Académique Documents
Professionnel Documents
Culture Documents
Page 1 of 36 10-95322-080511
Getting Started Guide
Contents
Preface ............................................................................................................................. 5
Accessing Cyberoam....................................................................................... 5
Web Admin Console .............................................................................................................. 5
CLI Console via remote login utility - TELNET ...................................................................... 6
CLI Console using SSH client................................................................................................ 6
Firewall ............................................................................................................ 8
Zones ..................................................................................................................................... 8
Firewall rule............................................................................................................................ 8
Default Firewall rules ............................................................................................................. 9
Firewall rule processing order................................................................................................ 9
Manage firewall rules............................................................................................................. 9
NAT(Network Address Translation)..................................................................................... 10
Virtual host..................................................................................................... 10
Quarantine management............................................................................... 14
Anti Virus Æ Mail Æ General Configuration ........................................................................ 14
Anti Spam Æ Configuration Æ General Configuration ........................................................ 14
Quarantine repository size................................................................................................... 14
Page 2 of 36 10-95322-080511
Getting Started Guide
Reports .......................................................................................................... 20
Instant visibility into network resource usability ................................................................... 20
Dashboard Alerts providing Attack VS User information..................................................... 20
“Recent HTTP Viruses detected” section ............................................................................ 21
“Recent FTP Viruses detected” section............................................................................... 21
“Recent IDP Alerts” section ................................................................................................. 22
Recent Mail Viruses detected - section ............................................................................... 23
Analytical Reports................................................................................................................ 23
Sample Organization wise – Top 10 Sites Report by Hits................................................... 24
Sample Blocked Categories report......................................................................................26
Web Trends ......................................................................................................................... 26
Category Trends .................................................................................................................. 27
Category Type Trends ......................................................................................................... 28
Google Search Report .........................................................................................................29
Yahoo Search Report ..........................................................................................................29
Top Virus Senders ............................................................................................................... 30
Compliance reports.............................................................................................................. 30
Password Management................................................................................. 30
CLI Console password......................................................................................................... 30
Web Admin Console Password ...........................................................................................30
Manage Bandwidth........................................................................................ 31
Control bandwidth for group of users .................................................................................. 31
Prioritize bandwidth usage of an Application....................................................................... 31
Page 3 of 36 10-95322-080511
Getting Started Guide
Page 4 of 36 10-95322-080511
Getting Started Guide
Preface
Thank you for purchasing the award-winning Identity-based Cyberoam UTM.
Welcome to Cyberoam Getting Started Guide! This document is designed to ensure that you are
able to use the basic features of your Cyberoam. Getting Started Guide contains configuration
guidelines on what is to be done after Cyberoam appliance is up and running in your network and
addresses the most common use-case scenarios.
In addition to this guide, you can access online help by clicking “Online Help” icon located on the
right most corner of every page of GUI. Entire Cyberoam documentation set can be referred from
http://docs.cyberoam.com.
The configuration given in the document is to be performed from Web Admin console (GUI) of
Cyberoam unless specified. Solutions provided in the document are applicable up to version
9.5.3 build 22.
Deploying Cyberoam
If Cyberoam is not already deployed in your network, refer to Appliance model specific Quick Start
Guide to get step-by-step deployment help.
Accessing Cyberoam
Web Admin Console
Browse to http://<IP address of Cyberoam> and log on with default username “cyberoam” and
password “cyber”
Page 5 of 36 10-95322-080511
Getting Started Guide
Use command “telnet <Cyberoam IP address>” to start TELNET utility from the command prompt
and log on with default password “admin”
Start SSH client and create new Connection with the following parameters:
Hostname - <Cyberoam server IP Address>
Username – admin
Password – admin
Page 6 of 36 10-95322-080511
Getting Started Guide
Verify Configuration
Verify configuration done through Network Configuration Wizard from Dashboard. Dashboard
provides a quick and fast overview of all the important parameters of Cyberoam appliance
including the current operating status of the Cyberoam appliance.
