Académique Documents
Professionnel Documents
Culture Documents
Version 9
IMPORTANT NOTICE
Elitecore has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of
any kind, expressed or implied. Users must take full responsibility for their application of any products. Elitecore assumes no
responsibility for any errors that may appear in this document. Elitecore reserves the right, without notice to make changes in product
design or specifications. Information is subject to change without notice.
USERS LICENSE
The Appliance described in this document is furnished under the terms of Elitecores End User license agreement. Please read these
terms and conditions carefully before using the Appliance. By using this Appliance, you agree to be bound by the terms and conditions
of this license. If you do not agree with the terms of this license, promptly return the unused Appliance and manual (with proof of
payment) to the place of purchase for a full refund.
LIMITED WARRANTY
Software: Elitecore warrants for a period of ninety (90) days from the date of shipment from Elitecore: (1) the media on which the
Software is furnished will be free of defects in materials and workmanship under normal use; and (2) the Software substantially
conforms to its published specifications except for the foregoing, the software is provided AS IS. This limited warranty extends only to
the customer as the original licenses. Customers exclusive remedy and the entire liability of Elitecore and its suppliers under this
warranty will be, at Elitecore or its service centers option, repair, replacement, or refund of the software if reported (or, upon, request,
returned) to the party supplying the software to the customer. In no event does Elitecore warrant that the Software is error free, or that
the customer will be able to operate the software without problems or interruptions. Elitecore hereby declares that the anti virus and anti
spam modules are powered by Kaspersky Labs and the performance thereof is under warranty provided by Kaspersky Labs. It is
specified that Kaspersky Lab does not warrant that the Software identifies all known viruses, nor that the Software will not occasionally
erroneously report a virus in a title not infected by that virus.
Hardware: Elitecore warrants that the Hardware portion of the Elitecore Products excluding power supplies, fans and electrical
components will be free from material defects in workmanship and materials for a period of One (1) year. Elitecore's sole obligation
shall be to repair or replace the defective Hardware at no charge to the original owner. The replacement Hardware need not be new or
of an identical make, model or part; Elitecore may, in its discretion, replace the defective Hardware (or any part thereof) with any
reconditioned product that Elitecore reasonably determines is substantially equivalent (or superior) in all material respects to the
defective Hardware.
DISCLAIMER OF WARRANTY
Except as specified in this warranty, all expressed or implied conditions, representations, and warranties including, without limitation,
any implied warranty or merchantability, fitness for a particular purpose, non-infringement or arising from a course of dealing, usage, or
trade practice, and hereby excluded to the extent allowed by applicable law.
In no event will Elitecore or its supplier be liable for any lost revenue, profit, or data, or for special, indirect, consequential, incidental, or
punitive damages however caused and regardless of the theory of liability arising out of the use of or inability to use the product even if
Elitecore or its suppliers have been advised of the possibility of such damages. In the event shall Elitecores or its suppliers liability to
the customer, whether in contract, tort (including negligence) or otherwise, exceed the price paid by the customer. The foregoing
limitations shall apply even if the above stated warranty fails of its essential purpose.
In no event shall Elitecore or its supplier be liable for any indirect, special, consequential, or incidental damages, including, without
limitation, lost profits or loss or damage to data arising out of the use or inability to use this manual, even if Elitecore or its suppliers
have been advised of the possibility of such damages.
RESTRICTED RIGHTS
Copyright 2000 Elitecore Technologies Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of Elitecore Technologies Ltd.
Information supplies by Elitecore Technologies Ltd. Is believed to be accurate and reliable at the time of printing, but Elitecore
Technologies assumes no responsibility for any errors that may appear in this documents. Elitecore Technologies reserves the right,
without notice, to make changes in product design or specifications. Information is subject to change without notice
CORPORATE HEADQUARTERS
Elitecore Technologies Ltd.
904 Silicon Tower,
Off. C.G. Road,
Ahmedabad 380015, INDIA
Phone: +91-79-66065606
Fax: +91-79-26407640
Web site: www.elitecore.com , www.cyberoam.com
Contents
Guide Sets _______________________________________________________________________________ 6
Technical Support _________________________________________________________________________ 7
Typographic Conventions___________________________________________________________________ 8
Preface ____________________________________________________________________________ 9
Guide Organization _______________________________________________________________________ 10
Cyberoam Basics__________________________________________________________________ 11
Benefits of Cyberoam _____________________________________________________________________ 11
Accessing Cyberoam _____________________________________________________________________ 11
Accessing the Web Admin Console _________________________________________________________ 13
Getting Started ______________________________________________________________________________ 16
Dashboard ______________________________________________________________________________ 18
Management ________________________________________________________________________________ 20
Policy Management________________________________________________________________ 75
Surfing Quota policy ______________________________________________________________________ 76
Access Time policy _______________________________________________________________________ 80
Internet Access policy _____________________________________________________________________ 84
Bandwidth policy _________________________________________________________________________ 92
Data Transfer policy _____________________________________________________________________ 107
SNAT Policy ____________________________________________________________________________ 111
DNAT Policy ____________________________________________________________________________ 115
145
145
147
148
149
151
154
155
159
161
162
164
165
168
169
170
171
171
172
174
174
175
182
187
188
189
208
209
210
211
212
213
Guide Sets
Guide
User Guide
Console Guide
Windows Client Guide
Linux Client Guide
HTTP Client Guide
Analytical Tool Guide
LDAP Integration Guide
ADS Integration Guide
PDC Integration Guide
RADIUS Integration Guide
High Availability Configuration
Guide
Data transfer Management
Guide
Multi Link Manager User Guide
Cyberoam Anti Virus
Implementation Guide
Cyberoam Anti Spam
Implementation Guide
VPN Management
Describes
Console Management
Installation & configuration of Cyberoam
Windows Client
Installation & configuration of Cyberoam Linux
Client
Installation & configuration of Cyberoam HTTP
Client
Using the Analytical tool for diagnosing and
troubleshooting common problems
Configuration for integrating LDAP with
Cyberoam for external authentication
Configuration for integrating ADS with Cyberoam
for external authentication
Configuration for integrating PDC with Cyberoam
for authentication
Configuration for integrating RADIUS with
Cyberoam for external authentication
Configuration of High Availability (HA)
Configuration and Management of user based
data transfer policy
Configuration of Multiple Gateways, load
balancing and failover
Configuring and implementing anti virus solution
Configuring and implementing anti spam solution
Implementing and managing VPN
Technical Support
You may direct all questions, comments, or requests concerning the software you purchased, your
registration status, or similar issues to Customer care/service department at the following address:
Corporate Office
eLitecore Technologies Ltd.
904, Silicon Tower
Off C.G. Road
Ahmedabad 380015
Gujarat, India.
Phone: +91-79-66065606
Fax: +91-79-26407640
Web site: www.elitecore.com
Cyberoam contact:
Technical support (Corporate Office): +91-79-26400707
Email: support@cyberoam.com
Web site: www.cyberoam.com
Visit www.cyberoam.com for the regional and latest contact information.
Typographic Conventions
Material in this manual is presented in text, screen displays, or command-line notation.
Item
Convention
Server
Client
User
Username
Part titles
Topic titles
Example
Bold and
shaded font
typefaces
Shaded font
typefaces
Report
Introduction
Subtitles
Navigation link
Bold typeface
Name of a
particular
parameter /
field / command
button text
Cross
references
Lowercase
italic type
Bold typeface
between the
black borders
Bold typefaces
between the
black borders
Prerequisites
Hyperlink in
different color
Notation conventions
Note
Prerequisite
Prerequisite details
Preface
Welcome to Cyberoams - User guide.
Cyberoam is an Identity-based UTM Appliance. Cyberoams solution is purpose-built to meet the security
needs of corporates, government organizations, and educational institutions.
Cyberoams perfect blend of best-of-breed solutions includes User based Firewall, Content filtering, Anti
Virus, Anti Spam, Intrusion Detection and Prevention (IDP), and VPN.
Cyberoam provides increased LAN security by providing separate port for connecting to the publicly
accessible servers like Web server, Mail server, FTP server etc. hosted in DMZ which are visible the
external world and still have firewall protection.
This Guide helps you manage and customize Cyberoam to meet your organizations various
requirements including creating groups and users and assigning policies to control internet access.
Guide Organization
This Guide provides information regarding the administration, maintenance, and customization of
Cyberoam.
It describes how to define groups and users to meet the specific requirements of your Organization. It
also describes how to manage and customize Cyberoam.
1. Define Authentication process and firewall rule.
2. Manage Groups and Users. Describes how to add, edit and delete Users and User Groups
3. Manage & Customize Policies. Describes how to define and manage Surfing Quota policy,
Access Time policy, Internet Access policy, Bandwidth policy and Data transfer policy
4. Manage Logon Pools. Describes how to add, edit and delete Logon Pools
5. Manage Cyberoam server
Part III Customization
Customize Services, Schedules and Categories. Describes how to create and manage Categories,
Schedules and Services and Cyberoam upgrade process.
10
Cyberoam Basics
Cyberoam is an Identity-based UTM Appliance. Cyberoams solution is purpose-built to meet the security
needs of corporates, government organizations, and educational institutions.
Cyberoams perfect blend of best-of-breed solutions includes Identity based Firewall, Content filtering,
Anti Virus, Anti Spam, Intrusion Detection and Prevention (IDP), and VPN.
Cyberoam provides increased LAN security by providing separate port for connecting to the publicly
accessible servers like Web server, Mail server, FTP server etc. hosted in DMZ which are visible the
external world and still have firewall protection.
It also provides assistance in improving Bandwidth management, increasing Employee productivity and
reducing legal liability associated with undesirable Internet content access.
Benefits of Cyberoam
1. Boost Employee productivity by
a. Blocking access to the sites like Gaming, Shopping, news, Pornography
2. Conserve bandwidth by
a. Controlling access to non-productive site access during working hours
b. Controlling rate of uploading & downloading of data
3. Load balancing over multiple links
a. Improved User response time
b. Failover solution
c. Continuous availability of Internet
d. Reduced bandwidth bottlenecks
5. Enforce acceptable Internet usage policies
6. Comprehensive, easy-to-use reporting tool enabling the IT managers to compile reports on Internet
and other resources usage and consumption patterns
Accessing Cyberoam
Two ways to access Cyberoam:
1. Web Admin Console
Managing Firewall rules
Used for policy configuration
Managing users, groups and policies
Managing Bandwidth
Viewing bandwidth graphs as well as reports
2. Telnet Console
Used for Network and System configuration (setting up IP Addresses, setting up gateway)
Managing Cyberoam application
a) Using Console Interface via remote login utility TELNET
b) Direct Console connection - attaching a keyboard and monitor directly to Cyberoam server
11
12
Log on & log off from the Cyberoam Web Admin Console
The Log on procedure verifies validity of user and creates a session until the user logs off.
Log on procedure
To get the log in window, open the browser and type IP Address in browsers URL box. A dialog box
appears prompting you to enter username and password to log on. Use the default user name
cyberoam and password cyber if you are logging in for the first time after installation.
Asterisks are the placeholders in the password field.
Log on Methods
HTTP log in
To open unencrypted login page, in the browsers Address box, type
http://<IP address of Cyberoam>
13
Screen Elements
Description
Login
User name
Password
If you are logging on for the first time after installation, please use
default username cyberoam
Specify user account Password
14
Log on to
Login button
If you are logging on for the first time after installation, please use
default password cyber
To administer Cyberoam, select Web Admin Console
Logs on to Web Admin Console
Click Login
Table - Login screen elements
User group User is the user who accesses the resources through Cyberoam.
Clientless group
Clientless User group User who can bypass Cyberoam Client login to access resources. Cyberoam itself
takes care of login of this level user.
For Administrators and Managers, IP address based access restriction/control can be implemented.
Refer to Access Configuration to implement.
15
Getting Started
Once you have configured network, you can start using Cyberoam.
PART
1. Start monitoring
Once you have installed Cyberoam successfully, you can monitor user activity in your Network.
Depending on the Internet Access policy configured at the time of installation, certain categories will be
blocked/allowed for LAN to WAN traffic with or without authentication.
2. View Cyberoam Reports
Monitor your Network activities using Cyberoam Reports.
To view Reports, log on to Reports from Web Admin Console using following URL: http://<Internal IP
Address>
To log on, use default username cyberoam and password cyber.
View your organizations surfing pattern from Web Surfing Organization wise report
View your organizations general surfing trends from Trends Web Trends report
View your organizations Category wise surfing trends from Trends Category Trends report
3. Discover Network Application Traffic
Detect your network traffic i.e. applications and protocols accessed by your users.
To view traffic pattern of your network, log on to Cyberoam Web Management Console using following
URL: http://<Internal IP Address>
To log on, use default username cyberoam and password cyber.
View amount of network traffic generated by various applications from Traffic Discovery Live
Connections Application wise
4. Configure for User name based monitoring
As Cyberoam monitors and logs user activity based on IP address, all the reports generated are also IP
address based. To monitor and log user activities based on User names, you have to configure
Cyberoam for integrating user information and authentication process.
Integration will identify access request based on User names and generate reports based on Usernames.
If your Network uses Active Directory Services and users are already created in ADS, configure
Cyberoam to communicate your ADS. Refer to Cyberoam ADS Integration guide for more details.
If your Network uses Windows Domain Controller, configure for Cyberoam to communicate with Windows
Domain Controller. Refer to Cyberoam PDC Integration guide for more details.
16
5. Customize
Depending on the Internet Access configuration done at the time of installation, default firewall rules will
be created.
You can create additional firewall rules and other policies to meet your organizations requirement.
Cyberoam allows you to:
1. Control user based per zone traffic by creating firewall rule. Refer to Firewall for more details.
2. Control individual user surfing time by defining Surfing quota policy. Refer to Policy ManagementSurfing Quota policy for more details.
3. Schedule Internet access for individual users by defining Access time policy. Refer to Policy
Management-Access time policy for more details.
4. Control web access by defining Internet Access policy. Refer to Policy Management-Internet
Access policy for more details.
5. Allocate and restrict the bandwidth usage by defining Bandwidth policy. Refer to Policy
Management-Bandwidth policy for more details.
6. Limit total as well as individual upload and/or download data transfer by defining data transfer
policy. Refer Data transfer policy for more details.
