Labs .......................................................................................................................................................................

1
Lab #1 Factory Reset ..................................................................................................................................................1
Web Admin Console of the appliance ...................................................................................................................1
CLI of Appliance .....................................................................................................................................................1
Lab #2 Deployment in Bridge Mode (Optional) .........................................................................................................3
Lab #3 Deployment in Gateway Mode ......................................................................................................................7
Lab #4 Registration & Subscription............................................................................................................................9
Lab #5 Upgrade (Optional) ......................................................................................................................................12

Deploying Cyberoam

Cyberoam Certified Network & Security Professional

Labs
Lab #1 Factory Reset
Factory Reset will remove entire user configurations of your Cyberoam appliance, and boot the
appliance with factory default settings. So it is recommended to take back up of the appliance before
factory reset.
There are 2 ways of performing Factory Reset on the appliance:
Web Admin Console of the appliance

Access Web Admin Console with user having Administrator profile

Go to System -> Maintenance -> Firmware and page displays the list of available firmware
versions downloaded. Maximum of two firmware versions are available simultaneously in
Cyberoam and one of the two firmware versions is active i.e. the firmware is deployed.

Click on the icon which you want to boot with factory reset settings as shown below:

Boot with factory default configuration Appliance will be rebooted and will load default
configuration. Entire configuration will be lost if you choose this option.

Click on the Boot with Factory default configuration and it will ask you to take back up of your
configuration.
Note: All the configurations will be removed after factory reset. Change the IP address of your
machine in the subnet of 172.16.16.0/24, to access the Web Admin Console of Cyberoam over port
A, which is accessible through default IP address 172.16.16.16.
CLI of Appliance
Access Cyberoam CLI using a serial connection. Factory reset from the CLI requires physical
connectivity between the appliance and Management Console. Hence, it can be done using a serial
connection only, and not other remote sessions like Telnet and SSH.
You can connect a serial console to the Serial port of any of the Cyberoam appliance models.
Once the connection is successfully established, specify Cyberoam CLI password i.e. admin at the
prompt, press Enter and you will get the following screen.
Choose Option 5 Cyberoam Management and it will lead you to sub menus, asking about factory
reset option

Cyberoam Certified Network & Security Professional

Deploying Cyberoam

Chose option 3 - Reset to Factory Defaults to factory reset the appliance. Press y to reset appliance
to factory default.

Appliance will reboot, and come with factory default settings.

In a case where the password to CLI and GUI are forgotten, Serial connection can be made to
the appliance and on the password prompt type RESET in upper case without the quotes.
This is show the below menu.

On pressing 1, all the configuration will be reset, but there will be no changes on the signature
and report databases.

On pressing 2, all configuration and signatures will be flushed, but there will be no changes on
the report database.

On pressing 3, all configuration, signatures, and reports will be flushed from the appliance.

Deploying Cyberoam

Cyberoam Certified Network & Security Professional

Lab #2 Deployment in Bridge Mode (Optional)

By default, all Cyberoam appliances are configured to work in gateway mode. We already know the
scenario when an appliance works in the bridge mode.

Connect port A of the appliance to your computer using a cross-over cable.

Connect port B of the appliance to the WAN switch using a straight-through cable.

The lab setup should look like the diagram below. Please note that the diagram represents only
an individual learner.

Every learner now needs to access their Cyberoam appliance web admin console. The appliance
has to following settings

Port A IP Address is 172.16.16.16/24

By default the DHCP server service is on for Port A, therefore each learner will be assigned an IP
Address by their Cyberoam appliance. If Cyberoam has not assigned an IP Address to the
learners computer. The learner may now change his IP Address in range of 172.16.16.x/24.

Browse to https://172.16.16.16 and you should see the Cyberoam Web Admin Console login
page. Enter the credentials, username should be Cyberoam and password is cyber.

If you cannot log on, verify the following configurations:

Did you plug your computer Ethernet cable into the port A on the appliance? - Deployment can
only be performed through port A.

Is the link light glowing on both the computer and the Appliance? If not, check and replace the
cable

Is your computer set to a static IP address of 172.16.16.16 and subnet as 255.255.255.0?

Did you enter correct IP address in your Web browser?

Starting with the configuration: Click the wizard button at the top of the dashboard. This will start
the network configuration wizard.

Cyberoam Certified Network & Security Professional

Deploying Cyberoam

Click start on the network configuration wizard screen and follow the steps listed the screens
below.

Select bridge mode the options shown on the network configuration wizard window

The Network configuration wizard will now show the zone configuration window in which the
learner shall select the ports on which the bridge needs to created.

Deploying Cyberoam

Cyberoam Certified Network & Security Professional

After the zones are configured, the network configuration wizard will now show the network
configuration window. In this window, we shall enter the IP Address of the bridge, gateway IP
Address, and DNS configuration.

After the network configuration, Cyberoam being a firewall device will block the traffic from
different zones. The wizard will give an option the policy we wish to apply to the traffic from LAN > WAN. At this point simply select monitor only. We will discuss more on the policies in the
modules to come.

