. When you click on a top-level heading in the left navigation bar, it automatically expands that heading and contracts the heading for the page you are currently on, but it does not navigate away from the current page. To navigate to a new page, first click on the heading, and then click on the submenu you want navigate to.

page. To navigate to a new page, first click on the heading, and then click on

Cyberoam User Guide

Cyberoam User Guide Screen – Web Admin Console Cyberoam appliance functions are grouped in such a

Screen Web Admin Console

Cyberoam appliance functions are grouped in such a way that the navigation bar does not continue below the bottom of your browser. On hovering the cursor upon the up-scroll icon or the down-scroll icon , automatically scrolls the navigation bar up or down respectively.

scrolls the navigation bar up or down respectively. Common Icons and buttons in the Web Admin
scrolls the navigation bar up or down respectively. Common Icons and buttons in the Web Admin

Common Icons and buttons in the Web Admin Console

Icon bar The Icon bar on the upper rightmost corner of the every page provides access to several commonly used functions like:

Dashboard

to several commonly used functions like:  Dashboard – Click to view to Dashboard  Wizard

Click to view to Dashboard

like:  Dashboard – Click to view to Dashboard  Wizard – Network Configuration wizard guides

Wizard

Network Configuration wizard guides you step-by-step through

configuration of the network parameters like IP address, subnet mask and default gateway for

your appliance.

address, subnet mask and default gateway for your appliance.  Reports – Opens a Reports page

Reports Opens a Reports page for viewing various usage reports. Integrated Logging and Reporting solution - iView, to offer wide spectrum of 1000+ unique user identity- based reporting across applications and protocols and provide in-depth network visibility to help organizations take corrective and preventive measures.

Note

Option ―Reports‖ is not available on dashboard for appliance CR15i, CR15wi and CR15iNG.

on dashboard for appliance CR15i, CR15wi and CR15iNG.  Console – It provides immediate access to

Console It provides immediate access to CLI by initiating a telnet connection with CLI without closing Web Admin console.

Logout

connection with CLI without closing Web Admin console.  Logout – Click to log out from

Click to log out from the Web Admin Console.

connection with CLI without closing Web Admin console.  Logout – Click to log out from

Cyberoam User Guide

Cyberoam User Guide  More Options – Click to view all the other options available for

More Options

Click to view all the other options available for assistance

The following describe the functions of common icons used in the Web Admin Console:

Edit

– Clicking on edit icon displays a window for editing the configuration – Clicking on

Clicking on edit icon displays a window for editing the configuration

Clicking on delete icon deletes an entry/record

Delete

Expand/Collapse icons

 Expand/Collapse icons – Clicking on the parent record displays its child records
 Expand/Collapse icons – Clicking on the parent record displays its child records

Clicking on the parent record displays its child records

Note

Use F1 key for page-specific help.

 

Use F10 key to return to Dashboard.

Status Bar

The Status bar at the bottom of the window displays the status of actions executed in the Web Admin console.

the status of actions executed in the Web Admin console. Tooltips Version 10 of the appliance
the status of actions executed in the Web Admin console. Tooltips Version 10 of the appliance

Tooltips

Version 10 of the appliance has introduced embedded informative tool tips for many elements in the Web Admin Console. These Tooltips are small pop-up windows that display brief configuration summary describing the element when you hover your mouse over a Web Admin Console element.

Not all Web Admin Console elements have Tooltips. If a Tooltip does not display after hovering your mouse over an element for a couple of seconds, you can safely conclude that it does not have an associated Tooltip.

When applicable, Tooltips display the configuration summary - minimum, maximum, and default values of the element. This configuration information is generated directly from your appliance itself.

and default values of the element. This configuration information is generated directly from your appliance itself.

Cyberoam User Guide

Cyberoam User Guide Screen – Tooltip Screen – Tooltip 16

Screen Tooltip

Cyberoam User Guide Screen – Tooltip Screen – Tooltip 16

Screen Tooltip

Cyberoam User Guide Screen – Tooltip Screen – Tooltip 16

Cyberoam User Guide

Navigating through Tables

With the new user interface, configuration details and log entries are presented in a tabular format. Table Navigation Bar on the upper right top corner of the table provides navigation buttons for moving through table pages with large number of entries. Table Navigation bar also includes an option to specify the number entries/records displayed per page.

to specify the number entries/records displayed per page. Screen – Navigating through tables Many tables like

Screen Navigating through tables

Many tables like Log Viewer, Live Users, Group etc. can now be re-sorted by clicking on the headings for the various columns. A tooltip ―Click to sort ascending” or “Click to sort descending” shall pop-up for the columns within the tables that can be sorted, when you hover mouse over the heading.

that can be sorted, when you hover mouse over the heading. Screen – Navigating through tables

Screen Navigating through tables

Live Users and active VPN connections can be disconnected with a single click on the

connections can be disconnected with a single click on the icon. Web Admin Console Authorization and

icon.

Web Admin Console Authorization and Access control

By default, appliance has two types of user:

Administrator ―Administrator‖ User can maintain, control and administer the appliance. This user can create, update and delete system configuration and user information as well as can create multiple administrator level users.

Appliances are shipped with two ―Administrator‖ Users as:

Username

Password

Console

Privileges

Access

admin

admin

Web Admin

Full privileges for both the consoles i.e. read-write permission for entire configuration performed

console

CLI console

for both the consoles i.e. read-write permission for entire configuration performed console CLI console 17

Cyberoam User Guide

     

through either of the consoles.

cyberoam

cyber

Web Admin

Full privileges i.e. read-write permission for entire configuration performed through Web Admin console

console only

It is recommended that you change the password of both the users immediately on deployment.

User User- User is the user who accesses the resources through the appliance.

Common Web Admin Console tasks

Below given are the common tasks performed through Web Admin Console:

System Administration and Configuration

Firmware maintenance

Backup and restore

Firewall rules management

Configure user authentication

User and user groups management

Objects management hosts, services, schedules

Network management - Interface speed, MTU and MSS settings, Gateway, DDNS

Web and application filtering categories and policies configuration

Policy management surfing quota, QoS, access time, data transfer

Antivirus and anti spam filtering policies configuration

VPN and SSL VPN access configuration

IPS policies and signature

IM controls

Log out procedure

To avoid un-authorized users from accessing Cyberoam, log off after you have finished working. This will end the session and exit from Cyberoam.

from accessing Cyberoam, log off after you have finished working. This will end the session and

Cyberoam User Guide

Getting Started

Once you have deployed and configured Cyberoam in your network and registered the copy of your Cyberoam, you can start using the Cyberoam.