17
Dashboard
As soon as you logon to the Web Admin Console, Dashboard is displayed.
Dashboard provides one solution to many analytical needs. Using the "dashboard" concept of information
presentation, Cyberoam makes it easy to view access data from multiple perspectives, allowing
management to identify patterns and potential areas of risk and productivity loss. It will empower
organizations to plan, understand, integrate and leverage strategy all from a single page report.
The goal of dashboard is to provide fast access to monitor and analyze employee Internet usage. As a
result, managers gain an unprecedented ability to report on and manage a wide spectrum of the data and
applications that employees use during their working hours.
Dashboard is the answer to Why can't Cyberoam automatically show me things that will help me with
what I'm doing, instead of making me search around for them?
Dashboard is divided into following section:
1. HTTP Traffic Analysis
2. User Surfing pattern
3. Usage Summary
4. Recent Mail Viruses detected
5. Recent HTTP Viruses detected
6. Installation Information
7. System Resources
8. System Status
9. Installation Information
10. DoS attack status
11. Recent IDP Alerts
12. License Information
13. Gateway status
18
19
Management
Setting up Zones
A Zone is a logical grouping of ports.
PART
Zones provide flexible layer of security for the firewall. With the zone-based security, the administrator
can group similar ports and apply the same policies to them, instead of having to write the same policy
for each interface.
20
Create Zone
Select System Zone Create to open the create page
Screen Elements
Description
Create Zone
Zone Name
Zone Type
Select Port
Description
Create button
Use Right arrow button to move the selected ports to Member Port list.
Specify zone description
Saves the configuration and creates zone
Table Create Zone
21
Setting up Users
Define Authentication
Cyberoam provides policy-based filtering that allows defining individual filtering plans for various users of
your organization. You can assign individual policies to users (identified by IP address), or a single policy
to number of users (Group).
Cyberoam detects users as they log on to Windows domains in your network via client machines.
Cyberoam can be configured to allow or disallow users based on username and password. In order to
use User Authentication, you must select at least one database against which Cyberoam should
authenticate users.
Cyberoam supports user authentication against:
an Active Directory
an Windows Domain controller
an LDAP server
an RADIUS server
an internal database defined in Cyberoam
To filter Internet requests based on policies assigned, Cyberoam must be able to identify a user making a
request.
When the user attempts to access, Cyberoam requests a user name and password and authenticates the
user's credentials before giving access. User level authentication can be performed using the local user
database on the Cyberoam, an External ADS server, RADIUS server, LDAP or Windows Domain
Controller.
Integrate with ADS, LDAP or Domain Controller if external authentication is required.
If your network uses an Active Directory service, configure Cyberoam to communicate with ADS. Refer to
Cyberoam - ADS Integration Guide for details.
If your network uses a Windows Domain controller, configure Cyberoam to communicate with Domain
controller. Refer to Cyberoam - PDC Integration for details.
If your Network uses LDAP, configure Cyberoam to communicate with LDAP server. Refer to Cyberoam
LDAP Integration for details.
If your Network uses RADIUS server, configure Cyberoam to communicate with RADIUS server. Refer to
RADIUS Integration Guide for details.
Cyberoam can prompt for user identification if your network does not use Windows environment. Refer to
Cyberoam Authentication for details.
Cyberoam Authentication
When Cyberoam is installed in Non PDC environment, it is necessary to create users and groups in
Cyberoam.
Before users log on to Cyberoam, Administrator has to create all the users in Cyberoam, assign them to
a Group and configure for Cyberoam authentication. Refer to Define Group and Define User for details
on creating groups and users.
22
When user attempts to log on, Cyberoam server performs authentication i.e. User is authenticated
directly by the Cyberoam server.
Screen Elements
Description
Update button
23
Define User
User
Users are identified by an IP address or a user name and assigned to a group. All the users in a group
inherit all the group policies. Refer to Policy Management to define new policies.
User types
Cyberoam supports three types of Users:
1. Normal
2. Clientless
3. Single Sign on
Normal User has to logon to Cyberoam. Requires Cyberoam client (client.exe) on the User machine or
user can use HTTP Client component and all the policy-based restriction can be applied.
Clientless Does not require Cyberoam client component (client.exe) on the User machines. Symbolically
represented as User name (C)
Single Sign On If User is configured for Single Sign On, whenever User logs on to Windows, he/she is
automatically logged to the Cyberoam. Symbolically represented as User name (S)
Use the given decision matrix below to decide which type of the user should be created.
Normal User
Clientless User
Yes
No
No
Yes
No
Yes
Yes
Yes
Yes
Yes
Yes
No
Yes
Yes
No
No
Yes
Yes
No
Yes
No
Yes
No
No
Yes
Yes
Yes
24
Add a User
Prerequisite
Group created for Normal Users only
Select User User Add User to open add user page
Screen Elements
Description
User Information
Name
Username
Password
Confirm Password
Windows
Domain
Controller
Only if Authentication
is done by Windows
Domain Controller
25
Specify the user group type. Depending on user group type default
web console access control will be applied. Refer to Web console
Authorization and Access control for more details.
Available option:
Administrator
Manager
User
Click User type list to select
Number
simultaneous
allowed
OR
Unlimited
of
login(s)
Group Information
Group
Specify in Group in which user is to be added. User will inherit all the
group policies.
Click Group list to select
Open a new Window and displays details of the selected Group
Refer to View Group details table for more details
Login Restriction
Select any one option
Click to select
Personal details link
Allows to enter personal details of the user
Personal information
Only if Personal details link is clicked
Birth date
Specify date of birth of user
26
Adds user
Review button
Click to add
Opens a new page and displays the user details for reviewing.
Review details before adding to make sure details entered are
correct.
Click to review
Click Submit to add user
Table - Add User screen elements
Description
Group name
Surfing Quota policy
Close button
the
the
the
the
the
27
Screen Elements
Description
Select
OK button
Cancel button
28
Screen Elements
Host Group Details
Host Group name
Is Host Group public
Description
Specify name of Logon Pool
Public IP address is routable over the Internet and do not need
Network Address Translation (NAT)
29
Bandwidth policy
Description
Machine details
From To
Machine name
Select Group
Group
Create button
30
Screen Elements
User Information
Name
Username
Activate on Creation
Description
Specify name of the User
Specify a unique name used for logging
Specifies whether user should be logged in automatically after
registration
Options:
Yes Automatically logs in as soon as registered successfully i.e.
becomes a live user
31
Email
Register
Cancel button
Screen Elements
Description
Select
Apply Restriction button
Close button
NOTE
Duplicate Usernames cannot be created
Make sure that subnets or individually defined IP addresses do not overlap
Create Group before assigning it to a User. Refer to Create Groups to create new groups
32
Setting up Groups
Group
Group is a collection of users having common policies and a mechanism of assigning access of
resources to a number of users in one operation/step.
Instead of attaching individual policies to the user, create group of policies and simply assign the
appropriate Group to the user and user will automatically inherit all the policies added to the group. This
simplifies user configuration.
A group can contain default as well as custom policies.
Various policies that can be grouped are:
1. Surfing Quota policy which specifies the duration of surfing time and the period of subscription
2. Access Time policy which specifies the time period during which the user will be allowed access
3. Internet Access policy which specifies the access strategy for the user and sites
4. Bandwidth policy which specifies the bandwidth usage limit of the user
5. Data Transfer policy which specifies the data transfer quota of the user
Refer to Policy Management for more details on various policies.
Group types
Two types of groups:
1. Normal
2. Clientless
Normal A user of this group need to logon to Cyberoam using the Cyberoam Client to access the
Internet
Clientless A user of this group need not logon to Cyberoam using the Cyberoam Client to access the
Internet. Access control is placed on the IP Address. Symbolically represented as Group name (C)
Use the below given decision matrix to decide which type of group will best suited for your network
configuration.
Normal Group
Clientless Group
Yes
No
Yes
No
Yes
Yes
Yes
Yes
Yes
Yes
No
Yes
No
No
No
Yes
Yes
No
33
Screen Elements
Description
Create Group
Group name
Group type
Specify Group name. Choose a name that best describes the Group.
Specify type of Group
Click Group type to select
Select Normal if Group members are required to log on using
Cyberoam Client
34
Internet
policy
Access
Bandwidth Policy
Login Restriction
Select
any
one
option
Apply login restriction if required for the users defined under the
Group
Available options
1) Allowed login from all nodes
Allows Users defined under the Group to login from all the nodes
2) Allowed login from the selected nodes
Allow Users defined under the Group to login from the selected
nodes only.
Click to select
Opens a new page and allows to select the node
Click to select the Node
Creates Group
35
Note
It is not necessary to add user at the time of the creation of Group. Users can be added even after the creation
the group.
Screen Elements
Description
Select
OK button
36
37
Firewall
A firewall protects the network from unauthorized access and typically guards the LAN and DMZ
networks against malicious access; however, firewalls may also be configured to limit the access to
harmful sites for LAN users.
The responsibility of firewall is to grant access from Internet to DMZ or Service Network according to the
Rules and Policies configured. It also keeps watch on state of connection and denies any traffic that is
out of connection state.
Firewall rules control traffic passing through the Cyberoam. Depending on the instruction in the rule,
Cyberoam decides on how to process the access request. When Cyberoam receives the request, it
checks for the source address, destination address and the services and tries to match with the firewall
rule. If Identity match is also specified then firewall will search in the Live Users Connections for the
Identity check. If Identity (User) found in the Live User Connections and all other matching criteria fulfills
then action specified in the rule will be applied. Action can be allow or deny.
If Action is Allow then each rule can be further configured to apply source or destination NATting
(Network Address Translation). You can also apply different protection settings to the traffic controlled by
firewall:
Enable load balancing between multiple links
Configure antivirus protection and spam filtering for SMTP, IMAP, POP3, and HTTP traffic. To
apply antivirus protection and spam filtering, you need to subscribe for Gateway Anti Virus and
Gateway Anti Spam modules individually. Refer to Licensing section for details.
Implement Intrusion detection and prevention. To apply IDP policy you need to subscribe for
Intrusion Detection and Prevention module. Refer to Licensing section for details.
Configure content filtering policies. To apply content filtering you need to subscribe for Web and
Application Filter module. Refer to Licensing section for details.
Apply bandwidth policy restriction
By default, Cyberoam blocks any traffic to LAN.
38
Note
Default Firewall rules can be modified as per the requirement but cannot be deleted
IDP policy will not be effective until the Intrusion Detection and Prevention (IDP) module is subscribed.
Virus and Spam policy will not be effective until the Gateway Anti Virus and Gateway Anti-spam modules are
subscribed respectively.
If Internet Access Policy is not set through Network Configuration Wizard at the time of deployment, the entire
traffic is dropped.
Additional firewall rules can be defined to extend or override the default rules. For example, rules can be
created that block certain types of traffic such as FTP from the LAN to the WAN, or allow certain types of
traffic from specific WAN hosts to specific LAN hosts, or restrict use of certain protocols such as Telnet to
authorized users on the LAN.
Custom rules evaluate network traffic source IP addresses, destination IP addresses, User, IP protocol
types, and compare the information to access rules created on the Cyberoam appliance. Custom rules
take precedence, and override the default Cyberoam firewall rules.
39
40
Screen Elements
Matching Criteria
Source
Description
Specify source zone and host IP address/network address to which the
rule applies.
To define host group based firewall rule you need to define host group.
Under Select Address, click Create Host Group to define host group from
firewall rule itself or from Firewall Host Group Create
Under Select Address, click Add Host to define host group from firewall
rule itself rule itself or from Firewall Host Add Host
41
Check Identity
(Only if source
zone
is
LAN/DMZ)
Destination
Check identity allows you to check whether the specified user/user group
from the selected zone is allowed the access of the selected service or not.
Click Enable to check the user identity.
Enable check identity to apply following policies per user:
Internet Access policy for Content Filtering (Users Internet access
policy will be applied automatically but will not be effective till the
Web and Content Filtering module is subscribed)
Schedule Access
IDP (Users IDP policy will be applied automatically but will not be
effective till the IDP module is subscribed)
Anti Virus scanning (Users anti virus scanning policy will be applied
automatically but it will not be effective till the Gateway Anti Virus
module is subscribed)
Anti Spam scanning (Users anti spam scanning policy will be applied
automatically but it will not be effective till the Gateway Anti Spam
module is subscribed)
Bandwidth policy - Users bandwidth policy will be applied
automatically
The policy selected in Route through Gateway is the static routing
policy that is applicable only if more then one gateway is defined and
used for load balancing.
and limit access to available services.
Specify destination zone and host IP address /network address to which
the rule applies.
Under Select Address, click Create Host Group to define host group from
firewall rule itself or from Firewall Host Group Create
Service/Service
group
Under Select Address, click Add Host to define host group from firewall
rule itself rule itself or from Firewall Host Add Host
Services represent types of Internet data transmitted via particular
protocols or applications.
Select service/service group to which the rule applies.
Under Select Here, click Create Service Group to define service group
from firewall rule itself rule itself or from Firewall Service
Create Service
42
Apply
Source
NAT
(Only
if
Action
is
ACCEPT)
For example,
If the request is received on the LAN port using a spoofed IP address
(public IP address or the IP address not in the LAN zone network) and
specific route is not defined, Cyberoam will send a response to these hosts
using default route. Hence, response will be sent through the WAN port.
Select the SNAT policy to be applied
It allows access but after changing source IP address i.e. source IP
address is substituted by the IP address specified in the SNAT policy.
You can create SNAT policy from firewall rule itself or from Firewall
SNAT Policy Create
43
Internet
Policy
Access
44
Select Bandwidth policy for the rule. Only the Firewall Rule based
Bandwidth policy can be applied.
Bandwidth policy allocates & limits the maximum bandwidth usage of the
user.
Route
Through
Gateway
Log Traffic
Description
Save button
Manage Firewall
Use to:
Enable/disable SMTP, POP3, IMAP and HTTP scanning
Deactivate rule
Delete rule
Change rule order
Append rule (zone to zone)
Insert rule
Select display columns
Select Firewall Manage Firewall to display the list of rules
45
Screen components
Append Rule button - Click to add zone to zone rule
Select Column button Click to customize the number of columns to be displayed on the page
Subscription icon
- Indicates subscription module. To implement the functionality of the subscription
module you need to subscribe the respective module. Click to open the licensing page.