The following are the three pre-defined policies:

Monitor Only:
o
o
o

Allow all outbound traffic without any authentication.

No scanning.
No content filtering.

General Internet Policy:

o Allow all outbound traffic without any authentication.
o Web traffic will be scanned for virus / malware / spyware.
o Content filtering will be ON by using default content filtering policy General
Corporate Policy which blocks below web URL categories:
o Porn, Nudity, Adult Content, URL Translation Sites, Drugs, Crime and Suicide,
Gambling, Militancy and Extremist, Phishing and Fraud, Violence, Weapons

Cyberoam Certified Network & Security Professional

Deploying Cyberoam

Strict Internet Policy:

o Block all outbound unauthenticated traffic.
o Web traffic will be scanned for virus / malware / spyware.
o All traffic will be scanned by IPS engine.

The next prompt from this window will be the email address settings required to alert the
administrator.

Lastly, the network configuration will ask for updating and setting up the time zone. A summary
page will be displayed at the end of the configuration and the learner will be required to click
finish, to close the window. The Cyberoam appliance will take some time to configure and alert
with the completion window.

Deploying Cyberoam

Cyberoam Certified Network & Security Professional

Lab #3 Deployment in Gateway Mode

Connect port A of the Appliance to your computers Ethernet interface using the crossover Ethernet
cable.

Connect port B of the Appliance to switch for WAN connectivity using the straight Ethernet cable.
1. Connect to the web admin console on 172.16.16.16.
2. Click the Wizard button on the top right of the Dashboard to start Network
Configuration Wizard and click Start.

3. When the network configuration window appears, click start.

Cyberoam Certified Network & Security Professional

Deploying Cyberoam

4. On the next screen, network configuration wizard will be displayed where we will
select the gateway mode.

5. In the next screens to follow, the network configuration wizard will run. This wizard
allows us to configure each port on the appliance.

6. From the above screen, we can see that the appliance allows us to configure the
Port A, however, utmost care has to be taken not to click next until the
configuration is done. Most users make a mistake here by clicking next arrow
instead of the highlighted next button. In the next screens, we choose the
configuration for each port. After configuring all the ports, Internet access
configuration wizard is displayed. This wizard allows setting the predefined policies.

Deploying Cyberoam

Cyberoam Certified Network & Security Professional

7. From the previous lab, we already know what policy is used for what configuration.
The role of each policy will be discussed in the modules and labs to follow. As of
now, the learners can select monitor only. Monitor only will put the Cyberoam
appliance into monitor mode, in this mode the Cyberoam will not block any traffic,
but still will be generating reports of all the traffic. The next screen to follow is the
mail configuration settings.

8. Lastly, the network configuration will ask for updating and setting up the time
zone. A summary page will be displayed at the end of the configuration and the
learner will be required to click finish, to close the window. The Cyberoam
appliance will take some time to configure and alert with the completion window.

Lab #4 Registration & Subscription

To register the Cyberoam appliance, go to customer.cyberoam.com, and open a new account if you
dont have one, and register your appliance. Once registration is done, subscribe to all four modules
using trial license. Firstly, we need to identify if Cyberoam is registered.
1. Go to System Maintenance licensing, there you will find Appliance Registration
Information. It will show you the registration information of the appliance. If the
appliance is not registered, you will get the message for the same.

Cyberoam Certified Network & Security Professional

Deploying Cyberoam

2. To register the appliance, go to customer.cyberoam.com. If you havent created

any account with Cyberoam, click on the register tab on the main page, as shown
in the diagram.

3. As soon as you will click on the tab Registration, you will see below page of
registration. Please, provide proper Email ID, password and Appliance key, to
register the appliance.

4. Please, note that:

5. Registration Email-id will be used as a username to access customer my account.
6. If you already have customer account with Cyberoam then you can provide the
registration details to login into your account, but in Lab create new customer
account.
7. If you already have customer account then login with the user credentials, and
click on Register Appliance button as shown below:

10

Deploying Cyberoam

Cyberoam Certified Network & Security Professional

8. Once the appliance is registered,

SystemMaintenanceLicensing.

you

can

verify

the

registration

from

9. If the registration information does not appear automatically, click on the

Synchronize button as shown in the screen.

10. To subscribe to any module, go to customer my account and click on the appliance
link and click on subscribe

11. The above screen shows how modules can be subscribed.

11

Cyberoam Certified Network & Security Professional

Deploying Cyberoam

Lab #5 Upgrade (Optional)

Log in with the username and password provided when the appliance was registered.

Next, upon downloading the CyberoamOS file, upload the file to the appliance by navigating System->
Maintenance -> Firmware and click on the upload firmware button

Click to specify the location of the firmware image or browse to locate the file. You can simply upload
the image or upload and boot from the image.
The uploaded firmware can only be active after next reboot. The existing firmware will be removed and
the new firmware will be available.

12