1. Start monitoring

Once you have deployed appliance successfully you can start monitoring user activities in your Network. Depending on the Web and Application Filter Policy configured at the time of installation, certain categories will be blocked or allowed for LAN to WAN traffic with or without authentication.

2. View Reports

Monitor your Network activities using Reports. To view Reports, log on to iView by clicking Reports on the topmost button bar from Web Admin Console and log on with default username ‗admin‘ and password ‗admin‘.

View user surfing trends from Web Usage Top Web User report

View your organization‘s Category wise surfing trends from Web Usage Top Categories report

View mail usage from Mail Usage Top Mail Senders and Mail Receivers report

3. Configure for Username based monitoring

As user activity is monitored and logged based on IP address, all the reports generated are also IP address based. To monitor and log user activities based on User names, you have to configure appliance for integrating user information and authentication process.

Integration will identify access request based on User names and generate reports based on Usernames.

If your Network uses Active Directory Services and users are already created in ADS, configure your appliance to communicate your ADS.

If your Network uses RADIUS, configure for your appliance to communicate with RADIUS.

If your Network uses LDAP, configure for your appliance to communicate with LDAP.

4. Customize You can create additional policies to meet your organization‘s requirement.

You can:

1. Control user based per zone traffic by creating firewall rule. Refer to Firewall for more details.

2. Control individual user surfing time by defining Surfing quota policy. Refer to Surfing Quota policy for more details.

Control individual user surfing time by defining Surfing quota policy. Refer to Surfing Quota policy for

Cyberoam User Guide

3. Schedule Internet access for individual users by defining Access time policy. Refer to Access time policy for more details.

4. Control web access by defining Web and Application Filter Policies. Refer to Web and Application Filter Policy for more details.

5. Allocate and restrict the bandwidth usage by defining QoS policy. Refer to QoS policy for more details.

6. Limit total as well as individual upload and/or download data transfer by defining data transfer policy. Refer Data transfer policy for more details.

7. Connecting to Cyberoam CLI

8. From Web Admin Console a) Using Console Interface via remote login utility TELNET b) Direct Console connection - attaching a keyboard and monitor directly to Cyberoam server

Dashboard

Appliance Dashboard is displayed as soon as you logon to the Web Admin Console.

Dashboard provides a quick and fast overview of all the important parameters of your appliance that requires special attention such as password, access to critical security services, system resources usage, IPS alerts, and notifications of subscription expirations etc. are displayed in the form of Doclets.

Dashboard page is completely customizable. Reposition doclets (System Information, License Information, Gateway status information, Usage summary etc.) by dragging and dropping or close the doclet by clicking

. Optionally, click dropdown button dashboard setting.

to select Reset Dashboard option for restoring the default

to select Reset Dashboard option for restoring the default Customizable Dashboard allows you to place the
to select Reset Dashboard option for restoring the default Customizable Dashboard allows you to place the
to select Reset Dashboard option for restoring the default Customizable Dashboard allows you to place the

Customizable Dashboard allows you to place the doclets that are pertinent to the user and requires special attention for managing your appliance on the top and the information used less often moved to the bottom.

special attention for managing your appliance on the top and the information used less often moved

Cyberoam User Guide

Cyberoam User Guide Screen - Dashboard 21

Screen - Dashboard

Cyberoam User Guide Screen - Dashboard 21

Cyberoam User Guide

Cyberoam User Guide A dropdown button - More Options is located at the top right corner

A dropdown button - More Options is located at the top right corner on the Dashboard. On clicking it, seven (7) functionality options are available for assistance. They are as follows:

options are available for assistance. They are as follows:  Support is used to open the

Support is used to open the customer login page for creating a Technical Support Ticket. It is fast, easy and puts your case right into the Technical Support queue.

About Product

right into the Technical Support queue.  About Product is used to open the appliance registration

is used to open the appliance registration information page.

is used to open the appliance registration information page.  Help is used to open the

Help is used to open the context sensitive help for the page. Each appliance includes a Web- based online help, which can be viewed from any of the page of Web Admin Console. It is deployed automatically with the software.

Console. It is deployed automatically with the software.  Reset Dashboard is used to reset the

Reset Dashboard is used to reset the Dashboard to factory default settings.

Lock is used to lock Cyberoam appliance Web Admin Console. Cyberoam automatically locks appliance Web Admin Console if the appliance is in inactive state for more than 3 minutes. Provide administrator credentials to unlock appliance Web Admin Console.

By default, Lock functionality is disabled. Enable Admin Session Lock from System Administration Settings.

Lock from System  Administration  Settings.  Reboot Appliance is used to reboot the appliance.

Reboot Appliance is used to reboot the appliance.

 Reboot Appliance is used to reboot the appliance.  Shutdown Appliance is used to shutdown

Shutdown Appliance is used to shutdown the appliance.

Available doclets on Dashboard are as follows:

Alert Messages

Appliance Information. This doclet also provides a link to check for new upgrade.

System Usage

System Status

Recent Web Viruses detected

Recent Mail Viruses detected

Gateway status

Recent Spyware Alerts

License Information

Recent FTP Viruses detected

Recent IPS Alerts

Usage Summary (HTTP hits and Search Engine Queries)

DoS Attack Status

Web Traffic Analysis displays category-wise total hits and data transfer. Click the link to view the detailed report.

HA Details (not available in models CR15i, CR25i, CR15wi, CR25wi, CR35wi, CR15iNG, CR15wiNG, CR25wiNG/6P, CR35wiNG) Doclet provides HA configuration mode, Primary and Auxiliary Appliance key, Dedicated link port, Monitored Interface list and current connections.

Alert Message doclet displays following alerts:

1. The default password for the user "admin" has not been changed. We highly recommend you to change the password. This alert is displayed when default password for super administrator is not changed.

you to change the password. – This alert is displayed when default password for super administrator

Cyberoam User Guide

2. On-Appliance reporting is currently OFF. No reports are being generated. Use CLI command "set on- appliance-report on" to start on-appliance reporting. This alert is displayed when appliance reporting is disabled. By default, appliance reporting is enabled.

3. The default Web Admin Console password has not been changed.

4. HTTPS, SSH based management is allowed from the WAN. This is not a secure configuration. We recommend using a good password.

5. HTTP, Telnet based management is allowed from the WAN. This is not a secure configuration. We recommend using a good password.

