Beruflich Dokumente
Kultur Dokumente
UTM Appliance
Installation Guide for Version 10
Microsoft Hyper-V
Document Version 10.04.3543-03/07/2013
Contents
Preface................................................................................................................................. 4
Base Configuration ............................................................................................................. 4
Installation Procedure ........................................................................................................ 4
Cyberoam Virtual UTM Appliance Installation ........................................................................... 4
Typographic Conventions
All contents in this guide including text or screenshots follow the given list of conventions.
Item
Convention
Server
Client
User
Username
Topic titles
Example
Shaded
font
typefaces
Introduction
Subtitles
Navigation link
Bold typeface
Name
of
a
particular
parameter
/
field / command
button text
Cross
references
Lowercase
italic type
Enter policy name, replace policy name with the specific name
of a policy
Or
Click Name to select where Name denotes command button
text which is to be clicked
Refer to Customizing User database Clicking on the link will
open the particular topic
Bold typeface
between
the
black borders
Prerequisites
Bold typefaces
between
the
black borders
Hyperlink
in
different color
Notation conventions
Note
Prerequisite
Prerequisite details
Preface
Welcome to Installation and Deployment Guide for Cyberoam Virtual UTM Appliance for Microsoft
Hyper-V platform. This guide describes how you can download, deploy and run Cyberoam as a virtual
machine on Microsoft Hyper-V.
Base Configuration
There underlies a base virtual hardware configuration without which Cyberoam Virtual UTM Appliance
goes into FAILSAFE mode, which is as follows:
One vCPU
1GB vRAM
3 vNIC
1 Serial Port
1 USB Port
To know more about what happens when your appliance goes into FAILSAFE mode and how to
recover from it, refer to the Cyberoam KB article Failsafe Troubleshooting for Virtual UTM Appliance.
Note
User loses access to the Cyberoam Virtual UTM for any changes in the vNIC configuration numbers post
deployment.
Installation Procedure
Pre-requisite
Make sure that Microsoft Hyper-V Server 2008/2012 is already installed in your network. For Microsoft
Hyper-V Server installation instructions, refer to the Microsoft documentation:
http://technet.microsoft.com/en-us/library/dd283085(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/hh831620.aspx
The New Virtual Machine Wizard helps you deploy Cyberoam Virtual UTM Appliance
VHD template. Click Next to continue.
Assign vRAM to be used by the virtual machine. Click here for model-wise recommended
vRAM configurations.
Select Use an existing virtual hard disk to browse to the folder containing Cyberoam
Virtual UTM Appliance VHD file titled <Appliance Key>-disk1.vhd, where <Appliance
Key> stands for your Cyberoam Virtual UTM Appliance key.
Verify the selected deployment options and click Finish to start the deployment process.
To optimize the performance of your Virtual Appliance, configure vCPU and vRAM according
to the license you have obtained. While configuring number of vCPUs, ensure that you do not
exceed the maximum number limit specific to your license else Cyberoam will go into
FAILSAFE mode. For example, for a CRiV-4C you can allocate a maximum of 4 vCPUs.
Any number higher than that will put the Virtual Appliance into FAILSAFE mode.
Following is the Model wise recommended vRAM:
CRiV-1C & CRiV-2C: 1GB
CRiV-4C & CRiV-8C: 2GB
CRiV-12C & CRiV-UNL: 4GB
Cyberoam Virtual UTM Appliance does not recognize more than 4GB of vRAM, if configured.
Cyberoam Virtual UTM Appliance allows you to configure a maximum of 26 vNICs. However,
this number varies according to your hypervisor. For example Microsoft Hyper-V 2008 or later
allows allotment of a maximum of 12 vNICs (or maximum of 4 Legacy Network Adapters) to a
virtual machine.
Before you power on the deployed Cyberoam Virtual UTM Appliance, you need to attach
the 80GB Auxiliary Disk to the virtual machine.
Select the newly deployed virtual machine i.e. Cyberoam Virtual UTM Appliance from
Microsoft Hyper-V Manager and go to Action Settings to attach the Auxiliary Disk
with the virtual machine.
Click Remove to remove the DVD Drive from IDE Controller 1 section.
You need to add a Hard Drive under IDE Controller 1 section to be able to mount the
Auxiliary Disk.
Go to Hardware IDE Controller Hard Drive and click Add.
You can now mount the Auxiliary Disk VHD file to the newly created Hard Drive. To do so,
go to Hardware IDE Controller 1 Hard Drive Media.
Select Virtual hard disk (.vhd) file and click Browse to select the complete path to the
Auxiliary Disk .vhd file.