Enable/Disable rule icon
- Click to activate/deactive the rule. If you do not want to apply the firewall
rule temporarily, disable rule instead of deleting.
Green Active Rule
Red Deactive Rule
Edit icon
- Click to edit the rule. Refer to Edit Firewall rule for more details.
Insert icon
details.
- Click to insert a new rule before the existing rule. Refer to Define Firewall Rule for more
Move icon
details.
- Click to change the order of the selected rule. Refer to Change the firewall rule order for
Delete icon
- Click to delete the rule. Refer to Delete Firewall Rule for more details.
Update Rule
Select Firewall Manage Firewall to view the list of rules. Click the rule to be modified.
46
Screen Elements
Matching Criteria
Source
Description
Displays source zone and host IP address /network address to which the
rule applies.
Zone Type cannot be modified
Modify host/network address if required
To define host group based firewall rule you need to define host group.
Under Select Address, click Create Host Group to define host group from
firewall rule itself or from Firewall Host Group Create
Under Select Address, click Add Host to define host group from firewall
rule itself rule itself or from Firewall Host Add Host
47
Check
Identity
(Only if source
zone is LAN or
DMZ)
Destination
Check identity allows you to check whether the specified user/user group
from the selected zone is allowed the access of the selected service or not.
Click Enable to check the user identity
Displays destination zone and host IP address /network address to which
the rule applies.
Zone Type cannot be modified
Modify host/network address if required.
To define host group based firewall rule you need to define host group.
Under Select Address, click Create Host Group to define host group from
firewall rule itself or from Firewall Host Group Create
Service/Service
group
Under Select Address, click Add Host to define host group from firewall
rule itself rule itself or from Firewall Host Add Host
Services represent types of Internet data transmitted via particular
protocols or applications.
Displays service/service group to which the rule applies, modify if required
Under Select Here, click Create Service Group to define service group
from firewall rule itself rule itself or from Firewall Service
Create Service
48
Apply
Source
NAT
(Only
if
Action
is
ACCEPT)
49
Internet Access
Policy
(Only if source
zone is LAN)
Bandwidth Policy
Route
Through
Gateway
Log Traffic
50
Description
Save button
51
Append rule
Append Rule adds the new rule above the default rules if zone-to-zone rule set exists else append new
rule as new zone-to-zone rule set in the end.
For example, consider the screen given below. If the new rule is for DMZ to LAN then a new rule set
DMZ LAN is created at the end and rule is added to it. If the new rule is for LAN to WAN then rule will
be added above Rule ID 4 as Rule ID 3 and ID 4 are default rules.
Select Firewall Manage Firewall Rules and click Append Rule
52
53
Note
Default rules cannot be deleted or deactivated.
54
Host Management
Firewall rule can be created for the individual host or host groups. By default, the numbers of hosts equal
to the ports in the appliance are already created.
Screen Elements
Description
55
56
Screen Elements
Description
Del
Select All
Delete button
Screen Elements
Description
Del
Select All
Delete button
57
Add Host
Select Firewall Host Add to open the add page
Screen Elements
Add Host
Host Name
Host Type
Network
Select Host Group
Create button
Description
Specify host name
Select host type i.e. single IP address with subnet or range
of IP address
Specify network address or range of IP address
Select host group
Add a new host
Table Add Host screen elements
Manage Host
Select Firewall Host Manage to view the list of hosts
Screen Elements
Description
Del
58
Select All
Delete button
59
Screen Elements
Description
Bandwidth policy
Description
Machine details
From To
60
61
Traffic Discovery
"Network security" is controlling who can do what on your network. Control is all about detecting and
resolving any activity that does not align with your organization's policies.
Traffic discovery provides a comprehensive, integrated tool to tackle all your Network issues. It performs
network traffic monitoring by aggregating the traffic passing through Cyberoam. It helps in determining
the amount of network traffic generated by an application, IP address or user.
View your network's traffic statistics, including protocol mix, top senders, top broadcasters, and error
sources. Identify and locate bandwidth hogs and isolate them from the network if necessary. Analyze
performance trends with baseline data reports.
The discovered traffic pattern is presented in terms of
Application
User
LAN IP Address
Apart from details of live connections traffic pattern, Cyberoam also provides current dates connection
history.
62
Screen Elements
Description
Application Name
LAN Initiated
WAN Initiated
Displays number
Application
of
connections
initiating/requesting
the
63
Report columns
Description
Established Time
LAN IP Address
LAN PORT
WAN IP Address
WAN PORT
Direction
Upload Transfer
Download Transfer
Upstream Bandwidth
Downstream Bandwidth
Report columns
Description
Established Time
LAN IP Address
LAN Port
WAN IP Address
WAN Port
Direction
Upload Transfer
Download Transfer
Upstream Bandwidth
Downstream Bandwidth
64
Report columns
Description
WAN IP Address
Total Connections
LAN Initiated
WAN Initiated
Upload Transfer
Download Transfer
Upstream Bandwidth
Downstream Bandwidth
Report columns
Description
Destination Port
Total Connections
LAN Initiated
WAN Initiated
Upload Transfer
Download Transfer
Upstream Bandwidth
Downstream Bandwidth
65
User wise
User wise Live Connections displays which user is using which Application and is consuming how much
bandwidth currently.
Select Traffic Discovery Live Connections User wise
Description
User Name
LAN Initiated
WAN Initiated
66
Screen Elements
Description
LAN IP Address
67
LAN Initiated
WAN Initiated
68
Screen Elements
Description
69
LAN Initiated
WAN Initiated
Displays number
Application
of
connections
initiating/requesting
the
70
User wise
It displays list of Users who has logged on to network during the selected duration and accessed which
applications.
Select Traffic Discovery Todays Connection History User wise
Screen Elements
Description
71
LAN Initiated
WAN Initiated
72
Screen Elements
Description
73
LAN Initiated
WAN Initiated
74
Policy Management
Cyberoam allows controlling access to various resources with the help of Policy.
Cyberoam allows defining following types of policies:
1. Control individual user surfing time by defining Surfing quota policy. See Surfing Quota policy for
more details.
2. Schedule Internet access for individual users by defining Access time policy. See Access time
policy for more details.
3. Control web access by defining Internet Access policy. See Internet Access policy for more
details.
4. Allocate and restrict the bandwidth usage by defining Bandwidth policy. See Bandwidth policy for
more details.
5. Limit total as well as individual upload and/or download data transfer by defining data transfer
policy. See Data Transfer policy for more details.
Cyberoam comes with several predefined policies. These predefined policies are immediately available
for use until configured otherwise.
Cyberoam also lets you define customized policies to define different levels of access for different users
to meet your organizations requirements.
75
Screen Elements
Description
Cycle hours
Only if cycle type
is not Non cyclic
Allotted Days
Available options
Daily restricts surfing hours up to cycle hours defined on daily basis
Weekly restricts surfing hours up to cycle hours defined on weekly
basis
Monthly restricts surfing hours up to cycle hours defined on monthly
basis
Yearly restricts surfing hours up to cycle hours defined on yearly basis
Non-cyclic no restriction
Specify upper limit of surfing hours for cyclic type policies
At the end of each Cycle, cycle hours are reset to zero i.e. for Weekly
Cycle type, cycle hours will to reset to zero every week even if cycle
hours are unused
Restricts surfing days
76
Unlimited Days
Allotted Time
Click to select
Allotted time defined the upper limit of the total surfing time allowed i.e.
restricts total surfing time to allotted time
Specify surfing time in Hours & minutes
Select if you do not want to restrict the total surfing time
Unlimited Time
Shared
allotted
time with group
members
Policy Description
Create button
Click to select
Specify whether the allotted time will be shared among all the group
members or not
Click to share
Specify full description of the policy
Creates policy
Note
Policies with the same name cannot be created
77
Screen Elements
Description
78
Note
The changes made in the policy become effective immediately on updating the changes.
Screen Elements
Description
Del
Select All
Delete button
79
Screen Elements
Description
80
Description
Create button
Click to select
Specify full description of policy
Creates policy
Table - Create Access Time policy screen elements
Note
Policies with the same name cannot be created
81
Screen Elements
Description
82
Strategy for
Schedule
selected
Description
Save button
Cancel button
Note
The changes made in the policy become effective immediately on saving the changes.
Screen Elements
Description
Del
Select All
Delete button
83
84
85
Screen Elements
Description
Policy Type
Only for Blank
option in Using
Template field
Description
Reporting
Create button
Save button
Show
Policy
Members button
Cancel button
Note
Policies with the same name cannot be created
86
Screen Elements
Rule details
Select Category
Description
Displays list of custom Web, File Type and Application Protocol
Categories
Displays list of Categories assigned to policy
In Category Name column,
W represents Web Category
F represents File Type Category
A represents Application Protocol Category
D represents Default Category
C represents Customized i.e. User defined Category
Select Categories to be assigned to policy.
In Web Category list, click to select
In File Type list, click to select
In Application Protocol list, click to select
Use Ctrl/Shift and click to select multiple Categories
Strategy
During Schedule
Add button
Click to view
Click Close to close the window
Add rule to Internet Access policy
87
Cancel button
Screen Elements
Description
Policy Type
Description
Reporting
Cannot be modified
Displays policy type
Cannot be modified
Displays policy description, modify if required
By default, Internet usage report is generated for all the users. But
Cyberoam allows to bypass reporting of certain users.
Click Off to create Bypass reporting Internet access policy.
Internet usage reports will not include access details of all the
users to whom this policy will be applied.
Click On to create policy which will include access details of all the
users in Internet usage reports to whom this policy is applied.
Internet Access policy Rules
88
Add button
Click to add
Refer to Add Internet Access policy rule for more details
Allows to delete the selected rule(s)
Delete button
MoveUp button
Only when more
than one rule is
defined
MoveDown button
Only when more
than one rule is
defined
Update button
Only when more
than one rule is
defined
Save button
Show Policy members
button
Cancel button
89
Description
Del
Select All
Delete button
Note
Do not forget to update after changing the order
90
Description
Del
Select All
Delete button
91
Bandwidth policy
Bandwidth is the amount of data passing through a media over a period of time and is measured in terms
of kilobytes per second (kbps) or kilobits per second (kbits) (1 Byte = 8 bits).
The primary objective of bandwidth policy is to manage and distribute total bandwidth on certain
parameters and user attributes. Bandwidth policy allocates & limits the maximum bandwidth usage of the
user and controls web and network traffic.
Policy can be defined/created for:
1. Logon Pool
It restricts the bandwidth of a Logon Pool i.e. all the users defined under the Logon Pool share
the allocated bandwidth.
2. User
It restricts the bandwidth of a particular user.
3. Firewall Rule
It restricts the bandwidth of any entity to which the firewall rule is applied.
In this type of bandwidth restriction, user cannot exceed the defined bandwidth limit. Two ways to
implement strict policy:
Total (Upstream + Downstream)
Individual Upstream and Individual Downstream
Implementation on
Total
(Upstream
Downstream)
Bandwidth specified
Example
Total bandwidth
Upstream
and
Downstream
bandwidth is 20 kbps then either
cannot cross 20 kbps
Individual Upstream
and
Individual
Downstream
Bandwidth specified
Individual
Shared
92
Committed
In this type of bandwidth restriction, user is allocated the guaranteed amount of bandwidth and user can
draw bandwidth up to the defined burstable limit, if available.
It enables to assign fixed minimum and maximum amounts of bandwidth to users. By borrowing excess
bandwidth when it is available, users are able to burst above guaranteed minimum limits, up to the burstable rate. Guaranteed rates also assure minimum bandwidth to critical users to receive constant levels of
bandwidth during peak and non-peak traffic periods.
Guaranteed represents the minimum guaranteed bandwidth and burstable represents the maximum
bandwidth that a user can use, if available.
Two ways to implement committed policy:
Total (Upstream + Downstream)
Individual Upstream and Individual Downstream
Implementation on
Bandwidth specified
Example
Total
(Upstream
Downstream)
Guaranteed bandwidth
Burstable bandwidth
Individual Upstream
and
Individual
Downstream
Bandwidth specified
Individual
Shared
93
Screen Elements
Description
Create button
Cancel button
Note
Policies with the same name cannot be created
94
Screen Elements
Bandwidth Policy Details
Policy based on
Total Bandwidth (in KB)
Description
Click Logon Pool to create Logon Pool based policy
Specify maximum amount of total bandwidth, expressed
in terms of kbps.
Specified bandwidth will be shared by all the users of the
Logon Pool
Maximum bandwidth limit is 4096 kbps
95
Screen Elements
Description
Policy Type
Implementation on
Total bandwidth
(Only for TOTAL
implementation type)
Upload Bandwidth
(Only for INDIVIDUAL
implementation type)
Download Bandwidth
(Only for INDIVIDUAL
implementation type)
96
Bandwidth usage
97
Screen Elements
Description
Policy Type
Implementation on
98
99
Screen Elements
Description
Description
Update button
Cancel button
100
Screen Elements
Description
Policy Based On
Cannot be modified
Default values to be applied all the time
Implementation on
Displays Implementation type of the policy
Cannot be modified
Displays total bandwidth for the group, modify if required
Maximum bandwidth limit is 4096 kbps
101
Screen Elements
Bandwidth Policy Details
Show members link
Policy based on
Description
Opens a new browser window and displays bandwidth
restriction
details,
schedule
details
and
the
members/users of the policy
Click Close to close the window
Displays type of policy
Cannot be modified
Default values to be applied all the time
Implementation on
Displays implementation type of policy
Total Bandwidth
(Only for TOTAL implementation
type)
Upload Bandwidth (in KB)
(Only for STRICT policy type
and INDIVIDUAL implementation
type)
Download Bandwidth (in KB)
(Only for STRICT policy type
and INDIVIDUAL implementation
type)
Guaranteed Brustable Upload
Bandwidth (in KB)
(Only for COMMITTED policy
Cannot be modified
Displays total bandwidth assigned, modify if required
102
Update button
Add details button
Strict
Screen Elements
Description
Implementation on
103
Specify Schedule
Add button
Cancel button
Table Assign Schedule to User based Strict Bandwidth policy screen elements
Committed
Screen Elements
Description
Implementation on
104
Schedule
Add button
Cancel button
Table Assign Schedule to User based Committed Bandwidth policy screen elements
Remove Schedule details
Screen Elements
Description
Select
Select All
Table - Remove Schedule from User based Bandwidth policy screen elements
Note
The changes made in the policy become effective immediately on saving the changes.
