You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
User Guide Version 9
Document version 9410-2.0-24/01/2007
2
Cyberoam User Guide
IMPORTANT NOTICE
Elitecore has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of
any kind, expressed or implied. Users must take full responsibility for their application of any products. Elitecore assumes no
responsibility for any errors that may appear in this document. Elitecore reserves the right, without notice to make changes in product
design or specifications. Information is subject to change without notice.
USER’S LICENSE
The Appliance described in this document is furnished under the terms of Elitecore’s End User license agreement. Please read these
terms and conditions carefully before using the Appliance. By using this Appliance, you agree to be bound by the terms and conditions
of this license. If you do not agree with the terms of this license, promptly return the unused Appliance and manual (with proof of
payment) to the place of purchase for a full refund.
LIMITED WARRANTY
Software: Elitecore warrants for a period of ninety (90) days from the date of shipment from Elitecore: (1) the media on which the
Software is furnished will be free of defects in materials and workmanship under normal use; and (2) the Software substantially
conforms to its published specifications except for the foregoing, the software is provided AS IS. This limited warranty extends only to
the customer as the original licenses. Customers exclusive remedy and the entire liability of Elitecore and its suppliers under this
warranty will be, at Elitecore or its service center’s option, repair, replacement, or refund of the software if reported (or, upon, request,
returned) to the party supplying the software to the customer. In no event does Elitecore warrant that the Software is error free, or that
the customer will be able to operate the software without problems or interruptions. Elitecore hereby declares that the anti virus and anti
spam modules are powered by Kaspersky Labs and the performance thereof is under warranty provided by Kaspersky Labs. It is
specified that Kaspersky Lab does not warrant that the Software identifies all known viruses, nor that the Software will not occasionally
erroneously report a virus in a title not infected by that virus.
Hardware: Elitecore warrants that the Hardware portion of the Elitecore Products excluding power supplies, fans and electrical
components will be free from material defects in workmanship and materials for a period of One (1) year. Elitecore's sole obligation
shall be to repair or replace the defective Hardware at no charge to the original owner. The replacement Hardware need not be new or
of an identical make, model or part; Elitecore may, in its discretion, replace the defective Hardware (or any part thereof) with any
reconditioned product that Elitecore reasonably determines is substantially equivalent (or superior) in all material respects to the
defective Hardware.
DISCLAIMER OF WARRANTY
Except as specified in this warranty, all expressed or implied conditions, representations, and warranties including, without limitation,
any implied warranty or merchantability, fitness for a particular purpose, non-infringement or arising from a course of dealing, usage, or
trade practice, and hereby excluded to the extent allowed by applicable law.
In no event will Elitecore or its supplier be liable for any lost revenue, profit, or data, or for special, indirect, consequential, incidental, or
punitive damages however caused and regardless of the theory of liability arising out of the use of or inability to use the product even if
Elitecore or its suppliers have been advised of the possibility of such damages. In the event shall Elitecore’s or its supplier’s liability to
the customer, whether in contract, tort (including negligence) or otherwise, exceed the price paid by the customer. The foregoing
limitations shall apply even if the above stated warranty fails of its essential purpose.
In no event shall Elitecore or its supplier be liable for any indirect, special, consequential, or incidental damages, including, without
limitation, lost profits or loss or damage to data arising out of the use or inability to use this manual, even if Elitecore or its suppliers
have been advised of the possibility of such damages.
RESTRICTED RIGHTS
Copyright 2000 Elitecore Technologies Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of Elitecore Technologies Ltd.
Information supplies by Elitecore Technologies Ltd. Is believed to be accurate and reliable at the time of printing, but Elitecore
Technologies assumes no responsibility for any errors that may appear in this documents. Elitecore Technologies reserves the right,
without notice, to make changes in product design or specifications. Information is subject to change without notice
CORPORATE HEADQUARTERS
Elitecore Technologies Ltd.
904 Silicon Tower,
Off. C.G. Road,
Ahmedabad – 380015, INDIA
Phone: +91-79-66065606
Fax: +91-79-26407640
Web site: www.elitecore.com , www.cyberoam.com
3
Cyberoam User Guide
Contents
Guide Sets _______________________________________________________________________________ 6
Technical Support _________________________________________________________________________ 7
Typographic Conventions___________________________________________________________________ 8
Preface ____________________________________________________________________________ 9
Guide Organization _______________________________________________________________________ 10
Cyberoam Basics__________________________________________________________________ 11
Benefits of Cyberoam _____________________________________________________________________ 11
Accessing Cyberoam _____________________________________________________________________ 11
Accessing the Web Admin Console _________________________________________________________ 13
Getting Started______________________________________________________________________________ 16
Dashboard ______________________________________________________________________________ 18
Management ________________________________________________________________________________ 20
Setting up Zones __________________________________________________________________ 20
Create Zone _____________________________________________________________________________ 21
Setting up Users __________________________________________________________________ 22
Define Authentication _____________________________________________________________________ 22
Define User______________________________________________________________________________ 24
Setting up Groups _________________________________________________________________ 33
Firewall ___________________________________________________________________________ 38
Create Firewall rule _______________________________________________________________________ 40
Manage Firewall__________________________________________________________________________ 45
Host Management ________________________________________________________________________ 55
Setting up Logon Pools ____________________________________________________________ 60
Traffic Discovery __________________________________________________________________ 62
Live Connections report ___________________________________________________________________ 62
Today’s Connection History ________________________________________________________________ 69
Policy Management________________________________________________________________ 75
Surfing Quota policy ______________________________________________________________________ 76
Access Time policy _______________________________________________________________________ 80
Internet Access policy _____________________________________________________________________ 84
Bandwidth policy _________________________________________________________________________ 92
Data Transfer policy _____________________________________________________________________ 107
SNAT Policy ____________________________________________________________________________ 111
DNAT Policy ____________________________________________________________________________ 115
Zone Management ________________________________________________________________ 118
Manage Zone ___________________________________________________________________________ 118
Delete Zone ____________________________________________________________________________ 119
Group Management_______________________________________________________________ 120
Manage Group __________________________________________________________________________ 120