6. Your Appliance is not registered.

7. The modules expired.

Apart from preventing spyware from entering and infecting your network, the appliance can also detect any unwanted applications and Spyware infected hosts that are already there in the network i.e. network infected before appliance was deployed and provides alert on Dashboard.

Note

Use F10 key to return to dashboard from any of the page.

appliance was deployed and provides alert on Dashboard. Note Use F10 key to return to dashboard

Cyberoam User Guide

System

System allows configuration and administration of Cyberoam appliance for secure and remote management as well as administrative privilege that you can assign to admin users. It also provides the basic system settings and language settings of the Web Admin Console. Configuration of several non-network features, such as SNMP, custom messages, portal setting and themes can be done through System.

Administration

Administration page allows configuration of general settings of your appliance. Various ports and login security can be configured using this submenu. Administrator can also restrict administrative access to various local services available from zone. Administration can create profile to be assigned to the admin users for configuring and managing the appliance. You can administer port numbers, remote login security, local login security and local ACL services from Administration submenu.

Settings

Use Settings page to make modifications in the general port settings and Web Admin Login parameters. Make changes to the login parameters for restricting the local and remote users based on the time.

To manage the administration settings, go to System Administration Settings.

users based on the time. To manage the administration settings, go to System  Administration 

Cyberoam User Guide

Cyberoam User Guide Screen – Manage Administration Settings 25

Screen Manage Administration Settings

Cyberoam User Guide Screen – Manage Administration Settings 25

Cyberoam User Guide

Parameters

Screen Element

Description

Web Admin Settings

HTTP Port

Provide the port number to configure HTTP Port.

By default, the HTTP Port number is 80.

HTTPS Port

Provide the port number to configure HTTPS Port for Secured Web Admin Console access.

By default, the HTTPS Port number is 443.

Certificate

Certificate to be used by User MyAccount and Captive Portal.

SSL VPN Settings

SSL VPN Port

Provide the port number to configure SSL VPN Port.

By default, the SSL VPN Port number is 8443.

Certificate

Default Certificate that will be used by SSL VPN. After configuring Tunnel Access if you want to configure Certificate from a different CA, change SSL Server Certificate from VPN SSL Tunnel Access page.

Receive Passphrase via

Select a mode to receive a passphrase from the available options:

Available Options:

Client Bundle

On-screen Link

Email

By default, the passphrase is received in Client Bundle.

Login Security (Remote Admins)

To prevent the unauthorized access to the Web Admin Console and CLI, configure Admin Session Lock, Admin Session Logout time and Block Admin Login to block the access after number of failed login attempts.

Configure inactive time in minutes after which the appliance will be locked automatically. This configuration will be applicable to following Cyberoam components:

Web Admin Console

Telnet Console

IPSec Connection Wizard

Network Wizard

Group Import Wizard

Console  Telnet Console  IPSec Connection Wizard  Network Wizard  Group Import Wizard 26

Cyberoam User Guide

Configure inactive time in minutes after which the administrator will be logged out automatically. By default, admin session logout time is 30 minutes.

Note

Admin Session Logout time value must be greater than the Lock Admin Session time.

Block Admin Login Enable to block login to the Web Admin Console and CLI if allowed failed login attempts exceeds.

Configure number of allowed failed login attempts from the same IP Address within the time limit.

Specify number of minutes for which the administrator will not be allowed to login i.e. if allowed failed login attempts exceeds, the administrator account will locked for the configured minutes.

Administrator Password Complexity Settings

Password Complexity can be configured to ensure that administrators are using secure passwords.

Enable Password Complexity Settings to enforce following constraints:

Minimum Password length. Configure minimum characters required in the password. By default, the Minimum Password length is eight (8) characters.

Require minimum one Upper and lower case alphabet

Require minimum one number i.e. 0 - 9

Require at least one special character e.g. @, $, %

Password cannot be same as username. All the enabled constraints are applied to administrator user password.

Login Disclaimer Settings

The Login Disclaimer allows setting a written message that administrators must read and agree prior to logging on to the Web Admin Console and CLI for appliance administration. If a disclaimer is set, it must be accepted before administrator can login.

Default disclaimer can be customized as per the requirement from the Messages page (System Configuration Messages). One can also review the customized message before setting.

Table Administration Settings screen elements

. One can also review the customized message before setting. Table – Administration Settings screen elements

Cyberoam User Guide

Appliance Access

Appliance access allows limiting the Administrative access of the following appliance services from various default as well as custom zones LAN, WAN, DMZ, and VPN:

Admin Services HTTP, HTTPS, Telnet, SSH

Authentication Services Windows/Linux Client, Captive portal, NTLM.

Network Services DNS, Ping

Other Services Web Proxy, SSL VPN

To manage the access to devices, go to System Administration Appliance Access.

go to System  Administration  Appliance Access . Screen – Appliance Access Settings Default Access

Screen Appliance Access Settings

Default Access Control Configuration

When Cyberoam is connected and powered up for the first time, it will have a default Access configuration.

Admin Services HTTP (TCP port 80), HTTPS (TCP port 443), Telnet (TCP port 23) and SSH (TCP port 22) services will be enabled for administrative functions in LAN zone. HTTPS (TCP port 443) services will be enabled for administrative functions in WAN zone. HTTP (TCP port 80) services will be enabled for administrative functions in DMZ zone.

Authentication Services Windows/Linux Client (UDP port 6060), Captive portal Authentication (TCP port 8090) and NTLM will be enabled for User Authentication Services in LAN zone. User Authentication Services are not required for any of the Administrative functions but required to apply user based internet surfing, bandwidth, and data transfer restrictions.

Network Services Ping and DNS services will be enabled for LAN zone.

Other Services Web Proxy service will be enabled for LAN zone. SSL VPN (TCP port 8443) service will be enabled for LAN, WAN and DMZ zone.

Custom Access Control Configuration

Use access control to limit the access to the appliance for administrative purposes from the specific authenticated/trusted networks only.

Admin Services Enable/disable access to the appliance using following service from the specified zone:

HTTP, HTTPS, Telnet and SSH

Enable/disable access to the appliance using following service from the specified zone: HTTP, HTTPS, Telnet and

Cyberoam User Guide

Authentication Services Enable/disable following service from the specified zone: Windows/Linux Client, Captive portal, NTLM.