Confirm:
• subscription of all the modules from the License Information section
• deployment mode from Appliance Information section
• status of the default gateway from Gateway Status section
Page 7 of 36 10-95322-080511
Getting Started Guide
• Click Download against the version to be downloaded and follow the on-screen instructions to
save the upgrade file.
• Upload the downloaded version from Help Æ Upload Upgrade
• Upgrade from CLI Console.
Firewall
Zones
Cyberoam provides zone-based security. Zone is the logical grouping of ports that have similar
functions. Cyberoam provides 4 default zones types: LAN, DMZ, WAN and LOCAL
Entire set of physical ports available on the Cyberoam appliance including their configured aliases
are grouped in LOCAL zone. In other words, IP addresses assigned to all the ports fall under the
LOCAL zone.
To create additional LAN and DMZ zone types, refer to User Guide for details on creation of Zone.
Firewall rule
Firewall rule provides centralized management of security policies. From the single firewall rule,
you can define and manage entire set of Cyberoam security policies.
Zone based firewall rules are created to control (allow or block) the network traffic. If you wish to
have more granular control, include user and/or service in the zone based firewall rule.
Page 8 of 36 10-95322-080511
Getting Started Guide
Specify service to be
allowed/disallowed
Assign bandwidth
policy
Enable/disable virus
Enable/disable and spam scanning
traffic logging
While adding multiple firewall rules, make sure specific rules are placed above the general rules. If
general rule is placed above the specific rule, general rule will allow the traffic for which you have
defined the deny rule later in the list.
Please note that you will not be able to delete default rules but can edit as per your requirement.
Page 9 of 36 10-95322-080511
Getting Started Guide
Schedule Deactive
Enable/Disable Rule Edit Insert Delete
Move
NAT rule changes the source IP address of the packet i.e. the IP address of the connection
initiator is changed. Apply NAT whenever it is required to send the outgoing traffic with a specific
IP address.
For example, multiple public IP address for WAN port - 202.134.168.202, 202.134.168.208. To
route the traffic of a Group of users through 202.134.168.208 only, you need to create NAT rule for
Group of users.
Virtual host
Virtual Host maps services of a public IP address to services of a host in a private network.
A Virtual host can be a single IP address or an IP address range or Cyberoam interface itself.
Cyberoam will automatically respond to the ARP request received on the WAN zone for the
external IP address of Virtual host.
You must create firewall rule for the Virtual host to function and to allow traffic to flow between
virtual host and network.
Refer Configure one-to-one IP address mapping to access devices on Internal network for step-by-
step configuration.
User Authentication
Page 10 of 36 10-95322-080511
Getting Started Guide
LDAP Authentication
Configure from User Æ Authentication settings.
Refer to article (http://kb.cyberoam.com/default.asp?id=707&Lang=1&SID=) for more details.
RADIUS Authentication
Configure from User Æ Authentication settings.
Refer to article (http://kb.cyberoam.com/default.asp?id=339&Lang=1&SID=) for more details.
Cyberoam/Local Authentication
Configure from User Æ Authentication settings.
If you want Cyberoam to authenticate users, add users and configure group membership for users.
Cyberoam supports various user types, refer to User types for details on user types and how to
add users.
Content filtering
Content filtering is used to limit the access of the contents available to the user based on
combination of categories, keywords, URLs, domain names and file types.
Fine-tune the default Internet Access Policy (IAP) for controlling access as per your requirement.