Delete Group ___________________________________________________________________________ 125
User Management ________________________________________________________________ 126
Search User ____________________________________________________________________________ 126
Live User_______________________________________________________________________________ 127
Manage User ___________________________________________________________________________ 128
Logon Pool Management__________________________________________________________ 140
Search Node____________________________________________________________________________ 140
4
Cyberoam User Guide
Update Logon Pool ______________________________________________________________________ 141
Delete Logon Pool _______________________________________________________________________ 144
System Management _____________________________________________________________ 145
Configure Network_______________________________________________________________________ 145
Configure DNS __________________________________________________________________________ 145
Configure DHCP ________________________________________________________________________ 147
View Interface details ____________________________________________________________________ 148
Configuring Dynamic DNS service _________________________________________________________ 149
PPPoE_________________________________________________________________________________ 151
Manage Gateway________________________________________________________________________ 154
DoS Settings____________________________________________________________________________ 155
Bypass DoS Settings ____________________________________________________________________ 159
Reset Console Password _________________________________________________________________ 161
System Module Configuration _____________________________________________________________ 162
SNMP ___________________________________________________________________________ 163
Cyberoam SNMP Implementation__________________________________________________________ 164
Cyberoam MIB __________________________________________________________________________ 165
Cyberoam Traps ________________________________________________________________________ 168
Manage SNMP__________________________________________________________________________ 169
Configure SNMP Agent __________________________________________________________________ 170
Create SNMP Community ________________________________________________________________ 171
Manage SNMP Community _______________________________________________________________ 171
Delete SNMP Community_________________________________________________________________ 172
Create SNMP V3 User ___________________________________________________________________ 174
Manage SNMP V3 User __________________________________________________________________ 174
Delete SNMP V3 User ___________________________________________________________________ 175
Manage Data _____________________________________________________________________ 176
Client Services __________________________________________________________________________ 182
Customize Access Deny messages ________________________________________________________ 187
Upload Corporate logo ___________________________________________________________________ 188
Customize Login message________________________________________________________________ 189
HTTP Proxy Management _________________________________________________________ 190
Manage HTTP Proxy_____________________________________________________________________ 190
Configure HTTP Proxy ___________________________________________________________________ 191
Set Default Internet Access Policy _________________________________________________________ 192
Manage Servers __________________________________________________________________ 193
Monitoring Bandwidth Usage______________________________________________________ 194
Migrate Users ____________________________________________________________________ 199
Migration from PDC server________________________________________________________________ 199
Migration from External file________________________________________________________________ 200
Customization _____________________________________________________________________________ 202
Schedule ________________________________________________________________________ 202
Define Schedule_________________________________________________________________________ 202
Manage Schedule _______________________________________________________________________ 205
Delete Schedule_________________________________________________________________________ 207
Services _________________________________________________________________________ 208
Define Custom Service ___________________________________________________________________ 208
Manage Custom Service _________________________________________________________________ 209
Delete Custom Service ___________________________________________________________________ 210
Create Service Group ____________________________________________________________________ 211
Update Service Group ___________________________________________________________________ 212
Delete Service Group ____________________________________________________________________ 213
Categories _______________________________________________________________________ 214
Web Category __________________________________________________________________________ 215
5
Cyberoam User Guide
File Type Category ______________________________________________________________________ 224
Application Protocol Category _____________________________________________________________ 228
Access Control___________________________________________________________________ 234
Product Licensing & Updates _____________________________________________________ 236
Product Version information_______________________________________________________________ 236
Upgrade Cyberoam ______________________________________________________________________ 237
Licensing_______________________________________________________________________________ 240
Download________________________________________________________________________ 245
Clients _________________________________________________________________________________ 245
Documentation __________________________________________________________________________ 246
Appendix A – Audit Log___________________________________________________________ 247
Appendix B – Network Traffic Log Fields ___________________________________________ 253
Appendix C – Web Categories _____________________________________________________ 257
Appendix D – Services ____________________________________________________________ 262
Appendix E – Application Protocols _______________________________________________ 264
Menu wise Screen and Table Index ________________________________________________ 266
Cyberoam User Guide
Guide Sets
Guide
User Guide
Console Guide
Windows Client Guide
Linux Client Guide
HTTP Client Guide
Analytical Tool Guide
LDAP Integration Guide
ADS Integration Guide
PDC Integration Guide
RADIUS Integration Guide
High Availability Configuration
Guide
Data transfer Management
Guide
Multi Link Manager User Guide
Cyberoam Anti Virus
Implementation Guide
Cyberoam Anti Spam
Implementation Guide
VPN Management
Describes
Console Management
Installation & configuration of Cyberoam
Windows Client
Installation & configuration of Cyberoam Linux
Client
Installation & configuration of Cyberoam HTTP
Client
Using the Analytical tool for diagnosing and
troubleshooting common problems
Configuration for integrating LDAP with
Cyberoam for external authentication
Configuration for integrating ADS with Cyberoam
for external authentication
Configuration for integrating PDC with Cyberoam
for authentication
Configuration for integrating RADIUS with
Cyberoam for external authentication
Configuration of High Availability (HA)
Configuration and Management of user based
data transfer policy
Configuration of Multiple Gateways, load
balancing and failover
Configuring and implementing anti virus solution
Configuring and implementing anti spam solution
Implementing and managing VPN
6
7
Cyberoam User Guide
Technical Support
You may direct all questions, comments, or requests concerning the software you purchased, your
registration status, or similar issues to Customer care/service department at the following address:
Corporate Office
eLitecore Technologies Ltd.