Network Services Enable/disable following service from the specified zone: DNS, Ping

Other Services Enable/disable following service from specified zone: Web Proxy, SSL VPN

Profile

Use Profile page to create profiles for various administrator users. Role-based administration capabilities are provided to offer greater granular access control and flexibility

It allows an organization to separate super administrator's capabilities and assign through Profiles. Profiles are a function of an organization's security needs and can be set up for special-purpose administrators in areas such as firewall administration, network administration, and logs administration. Profiles allow granting permissions to individual administrators depending on their role or job need in organization.

The profile separates appliance features into access control categories for which you can enable none, read only, or read-write access.

For ease of use, by default the appliance provides 5 profiles:

Administrator super administrator with full privileges

Audit Admin read-write privileges for Logs & Reports Configuration, Report Access and De- Anonymization only

Crypto Admin read-write privileges for Certificate configuration only

HAProfile read-only privileges. If HA is configured, any user accessing Web Admin Console of Auxiliary appliance will have privileges as defined in HAProfile.

Security Admin read-write privileges for all features except Profiles, Password. Certificates, WAF Alerts, Traffic Discovery and Log & Reports - Configuration, Log Viewer, Report Access

An Administrator with full privileges can create other custom administrators and assign them restricted/full privileges. A custom administrator so created, if has restricted privileges, can only update their Email Address and password.

To manage default and custom profiles, go to System Administration Profile. You can:

Add

View

Edit Click the Edit icon

can:  Add  View  Edit – Click the Edit icon in the Manage column

in the Manage column against the profile to be modified. Edit Profile is

displayed which has the same parameters as the Add Profile page.

which has the same parameters as the Add Profile page.  Delete – Click the Delete

Delete Click the Delete icon

Add Profile page.  Delete – Click the Delete icon in the Manage column against a

in the Manage column against a profile to be deleted. A dialog box is

displayed asking you to confirm the deletion. Click OK to delete the profile. To delete multiple profiles,

select them and click the Delete button.

the deletion. Click OK to delete the profile. To delete multiple profiles, select them and click

Cyberoam User Guide

Note

You cannot delete the default profiles.

You cannot delete the profile assigned to administrator.

Manage Profiles

To manage default and custom profiles, go to System Administration Profile.

profiles, go to System  Administration  Profile . Screen – Manage Profile Screen Element Description

Screen Manage Profile

Screen Element

Description

Add Button

Add a new profile

Profile

Name of the profile

Edit Icon

Edit the profile

Delete Button

Delete the profile

Table Manage Profile screen elements

Edit Icon Edit the profile Delete Button Delete the profile Table – Manage Profile screen elements

Cyberoam User Guide

Profile Parameters

To add or edit profiles, go to System Administration Profile. Click Add Button to add a new

profile. To update the details, click on the Profile or Edit icon be modified.

in the Manage column against the profile to

be modified. in the Manage column against the profile to Parameters Screen – Add Profile Screen
be modified. in the Manage column against the profile to Parameters Screen – Add Profile Screen

Parameters

Screen Add Profile

Screen Element

Description

Add Profile

Profile Name

Specify a name to identify the profile.

Configuration

Click on the access level you want to provide to a profile. There are three levels of access each of the created profile can have.

access level you want to provide to a profile. There are three levels of access each

Cyberoam User Guide

Available Options:

None No access to any page

Read-Only View the pages

Read-Write Modify the details

Access levels can be set for individual menus as well. You can either set a common access level for all the menus or individually select the access level for each of the menu.

Click on

Click on icon against a menu to view the items under

icon against a menu to view the items under

that menu.

For example, if you set access level as Read-Only against the Web Filter, the profile user would only be able to view the Web Filter menu but would not be able to make any modifications. To make modifications, Read-Write option is to be used.

Table Add Profile screen elements

Access Denied Page

Appliance provides role-based administration capabilities and privileges are assigned to the Administrator through Profiles. Administrator can have read only, read-write or no access privilege for the pages of Web Admin Console.

Access denied page is displayed when the Administrator tries to access a page or perform the operation, which is not allowed to him/her.

is displayed when the Administrator tries to access a page or perform the operation, which is

Cyberoam User Guide

Password

Appliance is shipped with one global super admin with the credentials username & password as “admin‖. Both the consoles Web Admin Console and CLI, can be access with the same credentials. This administrator is always authenticated locally i.e. by appliance itself.

Note

It is strongly recommended to change the password for this username immediately after deployment.

To change password, go to System Administration Password.

password, go to System  Administration  Password. Screen – Change Password Parameters Screen Element

Screen Change Password

Parameters

Screen Element

 

Description

 

Default Admin Password Settings

 

User Name

 

The Default Admin User Name is –―admin‖.

 

Note

The

default

Admin

Username

is

not

available

for

modification

 

Current Password

 

Provide the current admin password.

 

New Password

 

Password - Specify new admin password.

 

Confirm Password - Confirm the specified new admin password.

 

Reset to Default

 

Click to reset the password to factory default password, i.e. ―admin‖.

 

Table Change Password screen elements

the password to factory default password, i.e. ―admin‖.   Table – Change Password screen elements 33

Cyberoam User Guide

Central Management

Apart from managing and monitoring Appliance directly, it can also be done through Cyberoam Central Management if deployed in your organization.

To enable appliance management through CCC, go to System Administration Central Management.

go to System  Administration  Central Management. Screen – Central Management Parameters Screen Element

Screen Central Management

Parameters

Screen Element

Description

Central Management Settings

Manage this appliance using Central Management

Enable to manage the appliance through Central Management.

Central Management IP Address/Domain

Specify the IP Address/Domain for Central Management.

Heartbeat Protocol

Select Heartbeat Protocol from the available options.

Available Options:

Syslog

HTTP

Selected Heartbeat Protocol specifies how the information will be provided to Central Management i.e. by Syslog or HTTP request.

Syslog is the default Heartbeat Protocol.

Heartbeat Port

Specify the Heartbeat Port.

Central Management receives heartbeat information on the specified port.

Port Specify the Heartbeat Port. Central Management receives heartbeat information on the specified port. 34

Cyberoam User Guide

 

By default, the Heartbeat Port are:

Syslog 514

HTTP 80

Appliance will send information at specific interval to Central Management. It will analyze the information received from the appliance periodically and send alerts if configured in Central Management.

For details about Alert, refer to Central Management Guide.

AV, IPS & Web Category Signature Updates

Specify the available options from which the AV, IPS and Web Category are to be updated.

Available Options:

 

From Update Server

From Central Management

Configuration Updates

Update Mode

Specify the method to be used for sending configuration updates:

Available Options:

Central Management will push updates to the Appliance Select if the appliance is directly connected to the Internet.