Access
For How and from
control
Block Category All the users Update “Allow All” default policy from Policies Æ
(Blanket block) Internet Access Policy Æ Manage Policy:
Category - specify category to be blocked
Strategy - Deny
Group/User 1. Create policy from Policies Æ Internet Access
Policy Æ Create Policy
Policy Type – Allow
Category - specify category to be blocked
Strategy - Deny
Page 11 of 36 10-95322-080511
Getting Started Guide
Block All the users 1. Create Custom category from Categories Æ Web
Uncategorized (Blanket block) Category Æ Create Custom and specify the URL to
URL/sites be blocked Under Domain Management
Step 2. Include IAP created in step 1 in the user Group from Group Æ Manage Group
Step 3. Create User based Firewall rule from Firewall Æ Create Rule
• Source: LAN, Any Host
• Click “Check Identity” to enable User based Firewall rule and select the user whose “P2P
Applications” category (created in step 1) is to be blocked
• Destination: WAN, Any Host
• Service: All Services
Go to Policies Æ Internet Access Policy Æ Manage Policy and update “Allow All” default Internet
Access policy. Select “DatingAndMatrimonials” in Web Category field and “Deny” in Strategy field.
Above solution will work only if you have not changed LAN to WAN, Allow All default firewall rule.
Page 12 of 36 10-95322-080511
Getting Started Guide
2. Create LAN to WAN firewall rule and apply “Allow All” IAP (updated in step 1)
What From
Enable HTTP virus scanning Firewall Æ Manage Rule
Page 13 of 36 10-95322-080511
Getting Started Guide
Set Over size mail action for virus Anti Virus Æ Mail Æ General Configuration
scanning
Restrict spam scanning based on mail Anti Spam Æ Mail Æ General Configuration
size
Set Over size mail action for spam Anti Spam Æ Mail Æ General Configuration
scanning
Enable spam scanning for authenticated Anti Spam Æ Mail Æ General Configuration
traffic
Block password protected attachments Update default policy from Anti Virus Æ SMTP Æ
(for all the recipients) Default Scan policy
Specify “All” for Block File Types
Enable “Protected Attachment” for Receiver’s Action
and Notify Administrator
Quarantine management
Cyberoam quarantines virus infected and SMTP spam mails.
If you are Network Administrator, you can view quarantined mails from:
Anti Virus Æ Mail Æ General Configuration
Anti Spam Æ Configuration Æ General Configuration
As a Network Administrator, you can also educate your network users to view and manage their
own quarantine space.
Individual network user can log on to User My Account and go to Quarantine Mails option and view
the list of their quarantined mails.
You can reject, drop, accept, change the mail recipient or add a prefix to the mail subject and
forward the spam mails. Spam actions can be specified from Spam policy.
Page 14 of 36 10-95322-080511
Getting Started Guide
Parameters Value
Name Whitelist
Group Type Email Address
Email Address Type all the email address from which
mails are to be allowed
Page 15 of 36 10-95322-080511
Getting Started Guide
Step 2. Create Black list from Anti Spam Æ Configuration Æ Address Groups with the following
parameters:
Parameters Value
Name Blacklist
Group Type IP Address
Email Address Type all the email address from which
mails are to be blocked
Update Global Policy (Anti Spam Æ Spam Policy Æ Global Policy) and use white list and black list
to allow and block spam mails.
Archive mails
The email communications that pertain to the organization’s business activity are subject to
regulatory requirements. This act necessitates retaining email correspondence. Cyberoam’s
“Copy-to” provides an in-house email archiving solution for building your email repository.
By specifying email address in “Send copy to email address(s)” field, you can transparently co-
deliver and archive all the mails to the pre-defined mail address.
Page 16 of 36 10-95322-080511
Getting Started Guide
Page 17 of 36 10-95322-080511
Getting Started Guide
Define the URL’s which are to be bypassed from virus scanning from Anti Virus → HTTP →
Configuration.
Page 18 of 36 10-95322-080511
Getting Started Guide
Step 2. Create IPSec connection from VPN → IPSec Connection → Create Connection and define
authentication method and source and destination addresses of the VPN tunnel.
Step 5. Once both the gateways are configured successfully, go to VPN → IPSec Connection →
Manage Connection and establish the connection. Connection can be established from either of
the Gateways.