904, Silicon Tower
Off C.G. Road
Ahmedabad 380015
Gujarat, India.
Phone: +91-79-66065606
Fax: +91-79-26407640
Web site: www.elitecore.com
Cyberoam contact:
Technical support (Corporate Office): +91-79-26400707
Email: support@cyberoam.com
Web site: www.cyberoam.com
Visit www.cyberoam.com for the regional and latest contact information.
Cyberoam User Guide
Typographic Conventions
Material in this manual is presented in text, screen displays, or command-line notation.
Item Convention Example
Server
Client
User
Username
Part titles
Bold and
shaded font
typefaces
Machine where Cyberoam Software - Server component is
installed
Machine where Cyberoam Software - Client component is
installed
The end user
Username uniquely identifies the user of the system
Report
Topic titles
Shaded font
typefaces
Introduction
Subtitles
Bold & Black
typefaces
Notation conventions
Navigation link Bold typeface Group Management → Groups → Create
it means, to open the required page click on Group
management then on Groups and finally click Create tab
Name of a
particular
parameter /
field / command
button text
Cross
references
Lowercase
italic type
Hyperlink in
different color
Enter policy name, replace policy name with the specific
name of a policy
Or
Click Name to select where Name denotes command button
text which is to be clicked
refer to Customizing User database Clicking on the link will
open the particular topic
Notes & points
to remember
Prerequisites
Bold typeface
between the
black borders
Bold typefaces
between the
black borders
Note
Prerequisite
Prerequisite details
8
9
Cyberoam User Guide
Preface
Welcome to Cyberoam’s - User guide.
Cyberoam is an Identity-based UTM Appliance. Cyberoam’s solution is purpose-built to meet the security
needs of corporates, government organizations, and educational institutions.
Cyberoam’s perfect blend of best-of-breed solutions includes User based Firewall, Content filtering, Anti
Virus, Anti Spam, Intrusion Detection and Prevention (IDP), and VPN.
Cyberoam provides increased LAN security by providing separate port for connecting to the publicly
accessible servers like Web server, Mail server, FTP server etc. hosted in DMZ which are visible the
external world and still have firewall protection.
This Guide helps you manage and customize Cyberoam to meet your organization’s various
requirements including creating groups and users and assigning policies to control internet access.
Default Web Admin Console username is ‘cyberoam’ and password is ‘cyber’
It is recommended that you change the default password immediately after installation to avoid unauthorized
access.
10
Cyberoam User Guide
Guide Organization
This Guide provides information regarding the administration, maintenance, and customization of
Cyberoam.
How do I search for relevant content?
For help on how to perform certain task use Contents
For help on a specific menu or screen function use Menu wise – Screen and Table Index
This Guide is organized into three parts:
Part I – Getting started
It describes how to start using Cyberoam after successful installation.
Part II Management
It describes how to define groups and users to meet the specific requirements of your Organization. It
also describes how to manage and customize Cyberoam.
1. Define Authentication process and firewall rule.
2. Manage Groups and Users. Describes how to add, edit and delete Users and User Groups
3. Manage & Customize Policies. Describes how to define and manage Surfing Quota policy,
Access Time policy, Internet Access policy, Bandwidth policy and Data transfer policy
4. Manage Logon Pools. Describes how to add, edit and delete Logon Pools
5. Manage Cyberoam server
Part III Customization
Customize Services, Schedules and Categories. Describes how to create and manage Categories,
Schedules and Services and Cyberoam upgrade process.
11
Cyberoam User Guide
Cyberoam Basics
Cyberoam is an Identity-based UTM Appliance. Cyberoam’s solution is purpose-built to meet the security
needs of corporates, government organizations, and educational institutions.
Cyberoam’s perfect blend of best-of-breed solutions includes Identity based Firewall, Content filtering,
Anti Virus, Anti Spam, Intrusion Detection and Prevention (IDP), and VPN.
Cyberoam provides increased LAN security by providing separate port for connecting to the publicly
accessible servers like Web server, Mail server, FTP server etc. hosted in DMZ which are visible the
external world and still have firewall protection.
It also provides assistance in improving Bandwidth management, increasing Employee productivity and
reducing legal liability associated with undesirable Internet content access.
Benefits of Cyberoam
1. Boost Employee productivity by
a. Blocking access to the sites like Gaming, Shopping, news, Pornography
2. Conserve bandwidth by
a. Controlling access to non-productive site access during working hours
b. Controlling rate of uploading & downloading of data
3. Load balancing over multiple links
a. Improved User response time
b. Failover solution
c. Continuous availability of Internet
d. Reduced bandwidth bottlenecks
5. Enforce acceptable Internet usage policies
6. Comprehensive, easy-to-use reporting tool enabling the IT managers to compile reports on Internet
and other resources usage and consumption patterns
Accessing Cyberoam
Two ways to access Cyberoam:
1. Web Admin Console
• Managing Firewall rules
• Used for policy configuration
• Managing users, groups and policies
• Managing Bandwidth
• Viewing bandwidth graphs as well as reports
2. Telnet Console
• Used for Network and System configuration (setting up IP Addresses, setting up gateway)
• Managing Cyberoam application
a) Using Console Interface via remote login utility – TELNET
b) Direct Console connection - attaching a keyboard and monitor directly to Cyberoam server
Accessing Console via remote login utility - TELNET
Access Cyberoam Console with the help of TELNET utility. To use TELNET, IP Address of the Cyberoam
server is required.
To start the TELNET utility:
Click Start, and then click Run
12
Cyberoam User Guide
In Open, type TELNET xxx.xxx.x.xxx
Click OK, opens a console login window and prompts to enter Password
Default password for Cyberoam TELNET console is “admin”.
Screen - Console access
Screen - Console login screen
Accessing Console using SSH client
Access Cyberoam Console using any of the SSH client. Cyberoam server IP Address is required.