In this case the Central Management keeps on passing updates to the appliance if any configurations are updates.

Appliance will fetch updates from Central Management Select if the appliance is behind NAT device.

In this case the Appliance keeps on asking for updates to the Central Management.

Connection Protocol

Select the protocol through which the updates are sent from the available options:

Available Options:

HTTP

HTTPS

Port

Displays the port number of the protocol selected.

Table Central Management screen elements

HTTPS Port Displays the port number of the protocol selected. Table – Central Management screen elements

Cyberoam User Guide

Configuration

Configuration page allows basic configuration of appliance including GUI localization, mail server, customized messages, web & parent proxy settings, themes and outlook for the Captive portal.

Time

Appliance current date and time can be set according to the appliance‘s internal clock or synchronized with an NTP server. Appliance clock can be tuned to show the right time using global Time servers so that logs show the precise time and appliance internal activities can also happen at a precise time.

To configure time settings, go to System Configuration Time.

time settings, go to System  Configuration  Time. Parameters Screen – Time Settings Screen Element

Parameters

Screen Time Settings

Screen Element

Description

Current Time

Displays the current system time.

Screen – Time Settings Screen Element Description Current Time Displays the current system time. 36

Cyberoam User Guide

Time Zone

Select time zone according to the geographical region in which the appliance is deployed.

the geographical region in which the appliance is deployed. Set Date & Time Select to configure

Set Date & Time

Select to configure the date and time for appliance‘s clock.

Date

Specify the date by clicking calendar

.
.

Time

Specify the time in HH:MM:SS format.

Sync with NTP server

Select to synchronize the appliance time automatically with an NTP server.

NTP stands for Network Time Protocol, and it is an Internet standard protocol used to synchronize the clocks of appliance to sometime reference,

Use pre-defined

Select to use the pre-defined NTP servers asia.pool.ntp.org & in.pool.ntp.org.

Use Custom

Specify the NTP server IP Address or domain name to synchronize time with it. If custom NTP server is defined, time is synchronized with custom server and not with pre-defined servers.

Appliances use NTP Version 3 (RFC 1305). One can configure up to 10 NTP servers. At the time of synchronization, it queries each configured NTP server sequentially. When the query to the first server is not successful, appliance queries second server and so on until it gets a valid reply from one of the NTP servers configured.

Sync Status

Click ‗Sync Now‘ button to synchronize Cyberoam clock with the NTP Server.

Table Time Setting screen elements

‗Sync Now‘ button to synchronize Cyberoam clock with the NTP Server. Table – Time Setting screen

Cyberoam User Guide

Notification

Configure a Mail Server IP Address, Port and Email Address for the appliance to send and receive alert Emails.

To configure mail server settings, go to System Configuration Notification.

go to System  Configuration  Notification. Screen – Mail Server Notification Parameters Screen

Screen Mail Server Notification

Parameters

Screen Element

Description

Mail Server Settings

Mail Server IP Address/FQDN - Port

Specify the Mail Server IP Address or FQDN and Port number.

By default the Port Number is 25.

Authentication

Check to enable to user authentication before sending an Email.

Required

If enabled, specify the authentication parameters i.e. User Name and Password.

sending an Email. Required If enabled, specify the authentication parameters i.e. User Name and Password. 38

Cyberoam User Guide

User Name

Specify the User Name, which uniquely identifies user and will be used for login.

Password

Specify the password.

Connection Security

Select Connection Security mode, to be used for establishing a secured connection between SMTP Client and the SMTP Server for SMTP Mail Notification.

Available Options:

None Select if your SMTP Server does not support TLS (Transport Layer Security) or a secured connection between SMTP Client and the SMTP Server is not required. If selected, a normal TCP connection is established, without any security.

STARTTLS In case of ―STARTTLS‖, SMTP Client establishes a TCP connection with the SMTP Server to learn about the TLS capabilities of the server. If the SMTP Server supports STARTTLS, the connection is upgraded to TLS. If the SMTP Server does not support STARTTLS, the SMTP Client continues to use the normal TCP connection.

SSL/TLS In case of ―SSL/TLS‖, SMTP Client establishes a TLS connection with the SMTP Server. In case the SMTP Server does not support TLS, no connection is made between the SMTP Client and the SMTP Server.

By default, the Connection Security is ―None‖.

Certificate

Select a Certificate, to be used for authentication by SMTP Client and the SMTP Server.

By default, the Certificate is ―ApplianceCertificate‖.

Email Settings

From Email Address

Specify the Email Addresses from which the notification is to be mailed.

Send Notifications to Email Address

Specify the Email Address to which the notification is to be mailed.

Email Notification

to Email Address Specify the Email Address to which the notification is to be mailed. Email

Cyberoam User Guide

IPSec Tunnel

Check to enable receiving of Email notification, if the IPSec VPN tunnel connectivity is lost.

 

UP/Down

Email alerts are sent to Administrator on the configured Email Address. All the IPSec tunnels follow the single central configuration done.

An Email is sent only for Host to Host and Site to Site tunnel connections; if it flaps due to one of the following reasons:

 

A peer is found dead (DPD)

 

Failed

to

reestablish

connection

after

Dead

Peer

Detection (DPD)

 

IPSec Security Association (SA) is expired and is required to be re-established.

IPSec Tunnel comes up without administrator intervention after losing the connectivity

Email shall contain following basic information:

 

IPSec Connection name

 

IP Addresses of both participating hosts/network

 

Current state of the IPSec Tunnel connection, viz, Up or Down

Exact Time when the IPSec Tunnel connection was lost

Reason for lost of IPSec Tunnel connection

 

Appliance Model Number

 

Firmware version and build number

 

Appliance Key (if registered)

Appliance LAN IP Address

HA configuration Primary/Auxiliary (if configured)

 

Note

 

An Email is sent for each subnet pair in case of Site to Site connections, having multiple local/remote networks.

An Email sent with respect to IPSec Tunnel coming; do not have any reason mentioned within.

Description of IPSec Tunnel connection is included in the Email, only if the information for same is provided by the Administrator.

Table Mail Server Notification screen elements

Note

Mail Server configuration changes automatically when changed from the Network Configuration Wizard and vice versa.

Mail Server configuration changes automatically when changed from the Network Configuration Wizard and vice versa. 40

Cyberoam User Guide

Messages

Messages page allows Administrator to send messages to the various users. Messages help Administrator to notify users about problems as well as Administrative alerts in areas such as access, user sessions, incorrect password, and successful log on and log off etc.

