Sie sind auf Seite 1von 5

Cyberoam Maintenance Guide

Introduction
Cyberoam Appliance should undergo regular maintenance for smooth and efficient functioning of the
Appliance. The various tasks involved in Maintenance are as follows.

Securing Backup
Updating Appliance Firmware
Configuring Email Alerts
Validating Subscriptions
Checking Status of Services
Updating User Accounts and User Groups
Updating Policies
Securing Access to Appliance
Updating Firewall Rules
Reviewing Denial of Service (DoS) Settings
Monitoring Appliance Health
Configuring iView Logs & Reports

Securing Backup
Taking backup of Cyberoam Appliance Configuration enables us to preserve a copy of all current
configurations. It is advisable to take a backup of Cyberoam Appliance Configuration on a regular
basis. In case of equipment failure or other anomaly, the backup can be restored on an existing
appliance after repairs or can be applied to a new appliance to facilitate recovery. For details on how
to take a backup of Cyberoam Appliance configuration, click here.

Updating Appliance Firmware


Newer firmware versions of Cyberoam Appliance are released periodically. Each released firmware
has enhanced features, better functionality and Bug Fixes. Hence, to enhance the Cyberoam User
Experience upgrade the Appliance to the latest firmware.
Information about the latest firmware releases is notified in the Alert Messages section on the
dashboard. This information can also be obtained in http://csc.cyberoam.com. For details on how to
upgrade Cyberoam Appliance to the latest firmware, click here.

Configuring Email Alerts


E-mail notifications inform the administrator about changes in the network such as the following.
Change in gateway status

Change in HA (high availability) link status (if HA cluster is configured)


Various reports
Hence, ensure that valid Email addresses and mail server settings are configured to continue
receiving alerts. In case of change of Email addresses or mail server settings, update the appliance
configuration accordingly. For details on how to configure email notifications on Cyberoam Appliance,
click here.

Cyberoam Maintenance Guide

Validating Subscriptions
Cyberoam Appliance contains 2 types of modules:

Basic modules Firewall, VPN, Multi Link Management, Bandwidth Management, Real-time
Blackhole List (RBL), Traffic Discovery and On-Appliance Reports.

Subscription modules - Gateway Anti Virus, Gateway Anti Spam (Inbound and Outbound),
Intrusion Detection and Prevention, Web and Application Filtering, Web Application Filtering
(WAF), 8x5 support, 24x7 support.

Basic modules are pre-registered with the Appliance for an indefinite time period. Subscription
modules are to be subscribed at regular intervals. In case one or more of the Subscription Modules
has expired or is on the verge of expiry, renew the same to continue enjoying the benefits. For details
on how to renew the subscription of a module, click here.

Checking Status of Services


Cyberoam provides various services like:

Anti Spam
Anti Virus
Authentication
DNS Server
IPS
Web Proxy
WAF
DHCP Server
DHCPv6 Server
Router Advertisement Service

It is a good practice to regularly check if these services are up and running. To check and manage
services, go to System > Maintenance > Services. The following screen appears.

Cyberoam Maintenance Guide


The status of the services in the Services field can be seen in the Status field. To manage one or
more service, use Toggle Buttons provided in the Manage field.

Toggle Button Action table


Button

Usage

Start

Starts the Server whose status is Stopped

Stop

Stops the server whose status is Started

Restart

Restarts server: Only for Authentication


Server and Web Proxy Server

Updating User Accounts and User Groups


Regularly check the validity and volume of activity of every user account. Accounts that are not used
very frequently can be kept in Inactive State and switched back to Active State when required.
Accounts that are not in use anymore can be deleted altogether. For details on how to change the
status of an account or delete an account, click here.
Users are assigned to User Groups which makes assignment and modification of policies easier for
the Administrator. Like User Accounts, validity and volume of activity of User Groups should also be
checked. Groups that are unused should be deleted. For details on how to delete a User Group,
click here.

Updating Policies
Cyberoam Appliance enforces many rules and policies upon users to ensure that they have a safe
and productive Internet experience. These policies are:

Web Filter Policy


Application Filter Policy
IM Filter Policy
QoS Policy
Identity Policies
o Access Time Policy
o Surfing Quota Policy
o Data Transfer Policy

These policies should be regularly updated to reflect changing Network Environment and User Surfing
Patterns in the organization to ensure optimal usage of the Appliance .For details on how to manage
various Cyberoam Policies, refer to the User Guide.

Securing Access to Appliance


Cyberoam Appliance tends to the security needs of the network in which it is deployed. Hence, it is
necessary to ensure that the Appliance itself is secure to curb circumstances where network security
is compromised. As such, access to the Appliance should be restricted to Authorized Users only. For
details on various ways to secure Appliance Access, click here.

Cyberoam Maintenance Guide

Updating Firewall Rules


Firewall Rules provide centralized management of security policies. From a single firewall rule, an
entire set of Cyberoam security policies can be defined and managed. Create and update Firewall
Rules according to the changing network security needs of the organization. For details on managing
Firewall Rules, click here.
Also, there may be certain defined Rules that do not apply to current network security needs, hence
remain unused. Detect and eliminate such Rules so that they do not add to system overhead.

Reviewing Denial of Service (DoS) Settings


Cyberoam provides several security options that cannot be defined by the firewall rules. This includes
protection from several kinds of Denial of Service attacks. These attacks disable computers and
circumvent security. Regularly review DoS Settings which mainly involves checking Threshold Values
for the following parameters for SYN, TCP, UDP and ICMPv4/ICMPv6 traffic.

Packet rate per Source


Burst rate per Source
Packet rate per Destination
Burst rate per Destination

Configuring too high Threshold Values degrades system performance while too low values blocks
regular requests. For details on how to protect Cyberoam from DoS attacks, click here.
Again, Cyberoam allows you to bypass DoS rules in case you are sure that the specified source will
not be used for flooding or ignore if flooding occurs from the specified source These Rules should be
updated from time to time so that they are in accordance with changing Network Environment.
Unused Rules should be deleted to reduce system overhead.
For details on how to create a Bypass Rule, click here.

Monitoring Appliance Health


System Graphs can be used to view graphs pertaining to System related activities for different time
intervals. Graphs can be viewed Utilities Wise or Period Wise.
Period wise graph displays the following graphs for a selected period:

Live Graph
CPU usage Information
Memory usage Information
Load Average
Interface usage Information

Utility wise graphs show the same graphs regrouped based on the time interval. Use these statistics
to verify System Utilization. In case of any discrepancy, contact Cyberoam Technical Support at
support@cyberoam.com.

Cyberoam Maintenance Guide

Configuring iView Logs & Reports


Cyberoam can log many different network activities and traffic including:

Firewall log
Anti-virus infection and blocking
Web filtering, URL and HTTP content blocking
Signature and anomaly attack and prevention
Spam filtering
IM logs
Administrator logs
User Authentication logs

Cyberoam-iView emails these reports in PDF format to specified email addresses according to the
configured frequency. Hence, ensure that correct Email Addresses are configured in iView report
notifications. Also, ensure that appropriate log retention period is configured to retain the logs. For
details on how to manage Log Retention Period in iView, click here.

Document Version: 1.1 - 26 February, 2015