105
Screen Elements
Description
Del
Select All
Delete button
106
Screen Elements
Description
107
Restriction based on
Upload Data
Limit (MB)
Transfer
108
Create button
Cancel button
reached user will not be able to log on until the policy is renewed.
OR
If you do not want to restrict total upload data transfer, click Unlimited
Upload Data Transfer
Specify Download Data transfer limit.
It is the upper download data transfer allowed to the user and if the limit
is reached user will not be able to log on until the policy is renewed.
OR
If you do not want to restrict total download data transfer, click Unlimited
Download Data Transfer
Creates policy
Cancels the current operation and returns to Manage Data transfer
policy page
Screen Elements
Description
109
Displays whether the allotted data transfer is shared among all the group
members or not
Displays full description of the policy, modify if required.
Displays Cycle Total Data transfer limit
It is the upper limit of total data transfer allowed to the user per cycle.
User will be disconnected if limit is reached.
Updates policy
Cancels the current operation and returns to Manage Data transfer policy
page
110
Screen Elements
Description
Del
Select All
Delete button
SNAT Policy
SNAT policy tells firewall rule to allow access but after changing source IP address i.e. source IP address
is substituted by the IP address specified in the SNAT policy.
111
Screen Elements
SNAT policy
SNAT Policy Name
Description
Source Translation
Map Source IP with
Description
Specify policy name
Specify description
Specify IP address
MASQUERADE will replace source IP address with Cyberoams
WAN IP address
IP will replace source IP address with the specified IP address
IP Range will replace source IP address with any of the IP address
from the specified range
Create button
Select Firewall SNAT policy Manage to view the list of polices. Click the policy to be
modified.
112
Screen Elements
SNAT policy
SNAT Policy Name
Description
Source Translation
Map Source IP with
Update button
Description
Displays policy name, modify if required
Displays description, modify if required
Specify IP address
MASQUERADE will replace source IP address with Cyberoams
WAN IP address
IP will replace source IP address with the specified IP address
IP Range will replace source IP address with any of the IP address
from the specified range
Saves the modifications
Table Update SNAT policy screen elements
113
Screen Elements
Description
Del
Select All
Delete button
114
DNAT Policy
DNAT rule tells the firewall to forward the requests from the specified machine/port to the specified
machine/port.
Screen Elements
Description
DNAT policy
DNAT Policy Name
Specify policy name
Description
Specify description
Destination Translation
Map Destination IP with Specify IP address
Port Forward
Create button
115
Screen Elements
Description
DNAT policy
DNAT Policy Name
Displays policy name, modify if required
Description
Displays description, modify if required
Destination Translation
Map Destination IP with Specify IP address
Port Forward
116
Update button
Screen Elements
Description
Del
Select All
Delete button
117
Zone Management
Use to
Update Zone details
Delete Zone
Manage Zone
Select System Zone Manage to open the manage zone page
Screen Elements
Description
Create Zone
Zone Name
Zone Type
Select Port
118
Description
Save button
Use Left arrow button to move the selected ports to Available Port
list.
Displays zone description, modify if required
Saves the zone configuration
Table Edit Zone
Delete Zone
Prerequisite
No hosts attached to the zone
Select System Zone Manage to open the manage zone page
Screen Elements
Description
Del
Select All
Note
Default Zones cannot be deleted
119
Group Management
Manage Group
Update Group to:
Change Surfing time policy applied
Change Access time policy applied
Change Internet Access policy applied
Change Bandwidth policy applied
Change Data transfer policy applied
Change the login restriction for the users of the group
Add new users to the group
Select Group Manage Group and click the Group to be modified
Screen Elements
Group Information
Group Name
Show
Group
Members button
Surfing Quota policy
Change policy button
Description
Displays Group name, modify if required
Opens a new window and displays list of group members
Displays currently attached Surfing Quota policy to the Group
Click to change the attached Surfing Quota policy
120
Opens a new window and allows to select a new Surfing Quota policy
Click Change policy
Click Select to select from available policy
Click Done to confirm the selection
Click Cancel to cancel the operation
Time
(HH:mm)
Expiry date
allotted
Period
Time
(HH:mm)
Only
if
Surfing
Quota
policy
is
Non-Cyclic
Period Cycle
Only
if
Surfing
Quota
policy
is
Non-Cyclic
Used Surfing Time
Internet
policy
Access
Surfing quota policy, Time allotted & Expiry date changes accordingly
Displays total surfing time allotted by Surfing Quota policy to the Group
Cannot be modified
Displays Expiry date of the Surfing Quota policy
Cannot be modified
Displays cycle hours
Cannot be modified
Bandwidth policy
Login Restriction
Change
Login
Restriction button
Save button
Add Members
121
Note
Any changes made are applicable to all the group members
Screen Elements
Description
Select Group
Username/Name
starting with (* for All)
Search button
Add button
Close button
122
Update Group
Need may arise to change the Group setting after the creation of Group.
To
Click
Screen Elements
Description
Group name
Total members
User Name
Employee Name
Allotted Time
Expiry Date
Used Time
Close button
123
Screen Elements
Description
Login Restriction
Displays the current login restriction
Click to change the current restriction
Save button
Saves if the restriction is changed
Cancel button
Cancels the current operation
Select Node(s) button
Click to select the Node for restriction
Only if the option Allowed login
from selected nodes is selected
IP address
Displays IP address
Machine name
Displays Machine name if given
Allowed from
Click to select
Cancel button
124
Delete Group
Prerequisite
No Group members defined
Select Group Manage Group and view the list of Groups
Screen Elements
Description
Del
Select All
125
User Management
Search User
Use to search the User
Select User Search User
Screen Elements
Description
Search User
Enter Username
Search User button
Search criteria
Result
Mark
A
192.9.203.102
8
126
Live User
Use Live users page to
view list of all the currently logged on Users
modify user details
send message to any live user
disconnect any live user
Select User Manage Live Users
Report Columns
Description
Concurrent Sessions
User name
Connected from
Click to change the display order
Public IP
Start time
127
Manage User
Update User
Manage Normal & Single Sign on Client Users
Select User User Manage Active to view the list of Users and click User name to be modified
OR
Select User User Manage Deactive to view the list of Users and click User name to be
modified
Manage Clientless Users
Select User Clientless Users Manage Clientless Users to view list of Users and click
User name to be modified
Need may arise to change the User setting after the creation of User.
To
Click
128
Screen Elements
Description
Personal Information
Username
Cannot be modified
Allows to change the Users personal details and login
password
Click Edit Personal details to change
Name
Birth date
Email
User My Account button
Cannot be modified
Displays Birth date of User
Displays Email ID of User
Click to view/update the my account details
129
Cannot be modified
Displays whether simultaneous login is allowed or not,
modify if required
Displays Group in which User is defined
Allows to change Group of the User
Opens a new window and allows to select a new Group
Displays total time allotted to User in the format Hours:
Minutes
Cannot be modified
Displays Expiry date
Cannot be modified
Displays total time used by the User in the format
Hours: Minutes
Period time
Period Cycle
Cycle Time used
Access Time Policy
Cannot be modified
Displays allowed total cycle hours
Displays cycle type
Displays cycle time used
Displays currently assigned Access Time policy to the
User, modify if required
To view the details of the policy
Click View details
Bandwidth policy
Login Restriction
Display currently applied login restriction to the User
130
Save button
Re-apply Current policy button
Cancel button
Screen Elements
Description
Personal Information
Username
Name
New password
Re-enter New password
Birth date
Email
User type
Update button
Cancel button
User My Account
User My Account gives details like Personal details and Internet usage of a particular user. User can
change his/her password using this tab.
Administrator and User both can view these details.
1. Administrator can view details of various users from User User Manage Active and click
Username whose detail is to be checked. Click User My Account, it opens a new browser window.
131
Opens a new window with following sub modules: Personal, Client, Account status, Logout
132
Personal
Allows viewing and updating password and personal details of the user
Change Password
Select Personal Change Password
Description
Change Password
Username
Current Password
New password
Re-enter New password
Update
Description
Personal Information
Username
Displays the name with which user logs in
Name
Birth Date
Cannot be modified
Displays User name, modify if required
Displays birth date
Update
Cannot be modified
Update the changes made
Table - Change Personal details screen elements
133
Screen Elements
Description
Policy Information
Username
Group
Time allotted to User
(HH:mm)
Expiry date
Time used by User
(HH:mm)
Usage Information
Upload Data transfer
Get
Internet
Usage
information for month
Submit button
134
Change Group
Screen Elements
Description
Policy Information
Change Group button
Select
Done button
Cancel button
Screen Elements
Policy Information
Access Time policy
Description
Specify Access Time policy. It overrides the assigned Group
Access time policy.
Bandwidth policy
Save
135
Screen Elements
Description
Login restriction
Change
login
restriction
button
Allowed login from all the
nodes
Allowed login from Group
node(s)
Allowed login from selected
node(s)
Save button
Cancel button
136
Delete User
User can be deleted from Active list as well as from Deactive list
To delete active user, click User User Manage Active
Description
Select
Select All
Delete button
137
Deactivate User
User is de-activated automatically in case he has overused one of the resources defined by policies
assigned. In case, need arises to de-activate user manually, select User User Manage Active
Screen Elements
Description
Select
Select All
Deactivate button
138
Activate User
To activate normal and Single sign on Client user, click User User Manage Deactive
To activate Clientless user, click User Clientless Users Manage Clientless Users
Screen Elements
Description
Select
Select All
Activate button
139
Result
1
192
192.9.203.203
b
4C
B7
140
Screen Elements
Description
Description
Show Nodes link
Update button
Cancel button
141
Add Node
Screen Elements
Description
Machine details
IP address
Range link
Machine name
Create button
Cancel button
142
Delete Node
Prerequisite
Not assigned to any User
Screen Elements
Description
Select
Select All
Delete button
143
Screen Elements
Description
Del
Select All
144
System Management
Configure Network
Network setting consists of Interface Configuration, DHCP Configuration and DNS Configuration.
Configure DNS
A Domain Name Server translates domain names to IP addresses. You can configure domain name
server for your network as follows.
At the time of installation, you configured the IP address of a single primary DNS server. You can change
this primary DNS server any time and also define additional DNS servers.
Select System Configure Network Configure DNS
145
Screen Elements
Description
DNS List
Displays list of Domain name servers
Add button
Remove button
Move Up button
Type IP address
Click OK
Allows to remove IP address of Domain Name Server
Click IP address to select
Click Remove
Changes the order of server when more than one DNS
server defined
Moves the selected Server one step up
Save button
Click Save
Redirect DNS traffic to local DNS Server
DNS
traffic Redirects all the DNS traffic to Cyberoam
redirection
Click Enable to redirect
Table - Configure DNS
To add multiple DNS repeat the above-described procedure. Use Move Up & Move Down buttons to
change the order of DNS. If more than one Domain name server exists, query will be resolved according
to the order specified.
146
Configure DHCP
Dynamic Host Configuration Protocol (DHCP) is a protocol that assigns a unique IP address to a device,
releases and renews the address as device leaves and re-joins the network. The device can have
different IP address every time it connects to the network.
In other words, it provides a mechanism for allocating IP address dynamically so that addresses can be
re-used.
Select System Configure Network Configure DHCP
Screen Elements
Description
DHCP Details
Network Interface
Interface IP
Netmask
IP address
From To
Domain name
Subnet Mask
Gateway
Domain name server
Update DHCP button
147
Screen Elements
Description
Network
Zone/Zone Type
148
Screen Elements
Description
149
IP
Update
Checking Interval
Create button
Manage Account
Check the IP address updation status from the Manage Account page. It also displays the reason incase
updation was not successful.
Select System Dynamic DNS Configuration Manage Account to open configuration
page and click the hostname to be
150
PPPoE
PPPoE Client is a network protocol that uses Point to Point Protocol over Ethernet to connect with a
remote site using various Remote Access Service products. This protocol is typically founding broadband
network of service provider. The ISP may then allow you to obtain an IP address automatically or give
you a specific IP address.
PPPoE Access Concentrator is a router that acts as a server in a Point-to-Point Protocol over Ethernet
(PPPoE) session and is used to:
For Ethernet LANs, to assign IP addresses to workstations, e.g. Multi-apartment buildings, Offices,
to provide user authentication and accounting
Schools and universities, computer classes
Connections to Wireless ISPs
Connections to xDSL providers
Access Concentrators (AC) also known as PPPoE Termination units, answer the PPPoE request coming
from a client site PPPoE application for PPP negotiation and authentication.
When using Cyberoam as a PPPoE client, computers on LAN are transparent to WAN side PPPoE link.
This alleviates Administrator from having to manage the PPPoE clients on the individual computers.
151
Description
PPPoE Configuration
Interface
Displays the Port which configured as PPPoE Interface from
Wizard
User
and Specify username and password. Username and password
Password
should be same as specified in the Network Configuration using
Wizard
Access
Specify Access Concentrator name (PPPoE server).
Concentrator
Name
Cyberoam will initiate sessions with the specified Access
Concentrator only. In most of the cases, you can leave this field
blank. Use it only if you know that there are multiple Access
Concentrators.
Service name
Specify Service Name.
LCP Interval
LCP Failure
Update button
152
153
Manage Gateway
Gateway routes traffic between the networks and if gateway fails, communication with outside Network is
not possible. In this case, organization and its customers are left with the significant downtime and
financial loss.
By default, Cyberoam supports only one gateway. However, since organizations opt for multiple
gateways to cope with gateway failure problems, Cyberoam also provides an option for supporting
multiple gateways. However, simply adding one more gateway is not an end to the problem. Optimal
utilization of all the gateways is also necessary.
Cyberoam not only supports multiple gateways but also provides a way to utilize total bandwidth of all the
gateways optimally.
At the time of installation, you configured the IP address for a default gateway. You can change this
configuration any time and configure for additional gateways.
Refer to Multi link Configuration Guide for source based static routing. Policy based routing can be done
from firewall rule.