Message, up to 256 characters can be sent to a single user or multiple users simultaneously, whenever an event occurs.

To customize the default messages, go to System Configuration Messages. You can:

View

 Configuration  Messages . You can:  View  Edit – Click Edit icon to

Edit Click Edit icon to the user.

Save Click Save icon

Reset Click Reset icon

to edit the default message and create a customized message to be displayed

message and create a customized message to be displayed to ignore the changes. to save the

to ignore the changes.

a customized message to be displayed to ignore the changes. to save the edited message or

to save the edited message or Cancel icon

to reset the edited message to the default message.

Predefined Authentication Messages

message to the default message. Predefined Authentication Messages Screen – Predefined Authentication Messages 41

Screen Predefined Authentication Messages

message to the default message. Predefined Authentication Messages Screen – Predefined Authentication Messages 41

Cyberoam User Guide

Messages

Description/Reason

Authentication

User account blocked (AD Policy)

Login failed. Your AD Server account is locked.

User account disabled (AD Policy)

Login failed. Your account on AD Server is disabled.

User account expired (AD Policy)

Login failed. Your account on AD Server has expired.

Clientless User Login Not Allowed

Clientless user is not required to login.

Deactive User

You have been deactivated by the Administrator.

Delete User

You have been disconnected.

Disconnect User

You have been disconnected by Admin.

Guest User Validity Expired

Guest User validity has expired.

Login not allowed at this time (AD Policy)

Login failed. You are not permitted by AD Server to login at this time.

Invalid Machine

Message is sent if User tries to login from the IP Address not assigned to him/her

Login not allowed at this workstation (AD Policy)

Login failed. You are not permitted by AD Server to login at this workstation.

Someone else is logged in from same IP Address

Message is sent if someone else has already logged with the same IP Address.

Logged Off Successful Message

Message is sent when User logs off successfully.

Logged On Successful Message

Message is sent when User logs on successfully.

Max Login Limit

Message is sent if User has reached the maximum login limit.

Not Authenticate

Message is sent if User name or password is incorrect.

Not Currently

Message is sent if User is not permitted to access at this time

Allowed

Access Time policy applied to the User account defines the allowed access time and not allowed access at any other time.

Time policy applied to the User account defines the allowed access time and not allowed access

Cyberoam User Guide

User password expired (AD Policy)

Login failed. Your password on AD Server has expired.

User needs to reset the Password (AD Policy)

Login failed. You must reset your AD Server password.

Logged Off Due To Session Time Out

Message is sent when session has timed out and user is logged of automatically.

Surfing Time

Message is sent when User is disconnected because his/her allotted surfing time is exhausted

Exhausted

The surfing time duration is the time in hours the User is allowed Internet access that is defined in Surfing time policy. If hours are exhausted, User is not allowed to access.

Surfing Time Expired

Administrator has temporarily deactivated the User and will not be able to log in because User surfing time policy has expired.

Table Predefined Authentication Message screen elements

Note

A Clientless User is not required to login.

Predefined SMTP Messages

Note A Clientless User is not required to login. Predefined SMTP Messages Screen – Predefined SMTP

Screen Predefined SMTP Messages

Note A Clientless User is not required to login. Predefined SMTP Messages Screen – Predefined SMTP

Cyberoam User Guide

Messages

Description/Reason

SMTP

Probable Spam

Message will be sent when mail is suspected as probable spam mail and is rejected.

Rejection

Probable Virus Outbreak Rejection

Message will be sent when outbreak detection engine rejects mail because it seems to be a Probable Virus outbreak.

Spam Rejection

Message will be sent when spam mail is rejected.

Virus Outbreak

Message will be sent when outbreak detection engine rejects mail because it is identified as a Virus outbreak.

Rejection

Email Domain

Message will be sent when Administrator has blocked the mail sender domain.

Rejection

Spam Mail Rejection

Message will be sent when Administrator has blocked the mail sender.

Mail Header

Message will be sent when mail is rejected as it contains a restricted mime header.

Rejection

Mail/Virus Rejection

Message will be sent when virus infected mail is rejected.

IP Address Rejection

Message will be sent when Administrator has blocked the mail sender IP.

Oversized Mail

Message will be sent when mail is rejected because message size exceeds the maximum allowed size.

Rejection

Undersized Mail

Message will be sent when mail is rejected because the message size is less than the allowed size.

Rejection

Delivery Notification (to Sender)

Message will be sent to the mail sender when mail is successfully delivered to the receiver.

Attachment Infection

Message will be sent when mail is rejected due to virus infected attachment.

RBL Rejection

Message will be sent when the IP Address from which mail is send is blacklisted.

Suspected Infection

Message will be sent when mail is suspected as virus infected mail and is rejected.

Table Predefined SMTP Message screen element

sent when mail is suspected as virus infected mail and is rejected. Table – Predefined SMTP

Cyberoam User Guide

Predefined IM Messages

Cyberoam User Guide Predefined IM Messages Screen – Predefined IM Messages Messages Description/Reason IM

Screen Predefined IM Messages

Messages

Description/Reason

IM

File Transfer Block Notification (to sender)

Message will be sent when Administrator has blocked transfer files with this contact.

Message Block

Message will be sent when Administrator has blocked communication with this contact.

Notification (to

sender)

 

Privacy Notification to Non-Suspect (on the first message sent from either side)

Message will be sent once the IM session starts to inform user that their conversation being is monitored with this contact.

Privacy Notification to Suspect (After user has logged in)

Message will be sent as soon as the user logs on to IM to inform users that their conversation is being monitored.

Virus Scan

Message will be sent when the file transferred is virus infected.

Notification (to

sender)

 

Webcam Block

Message will be sent when Administrator has blocked webcam usage.

Notification (to

Inviter)

 

Table Predefined IM Message screen element

has blocked webcam usage. Notification (to Inviter)   Table – Predefined IM Message screen element 45

Cyberoam User Guide

Predefined Administration Messages

Cyberoam User Guide Predefined Administration Messages Screen – Predefined Administration Message Messages

Screen Predefined Administration Message

Messages

Description/Reason

Administration

Disclaimer Message

Message will be displayed when Administrator logs on to the Web Admin Console or CLI. Administrator has to accept the disclaimer to proceed further.

Table Predefined Administration Message screen elements

Predefined SMS Customization Messages

screen elements Predefined SMS Customization Messages Screen – Predefined SMS Customization Message Messages

Screen Predefined SMS Customization Message

Messages

Description/Reason

SMS Customization

Default SMS Text

Default SMS to be sent to Guest User.