Cyberoam provides VPN interoperability with number of third party IPSec VPN Gateways, refer to
http://kb.cyberoam.com/default.asp?id=388&Lang=1&SID= for list of supported gateways and how
to establish connection with them.
If you are using Cyberoam IPSec VPN Client for the first time, download Client from
http://www.cyberoam.com/vpnhelp.html.
Page 19 of 36 10-95322-080511
Getting Started Guide
Your primary VPN connection will failover to the very next active Connection in the Group if
Connection group is created including the primary connection. For example, if the connection
established using 4th Connection in the Group is lost then 5th Connections will take over provided
the 5th connection is active.
Reports
Instant visibility into network resource usability
You can analyze system resources usage summary, summary on network activities and surfing
pattern from Dashboard.
Page 20 of 36 10-95322-080511
Getting Started Guide
Page 21 of 36 10-95322-080511
Getting Started Guide
Page 22 of 36 10-95322-080511
Getting Started Guide
Analytical Reports
Analytical reports provide details on each and every activity for your network including users
receiving virus and spam mails, spam and virus mail senders, users becoming victims of IDP
attacks as well as details on IDP attackers.
Additionally, extensive reports that can help to analyze all the User activities like sites surfed,
amount of data transferred and surfing time, carried out by user, group and so on are also
provided to take the corrective actions by tuning the policies based on the user behavior.
Page 23 of 36 10-95322-080511
Getting Started Guide
Page 24 of 36 10-95322-080511
Getting Started Guide
Page 25 of 36 10-95322-080511
Getting Started Guide
Web Trends
Web Trends track and reports surfing activity i.e. hits and displays the usage pattern over a period
of time (hourly/weekly/monthly) in the form of graph.
Page 26 of 36 10-95322-080511
Getting Started Guide
Category Trends
Category Trends tracks and reports on category wise hits i.e. category wise surfing activity and
displays the usage pattern in the form of graph.
Page 27 of 36 10-95322-080511
Getting Started Guide
Page 28 of 36 10-95322-080511
Getting Started Guide
Page 29 of 36 10-95322-080511
Getting Started Guide
Compliance reports
Many business and organizations require protecting their critical applications as well as customer
(patient) data, controlling access to that date and proving how they have done. For this, they need
to meet regulatory requirements such as HIPAA, GLBA, SOX, FISMA and PCI. Cyberoam
provides 45+ compliance reports and can be accessed from Reports > Compliance Reports.
HIPAA - Health Insurance Portability & Accountability Act for Health care Industry regulations i.e.
healthcare providers and insurance companies.
GLBA - The Gramm-Leach-Bliley Act regulations for on financial institutions including banks,
mortgage brokers, lenders, credit unions, insurance and real-estate companies.
SOX - Sarbanes-Oxley for publicly held companies.
PCI - Payment Card Industry regulations for organization that processes credit or debit card
information, including merchants and third-party service providers that store, process or transmit
credit card/debit card data.
FISMA – The Federal Information Security Management Act regulations for all information systems
used or operated by a US Government federal agency or by a contractor or other organization on
behalf of a US Government agency.
Password Management
CLI Console password
1. From Web Admin Console, go to System → Reset Console Password and change CLI
Console password
2. From CLI console, go to Option 2 System Settings, Option 1 Set Console Password to change
the CLI Console password from CLI Console.
Page 30 of 36 10-95322-080511
Getting Started Guide
Manage Bandwidth
Control bandwidth for group of users
• Create User based Bandwidth policy from Policies → Bandwidth Policy → Create Policy
• Create user group from Group → Add group and attach the bandwidth policy created for the
group
• Create Identity based firewall rule from Firewall → Create Rule and select the user group.
Add Gateway
One unused WAN port is required for each Gateway.
Go to System → Gateway → Manage Gateway(s) and click Add to specify Gateway IP address
and port.