To view the Gateway details, select System Gateway Manage Gateway(s)
Screen Elements
Description
Gateway Details
Gateway Name
Gateway
IP
address and port
Save button
Cancel button
Click to save
Cancels the current operation and returns to Manage Gateway page
Click to cancel
Table - Gateway Configuration screen elements
154
DoS Settings
Cyberoam provides several security options that cannot be defined by the firewall rules. This includes
protection from several kinds of Denial of Service attacks. These attacks disable computers and
circumvent security.
Denial of Service (DoS) attack is a method hackers use to prevent or deny legitimate users access to a
service.
DoS attacks are typically executed by sending many request packets to a targeted server (usually Web,
FTP, or Mail server), which floods the server's resources, making the system unusable. Their goal is not
to steal the information but disable or deprive a device or network so that users no longer have access to
the network services/resources.
All servers can handle traffic volume up to a maximum, beyond which they become disabled. Hence,
attackers send a very high volume of redundant traffic to a system so it cannot examine and allow
permitted network traffic. Best way to protect against the DoS attack is to identify and block such
redundant traffic.
SYN Flood In this attack, huge amount of connections are send so that the backlog queue overflows.
The connection is created when the victim host receives a connection request and allocates for it some
memory resources. A SYN flood attack creates so many half-open connections that the system becomes
overwhelmed and cannot handle incoming requests any more.
Click Apply Flag to apply the SYN flood definition and control the allowed number of packets.
To generate log, enable DoS Attack logging from Network Logging Management (Telnet Console). By
default, the DoS attack logging is Off.
To enable logging:
1. Log on to Telnet Console
1. Go to Cyberoam Management>Logging Management>Network Logging Management
2. Enable/On DoS Attack Logging
Refer to Cyberoam Console Guide, Logging Management for more details.
User Datagram Protocol (UDP) Flood This attack links two systems. It hooks up one system's UDP
character-generating service, with another system's UDP echo service. Once the link is made, the two
systems are tied up exchanging a flood of meaningless data.
Click Apply Flag to apply the UDP flood definition and control the allowed number of packets.
To generate log, enable DoS Attack logging from Network Logging Management (Telnet Console). By
default, the DoS attack logging is Off.
To enable logging:
1. Log on to Telnet Console
2. Go to Cyberoam Management>Logging Management>Network Logging Management
3. Enable/On DoS Attack Logging
Refer to Cyberoam Console Guide, Logging Management for more details.
TCP attack This attack sends huge amount of TCP packet than the host/victim computer can handle.
155
156
Threshold values
Cyberoam uses threshold value to detect DoS attack.
Threshold value depends on various factors like:
Network bandwidth
Nature of traffic
Capacity of servers in the network
Threshold = Total number of connections/packet rate allowed to a particular user at a given time
When threshold value exceeds, Cyberoam detects it as an attack and the traffic from the said
source/destination is blocked till the lockdown period.
Threshold is applicable to the individual source/destination i.e. requests per user/IP address and
not globally to the complete network traffic. For example, if source threshold is 2500
packets/minute and the network is of 100 users then each source is allowed packet rate of 2500
packets/minute.
You can define different threshold values for source and destination.
Configuring high values will degrade the performance and too low values will block the regular requests.
Hence, it is very important to configure appropriate values for both source and destination IP address.
Source threshold
Source threshold is the total number of connections/packet rate allowed to a particular user at a given
time.
Destination threshold
Destination threshold is the total number of connections/packet rate allowed from a particular user at a
given time.
How it works
When threshold is crossed, Cyberoam detects it as an attack. Cyberoam provides DoS attack protection
by dropping all the excess packets from the particular source/destination. Cyberoam will continue to drop
the packets till the attack subsides. Because Cyberoam applies threshold value per IP address, traffic
from the particular source/destination will only be dropped while the rest of the network traffic will not be
dropped at all i.e. traffic from the remaining IP addresses will not be affected at all.
Time taken to re-allow traffic from the blocked source/destination = time taken to subside the attack + 30
seconds
157
Screen Elements
Description
Attack type
Type of Attack
Click to view the real time updates on flooding. It displays the source IP
address - which was used for flooding and IP address which was
targeted.
Allowed Packets per minute (Packet rate)
If the packet rate exceeds, it is considered as an attack and the rest of
the packets are dropped.
Apply flag
Source
Packets
dropped
Destination
Packets
Rate (packets/minute)
Apply flag
Destination
Packets
dropped
Update button
158
Screen Elements
Description
Source Port
Destination
Domain name/IP
Address
Destination Port
DoS will not be applied on all the requests from the specified source IP
address and port
Destination Domain name or IP address on which the DoS rule is not to be
applied
Specify destination information
Specify * if you want to bypass the complete network
Specify destination port address.
159
Create button
Screen Elements
Description
Select
Select All
Delete button
160
Screen Elements
Description
161
162
SNMP
Simple Network Management Protocol (SNMP) is used as the transport protocol for network
management. Network management consists of network management station/manager communicating
with network elements such as hosts, routers, servers, or printers. The agent is the software on the
network element (host, router, printer) that runs the network management software. In other words, agent
is the network element. The agent will store information in a management information base (MIB).
Management software will poll the various network elements/agents and get the information stored in
them. The manager uses UDP port 161 to send requests to the agent and the agent uses UDP port 162
to send replies or messages to the manager. The manager can ask for data from the agent or set
variable values in the agent. Agents can reply and report events.
Cyberoam supports SNMPv1, SNMPv2c and SNMPv3.
163
164
Cyberoam MIB
The Cyberoam SNMP implementation is read-only. SNMP v1, v2c and v3 compliant SNMP managers
have read-only access to Cyberoam system information and can receive Cyberoam traps. To monitor
Cyberoam system information and receive Cyberoam traps you must compile Cyberoam proprietary
MIBs into your SNMP manager.
SNMP allows network administrators to monitor the status of the Cyberoam appliance and receive
notification of critical events as they occur on the network. The Cyberoam appliance supports SNMPv1,
SNMPv2c, and SNMPv3 and custom Management Information Base (MIB). The Cyberoam appliance
replies to SNMP Get commands for MIB via configured interface and supports a custom Cyberoam MIB
for generating trap messages. The custom Cyberoam MIB is available for download from the Cyberoam
Web site and can be loaded into any third-party SNMP management software.
The Cyberoam MIB contains fields that report current Cyberoam Appliance status information. The tables
below list the names of the MIB fields and describe the status information available for each one. You
can view more details about the information available from all Cyberoam MIB fields by compiling the
cyberoam.mib file into your SNMP manager and browsing the Cyberoam MIB fields.
Cyberoam supports following read-only MIB objects/fields:
Cyberoam Appliance MIB fields
MIB field
(sysInstall)
applianceKey
applianceModel
cyberoamVersion
wabcatVersion
avVersion
asVersion
idpVersion
Description
Appliance key number of the Cyberoam Appliance in use
Appliance model number of the Cyberoam Appliance in
use
The Cyberoam version currently running on the
Cyberoam Appliance.
The Webcat version installed on the Cyberoam
Appliance
The antivirus definition version installed on the
Cyberoam Appliance
The antispam definition version installed on the
Cyberoam Appliance
The IDP signature definition version installed on the
Cyberoam Appliance
Description
systemDate
cpuPercentageUsage
diskCapacity
diskUsage
memoryCapacity
memoryPercentageUsage
165
swapPercentageUsage
haMode
liveUsers
httpHits
ftpHits
pop3Hits
(mailHits)
imapHits
(mailHits)
smtpHits
(mailHits)
pop3Service
(serviceStats)
imapService
(serviceStats)
smtpService
(serviceStats)
ftpService
(serviceStats)
httpService
(serviceStats)
avService
(serviceStats)
asService
(serviceStats)
dnsService
(serviceStats)
haService
(serviceStats)
IDPService
(serviceStats)
analyzerService
(serviceStats)
snmpService
(serviceStats)
Description
Current Registration status of Cyberoam
Appliance
Expiry date of the Cyberoam Appliance, if
Appliance is the Demo Appliance
Current subscription status for Cyberoam Support
Subscription Expiry date for Cyberoam Support, if
subscribed
Current subscription status for AntiVirus module
Subscription Expiry date for AntiVirus module, if
166
subscribed
asSubStatus
(liAntiSpam)
supportExpiryDate
(liAntiSpam)
asSubStatus
(liIdp)
supportExpiryDate
(liIdp)
asSubStatus
(liWebcat)
supportExpiryDate
(liWebcat)
Description
High CPU usage i.e. CPU usage exceed 90%
highDiskUsage
highMemUsage
httpVirus
(avAlerts)
smtpVirus
(avAlerts)
pop3Virus
(avAlerts)
imap4Virus
(avAlerts)
ftpVirus
(avAlerts)
linkToggle
(dgdAlerts)
idpAlert1
(idpAlerts)
synFlood
(dosAlerts)
tcpFlood
(dosAlerts)
udpFlood
(dosAlerts)
icmpFlood
(dosAlerts)
167
Cyberoam Traps
All the SNMP communities added in Cyberoam will receive traps. All traps include the trap message as
well as the Cyberoam unit serial number or Cyberoam WAN IP address.
To receive traps, SNMP Manager must load and compile the Cyberoam MIB.
If SNMP manager has already included standard and private MIBs in a compiled database that is in use
then you must add the Cyberoam proprietary MIB to this database.
Cyberoam generates the following traps, when the specified events or conditions occur:
Trap Message
Description
168
Manage SNMP
You can manage the Cyberoam appliance using SNMP.
SNMP allows network administrators to monitor the status of the Cyberoam appliance and receive
notification of critical events as they occur on the network. The Cyberoam appliance supports SNMPv1,
SNMPv2c and SNMPv3 and custom Management Information Base (MIB). The Cyberoam appliance
replies to SNMP Get commands for MIB via configured interface and supports a custom Cyberoam MIB
for generating trap messages. The custom Cyberoam MIB is available for download from the Cyberoam
Web site and can be loaded into any third-party SNMP management software.
The Cyberoam SNMP implementation is read-only. SNMP v1,v2c and V3 compliant SNMP managers
have read-only access to Cyberoam system information and can receive Cyberoam traps.
By default SNMP server is disabled.
To start the SNMP server, go to System SNMP Manage SNMP
To restart SNMP server automatically on Cyberoam re-start, enable Autostart from System SNMP
Manage SNMP
169
Screen Elements
Agent Configuration
System Name
System Location
System Contact
Agent Port
Manager Port
System Description
Update button
Description
Specify name to identify the Agent
Specify physical location of the Cyberoam
Appliance
Specify the contact information for the person
responsible for the above specified Cyberoam
appliance
Specify port to be used by Cyberoam to send
traps
Default Port: 161
Specify port that the Remote SNMP Management
station/Manager can use to connect to the
Cyberoam appliance
Specify description
Click to save the details
170
Screen Elements
Description
Manager Configuration
Community Name
Specify name to identify the Community
IP Address (Source)
Specify IP address of the SNMP Manager that
can use the settings in the SNMP community to
monitor Cyberoam
Protocol Version
Enable the required SNMP protocol version
support. SNMP v1 and v2c compliant SNMP
managers have read-only access to Cyberoam
system information and can receive Cyberoam
traps
Trap Support
Enable the required version for trap support.
Traps will be sent to the SNMP Managers who
support the specified versions only
Description
Specify description
Create button
Click to save the details
Table Create SNMP Community screen elements
171
Screen Elements
Description
Manager Configuration
Community Name
Displays Community name, modify if required
IP Address (Source)
Displays IP address of the SNMP Manager that
can use the settings in the SNMP community to
monitor Cyberoam, modify if required
Protocol Version
Enable the required SNMP protocol version
support. SNMP v1 and v2c compliant SNMP
managers have read-only access to Cyberoam
system information and can receive Cyberoam
traps
Trap Support
Enable the required version for trap support.
Traps will be sent to the SNMP Managers who
support the specified versions only
Description
Specify description
Update button
Click to update and save the details
Table Manage SNMP Community screen elements
Screen Elements
Description
Del
172
Select All
Delete button
173
Screen Elements
Description
174
Screen Elements
Description
Screen Elements
Description
Del
Select All
Delete button
175
Manage Data
Backup data
Backup is the essential part of data protection. No matter how well you treat your system, no matter how
much care you take, you cannot guarantee that your data will be safe if it exists in only one place.
Backups are necessary in order to recover data from the loss due to the disk failure, accidental deletion
or file corruption. There are many ways of taking backup and just as many types of media to use as well.
Cyberoam provides facility of taking regular and reliable data backup. Backup consists of all the policies,
logs and all other user related information.
Cyberoam maintains five logs:
Web surfing log This log stores the information of all the websites visited by all the users
User session log Every time the user logs in, session is created. This log stores the session entries of
all the users and specifies the login and logout time.
Audit log This log stores the details of all the actions performed the User administrating Cyberoam.
Refer to Appendix A Audit Log for more details.
Virus log This log stores the details of malicious traffic requests received.
176
Screen Elements
Description
Backup Frequency
177
Backup Data
Select System Manage Data Backup Data
Screen Elements
Description
Download button
Only if backup is taken
previously
Backup button
Download button
Only if backup is taken
previously
178
Restore Data
With the help of restore facility, restore data from the backup taken. Restoring data older than the current
data will lead to the loss of current data.
Select System Manage Data Restore Data
Screen Elements
Description
Upload Backup
File to upload
Browse button
Upload button
Note
Restore facility is version dependant i.e. it will work only if the backup and restore versions are same e.g. if
backup is taken from Cyberoam version 7.4.0.0 then restore will work only for version 7.4.0.0 and not for any
other version.
179
Purge
Purging of data means periodic deletion of the data. Cyberoam provides Auto purge and Manual purge
facility for deleting log records.
Screen Elements
Purge Frequency
Purge Web surfing logs every
Save button
Popup Notification
Enable Alert Popup
Description
Specify number of days after which web surfing
log should be purged automatically
Saves purging schedule configuration
Enabling Popup Notification displays alert popup
before purging the logs
Click to enable
Saves popup alert configuration
Save button
Download Purged Logs
Only if Logs have been Auto purged
Download button
Allows to download the purged log files
Delete button
Click to download
Deletes the purged log files
Note
System will preserve logs only for the specified number of days and automatically purges the logs generated
there after.