Start SSH client and create new Connection with the following parameters:
Hostname - <Cyberoam server IP Address>
Username – admin
Password – admin
13
Cyberoam User Guide
Accessing the Web Admin Console
Cyberoam Web Admin Console (GUI) access requires Microsoft Internet Explorer 5.5+ or Mozilla Firefox
1.5+ and Display settings as True color (32 bits)
Log on & log off from the Cyberoam Web Admin Console
The Log on procedure verifies validity of user and creates a session until the user logs off.
Log on procedure
To get the log in window, open the browser and type IP Address in browser’s URL box. A dialog box
appears prompting you to enter username and password to log on. Use the default user name
‘cyberoam’ and password ‘cyber’ if you are logging in for the first time after installation.
Asterisks are the placeholders in the password field.
Log on Methods
HTTP log in
To open unencrypted login page, in the browser’s Address box, type
http://<IP address of Cyberoam>
Screen - HTTP login screen
HTTPS log in
Cyberoam provides secured communication method which encrypts the User log on information and
which prevents unauthorized users from viewing the user information. For this, Cyberoam uses https
protocol.
The secure Hypertext Transfer Protocol (HTTPS) is a communication protocol designed to transfer
encrypted information between computers over the World Wide Web. HTTPS is http using a Secure
Socket Layer (SSL). A secure socket layer is an encryption protocol invoked on a Web server that uses
HTTPS.
HTTPS protocol opens a secure hypertext transfer session with the specified site address.
Cyberoam User Guide
To open login over secure HTTP, type
https://<IP address of Cyberoam>
Screen - HTTPS login
Screen Elements
Login
User name
Password
Description
Specify user login name.
If you are logging on for the first time after installation, please use
default username ‘cyberoam’
Specify user account Password
14
Cyberoam User Guide
Log on to
Login button
If you are logging on for the first time after installation, please use
default password ‘cyber’
To administer Cyberoam, select ‘Web Admin Console’
Logs on to Web Admin Console
Click Login
Table - Login screen elements
Web console Authorization and Access control
By default, Cyberoam has four types of user groups:
Administrator group
Log in as Administrator group User to maintain, control and administer Cyberoam.
Administrator group User can create, update and delete system configuration and user information.
Administrator can create multiple administrator level users.
Manager group
Manager group User can only view the reports.
User group
User group User is the user who accesses the resources through Cyberoam.
Clientless group
Clientless User group User who can bypass Cyberoam Client login to access resources. Cyberoam itself
takes care of login of this level user.
For Administrators and Managers, IP address based access restriction/control can be implemented.
Refer to Access Configuration to implement.
Log out procedure
To avoid un-authorized users from accessing Cyberoam, log off after you have finished working. This will
end the session and exit from Cyberoam.
15
16
Cyberoam User Guide
Getting Started
Once you have configured network, you can start using Cyberoam.
PART
1
1. Start monitoring
Once you have installed Cyberoam successfully, you can monitor user activity in your Network.
Depending on the Internet Access policy configured at the time of installation, certain categories will be
blocked/allowed for LAN to WAN traffic with or without authentication.
2. View Cyberoam Reports
Monitor your Network activities using Cyberoam Reports.
To view Reports, log on to Reports from Web Admin Console using following URL: http://<Internal IP
Address>
To log on, use default username ‘cyberoam’ and password ‘cyber’.
View your organization’s surfing pattern from Web Surfing Organization wise report
View your organization’s general surfing trends from Trends Web Trends report
View your organization’s Category wise surfing trends from Trends Category Trends report
3. Discover Network Application Traffic
Detect your network traffic i.e. applications and protocols accessed by your users.
To view traffic pattern of your network, log on to Cyberoam Web Management Console using following
URL: http://<Internal IP Address>
To log on, use default username ‘cyberoam’ and password ‘cyber’.
View amount of network traffic generated by various applications from Traffic Discovery Live
Connections Application wise
4. Configure for User name based monitoring
As Cyberoam monitors and logs user activity based on IP address, all the reports generated are also IP
address based. To monitor and log user activities based on User names, you have to configure
Cyberoam for integrating user information and authentication process.
Integration will identify access request based on User names and generate reports based on Usernames.
If your Network uses Active Directory Services and users are already created in ADS, configure
Cyberoam to communicate your ADS. Refer to Cyberoam – ADS Integration guide for more details.
If your Network uses Windows Domain Controller, configure for Cyberoam to communicate with Windows
Domain Controller. Refer to Cyberoam – PDC Integration guide for more details.
17
Cyberoam User Guide
5. Customize
Depending on the Internet Access configuration done at the time of installation, default firewall rules will
be created.
You can create additional firewall rules and other policies to meet your organization’s requirement.
Cyberoam allows you to:
1. Control user based per zone traffic by creating firewall rule. Refer to Firewall for more details.
2. Control individual user surfing time by defining Surfing quota policy. Refer to Policy Management-
Surfing Quota policy for more details.
3. Schedule Internet access for individual users by defining Access time policy. Refer to Policy
Management-Access time policy for more details.
4. Control web access by defining Internet Access policy. Refer to Policy Management-Internet
Access policy for more details.
5. Allocate and restrict the bandwidth usage by defining Bandwidth policy. Refer to Policy
Management-Bandwidth policy for more details.
6. Limit total as well as individual upload and/or download data transfer by defining data transfer
policy. Refer Data transfer policy for more details.
18
Cyberoam User Guide
Dashboard
As soon as you logon to the Web Admin Console, Dashboard is displayed.
Dashboard provides one solution to many analytical needs. Using the "dashboard" concept of information
presentation, Cyberoam makes it easy to view access data from multiple perspectives, allowing
management to identify patterns and potential areas of risk and productivity loss. It will empower
organizations to plan, understand, integrate and leverage strategy all from a single page report.