Table Predefined SMS Customization Message screen elements

SMS Text Default SMS to be sent to Guest User. Table – Predefined SMS Customization Message

Cyberoam User Guide

Web Proxy

Cyberoam can also act as a Web Proxy Server.

To use your Cyberoam appliance as a Web Proxy Server, configure the Cyberoam‘s LAN IP Address as a proxy server IP Address in the browser setting and enable access to Web Proxy services from appliance access section.

Note

Web Proxy enforces Web and Application Filter policy and Anti Virus policy as configured in User and Firewall Rule.

IPS policy is applicable on the traffic between proxy and WAN, but not between user and proxy.

QoS policy is not applicable on the direct proxy traffic.

To configure Web Proxy settings, go to System Configuration Web Proxy.

settings, go to System  Configuration  Web Proxy. Screen – Web Proxy Settings Parameters Screen

Screen Web Proxy Settings

Parameters

Screen Element

Description

Web Proxy Port

Specify Port number, which is to be used for Web Proxy.

By default, the Web Proxy port is 3128.

Note

This configuration is applicable only when appliance is

Proxy. By default, the Web Proxy port is 3128. Note This configuration is applicable only when

Cyberoam User Guide

configured as Web Proxy.

Trusted Ports

Appliance allows the access to those sites which are hosted on standard port, only if deployed as Web Proxy. To allow access to the sites hosted on the non-standard ports, you have to define non-standard ports as trusted ports.

Click Add button to add the HTTP trusted ports and cancel

icon

Add button to add the HTTP trusted ports and cancel icon to delete the trusted ports.

to delete the trusted ports.

Table Web Proxy Settings screen elements

Parent Proxy

Enable Parent Proxy when the web traffic is blocked by the upstream Gateway.

When enabled all the HTTP requests will be sent to web parent proxy server via appliance.

To configure Parent Proxy settings, go to System Configuration Parent Proxy. Specify IP Address or FQDN, Port, Username and Password, if Parent Proxy is enabled.

Port, Username and Password, if Parent Proxy is enabled. Screen – Parent Proxy Settings Parameters Screen

Screen Parent Proxy Settings

Parameters

Screen Element

Description

Parent Proxy

Click to enable the Parent Proxy if the web traffic is blocked by the upstream Gateway.

When enabled all the HTTP requests will be sent to parent proxy server via Appliance.

Domain

Name/IP

Specify Domain Name or IP Address for the Parent Proxy.

to parent proxy server via Appliance. Domain Name/IP Specify Domain Name or IP Address for the

Cyberoam User Guide

Address

 

Port

Specify Port number, which is to be used for Parent Proxy.

By default, the port number is 3128.

Username & Password

Specify Username & Password for authentication.

Table Parent Proxy Setting screen elements

Captive portal

Appliance provides flexibility to customize the Captive portal Login page. This page can include your organization name and logo.

To customize the Captive portal page, go to System Configuration Captive portal.

Appliance also supports customized page in languages other than English.

supports customized page in languages other than English. Screen – Captive Portal Settings Parameters Screen

Screen Captive Portal Settings

Parameters

Screen Element

Description

General Settings

other than English. Screen – Captive Portal Settings Parameters Screen Element Description General Settings 49

Cyberoam User Guide

Logo

To upload the custom logo, specify Image file name to be uploaded else click ―Default‖.

Use ―Custom‖ to browse and select the complete path.

The image size should not exceed 125 X 70 pixels.

Page Title

Provide a title to modify the Page title.

By default the Page Title is Cyberoam User Portal

Login Page Header

Provide the message to be displayed on the Captive Portal login page.

Login Page Footer

Provide message to be displayed in the footer of Captive Portal login page.

User Name Caption

Provide Label or Title for the "Username" textbox to be displayed on the Captive Portal login page.

By default, the User Name Caption is ―User Name‖.

Password Caption

Provide Label or Title for the "Password" textbox to be displayed on the Captive Portal login page.

By default, the Password Caption is ―Password‖.

Login Button Caption

Provide Label or Caption for the "Login" button to be displayed on the Captive Portal login page.

By default, the Login Button Caption is ―Login‖.

Logout Button

Provide Label or Caption for the "Logout" button to be displayed on the Captive Portal login page.

Caption

By default, the Logout Button Caption is ―Logout‖.

My Account Link Caption

Provide a text to be displayed for My Account login page link. By clicking the link, user will be directed to the My Account login page.

By default, My Account Link Caption is ―Click here for User My Account‖.

Logo URL

Provide a URL to be redirected to on clicking the Logo.

By default, the Logo URL is http://www.cyberoam.com.

Color Scheme

Customize the color scheme of the Captive portal if required. Specify the color code or click the square box to pick the color.

Preview Button

Click to view the custom settings before saving the changes.

the square box to pick the color. Preview Button Click to view the custom settings before

Cyberoam User Guide

Reset to Default Button

Click to revert to default settings.

Table Captive Portal Setting screen elements

Theme

Theme page provides a quick way to switch between predefined themes for Web Admin Console. Each theme comes with its own custom skin, which provides the color scheme and font style for entire Web Admin Console i.e. navigation frame, tabs and buttons.

To change the theme, go to System Configuration Theme.

Maintenance

Maintenance facilitates handling the backup and restore, firmware versions, licensing, services and update. Administrator can take manual backup and alternately, automatic backup can be scheduled on regular intervals.

Backup stored on the system can be restored anytime from Backup & Restore page.

Administrator can upload new firmware image, boot from firmware or reset to the configuration to factory defaults. Firmware image can be downloaded from the relevant sites. Maximum of two firmware images are available simultaneously.

Backup & Restore

Firmware

Licensing

Services

Update Definitions

Backup & Restore

Backup is the essential part of data protection. No matter how well your system is treated, no matter how much it is taken care of, you cannot guarantee that your data is safe, if it exists only at one place.

Backups are necessary in order to recover data from the loss due to the disk failure, accidental deletion or file corruption. There are many ways of taking backup and just as many types of media to use as well.

Backup consists of all the policies and all other user related information.

Appliance facilitates to take back-up only of the system data, either though scheduled automatic backup or using a manual backup.

facilitates to take back-up only of the system data, either though scheduled automatic backup or using

Cyberoam User Guide

Once the backup is taken, the file for restoring the backup must be uploaded.