180
Manual purge
Use manual purge to delete log records manually
Select System Manage Data Purge Logs
Screen Elements
Description
Purge
Select log for purging
Web surfing logs
User session logs
Audit logs
Till Date
Select the date from Calendar till which the
selected log(s) is to be purged
Purge button
Purges the selected log till the specified date
Click Purge to purge
Table - Purge Logs screen elements
Note
Auto purge option is always on
181
Client Services
Client Messages
Message Management tab allows Administrator to send messages to the various users. Messages help
Administrator to notify users about problems as well as Administrative alerts in areas such as access,
user sessions, incorrect password, and successful log on and log off etc.
Message is send to the User whenever the event occurs.
Message can be up to 256 characters and send to the number of users at a time.
Select System Configure Client Settings Customize Client Message
Screen Elements
Description
Message Key
Message code
Click Message link to customize the message which will be
received by user
182
Specify remaining data transfer usage when all the users should
receive alert.
Eg. Absolute Remaining data transfer usage: 20 MB
User1: Total Data transfer limit (as defined in Data transfer policy):
150 MB
User2: Total Data transfer limit (as defined in Data transfer policy):
640 MB
User1 will receive alert when he is left with 20 MB of data transfer
i.e has done total data transfer of 130 MB
User2 will receive alert when he is left with 20 MB of data transfer
i.e has done total data transfer of 620 MB
Percentage Remaining data transfer usage: 20%
User1: Total Data transfer limit (as defined in Data transfer policy):
150 MB
User2: Total Data transfer limit (as defined in Data transfer policy):
640 MB
User1 will receive alert when he is left with 30 MB (20% of 150 MB)
of data transfer i.e. has done data transfer of 120 MB
User2 will receive alert when he is left with 128 MB (20% of 640
MB) of data transfer i.e. has done data transfer of 512 MB
Specify remaining cycle data transfer usage when all the users
should receive alert.
Cycle data transfer is the upper limit of total data transfer allowed
to the user per cycle. User will be disconnected if the limit is
reached. It is applicable the users to whom the cyclic data transfer
policies are applied.
E.g. Absolute Remaining cycle data transfer usage: 20 MB
User1: Cycle Total Data transfer limit (as defined in Data transfer
policy): 150 MB
User2: Cycle Total Data transfer limit (as defined in Data transfer
policy): 640 MB
User1 will receive alert when he is left with 20 MB of data transfer
per cycle i.e. has done data transfer of 130 MB
User2 will receive alert when he is left with 20 MB of data transfer
per cycle i.e. has done data transfer of 620 MB
Percentage Remaining cycle data transfer usage: 20%
User1: Cycle Total Data transfer limit (as defined in Data transfer
policy): 150 MB
User2: Cycle Total Data transfer limit (as defined in Data transfer
policy): 640 MB
User1 will receive alert when he is left with 30 MB (20% of 150 MB)
of data transfer per cycle i.e. has done data transfer of 120 MB
User2 will receive alert when he is left with 128 MB (20% of 640
MB) of data transfer per cycle i.e. has done data transfer of 512 MB
Saves the data transfer alert configuration
183
Messages
Description/Reason
AlertMessageWithCycleData
AlertMessageWithData
DeactiveUser
DisconnectbyAdmin
InvalidMachine
LoggedoffsuccessfulMsg
LoggedonsuccessfulMsg
Loggedinfromsomewhereelse
MaxLoginLimit
MultipleLoginnotallowed
NotAuthenticate
NotCurrentlyAllowed
Someoneloggedin
SurfingtimeExhausted
SurfingtimeExpired
LiveIPinuse
Nmpoolexceedlimit
184
Client preferences
Use Client preference to specify
which page to open every time user logs on to Cyberoam
whether HTTP client log on page should pop up if user tries to surf without logging in
port from which Web Administration Console can be accessed
number of concurrent log on allowed
Screen Elements
Description
Update button
HTTP Client
Pop up HTTP client
Update button
185
Note
The preferences set are applicable to all the users by default i.e. by default, all the preferences set will be
applicable when the user is created. Refer to Create User, for customizing number of concurrent logins allowed
to the particular user.
186
187
Note
Dimension of Image should be 700 * 80 and jpg file only
188
189
Screen Elements
Description
Server Status
Start button
Only if Current Status is Stopped
Stop button
Only if Current Status is Running
Restart button
190
Screen Elements
Description
191
Click to enable
IP address
Specify IP address of Parent proxy
HTTP Proxy Port
Specify parent proxy port
Save button
Click to save the setting
HTTP Proxy Trusted Ports Setting
Cyberoam allows the access to those sites which are hosted on
standard port only if deployed as HTTP proxy.
To allow access to the sites hosted on the non-standard ports,
you have to define non-standard ports as trusted ports.
You can define individual port or range of ports for http and https
protocols.
Click Add to define non-standard ports
Pharming Protection Configuration
Enable
Pharming Pharming attacks require no additional action from the user from
Protection
their regular web surfing activities. Pharming attack succeeds by
redirecting the users from legitimate web sites instead of similar
fraudulent web sites that has been created to look like the
legitimate site.
Enable to protect against pharming attacks and direct users to
the legitimate web sites instead of fraudulent web sites.
Save button
Click to enable/disable
Click to save the port setting
Table - Configure HTTP Proxy screen elements
192
Manage Servers
Use Services tab to Start/Stop and Enable/Disable Autostart various configured servers. According to the
requirement, one can Start, Stop, Enable or Disable the services.
Types of the servers available:
1. DHCP
2. Domain Name Server
3. Antivirus server
4. Antispam server
5. Cyberoam server
6. Proxy servers HTTP, SMTP, POP3, IMAP, FTP
Select System Manage Services
Screen Elements
Description
Service name
Status
Commands
Usage
Start
Stop
Enable Autostart
Disable Autostart
Restart
Shutdown
193
Screen Elements
Description
Bandwidth report
Graph type
Generates graph
Select any one
Gateway wise Displays list of Gateways defined, click the Gateway
whose data transfer report is to be generated
Logon Pool wise Displays list of Logon Pools defined, click the Logon
Pool whose data transfer report is to be generated
Total Generates total (all gateways and Logon Pools) data transfer
report. Also generates Live user report
Graph period
194
2. Total data transfer Graph shows total data transfer (upload + download) during the day. In
addition, shows minimum, maximum and average data transfer.
X axis Hours
Y-axis Total data transfer (upload + download) in KB/Second
Maximum
data transfer
Minimum
data
195
3. Composite data transfer Combined graph of Upload & Download data transfer. Colors
differentiate upload & download data traffic. In addition, shows the minimum, maximum and
average data transfer for upload & download individually
X axis Hours
Y-axis Upload + Download in Bits/Second
Orange Color - Upload traffic
Blue Color Download traffic
196
5. Upload data transfer - Graph shows only upload traffic during the day. In addition, shows
minimum, maximum and average upload data transfer.
X axis Hours
Y-axis Upload data transfer in Bits/Second
197
7. Integrated Download data transfer of all Gateways Graph shows only the download traffic of all
the gateways during the day. In addition, shows the minimum, maximum and average download
data transfer.
X axis Hours
Y-axis Download data transfer in Bits/Second
Orange Color Gateway1
Blue Color Gateway2
8. Integrated Upload data transfer for all the Gateways - Graph shows only the upload traffic of all
the gateways during the day. In addition, shows minimum, maximum and average upload data
transfer.
X axis Hours
Y-axis Upload data transfer in Bits/Second
Orange Color Gateway1
Blue Color Gateway2
198
Migrate Users
Cyberoam provides a facility to migrate the existing users from PDC or LDAP server. Alternately, you can
also import user definition from an external file (CSV format file).
If you do not want to migrate users, configure for Automatic User creation. This reduces Administrators
burden of creating the same users again in Cyberoam.
Note
After migration, for Cyberoam login password will be same as the username
Once the users are migrated, configure for single sign on login utility.The configuration is required to be
done on the Cyberoam server.
200
201
Customization
Schedule
PART
Schedule defines a time schedule for applying firewall rule or Internet Access policy i.e. used to control
when firewall rules or Internet Access policies are active or inactive.
Types of Schedules:
Recurring use to create policies that are effective only at specified times of the day or on
specified days of the week.
One-time - use to create firewall rules/policies that are effective once for the period of time specified
in the schedule.
Define Schedule
Select Firewall Schedule Define Schedule to open define schedule page
202
Screen Elements
Description
Schedule details
Name
Schedule Type
203
Screen Elements
Description
Schedule Entry
Weekday
Start time & Stop time
Select weekday
Defines the access hours/duration
Add
Schedule
button
Cancel button
detail
204
Manage Schedule
Use to modify:
1. Schedule Name
2. Description
3. Add Schedule Entry details
4. Delete Schedule Entry details
Select Firewall Schedule Manage Schedule and click Schedule name to be updated
Screen Elements
Description
Schedule details
Schedule name
Schedule description
Schedule Entry
Add button
Delete button
Save button
Cancel button
205
Screen Elements
Description
Del
Select All
Delete button
206
Delete Schedule
Select Firewall Schedule Manage Schedule to view the list of Schedules
Screen Elements
Description
Del
Select All
Delete button
207
Services
Services represent types of Internet data transmitted via particular protocols or applications.
Protect your network by configuring firewall rules to
block services for specific zone
limit some or all users from accessing certain services
allow only specific user to communicate using specific service
Cyberoam provides several standard services and allows creating:
Customized service definitions
Firewall rule for customized service definitions
Screen Elements
Description
Create Service
Service Name
Select Protocol
Description
Create button
Cancel button
208
Screen Elements
Custom Service
Service Name
Description
Protocol Details
Add button
Description
Displays service name
Displays description, modify if required
Allows to add protocol details
Click to add
Delete button
Select protocol
For IP - Select Protocol No.
For TCP - Specify Source and Destination port
For UDP - Specify Source and Destination port
For ICMP Select ICMP Type and Code
Click Add
Allows to delete protocol details
Save button
Cancel button
209
Screen Elements
Description
Del
Select All
Click to select
Allows to select all the services for deletion
Delete button
Click to select
Deletes all the selected service(s)
Click to delete
Note
Default Services cannot be deleted
210
Screen Elements
Description
Description
Create button
Cancel button
211
Screen Elements
Description
Description
Save button
Cancel button
212
Screen Elements
Description
Del
Select All
Click to select
Allows to select all the groups for deletion
Delete button
Click to select
Deletes all the selected group(s)
Click to delete
Table Delete Service Group
213
Categories
Cyberoams content filtering capabilities prevent Internet users from accessing non-productive or
objectionable websites that take valuable system resources from your network at the same time prevents
hackers and viruses that can gain access to your network through their Internet connections.
Cyberoam lets you prevent Internet users from accessing URLs that contain content the company finds
objectionable. Cyberoams Categories Database contains categories covering Web page subject matter
as diverse as adult material, astrology, games, job search, and weapons. It is organized into general
categories, many of which contain collections of related Internet sites with specific content focus. In other
words, database is a collection of site/host names that are assigned a category based on the major
theme or content of the site.
Categories Database consists of three types:
Web category Grouping of Domains and Keywords. Default web categories are available for use only if
Web and Application Filter subscription module is registered.
File Type category Grouping of File extensions
Application protocol Grouping of protocols. Standard protocol definitions are available for use only if
Web and Application Filter subscription module is registered.
Apart from the default categories provided by Cyberoam, custom category can also be created if
required. Creating custom category gives increased flexibility in managing Internet access for your
organization. After creating a new category, it must be added to a policy so that Cyberoam knows when
to enforce it and for which groups/users.
214
Web Category
Web category is the grouping of Domains and Keywords used for Internet site filtering. Domains and any
URL containing the keywords defined in the Web category will be blocked.
Each category is grouped according to the type of sites. Categories are grouped into four types and
specifies whether accessing sited specified those categories is considered as productive or not:
Neutral
Productive
Non-working
Un-healthy
For your convenience, Cyberoam provides a database of default Web categories. You can use these or
even create new web categories to suit your needs. To use the default web categories, the subscription
module Web and Application Filter should be registered.
Depending on the organization requirement, allow or deny access to the categories with the help of
policies by groups, individual user, time of day, and many other criteria.
Custom web category is given priority over default category while allowing/restricting the access.
Search URL
Use Search URL to search whether the URL is categorized or not. It searches the specified URL and
displays Category name under which the URL is categorized and category description.
When a custom category is created with a domain/URL which is already categorized in default category
then the custom category overrides the default category and the search result displays custom category
name and not the default category name.
Select Categories Web Category Search URL
215
Note
Default Web categories cannot be modified or deleted.
Custom web category is given the priority over the default category while allowing/restricting access.
216
Screen Elements
Description
217
Update button
Cancel button
Note
Custom category name cannot be same as default category name.
Add Domain
Screen Elements
Description
Domains Management
Domains
Specify domains for the category. Depending upon the Internet
access policy and schedule strategy any site falling under the
specified domain will be allowed or blocked access.
Add Domain button Assigns domains to the web category
Cancel button
Cancels the current operation
Table - Add Domain screen elements
218
Note
Domains can be added at the time of creation of web category or whenever required.
Add Keyword
Screen Elements
Description
Keywords Management
Keywords
Specify domains for the category. Depending on the Internet
access policy and schedule strategy any site falling under the
specified domain will be allowed or blocked access
Add button
Assigns keywords to the Web Category
Cancel button
Cancels the current operation
Table - Add keyword screen elements
Note
Keywords can be added at the time of creation of web category or whenever required.
219
Screen Elements
Description
Delete button
220
Delete button
Click to remove
Refer to Delete Keywords for details
Modifies and saves the updated details
Update button
Click to Update
Cancels the current operation and returns to the Manage Custom Web
Category page
Cancel button
Screen Elements
Description
Select
Select All button
Delete button
221
Screen Elements
Description
Select
Select All button
Delete button
222
Screen Elements
Description
Del
Select All
Click to select
Allows to select all the web categories for deletion
Delete button
Click to select
Deletes all the selected web categories
Click to delete
223
224
Screen Elements
Description
Description
Create button
Cancel button
225
Screen Elements
Description
Cancel button
Click to Update
Cancels the current operation and returns to the Manage Custom
File Type Category page
Screen - Manage Custom File Type Category
226
Screen Elements
Description
Del
Select All button
Delete button
227
228
Screen Elements
Description
229
Update button
Cancel button
Note
Custom category name cannot be same as default category name.