The goal of dashboard is to provide fast access to monitor and analyze employee Internet usage. As a
result, managers gain an unprecedented ability to report on and manage a wide spectrum of the data and
applications that employees use during their working hours.
Dashboard is the answer to – ‘Why can't Cyberoam automatically show me things that will help me with
what I'm doing, instead of making me search around for them?’
Dashboard is divided into following section:
1. HTTP Traffic Analysis
2. User Surfing pattern
3. Usage Summary
4. Recent Mail Viruses detected
5. Recent HTTP Viruses detected
6. Installation Information
7. System Resources
8. System Status
9. Installation Information
10. DoS attack status
11. Recent IDP Alerts
12. License Information
13. Gateway status
Cyberoam User Guide
19
20
Cyberoam User Guide
Management
Setting up Zones
PART
2
A Zone is a logical grouping of ports.
Zones provide flexible layer of security for the firewall. With the zone-based security, the administrator
can group similar ports and apply the same policies to them, instead of having to write the same policy
for each interface.
Default Zones Types
LAN – Depending on the appliance in use and on your network design, you can group one to six ports in
this zone. Even though each interface will have a different network subnet attached to it, when grouped
together they can be managed as a single entity. Group all the LAN networks under this zone.
By default the traffic to and from this zone is blocked and hence the highest secured zone. However,
traffic between ports belonging to the same zone will be allowed.
DMZ (DeMilitarized Zone) - This zone is normally used for publicly accessible servers. Depending on the
appliance in use and on your network design, you can group one to five ports in this zone.
WAN – This zone is used for Internet services. It can also be referred as Internet zone. Depending on the
appliance in use and on your network design, you can group one to six ports in this zone.
Local - This zone is the grouping of all the available ports of Cyberoam.
Cyberoam provides single zone of each type. These are called System Zones. Administrator can add
LAN and DMZ zone types.
By default, entire traffic will be blocked except LAN to Local zone service likes Administration,
Authentication and Network.
Cyberoam User Guide
Create Zone
Select System Zone Create to open the create page
Screen - Create Zone
Screen Elements
Create Zone
Zone Name
Zone Type
Description
Specify name of the Zone
Select zone type
LAN – Depending on the appliance in use and on your network design,
you can group one to six ports in this zone.
By default the traffic to and from this zone is blocked and hence the
highest secured zone.
DMZ (DeMilitarized Zone) - This zone is normally used for publicly
accessible servers. Depending on the appliance in use and on your
network design, you can group one to five ports in this zone.
WAN – This zone type is used for the Internet services. Only one WAN
zone is allowed, hence you will not be able to create additional WAN
zones.
Multiple LAN is not possible if Cyberoam is placed deployed as Bridge
Select Port
It is not possible to add Zone if Cyberoam is placed deployed as Bridge
Allows to bind port to the zone
‘Available Ports’ list displays the list of ports that can be binded to the
selected zone.
Description
Create button
Use Right arrow button to move the selected ports to ‘Member Port’ list.
Specify zone description
Saves the configuration and creates zone
Table – Create Zone
21
22
Cyberoam User Guide
Setting up Users
Define Authentication
Cyberoam provides policy-based filtering that allows defining individual filtering plans for various users of
your organization. You can assign individual policies to users (identified by IP address), or a single policy
to number of users (Group).
Cyberoam detects users as they log on to Windows domains in your network via client machines.
Cyberoam can be configured to allow or disallow users based on username and password. In order to
use User Authentication, you must select at least one database against which Cyberoam should
authenticate users.
Cyberoam supports user authentication against:
• an Active Directory
• an Windows Domain controller
• an LDAP server
• an RADIUS server
• an internal database defined in Cyberoam
To filter Internet requests based on policies assigned, Cyberoam must be able to identify a user making a
request.
When the user attempts to access, Cyberoam requests a user name and password and authenticates the
user's credentials before giving access. User level authentication can be performed using the local user
database on the Cyberoam, an External ADS server, RADIUS server, LDAP or Windows Domain
Controller.
Integrate with ADS, LDAP or Domain Controller if external authentication is required.
If your network uses an Active Directory service, configure Cyberoam to communicate with ADS. Refer to
Cyberoam - ADS Integration Guide for details.
If your network uses a Windows Domain controller, configure Cyberoam to communicate with Domain
controller. Refer to Cyberoam - PDC Integration for details.
If your Network uses LDAP, configure Cyberoam to communicate with LDAP server. Refer to Cyberoam
– LDAP Integration for details.
If your Network uses RADIUS server, configure Cyberoam to communicate with RADIUS server. Refer to
RADIUS Integration Guide for details.
Cyberoam can prompt for user identification if your network does not use Windows environment. Refer to
Cyberoam Authentication for details.
Cyberoam Authentication
When Cyberoam is installed in Non PDC environment, it is necessary to create users and groups in
Cyberoam.
Before users log on to Cyberoam, Administrator has to create all the users in Cyberoam, assign them to
a Group and configure for Cyberoam authentication. Refer to Define Group and Define User for details
on creating groups and users.
Cyberoam User Guide
When user attempts to log on, Cyberoam server performs authentication i.e. User is authenticated
directly by the Cyberoam server.
Select User Authentication Settings to open configuration page
Screen – Cyberoam Authentication
Screen Elements
Description
Configure Authentication & Integration parameters
Integrate with
Select Cyberoam as the authentication server
Default Group
Allows to select default group for users
Update button
Click Default Group list to select
Updates and saves the configuration
Table – Cyberoam Authentication screen elements
23
Cyberoam User Guide
Define User
User
Users are identified by an IP address or a user name and assigned to a group. All the users in a group
inherit all the group policies. Refer to Policy Management to define new policies.
