Introduction Cyberoam Appliance should undergo regular maintenance for smooth and efficient functioning of the Appliance. The various tasks involved in Maintenance are as follows.
Securing Backup Updating Appliance Firmware Configuring Email Alerts Validating Subscriptions Checking Status of Services Updating User Accounts and User Groups Updating Policies Securing Access to Appliance Updating Firewall Rules Reviewing Denial of Service (DoS) Settings Monitoring Appliance Health Configuring iView Logs & Reports
Securing Backup Taking backup of Cyberoam Appliance Configuration enables us to preserve a copy of all current configurations. It is advisable to take a backup of Cyberoam Appliance Configuration on a regular basis. In case of equipment failure or other anomaly, the backup can be restored on an existing appliance after repairs or can be applied to a new appliance to facilitate recovery. For details on how to take a backup of Cyberoam Appliance configuration, click here.
Updating Appliance Firmware
Newer firmware versions of Cyberoam Appliance are released periodically. Each released firmware has enhanced features, better functionality and Bug Fixes. Hence, to enhance the Cyberoam User Experience upgrade the Appliance to the latest firmware. Information about the latest firmware releases is notified in the Alert Messages section on the dashboard. This information can also be obtained in http://csc.cyberoam.com. For details on how to upgrade Cyberoam Appliance to the latest firmware, click here.
Configuring Email Alerts
E-mail notifications inform the administrator about changes in the network such as the following. Change in gateway status
Change in HA (high availability) link status (if HA cluster is configured)
Various reports Hence, ensure that valid Email addresses and mail server settings are configured to continue receiving alerts. In case of change of Email addresses or mail server settings, update the appliance configuration accordingly. For details on how to configure email notifications on Cyberoam Appliance, click here.
Cyberoam Maintenance Guide
Validating Subscriptions Cyberoam Appliance contains 2 types of modules:
Basic modules Firewall, VPN, Multi Link Management, Bandwidth Management, Real-time Blackhole List (RBL), Traffic Discovery and On-Appliance Reports.
Subscription modules - Gateway Anti Virus, Gateway Anti Spam (Inbound and Outbound), Intrusion Detection and Prevention, Web and Application Filtering, Web Application Filtering (WAF), 8x5 support, 24x7 support.
Basic modules are pre-registered with the Appliance for an indefinite time period. Subscription modules are to be subscribed at regular intervals. In case one or more of the Subscription Modules has expired or is on the verge of expiry, renew the same to continue enjoying the benefits. For details on how to renew the subscription of a module, click here.
Checking Status of Services
Cyberoam provides various services like:
Anti Spam Anti Virus Authentication DNS Server IPS Web Proxy WAF DHCP Server DHCPv6 Server Router Advertisement Service
It is a good practice to regularly check if these services are up and running. To check and manage services, go to System > Maintenance > Services. The following screen appears.
Cyberoam Maintenance Guide
The status of the services in the Services field can be seen in the Status field. To manage one or more service, use Toggle Buttons provided in the Manage field.
Toggle Button Action table
Button
Usage
Start
Starts the Server whose status is Stopped
Stop
Stops the server whose status is Started
Restart
Restarts server: Only for Authentication
Server and Web Proxy Server
Updating User Accounts and User Groups
Regularly check the validity and volume of activity of every user account. Accounts that are not used very frequently can be kept in Inactive State and switched back to Active State when required. Accounts that are not in use anymore can be deleted altogether. For details on how to change the status of an account or delete an account, click here. Users are assigned to User Groups which makes assignment and modification of policies easier for the Administrator. Like User Accounts, validity and volume of activity of User Groups should also be checked. Groups that are unused should be deleted. For details on how to delete a User Group, click here.
Updating Policies Cyberoam Appliance enforces many rules and policies upon users to ensure that they have a safe and productive Internet experience. These policies are:
Web Filter Policy
Application Filter Policy IM Filter Policy QoS Policy Identity Policies o Access Time Policy o Surfing Quota Policy o Data Transfer Policy
These policies should be regularly updated to reflect changing Network Environment and User Surfing Patterns in the organization to ensure optimal usage of the Appliance .For details on how to manage various Cyberoam Policies, refer to the User Guide.
Securing Access to Appliance
Cyberoam Appliance tends to the security needs of the network in which it is deployed. Hence, it is necessary to ensure that the Appliance itself is secure to curb circumstances where network security is compromised. As such, access to the Appliance should be restricted to Authorized Users only. For details on various ways to secure Appliance Access, click here.
Cyberoam Maintenance Guide
Updating Firewall Rules
Firewall Rules provide centralized management of security policies. From a single firewall rule, an entire set of Cyberoam security policies can be defined and managed. Create and update Firewall Rules according to the changing network security needs of the organization. For details on managing Firewall Rules, click here. Also, there may be certain defined Rules that do not apply to current network security needs, hence remain unused. Detect and eliminate such Rules so that they do not add to system overhead.
Reviewing Denial of Service (DoS) Settings
Cyberoam provides several security options that cannot be defined by the firewall rules. This includes protection from several kinds of Denial of Service attacks. These attacks disable computers and circumvent security. Regularly review DoS Settings which mainly involves checking Threshold Values for the following parameters for SYN, TCP, UDP and ICMPv4/ICMPv6 traffic.
Packet rate per Source
Burst rate per Source Packet rate per Destination Burst rate per Destination
Configuring too high Threshold Values degrades system performance while too low values blocks regular requests. For details on how to protect Cyberoam from DoS attacks, click here. Again, Cyberoam allows you to bypass DoS rules in case you are sure that the specified source will not be used for flooding or ignore if flooding occurs from the specified source These Rules should be updated from time to time so that they are in accordance with changing Network Environment. Unused Rules should be deleted to reduce system overhead. For details on how to create a Bypass Rule, click here.
Monitoring Appliance Health
System Graphs can be used to view graphs pertaining to System related activities for different time intervals. Graphs can be viewed Utilities Wise or Period Wise. Period wise graph displays the following graphs for a selected period:
Live Graph CPU usage Information Memory usage Information Load Average Interface usage Information
Utility wise graphs show the same graphs regrouped based on the time interval. Use these statistics to verify System Utilization. In case of any discrepancy, contact Cyberoam Technical Support at support@cyberoam.com.
Cyberoam Maintenance Guide
Configuring iView Logs & Reports
Cyberoam can log many different network activities and traffic including:
Firewall log Anti-virus infection and blocking Web filtering, URL and HTTP content blocking Signature and anomaly attack and prevention Spam filtering IM logs Administrator logs User Authentication logs
Cyberoam-iView emails these reports in PDF format to specified email addresses according to the configured frequency. Hence, ensure that correct Email Addresses are configured in iView report notifications. Also, ensure that appropriate log retention period is configured to retain the logs. For details on how to manage Log Retention Period in iView, click here.