While attaching the Primary Disk to the Virtual Machine, it is mandatory to use following
configurations, else the Cyberoam Virtual UTM Appliance goes into KERNEL PANIC:
Select Controller as IDE Controller 0 and Location as 0 (in use)
While attaching the Auxiliary Disk to the Virtual Machine, it is mandatory to use following
configurations, else the Cyberoam Virtual UTM Appliance goes into FAILSAFE MODE.
Select Controller as IDE Controller 1 and Location as 0 (in use)
Select the Auxiliary Disk titled <Appliance Key>-disk2.vhd, where <Appliance Key> stands for your
Cyberoam Virtual UTM Appliance key. Click Open to continue.
Right click the deployed Cyberoam Virtual UTM Appliance from the Microsoft Hyper-V
Manager and click Connect to connect to the Virtual Machine. You will come across the
following screen:
Enter the administrator password i.e. admin to continue to the Main Menu of the
Cyberoam Virtual UTM Appliance.
Browse to https://172.16.16.16
Log on to the Cyberoam Web Admin Console using default username admin and default
password admin.
Configure Mode
Cyberoam Virtual UTM Appliance can be deployed in Gateway Mode. To configure Cyberoam in
Gateway mode, select Gateway Mode and click
Configure Interface:
Configure IP Address, Subnet Mask and Zone for each port. By default, Cyberoam binds
ports A, B and C to LAN, WAN and DMZ zones, respectively.
To enable interface for PPPoE, provide PPPoE details: Username and Password (only
for WAN zone)
Click Next to repeat the steps given above for each port.
General Internet policy enables IPS and Virus scanning and allows LAN to WAN traffic except
Unhealthy Web and Internet traffic as defined by Cyberoam. This will include sites related to Adult
contents, Drugs, Crime and Suicide, Gambling, Militancy and Extremist, Violence, Weapons, Phishing
and Fraud and URL Translation sites.
1
Strict Internet policy enables IPS and Virus scanning and allows only authenticated LAN to WAN
traffic.
Click
Note
1
2
Until Intrusion Prevention System module is subscribed, IPS scanning will not be effective.
Until Gateway Anti Virus module is subscribed, virus scanning will not be effective.
Click
Specify email address that should be used to send the System Alerts.
button to view the configured details. Copy the configured details for future use.
Click 'Finish'. It will take few minutes to save the configuration details.
Please wait for Cyberoam to restart before clicking the URL to access the Web Admin Console. Click
Close to close the Network Configuration Wizard window.
Congratulations!!!
This finishes the basic configuration of Cyberoam.
Your network is now protected from Internet-based threats and access to Adult contents, Drugs,
Crime and Suicide, Gambling, Militancy and Extremist, Violence, Weapons, Phishing and Fraud and
URL Translation sites will be blocked.
Note
Cyberoam Virtual UTM Appliance needs to be connected to the Internet for at least 3 days in a row, failing
to do which will result into de-activation of your appliance. In case of appliance de-activation, contact
support@cyberoam.com.
What Next?
1. Avail Subscriptions
To subscribe for free 15-days trial subscription of Web and Application Filtering, IPS, Anti
Virus and Anti Spam, browse to http://customer.cyberoam.com and login with the
credential provided at the time of account creation.
2. Configure DNS
Configure the correct firewall rule for your Domain Name Server (DNS). You may not be able to
access Internet if not configured properly.
3. Enable Virus Scanning
Go to Firewall Rule Rule and edit default firewall rules to enable virus scanning.
4. Set authentication parameters
Go to Identity Authentication Authentication Server to define the authentication
parameters.
5. Access Help
For accessing online help, click the Help button or F1 key on any of the screens to access the
corresponding topic's help. Use the Contents and Index options to navigate through the entire online
help.
Important Notice
Cyberoam Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but
is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any
products. Cyberoam Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document.
Cyberoam Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications.
Information is subject to change without notice.
USERS LICENSE
Use of this product is subject to acceptance of the terms and conditions of Cyberoam End User License Agreement (EULA) at
the time of installation.
RESTRICTED RIGHTS
Copyright 1999 - 2013 Cyberoam Technologies Private Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of
Cyberoam Technologies Pvt. Ltd.
Corporate Headquarters
Cyberoam Technologies Pvt. Ltd.
901, Silicon Tower, Off. C.G. Road,
Ahmedabad - 380 006, INDIA
Phone: +91-79-66065606
Fax: +91-79-26407640
Web site: www.cyberoam.com
Technical Support
You may direct all questions, comments, or requests concerning the software you purchased, your registration status, or similar
issues to Customer care/service department at the following address:
Email: support@cyberoam.com
Web site: www.cyberoam.com
Visit www.cyberoam.com for the regional and latest contact information.