Screen Elements
Description
Destination
Address
Add button
Cancel button
IP
230
Screen Elements
Description
Delete button
Update button
Cancel button
231
Screen Elements
Description
Del
Delete button
232
Screen Elements
Description
Del
Select All
Click to select
Allows to select all the Categories for deletion
Delete button
Click to select
Deletes all the selected Categories
Click to delete
233
Access Control
Use Local ACLs to limit the Administrative access to the following Cyberoam services from
LAN/WAN/DMZ:
Admin Services
Authentication Services
Proxy Services
Network Services
Default Access Control configuration
When Cyberoam is connected and powered up for the first time, it will have a default Access
configuration as specified below:
Admin Services
HTTPS (TCP port 443) and SSH (TCP port 22) services will be open for administrative functions
for LAN zone
Authentication Services
Cyberoam (UDP port 6060) and HTTP Authentication (TCP port 8090) will be open for User
Authentication Services for LAN zone. User Authentication Services are not required for any of
the Administrative functions but required to apply user based internet surfing, bandwidth and
data transfer restrictions.
Customize Access Control configuration
Use access control to limit the access to Cyberoam for administrative purposes from the specific
authenticated/trusted networks only. You can also limit access to administrative services within the
specific authenticated/trusted network.
Select Firewall Local ACL
Screen Elements
Description
234
Saves configuration
Allows to add the trusted networks from which the above
specified services will be allowed/disallowed
Click Add to add network details
Specify Network IP address and Zone
Click Add
Table Access Configuration screen elements
235
Syslog Configuration
Syslog is an industry standard protocol/method for collecting and forwarding messages from devices to a
server running a syslog daemon usually via UDP Port 514. The syslog is a remote computer running a
syslog server. Logging to a central syslog server helps in aggregation of logs and alerts.
Cyberoam appliance can also send a detailed log to an external Syslog server in addition to the standard
event log. The Cyberoam Syslog support requires an external server running a Syslog daemon on any of
the UDP Port.
The Cyberoam captures all log activity and includes every connection source and destination IP address,
IP service, and number of bytes transferred.
A SYSLOG service simply accepts messages, and stores them in files or prints. This form of logging is
the best as it provides a Central logging facility and a protected long-term storage for logs. This is useful
both in routine troubleshooting and in incident handling.
Select System Syslog Configuration
Screen Elements
Description
Syslog Configuration
Syslog Configuration
Syslog Server
236
Syslog Port
Default: 192.168.1.254
Specify the port number for communication with the syslog
server.
Syslog Facility
Default: 514
Select facility to be used. Cyberoam supports following
facilities for log messages received from remote servers
and network devices.
DAEMON - Daemon logs (Information of Services running
in Cyberoam as daemon)
KERN Kernel log
LOCAL0 LOCAL7 Log level
Syslog Level
Dropped
ICMP
Redirected Packet Log
237
Update button
238
239
Upgrade Cyberoam
Cyberoam provides two types of upgrades:
Automatic Correction to any critical software errors, performance improvement or changes in
system behavior leads to automatic upgrade of Cyberoam without manual intervention or
notification.
Manual Manual upgrades requires human intervention.
Automatic Upgrade
By default, AutoUpgrade mode is ON. It is possible to disable the automatic upgrades. Follow the
procedure to disable the AutoUpgrade mode:
1. Log on to Telnet Console
2. Go to option 4 Cyberoam Console
Manual Upgrade
Step 1. Check for Upgrades
Press F10 to go to Dashboard from any of the screens.
Under the Installation Information section, click Check for Upgrades
240
Page displays the list of available upgrades and the upgrade details like release date and size. Order
specifies the sequence in which Cyberoam should be upgraded.
241
Step 4. Upgrade
Once the upgrade file is uploaded successfully, log on to Console to upgrade the version.
Log on to Cyberoam Telnet Console.
Type 6 to upgrade from the Main menu and follow the on-screen instructions.
Successful message will displayed if upgraded successfully.
Repeat above steps if more than one upgrade is available. If more than one upgrade is available, please
upgrade in the same sequence as displayed on the Available Upgrades page.
242
Licensing
You need a customer account to
register your Cyberoam appliance
avail 8 X 5 support
register subscription modules
subscribe for free 30-days Trial subscription
Select Help Licensing to view the list of subscription modules. Screen shows licensing status of
Appliances and subscription modules along with the subscription expiry date if subscribed.
Screen Licensing
Status - Registered Appliance registered
Status - Unregistered Appliance not registered
Status - Subscribed - Module subscribed
Status - Unsubscribed - Module not subscribed
Status - Trial - Trial subscription
Status - Expired - Subscription expired
243
You need to create a customer account to register appliance. If you have already created an account,
type your username and password to register appliance and click register
244
If you have not created account, fill in the form to create your customer account and register appliance.
Screen Registration
Screen Elements
Description
Password
Company name
Contact person
Address, City, State,
Country, Zip, Phone,
Fax
245
and
Subscribe Modules
Cyberoam includes following Subscription modules, which are not included in basic package:
Intrusion Detection and Prevention
Gateway Anti Virus
Gateway Anti Spam
Web and Application Filter
Customer has to procure a different license and subscribe for using any of the Subscription modules. You
can also subscribe for the 30-days free Trial subscription of any of the modules.
Prerequisite
Account created
Appliance registered
Select Help Licensing and click Subscribe against the module to be subscribed.
246
Screen Elements
Description
Subscribe
Appliance key
Displays Appliance key
Appliance Model No.
Displays Appliance model number
Module
Displays module name to be subscribed
Registered Email ID and Specify email ID and password of your registered account
Password
Subscription Key
Specify subscription key of the module obtained from Sales person
(Only if you have
purchased the module)
External Proxy Server Information
Configure for proxy server if HTTP Proxy Server is used to connect to Web
Proxy Server
Specify HTTP proxy server setting (name or IP address) to
connect to Cyberoam registration server
Proxy Port
Specify port number if proxy server is running on the port than
other than the default port (80)
Username
and Specify username and password to be used to log on to proxy
Password
server (if configured)
Subscribe/Trial button
Registers the specified module
Table Subscribe Module
247
Download
Clients
Cyberoam Client supports Users using following platforms:
Windows Enables Users using Windows Operating System to log-on to Cyberoam Server
Linux Enables Users using Linux Operating System to log-on to Cyberoam server
HTTP Enables Users using any other Operating System than Windows & Linux to log-on to Cyberoam
Server
Single Sign on Client Enables Windows-migrated Users to log on to Cyberoam using Windows
Username and password.
Single Sign on Client Auto Setup Download the setup.
Depending on the requirement, download the Cyberoam Client.
Select Help Downloads to download Cyberoam Client
248
Documentation
Select Help Guides to download various guides
249
Screen - Reports
2. Log on to Reports, click on the Reports link to open the reports login page in a new window
250
251
Action
Action By
Action
Status
Message
Report GUI
Login
<username>
Successful
Report GUI
Login
<username>
Failed
Wrong
username
password
Entity
Entity Name
IP
Address
or
Explanation
<IP
address>
Login
attempt
to
Report GUI by User
<username>
was
successful
<IP
address>
Login
attempt
to
Report GUI by User
<username> was not
successful because of
wrong username and
password
Management
GUI
Login
<username>
Successful
<IP
address>
Login
attempt
to
Management GUI by
User <username> was
successful
Management
GUI
Login
<username>
Failed
<IP
address>
Login
attempt
to
Management GUI by
User <username> was
not
successful
because system did
not find the User
<username>
Management
GUI
Login
<username>
Failed
User has no
previllege
of
Administration
<IP
address>
Login
attempt
to
Management GUI by
User <username> was
not successful as user
does
not
have
administrative
privileges
Configuration
Wizard
Started
<username>
Successful
<IP
address>
User
<username>s
request
to
start
Configuration Wizard
was successful
Configuration
Wizard
Finished
<username>
Successful
<IP
address>
User
<username>s
request
to
close
Configuration Wizard
was successful
System
Started
<username>
Successful
CyberoamSystem
Started
<IP
address>
Cyberoam
was
successfully started by
the User <username>
SSh
authentication
<username>
Successful
User
admin,
coming from
192.168.1.241,
authenticated.
<IP
address>
<username> trying to
log on from <ip
address> using SSH
client was successfully
authenticated
SSh
authentication
<username>
Failed
Login Attempt
failed
from
192.168.1.241
by user root
<IP
address>
Authentication
of
<username> trying to
log on from <ip
address> using SSH
client
was
not
successful
SSh
authentication
<username>
Failed
Password
authentication
failed. Login to
account hello
not allowed or
account nonexistent
<IP
address>
Log on to account
<username>
using
SSH client was not
successful
telnet
authentication
<username>
Successful
Login
<IP
252
address>
telnet
authentication
<username>
Failed
Authentication
Failure
<IP
address>
Authentication
of
<username> trying to
log
on
remotely
through Telnet was
not successful
console
authentication
<username>
Successful
Login
Successful
ttyS0
Login
attempt
to
Console
using
Console Interface via
remote login utility by
User <username> was
successful
console
authentication
<username>
Successful
Login
Successful
tty1
Login
attempt
to
Console via direct
Console connection by
User <username> was
successful
console
authentication
<username>
Failed
Authentication
Failure
<IP
address>
Login
attempt
to
Console
by
User
<username> was not
successful
Firewall
Started
System
Successful
<IP
address>
Firewall
subsystem
started
successfully
without any error
Firewall Rule
<firewall rule
id>
e.g. 7
Create
<username>
Successful
<IP
address>
Firewall Rule
<firewall rule
id>
e.g. 6
Update
<username>
Successful
<IP
address>
Firewall Rule
<firewall rule
id>
e.g. 21
Update
System
Successful
<IP
address>
Firewall Rule
<firewall rule
id>
e.g. 10
Delete
System
Successful
<IP
address>
Host
N/A
Delete
<username>
Failed
<IP
address>
Host
<host name>
e.g.
192.168.1.68,
#Port D
Delete
<username>
Successful
<IP
address>
Host
<host name>
e.g.
192.168.1.66,
#Port D
Insert
<username>
Successful
<IP
address>
HostGroup
<host group
name>
e.g.
mkt group
Delete
<username>
Successful
<IP
address>
HostGroup
<host group
name>
e.g.
sys group
Update
<username>
Successful
<IP
address>
HostGroup
<host group
name>
e.g.
Trainee
Insert
<username>
Successful
<IP
address>
Service
<service
name>
e.g.
vypress chat
Delete
<username>
Successful
<IP
address>
Service
<service
name>
was
deleted
successfully by user
<username>
253
<service
name>
e.g.
vypress chat
Update
<username>
Successful
<IP
address>
Service
<service
name>
was
updated
successfully by user
<username>
Service
<service
name >
e.g.
vypress chat
Insert
<username>
Successful
<IP
address>
Service
<service
name>
was
inserted
successfully by user
<username>
ServiceGroup
<service
group name
>
e.g.
Intranet chat
Insert
<username>
Successful
<IP
address>
Service
group
<service group name
>
was
inserted
successfully by user
<username>
ServiceGroup
<service
group name
>
e.g.
Intranet chat
Update
<username>
Successful
<IP
address>
Service
group
<service group name
>
was
updated
successfully by user
<username>
ServiceGroup
<service
group name
>
e.g.
Intranet chat
Delete
<username>
Successful
<IP
address>
Service
group
<service group name
>
was
deleted
successfully by
SNAT Policy
<policy
name>
Insert
<username>
Successful
<IP
address>
SNAT Policy
<policy
name>
Update
<username>
Successful
<IP
address>
SNAT Policy
<policy
name>
Delete
<username>
Successful
<IP
address>
DNAT Policy
<policy
name>
Insert
<username>
Successful
<IP
address>
DNAT Policy
<policy
name>
Update
<username>
Successful
<IP
address>
DNAT Policy
<policy
name>
Delete
<username>
Successful
<IP
address>
Schedule
<schedule
name>
Insert
<username>
Successful
<IP
address>
Schedule <schedule
name> was inserted
successfully by user
<username>
Schedule
<schedule
name>
Update
<username>
Successful
<IP
address>
Schedule <schedule
name> was updated
successfully by user
<username>
Schedule
<schedule
name>
Delete
<username>
Successful
<IP
address>
Schedule <schedule
name> was deleted
successfully by user
<username>
Schedule
Detail
<schedule
name>
Insert
<username>
Successful
<IP
address>
Schedule details to
Schedule <schedule
name> was inserted
successfully by user
<username>
Local ACLs
Local ACLs
Update
<username>
Successful
<IP
address>
Local
ACL
was
updated successfully
by user <username>
DoS Bypass
DoS Bypass
Delete
<username>
Successful
<IP
address>
DoS
Bypass
rule
deleted
successfully
254
DoS Bypass
Insert
<username>
Successful
<IP
address>
DoS
Bypass
rule
inserted successfully
by
user <username>
DoS Settings
DoS Settings
Update
<username>
Successful
<IP
address>
Online
Registraion
Register
<username>
Successful
<IP
address>
User
<username>
successfully registered
Appliance/Subscription
module(s)
through
Online Registration
Upload
Version
Upload
Version
<username>
Successful
<IP
address>
User
<username>
successfully uploaded
the version
Date
Update
<username>
Successful
System time
changed from
2006-06-19
23:15:50 IST
to 2006-07-19
23:15:03 IST
<IP
address>
Apart from the tabular format, Cyberoam allows to view the log details in:
Printable format Click
to open a new window and display the report in the printer
friendly format. Report can be printed from File -> Print.
255
DATA FIELDS
TYPE
DESCRIPTION
Date
date
2.
Time
time
For the dropped traffic - the date when the packet was dropped
by Cyberoam
Time (hh:mm:ss) when the event occurred
For the allowed traffic - the tome when the connection was
started on Cyberoam
3.
4.
5.
Device Name
Device Id
Log Id
String
String
string
For the dropped traffic - the time when the packet was dropped
by Cyberoam
Model Number of the Cyberoam Appliance
Unique Identifier of the Cyberoam Appliance
Unique 7 characters code (c1c2c3c4c5c6c7) e.g. 0101011,
0102011
c1c2 represents Log Type e.g. 01
c3c4 represents Log Component e.g. Firewall, local ACL
c5c6 represents Log Sub Type e.g. allow, violation
4.