User types
Cyberoam supports three types of Users:
1. Normal
2. Clientless
3. Single Sign on
Normal User has to logon to Cyberoam. Requires Cyberoam client (client.exe) on the User machine or
user can use HTTP Client component and all the policy-based restriction can be applied.
Clientless Does not require Cyberoam client component (client.exe) on the User machines. Symbolically
represented as User name (C)
Single Sign On If User is configured for Single Sign On, whenever User logs on to Windows, he/she is
automatically logged to the Cyberoam. Symbolically represented as User name (S)
Use the given decision matrix below to decide which type of the user should be created.
Decision matrix for creation of User
Feature Normal User Clientless User Single Sign on User
User Login required Yes No No
Type of Group
Normal
Clientless
Yes
No
No
Yes
Yes
No
Apply Login restriction Yes Yes Yes
Apply Surfing Quota policy Yes No No
Apply Access Time policy Yes No No
Apply Bandwidth policy Yes Yes Yes
Apply Internet Access policy Yes Yes Yes
Apply Data Transfer policy Yes No Yes
Table - Create User - Decision matrix
24
25
Cyberoam User Guide
Add a User
Prerequisite
• Group created – for Normal Users only
Select User User Add User to open add user page
Screen - Add User
Screen Elements
User Information
Name
Username
Password
Confirm Password
Windows Domain
Controller
Only if Authentication
is done by Windows
Domain Controller
Description
Specify name of the User
Specify a name that uniquely identifies user & used for logging
Specify Password
Specify password again for conformation
Should be same as typed in the Password field
Displays Authentication Server IP Address
26
Cyberoam User Guide
User Type
Specify the user group type. Depending on user group type default
web console access control will be applied. Refer to Web console
Authorization and Access control for more details.
Number
simultaneous
allowed
OR
Unlimited
of
login(s)
Available option:
Administrator
Manager
User
Click User type list to select
Refer to Add Clientless User on how to create clientless user
Customize the maximum number of concurrent logins allowed to the
user
Specify number of concurrent logins allowed to the user
OR
Allows unlimited concurrent logins to the user
The setting specified will override the setting specified in client
preference.
Group Information
Group
View details link
Login Restriction
Select any one option
For example,
If in Client preferences, the number of concurrent logins allowed is 5
and here you have specified 3, then this particular user will be
allowed to login from 3 machines concurrently and not from 5
machines.
Specify in Group in which user is to be added. User will inherit all the
group policies.
Click Group list to select
Open a new Window and displays details of the selected Group
Refer to View Group details table for more details
Allows to apply login restriction
Available options
1) All Nodes
Allows Users to login from all the nodes in the network
2) Group Nodes only
Allows Users to login only from the nodes assigned to the group
3) Selected Nodes only
Allows Users to login from the selected nodes only. Refer to Apply
Login Node Restriction for details. Nodes from which the User is
allowed login can be specified after creating the user also.
Click to select
Personal details link Allows to enter personal details of the user
Personal information
Only if Personal details link is clicked
Birth date
Specify date of birth of user
Click Calendar to select date
Specify Email Id of User
Cyberoam User Guide
Add button
Review button
Adds user
Click to add
Opens a new page and displays the user details for reviewing.
Review details before adding to make sure details entered are
correct.
Click to review
View Group details table
Screen Elements
Group name
Surfing Quota policy
Access Time policy
Internet Access policy
Bandwidth policy
Data transfer policy
Allotted time (HH:mm)
Expiry date
Used minutes
Close button
Click Submit to add user
Table - Add User screen elements
Description
Displays name of the Group
Displays name of the Surfing Quota policy assigned to the
group
Displays name of the Access Time policy assigned to the
group
Displays name of the Internet Access policy assigned to the
group
Displays name of the Bandwidth policy assigned to the
group
Displays name of the Data Transfer policy assigned to the
group
Displays total allotted surfing time to User
Displays User policy Expiry date
Displays total time used by the user in minutes
At the time of creation of user, it will be displayed as 0:0
Closes window
Table - View Group details screen elements
Apply Login Node Restriction
27
Cyberoam User Guide
Screen Elements
Select Node(s) button
Only if the option ‘Selected
Node(s) Only’ is selected
Logon Pool name
Select
Description
Opens a new page and allows to select the node
Click to select the Node for restriction
Logon Pool from which the Node/IP address is to be
added
Click Logon Pool name list to select
Selects the Node
OK button
Cancel button
Multiple nodes can also be selected
Click to apply restriction
Cancels the current operation
Table - Apply Login Node Restriction screen elements
28
Cyberoam User Guide
Add Clientless users
Clientless Users are the Users who can bypass Cyberoam Client login to access resources. It is possible
to add a single clientless user as well as more than one clientless user at a time.
When you add multiple clientless users, users are represented by IP addresses and not by the User
name.
Add multiple clientless users
Creates Clientless users with given IP addresses as their username. Change the Username of the
clientless users if required.
Prerequisite
• Clientless Group created
Select User Clientless Users Add Multiple Clientless Users to open create user page
Screen - Add multiple Clientless users
Screen Elements
Host Group Details
Host Group name
Is Host Group public
Description
Specify name of Logon Pool
Public IP address is routable over the Internet and do not need
Network Address Translation (NAT)
29
Cyberoam User Guide
Bandwidth policy
Click to Select, if IP Addresses assigned to the Users are public
IP Addresses
By default, group bandwidth policy is applied to the user but you
can override this policy.
Specify Bandwidth Policy to be applied.