A request on the specified port is send to the Host. If Host does not respond to the request,
Cyberoam considers the Gateway as ‘dead’, stops sending traffic to the dead gateway and sends
traffic through another available gateway.
Page 31 of 36 10-95322-080511
Getting Started Guide
General Administration
Restart Cyberoam management services
Cyberoam management services can be restarted from CLI Console.
Add Alias
Alias refers to assigning multiple IP addresses to an Interface. You can add alias from System Æ
Configure Network Æ Manage Interface.
In addition, Dashboard, reports including traffic discovery and bandwidth usage graphs can be
viewed only from Web Admin Console.
For more details, refer version specific Console Guide available on http://docs.cyberoam.com/
Page 32 of 36 10-95322-080511
Getting Started Guide
User types
User is identified by an IP address or a user name and must be member of a group. User will
inherit its group policies. User can be assigned explicit policies which will override its group
policies.
Single Sign
Feature Normal User Clientless User
on User
User required to log on to Yes No No
Cyberoam before accessing
network resources
Group membership
Normal Yes No Yes
Clientless No Yes No
Apply Login restriction Yes Yes Yes
Apply Surfing Quota policy Yes No No
Apply Access Time policy Yes No No
Apply Bandwidth policy Yes Yes Yes
Apply Internet Access policy Yes Yes Yes
Apply Data Transfer policy Yes No Yes
By default, normal users are added under Open Group while clientless users in the Clientless
Open Group. You can change the group membership of the User. Create new groups as per your
requirement from Group Æ Group
High Availability
Using High availability for hardware failover and load balancing, involves installing two Cyberoam
appliances – Primary and Auxiliary appliance, with the same number of interfaces and same
version installed on both the appliances.
Cyberoam offers high availability by using Virtual MAC address shared between a primary and
auxiliary appliance linked together as a “cluster”. Appliances - primary and auxiliary appliance,
must be physically connected over a dedicated HA link port. Cluster appliances use this link to
communicate cluster information and to synchronize with each other.
Active-Passive
Continuous connectivity - Yes
Failover
Load balance traffic No
Page 33 of 36 10-95322-080511
Getting Started Guide
Appliances - primary and auxiliary appliance, are physically connected over a dedicated HA link
port to operate as an HA Cluster. Cluster appliances use this link to communicate cluster
information and to synchronize with each other.
When you configure HA cluster, Cyberoam assigns a Virtual MAC address to one of the appliance
in the cluster. Entire network traffic is forwarded to the cluster appliance which has the virtual MAC
address. The appliance which has virtual MAC address is referred as Primary Appliance while
other peer is referred as Auxiliary Appliance.
Primary appliance regularly sends keep-alive request through HA link, which is answered by
Auxiliary appliance. If keep-alive request is not returned by primary appliance, the device is
considered to have failed. In this case, Auxiliary appliance takes ownership of the virtual MAC
address from primary appliance, and becomes primary appliance temporarily. Primary appliance
automatically takes over from the Auxiliary appliance once it starts functioning.
The appliance from which HA is enabled acts as a primary appliance while the peer appliance acts
as auxiliary appliance. Auxiliary appliance takes over primary appliance when primary appliance
fails.
Page 34 of 36 10-95322-080511
Getting Started Guide
Points to remember
• If you are integrating Cyberoam with Active Directory for authentication, use Active Directory
as your DNS. You are required to define Active Directory as DNS both in Cyberoam as well
as all the desktops.
• If you have configured Cyberoam as DHCP server for leasing IP addresses, make sure
DHCP server is enabled for autostart. If not, then IP address will be leased only after
rebooting Cyberoam.
Page 35 of 36 10-95322-080511
Getting Started Guide
IMPORTANT NOTICE
Elitecore has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of
any kind, expressed or implied. Users must take full responsibility for their application of any products. Elitecore assumes no responsibility
for any errors that may appear in this document. Elitecore reserves the right, without notice to make changes in product design or
specifications. Information is subject to change without notice.