5.
Log Type
Log Component
string
string
256
6.
string
08 Fragmented traffic
Event when any fragmented traffic is dropped due to Advanced
Firewall settings. Refer to Console Guide Page no. 59 for more
details.
Decision taken on traffic
Possible values:
01 Allowed
Traffic permitted to and through Cyberoam based on the
firewall rule settings
7.
8.
9.
10.
11.
12.
13.
14.
15.
Status
Priority
Duration
Firewall Rule ID
User
User Group
IAP
In Interface
Out Interface
string
string
02 Violation
Traffic dropped based on the firewall rule settings, local ACL
settings, DOS settings or due to invalid traffic.
Ultimate state of traffic (accept/deny)
Severity level of traffic
integer
integer
string
string
integer
string
Possible values:
01 Notice
Durability of traffic
Firewall rule id of traffic
User Id
Group Id of user
Internet Access policy Id applied for traffic
Interface for incoming traffic e.g. eth0
string
257
28.
29.
30.
Source IP
Destination IP
Protocol
Source Port
Destination Port
ICMP Type
ICMP Code
Sent Packets
Received
Packets
Sent Bytes
Received Bytes
Translated
Source IP
string
string
integer
integer
integer
integer
integer
integer
integer
integer
integer
integer
Translated
Source Port
integer
Translated
Destination IP
Translated
Destination Port
integer
integer
Invalid traffic
Cyberoam will define following traffic as Invalid traffic:
Short IP Packet
IP Packets with bad IP checksum
IP Packets with invalid header and/or data length
Truncated/malformed IP packet
Packets of Ftp-bounce Attack
Short ICMP packet
ICMP packets with bad ICMP checksum
ICMP packets with wrong ICMP type/code
Short UDP packet
Truncated/malformed UDP packet
UDP Packets with bad UDP checksum
Short TCP packet
Truncated/malformed TCP packet
TCP Packets with bad TCP checksum
TCP Packets with invalid flag combination
Cyberoam TCP connection subsystem not able to relate TCP Packets to any connection
If Strict Internet Access Policy is applied then Cyberoam will define following traffic also as Invalid traffic:
UDP Packets with Destination Port 0
TCP Packets with Source Port and/or Destination Port 0
258
259
Type
Non Working
UnHealthy
Advertisements
Non Working
AlcoholandTobacco
Non Working
ALLWebTraffic
Applets
ArtsAndHistory
Neutral
Non Working
Non Working
Astrology
Non Working
BusinessAndEcono
my
Neutral
Chat
Non Working
CommercialBanks
Neutral
Communication
Neutral
ComputerSecurityA
ndHacking
Productive
Cookies
Cricket
Non Working
Non Working
Description
Includes all ActiveX applications
Adult sites not falling in "Porn, Nudity, Swimwear &
Lingerie, Sex Education, and Sexual Health &
Medicines" will be included in "Adult Content" and which
may contain material not suitable to be viewed for
audience under 18
Sites providing advertising graphics or other pop ad
content files
Sites providing information about, promote, or support
the sale of alcoholic beverages or tobacco products or
associated paraphernalia
Any HTTP Traffic
All web pages containing Applets
Sites primarily exhibiting artistic techniques like creative
painting, sculpture, poetry, dance, crafts, Literature, and
Drama. Sites that narrate historical details about
countries/places; events that changed the course of
history forever; sites providing details and events of all
wars i.e. World Wars, Civil Wars, and important persons
of world historical importance
Sites showing predictions about Sun signs and into
various subjects like Education & Career, Love
Relationships, etc.
Sites sponsored by or devoted to business firms,
business associations, sites providing details for all
types of industrial sector like Chemicals, Machinery,
Factory Automation, Cable and Wire, sites providing
information about couriers and logistics, and NonAlcoholic Soft drinks and Beverages
Sites hosting Web Chat services or providing support or
information about chat via HTTP or IRC
Commercial Banks Category includes all Banking Sites
i.e. International / National Public or Private Sector
Banks providing a wide range of services such as all
types of Accounts and Cards, Fixed Deposits, and
Loans
Sites offering telephone, wireless, long distance, and
paging services. It also includes sites providing details
about Mobile communications / cellular communications
Sites providing information about hacking, computer
security, sites providing Anti-Virus solutions, including
sites providing information about or promote illegal or
questionable access to or use of computer or
communication equipment, software, or databases
Includes all cookie based web pages
Sites providing Live Scores of cricket matches, Debates
on Cricketers, Top 10 Cricketers, Cricket News, and
forthcoming Cricket matches. Cricket Category is
differentiated from Sports Category and solely devoted
260
CrimeAndSuicide
UnHealthy
CulturalInstitutions
Neutral
DatingAndMatrimon
ials
Non Working
DownloadFreeware
AndShareware
UnHealthy
Drugs
UnHealthy
EducationalInstition
s
Productive
EducationAndRefer
enceMaterial
Productive
Electronics
Neutral
Entertainment
Non Working
Finance
Non Working
Gambling
UnHealthy
Games
Non Working
Government
Neutral
HealthAndMedicine
s
Productive
HobbiesAndRecrea
tion
Non Working
to Cricket activities
Advocating, instructing, or giving advice on performing
illegal acts such as phone, service theft, evading law
enforcement, lock-picking, burglary techniques and
suicide
Sites sponsored by museums, galleries, theatres ,
libraries, and similar institutions; also, sites whose
purpose is the display of artworks
Sites assisting users in establishing interpersonal
relationships, friendship, excluding those of exclusively
gay, or lesbian or bisexual interest and Matrimonial
Sites providing photos and details of individuals seeking
life partners
Sites whose primary purpose is providing freeware and
shareware downloads of application, software, tools,
screensavers, wallpapers, and drivers
Sites providing information about the cultivation,
preparation, or use of prohibited drugs
Sites sponsored by schools, colleges, institutes, online
education and other educational facilities, by nonacademic research institutions or that relate to
educational events and activities
Sites offering books, reference-shelf content such as
atlases, dictionaries, encyclopedias, formularies, white
and yellow pages, and public statistical data
Sites providing information on manufacturing of
electronics and electrical equipments, gadgets,
instruments like air conditioners, Semi conductors,
Television, Storage Devices, LCD Projectors, Home
Appliances, and Power Systems etc.
Sites providing entertainment sources for Movies,
Celebrities, Theatres, about or promote motion pictures,
non-news radio and television, humor, Comics, Kids and
Teen amusement, Jokes, and magazines
Sites providing information on Money matters,
investment, a wide range of financial services,
economics and accounting related sites and sites of
National & International Insurance companies providing
details for all types of Insurances & Policies
Sites providing information about or promote gambling
or support online gambling, involving a risk of losing
money
Sites providing information about or promote electronic
games, video games, computer games, role-playing
games, or online games
Sites sponsored by countries, government, branches,
bureaus, or agencies of any level of government
including defence. Government associated Sites
providing comprehensive details on Tax related issues
excluding Government sites providing Visa and
Immigration services
Sites providing information or advice on personal health
and fitness. Sites of pharmaceutical companies and
sites providing information about Medicines
Sites providing information about or promote private and
largely sedentary pastimes, but not electronic, video, or
online games. Homelife and family-related topics,
including parenting tips, gay/lesbian/bisexual (non-
261
HTTPUpload
HumanRightsandLi
berty
Non Working
Neutral
ImageBanks
InformationTechnol
ogy
Non Working
Productive
InstantMessages
IPAddress
ISPWebHosting
Non Working
Neutral
Neutral
JobsSearch
UnHealthy
Kids
MilitancyAndExtrem
ist
Music
Neutral
UnHealthy
NatureAndWildLife
Non Working
NewsAndMedia
Neutral
None
Nudity
Neutral
UnHealthy
PersonalAndBisogr
aphySites
PhishingAndFraud
Non Working
UnHealthy
PhotGallaries
Non Working
PoliticalOrganizatio
ns
Neutral
Porn
UnHealthy
Non Working
262
Portals
Non Working
PropertyAndRealEs
tate
Science
Neutral
Productive
SearchEngines
Neutral
SeXHealthAndEduc
ation
Neutral
SharesAndStockMa
rket
Non Working
Shopping
Non Working
Spirituality
Non Working
Sports
Non Working
SpywareAndP2P
UnHealthy
SwimwareAndLinge
rie
Non Working
TravelFoodAndImm
igration
Non Working
URLTranslationSite
s
UnHealthy
Vehicles
Non Working
Violence
UnHealthy
263
Weapons
UnHealthy
WebBasedEmail
Non Working
264
Appendix D Services
Service Name
All Services
Cyberoam
AH
AOL
BGP
DHCP
DNS
ESP
FINGER
FTP
FTP_GET
FTP_PUT
GOPHER
GRE
H323
HTTP
HTTPS
ICMP_ANY
IKE
IMAP
INFO_ADDRESS
INFO_REQUEST
IRC
Internet-LocatorService
L2TP
LDAP
NFS
NNTP
NTP
NetMeeting
OSPF
PC-Anywhere
PING
POP3
PPTP
QUAKE
RAUDIO
RIP
RLOGIN
SAMBA
SIP
SIP-MSNmessenger
Details
All Services
UDP (1024:65535) / (6060)
IP Protocol No 51 (IPv6-Auth)
TCP (1:65535) / (5190:5194)
TCP (1:65535) / (179)
UDP (1:65535) / (67:68)
TCP (1:65535) / (53), UDP (1:65535) / (53)
IP Protocol No 50 (IPv6-Crypt)
TCP (1:65535) / (79)
TCP (1:65535) / (21)
TCP (1:65535) / (21)
TCP (1:65535) / (21)
TCP (1:65535) / (70)
IP Protocol No 47
TCP (1:65535) / (1720), TCP (1:65535) / (1503), UDP (1:65535) /
(1719)
TCP (1:65535) / (80)
TCP (1:65535) / (443)
ICMP any / any
UDP (1:65535) / (500), UDP (1:65535) / (4500)
TCP (1:65535) / (143)
ICMP 17 / any
ICMP 15 / any
TCP (1:65535) / (6660:6669)
TCP (1:65535) / (389)
TCP (1:65535) / (1701), UDP (1:65535) / (1701)
TCP (1:65535) / (389)
TCP (1:65535) / (111), TCP (1:65535) / (2049), UDP (1:65535) /
(111), UDP (1:65535) / (2049)
TCP (1:65535) / (119)
TCP (1:65535) / (123), UDP (1:65535) / (123)
TCP (1:65535) / (1720)
IP Protocol No 89 (OSPFIGP)
TCP (1:65535) / (5631), UDP (1:65535) / (5632)
ICMP 8 / any
TCP (1:65535) / (110)
IP Protocol No 47, TCP (1:65535) / (1723)
UDP (1:65535) / (26000), UDP (1:65535) / (27000), UDP (1:65535)
/ (27910), UDP (1:65535) / (27960)
UDP (1:65535) / (7070)
UDP (1:65535) / (520)
TCP (1:65535) / (513)
TCP (1:65535) / (139)
UDP (1:65535) / (5060)
TCP (1:65535) / (1863)
265
SMTP
SNMP
SSH
SYSLOG
TALK
TCP
TELNET
TFTP
TIMESTAMP
UDP
UUCP
VDOLIVE
WAIS
WINFRAME
X-WINDOWS
266
File Transfer
File Transfer
client
File sharing
Mail Protocol
Chat
Media Player
Voice over IP
Application
Name
Any
FTP
yahoofilexfer
gnucleuslan
imesh
Gnutella
Kazaa
directconnect
POP3
SMTP
IMAP
ymsgr
msnmessenger
AOL
indiatimes
wmplayer
quickplayer
SIP
H323
RTSP
Printing
IPP
Network
DHCP
SNMP
DNS
RDP
Definition
All Services
File Transfer Protocol is a method to transfer files from one location to
another, either on local disks or via the Internet
Yahoo Messenger file transfer
Gnucleuslan P2P client
IMESH P2P client
Gnutella is a system in which individuals can exchange files over the
Internet directly without going through a Web site. Gnutella is often
used as a way to download music files from or share them with other
Internet users
A decentralized Internet peer-to-peer (P2P) file-sharing program
peer-to-peer (P2P) file-sharing program
Transport protocol used for receiving emails.
A protocol for transferring email messages from one server to
another.
A protocol for retrieving e-mail messages
Yahoo Messenger
MSN Messenger
Chat client
Chat client
Windows Media Player
Quick Time Player
(Session Initiation Protocol) Protocol for initiating an interactive user
session that involves multimedia elements such as video, voice, chat,
gaming, and virtual reality.
SIP works in the Application layer of the OSI communications model.
A standard approved by the International Telecommunication Union
(ITU) that defines how audiovisual conferencing data is transmitted
across networks. It enables users to participate in the same
conference even though they are using different videoconferencing
applications.
(Real Time Streaming Protocol) A standard for controlling streaming
data over the World Wide Web
(Internet Printing Protocol) Protocol used for printing documents over
the web. IPP defines basic handshaking and communication
methods, but does not enforce the format of the print data stream.
Protocol for assigning dynamic IP addresses to devices on a network
(Simple Network Management Protocol) Protocol for network
management software. Defines methods for remotely managing
active network components such as hubs, routers, and bridges
An Internet service that translates domain names to or from IP
addresses, which are the actual basis of addresses on the Internet.
(Remote Desktop Protocol) Protocol that allows a Windows-based
terminal (WBT) or other Windows-based client to communicate with a
267
Remote
logging
nbns
Telnet
SSH
HTTP
SSL
ICMP
268
269
270
271
272
273
274
275
............224
Screen Manage Custom File Type Category...................................................................................................224
Screen - Create Custom File Type Category ......................................................................................................225
Table - Create Custom File Type screen elements ...........................................................................................225
Screen - Manage Custom File Type Category....................................................................................................226
Screen - Manage Custom File Type Category....................................................................................................226
Screen - Delete Custom File Type Category.......................................................................................................227
Table - Delete Custom File Type screen elements ...........................................................................................227
Screen - Manage Default Application Protocol Category ...............................................................................228
Screen - Create Custom Application Protocol Category ................................................................................229
Table Create Custom Application Category screen elements ...................................................................230
Screen Add Custom Application Protocol Category details.......................................................................230
276
277