Click Bandwidth Policy list to select
Description
Machine details
From – To
Machine name
Select Group
Group
Click View details link to view details of the policy
Specify full description
Specify range of IP Address that will be used by Users to login
Specify Machine name
Specify Group in which User is to be added
Create button
Click Group list to select
Adds multiple Clientless Users
Table - Add multiple Clientless users screen elements
30
Cyberoam User Guide
Add single Clientless user
Prerequisite
• Group created
• Logon Pool created
Select User Clientless Users Add Single Clientless User to open create user page
Screen - Add single Clientless user
Screen Elements
User Information
Name
Username
Activate on Creation
Description
Specify name of the User
Specify a unique name used for logging
Specifies whether user should be logged in automatically after
registration
Options:
Yes – Automatically logs in as soon as registered successfully i.e.
becomes a live user
No – User is registered but is in De-active mode. Activate user before
first log in. Refer to Activate Clientless User for more details
User type
Displays User type
User Group Information
Group
Specify Group in which User is to be added
31
Cyberoam User Guide
View details link
Click Group list to select
Open a new window and displays details of the selected group
Login Restriction
Allowed Login from
IP Address
Click to view details
Specifies IP address from where User can login
Click Select Node, opens a new window and allows to select IP
Address
Refer to Select Node table for more details
Personal details link Allows to enter the personal details of the user
Personal information
Only if Personal details link is clicked
Birth date
Specify date of birth of User
Register
Cancel button
Use Popup Calendar to enter date
Specify Email Id of User
Registers a clientless user
Cancels current operation
Table - Create single Clientless user screen elements
Select Node table
Screen Elements
Logon Pool name
Select
Apply Restriction button
Description
Allows to select the Logon Pool
Click Logon Pool name list to select
Selects the Node
User will be allowed to login from the selected node
only.
Close button
Click to apply login restriction
Closes window
Table - Select Node screen elements
NOTE
Duplicate Usernames cannot be created
Make sure that subnets or individually defined IP addresses do not overlap
Create Group before assigning it to a User. Refer to Create Groups to create new groups
32
Cyberoam User Guide
Setting up Groups
Group
Group is a collection of users having common policies and a mechanism of assigning access of
resources to a number of users in one operation/step.
Instead of attaching individual policies to the user, create group of policies and simply assign the
appropriate Group to the user and user will automatically inherit all the policies added to the group. This
simplifies user configuration.
A group can contain default as well as custom policies.
Various policies that can be grouped are:
1. Surfing Quota policy which specifies the duration of surfing time and the period of subscription
2. Access Time policy which specifies the time period during which the user will be allowed access
3. Internet Access policy which specifies the access strategy for the user and sites
4. Bandwidth policy which specifies the bandwidth usage limit of the user
5. Data Transfer policy which specifies the data transfer quota of the user
Refer to Policy Management for more details on various policies.
Group types
Two types of groups:
1. Normal
2. Clientless
Normal A user of this group need to logon to Cyberoam using the Cyberoam Client to access the
Internet
Clientless A user of this group need not logon to Cyberoam using the Cyberoam Client to access the
Internet. Access control is placed on the IP Address. Symbolically represented as Group name (C)
Use the below given decision matrix to decide which type of group will best suited for your network
configuration.
Decision matrix for creation of Group
Feature Normal Group Clientless Group
Logon into Cyberoam required Yes No
Type of User
Normal
Clientless
Yes
No
No
Yes
Apply Login restriction Yes No
Apply Surfing Quota policy Yes No
Apply Access Time policy Yes No
Apply Bandwidth policy Yes Yes
Apply Internet Access policy Yes Yes
Apply Data transfer policy Yes No
Table - Group creation - Decision matrix
33
Cyberoam User Guide
Add a New Group
Prerequisite
• All the policies which are to be added to the Group are created
• Logon Pool created if login is to be restricted from a particular Node/IP Address
Select Group Add Group to open add group page
Screen - Create Group
Screen Elements
Create Group
Group name
Group type
Description
Specify Group name. Choose a name that best describes the Group.
Specify type of Group
Click Group type to select
Select Normal if Group members are required to log on using
Cyberoam Client
Surfing Quota Policy
Select Clientless if Group members are not required to log on using
Cyberoam Client
Specify Surfing Quota Policy for Group
34
35
Cyberoam User Guide
Only if Group type
is ‘Normal’
Access Time Policy
Only if Group type
is ‘Normal’
Click Surfing Quota Policy list to select
By default, ‘Unlimited policy’ is assigned to the ‘Clientless’
Group type
Refer to Surfing Quota Policy for more details
Specify Access Time policy for Group
Click Access Time Policy list to select
By default, ‘Unlimited policy’ is assigned to ‘Clientless’ Group
type
Internet
policy
Access
Refer to Access Time Policy for more details
Specify Internet Access policy for Group
Click Internet Access policy list to select
Bandwidth Policy
Refer Internet Access policy for details
Specify Bandwidth Policy for Group
Click Bandwidth Policy list to select
Data Transfer policy
Only if Group type is
‘Normal’
Login Restriction
Select any one
option
Refer Bandwidth Policy for details
Specify data transfer policy for Group
Click Data Transfer policy list to select
Refer Data Transfer Policy for details
Apply login restriction if required for the users defined under the
Group
Available options
1) Allowed login from all nodes
Allows Users defined under the Group to login from all the nodes
2) Allowed login from the selected nodes
Allow Users defined under the Group to login from the selected
nodes only.
Specifies IP address from where User can login
Click Select Node, opens a new window and allows to select IP
Address
Refer to Select Node table for more details Refer to Apply Login
Node restriction for more details
Select Node button
Only if ‘Allowed
Login from
selected node’
option is selected
for
Login
restriction
Create button
Click to select
Opens a new page and allows to select the node
Click to select the Node
Creates Group
Cyberoam User Guide
Cancel button
Cancels the current operation and returns to the Manage Group
page
Table - Create Group screen elements
Note
It is not necessary to add user at the time of the creation of Group. Users can be added even after the creation
the group.
Apply Login Node Restriction
Screen – Apply Login Node Restriction
Screen Elements
Logon Pool name
Select
Description
Logon Pool from which the Node/IP address is to be added
Click Logon Pool name list to select
User will be allowed to login from the selected nodes only.