USER’S LICENSE
The Appliance described in this document is furnished under the terms of Elitecore’s End User license agreement. Please read these terms
and conditions carefully before using the Appliance. By using this Appliance, you agree to be bound by the terms and conditions of this
license. If you do not agree with the terms of this license, promptly return the unused Appliance and manual (with proof of payment) to the
place of purchase for a full refund.
LIMITED WARRANTY
Software: Elitecore warrants for a period of ninety (90) days from the date of shipment from Elitecore: (1) the media on which the Software
is furnished will be free of defects in materials and workmanship under normal use; and (2) the Software substantially conforms to its
published specifications except for the foregoing, the software is provided AS IS. This limited warranty extends only to the customer as the
original licenses. Customers exclusive remedy and the entire liability of Elitecore and its suppliers under this warranty will be, at Elitecore
or its service center’s option, repair, replacement, or refund of the software if reported (or, upon, request, returned) to the party supplying the
software to the customer. In no event does Elitecore warrant that the Software is error free, or that the customer will be able to operate the
software without problems or interruptions. Elitecore hereby declares that the anti virus and anti spam modules are powered by Kaspersky
Labs and the performance thereof is under warranty provided by Kaspersky Labs. It is specified that Kaspersky Lab does not warrant that
the Software identifies all known viruses, nor that the Software will not occasionally erroneously report a virus in a title not infected by that
virus.
Hardware: Elitecore warrants that the Hardware portion of the Elitecore Products excluding power supplies, fans and electrical components
will be free from material defects in workmanship and materials for a period of One (1) year. Elitecore's sole obligation shall be to repair or
replace the defective Hardware at no charge to the original owner. The replacement Hardware need not be new or of an identical make,
model or part; Elitecore may, in its discretion, replace the defective Hardware (or any part thereof) with any reconditioned product that
Elitecore reasonably determines is substantially equivalent (or superior) in all material respects to the defective Hardware.
DISCLAIMER OF WARRANTY
Except as specified in this warranty, all expressed or implied conditions, representations, and warranties including, without limitation, any
implied warranty or merchantability, fitness for a particular purpose, non-infringement or arising from a course of dealing, usage, or trade
practice, and hereby excluded to the extent allowed by applicable law.
In no event will Elitecore or its supplier be liable for any lost revenue, profit, or data, or for special, indirect, consequential, incidental, or
punitive damages however caused and regardless of the theory of liability arising out of the use of or inability to use the product even if
Elitecore or its suppliers have been advised of the possibility of such damages. In the event shall Elitecore’s or its supplier’s liability to the
customer, whether in contract, tort (including negligence) or otherwise, exceed the price paid by the customer. The foregoing limitations
shall apply even if the above stated warranty fails of its essential purpose.
In no event shall Elitecore or its supplier be liable for any indirect, special, consequential, or incidental damages, including, without
limitation, lost profits or loss or damage to data arising out of the use or inability to use this manual, even if Elitecore or its suppliers have
been advised of the possibility of such damages.
RESTRICTED RIGHTS
Copyright 2000 Elitecore Technologies Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of Elitecore Technologies Ltd.
Information supplies by Elitecore Technologies Ltd. Is believed to be accurate and reliable at the time of printing, but Elitecore
Technologies assumes no responsibility for any errors that may appear in this documents. Elitecore Technologies reserves the right, without
notice, to make changes in product design or specifications. Information is subject to change without notice
CORPORATE HEADQUARTERS
Elitecore Technologies Ltd.
904 Silicon Tower,
Off. C.G. Road,
Ahmedabad – 380015, INDIA
Phone: +91-79-66065606
Fax: +91-79-26407640
Web site: www.elitecore.com , www.cyberoam.com
Page 36 of 36 10-95322-080511