Note

Restoring data older than the current data results to the loss of current data.

To backup and restore data, go to System Maintenance Backup & Restore, You can:

Backup & Restore

Schedule Backup

Backup & Restore

& Restore  Schedule Backup Backup & Restore Screen – Backup and Restore Screen Element

Screen Backup and Restore

Screen Element

Description

Backup Restore

Backup

Backup Now – Click the ‗Backup Now‘ button to take the manual backup of system data till date.

Configuration

Download Now – Click ‗Download Now‘ button to download the backup for uploading. ‗Download Now‘ button downloads the latest backup that is available.

Restore

To restore the configuration, specify configuration to be uploaded.

Configuration

that is available. Restore To restore the configuration, specify configuration to be uploaded. Configuration 52

Cyberoam User Guide

 

Use ―Browse‖ button to select the complete path.

Schedule Backup

Backup Frequency

Select the system data backup frequency

In general, it is best to schedule backup on regular basis. Depending on how much information is added or modified helps to determine the schedule.

Available Options:

Never Backup will not be taken at all

Daily Daily Backup will be sent

Weekly Weekly Backup will be sent

Monthly Monthly Backup will be sent

Backup Mode

Select how and to whom backup files should be sent.

Available Options:

FTP If backup is to be stored on FTP server, configure FTP server IP Address, Username and Password to be used.

Mail If back up is to be mailed, configure Email ID on which backup is to be mailed.

Local Backup is taken and stored on the Appliance itself but would not be sent.

Table Backup and Restore screen elements

Firmware

System Maintenance Firmware page displays the list of available firmware versions downloaded. Maximum two firmware versions are available simultaneously and one of the two firmware versions is active i.e. the firmware is deployed.

firmware versions is active i.e. the firmware is deployed. – Administrator can upload a new firmware.

Administrator can upload a new firmware. Click to specify the location of the firmware

image or browse to locate the file. You can simply upload the image or upload and boot from the image. The uploaded firmware can only be active after the next reboot. The existing firmware then will be removed and the new firmware will be available.

Upload firmware

In case of Upload & Boot, firmware image is uploaded and upgraded to the new version, closes all sessions, restarts, and displays the login page. This process may take few minutes since the entire configuration is also migrated in this process.

Boot from firmware

is also migrated in this process. Boot from firmware – Option to boot from the downloaded

Option to boot from the downloaded image and activate the respective firmware.

Boot with factory default configuration

respective firmware. Boot with factory default configuration – Appliance is rebooted and loads default configuration.

Appliance is rebooted and loads default configuration.

firmware. Boot with factory default configuration – Appliance is rebooted and loads default configuration. 53

Cyberoam User Guide

Note

Entire configuration will be lost, if this option is selected.

Active

will be lost, if this option is selected. Active - Active icon against a firmware suggests

- Active icon against a firmware suggests that the appliance is using that firmware.

firmware suggests that the appliance is using that firmware. Screen – Manage Firmware At the time

Screen Manage Firmware

At the time of uploading new firmware, error ―New Firmware could not be uploaded" might occur due to one of the following reasons:

1. Wrong upgrade file - You are trying to upload wrong upgrade file i.e. trying to upload version 9.x upgrade on version X appliances. Download the upgrade file specific to your appliance model and version from https://customer.cyberoam.com.

2. Incorrect firmware image - You are trying to upload incorrect firmware image for your appliance model. All the firmware‘s are model-specific firmware and are not inter-changeable. Hence, firmware of one model is not applicable on another model. For example, an error is displayed, if Appliance model CR25ia is upgraded with firmware for model CR50ia.

3. Incompatible firmware - You are trying to upload incompatible firmware. For compatibility issues, refer the Compatibility Annotations section in Release Notes of the version before trying to upload.

4. Mismatch in Registration information - Registration information of the Appliance and Customer My Account are not matching.

5. Changes in Appliance Hardware - Appliance Hardware configuration is not the standard hardware configuration. Contact support for assistance.

6. Image with incorrect MD5 checksum There are chances that the firmware you have downloaded has got corrupted during the downloading process. Download it again and compute MD5 checksum of the downloaded firmware. Compare computed checksum with the checksum published on the http://download.cyberoam.com/checksum. In case of mismatch, download the file again.

Licensing

Appliance consists of two (2) types of modules:

Basic module Firewall, VPN, SSL VPN, Bandwidth Management, Multi Link Manager and Reports

Subscription modules Web and Application Filter, IPS, Gateway Anti Virus, Gateway Anti Spam, 8 x 5 Support, 24 x 7 Support, WAF and Outbound Spam Protection.

Basic Module is pre-registered with the Appliance for the indefinite time period usage while Subscription Modules are to be subscribed before use.

You can subscribe to any of the subscription modules:

while Subscription Modules are to be subscribed before use. You can subscribe to any of the

Cyberoam User Guide

without key for free 15-days trial subscription

with key

On deployment, appliance is considered to be unregistered and all the modules as unsubscribed. You need to register the appliance if you want to

Avail 8 X 5 support

Subscribe to any of the subscription modules

Subscribe for free trial of any of the subscription modules

Register for 24 X 7 support

Select System Maintenance Licensing to view the appliance registration details and various modules‘ subscription details. The various status of the appliance is described below:

Registered Appliance is registered

Unregistered Appliance is not registered

Subscribed - Module is subscribed

Unsubscribed Module is not subscribed. Subscription icon against the module in the navigation menu indicates that the module is not subscribed. Click the subscription icon to navigate to the Licensing page and follow the screen steps to subscribe. Alternately, browse to http://customer.cyberoam.com to subscribe the module.

Trial Trial subscription

Expired Subscription expired

Trial subscription  Expired – Subscription expired To manage the licensing options, go to System 

To manage the licensing options, go to System Maintenance Licensing. You can:

View Appliance Registration Details

Manage Module Subscription Online

View Module Subscription Details

Synchronize – Click ‗Synchronize‘ button, once the appliance or modules are registered online. The details of appliance and subscription modules are automatically synchronized with Customer My Account and the updated details are displayed on the Licensing Page.

are automatically synchronized with Customer My Account and the updated details are displayed on the Licensing

Cyberoam User Guide

Cyberoam User Guide Appliance Registration Details Screen – Licensing Screen Element Description Appliance

Appliance Registration Details

Screen Licensing

Screen Element

Description

Appliance Registration Details

Model

Displays Appliance Model number which is registered and its appliance key e.g. CR35iNG (C127900005-

868DBG)