Click to select Node
OK button
Multiple nodes can also be selected
Applies login restriction and closes the window
Click to apply restriction
36
37
Cyberoam User Guide
Cancel button
Cancels the current operation
Table - Apply Login Node Restriction screen elements
38
Cyberoam User Guide
Firewall
A firewall protects the network from unauthorized access and typically guards the LAN and DMZ
networks against malicious access; however, firewalls may also be configured to limit the access to
harmful sites for LAN users.
The responsibility of firewall is to grant access from Internet to DMZ or Service Network according to the
Rules and Policies configured. It also keeps watch on state of connection and denies any traffic that is
out of connection state.
Firewall rules control traffic passing through the Cyberoam. Depending on the instruction in the rule,
Cyberoam decides on how to process the access request. When Cyberoam receives the request, it
checks for the source address, destination address and the services and tries to match with the firewall
rule. If Identity match is also specified then firewall will search in the Live Users Connections for the
Identity check. If Identity (User) found in the Live User Connections and all other matching criteria fulfills
then action specified in the rule will be applied. Action can be allow or deny.
If Action is ‘Allow’ then each rule can be further configured to apply source or destination NATting
(Network Address Translation). You can also apply different protection settings to the traffic controlled by
firewall:
• Enable load balancing between multiple links
• Configure antivirus protection and spam filtering for SMTP, IMAP, POP3, and HTTP traffic. To
apply antivirus protection and spam filtering, you need to subscribe for Gateway Anti Virus and
Gateway Anti Spam modules individually. Refer to Licensing section for details.
• Implement Intrusion detection and prevention. To apply IDP policy you need to subscribe for
Intrusion Detection and Prevention module. Refer to Licensing section for details.
• Configure content filtering policies. To apply content filtering you need to subscribe for Web and
Application Filter module. Refer to Licensing section for details.
• Apply bandwidth policy restriction
By default, Cyberoam blocks any traffic to LAN.
Default Firewall rules
At the time of deployment, Cyberoam allows to define one of the following Internet Access policies using
Network Configuration Wizard:
• Monitor only
• General Internet policy
• Strict Internet policy
Depending on the Internet Access policy set through Network Configuration Wizard, Cyberoam defines
the two default firewall rules as follows:
Monitor only
Cyberoam applies the firewall rules in the order as specified below.
1. Masquerade and Allow entire LAN to WAN traffic for all the authenticated users after applying
following policies:
Internet Access policy – User specific
Bandwidth policy – User specific
Anti Virus & Anti Spam policy – Allows SMTP, POP3, IMAP and HTTP traffic without scanning
2. Masquerade and Allow entire LAN to WAN traffic for all the users without scanning SMTP, POP3,
39
Cyberoam User Guide
IMAP and HTTP traffic
General Internet policy
Cyberoam applies the firewall rules in the order as specified below.
1. Masquerade and Allow entire LAN to WAN traffic for all the authenticated users after applying
following policies:
Internet Access policy – User specific
Bandwidth policy – User specific
Anti Virus & Anti Spam policy - Scan SMTP, POP3, IMAP and HTTP traffic
2. Masquerade and Allow entire LAN to WAN traffic for all the users after applying following policies:
Internet Access policy – Applies ‘General Corporate Policy’ to block Porn, Nudity,
AdultContent, URL TranslationSites, Drugs, CrimeandSuicide, Gambling, MilitancyandExtremist,
PhishingandFraud, Violence, Weapons categories
IDP – General policy
Anti Virus & Anti Spam policy - Scan SMTP, POP3, IMAP and HTTP traffic
Strict Internet policy
Cyberoam applies the firewall rules in the order as specified below.
1. Masquerade and Allow entire LAN to WAN traffic for all the authenticated users after applying
following policies:
Internet Access policy – User specific
Bandwidth policy – User specific
IDP policy – General policy
Anti Virus & Anti Spam policy - Scan SMTP, POP3, IMAP and HTTP traffic
2. Drop entire LAN to WAN traffic for all the users
Note
Default Firewall rules can be modified as per the requirement but cannot be deleted
IDP policy will not be effective until the Intrusion Detection and Prevention (IDP) module is subscribed.
Virus and Spam policy will not be effective until the Gateway Anti Virus and Gateway Anti-spam modules are
subscribed respectively.
If Internet Access Policy is not set through Network Configuration Wizard at the time of deployment, the entire
traffic is dropped.
Additional firewall rules can be defined to extend or override the default rules. For example, rules can be
created that block certain types of traffic such as FTP from the LAN to the WAN, or allow certain types of
traffic from specific WAN hosts to specific LAN hosts, or restrict use of certain protocols such as Telnet to
authorized users on the LAN.
Custom rules evaluate network traffic source IP addresses, destination IP addresses, User, IP protocol
types, and compare the information to access rules created on the Cyberoam appliance. Custom rules
take precedence, and override the default Cyberoam firewall rules.
40
Cyberoam User Guide
Create Firewall rule
Previous versions allowed creating firewall rules based on source and destination IP addresses and
services but now Cyberoam’s Identity based firewall allows to create firewall rules embedding user
identity into the firewall rule matching criteria.
Firewall rule matching criteria now includes:
• Source and Destination Zone and Host
• User
• Service
Prior to this version, all the Unified Threat Control policies were to be enabled individually from their
respective pages. Now one can attach the following policies to the firewall rule as per the defined
matching criteria:
• Intrusion Detection and Prevention (IDP)
• Anti Virus
• Anti Spam
• Internet Access
• Bandwidth Management
• Routing policy i.e. define user and application based routing
To create a firewall rule, you should:
• Define matching criteria
• Associate action to the matching criteria
• Attach the threat management policies
For example, now you can:
• Restrict the bandwidth usage to 256kb for the user John every time he logs on from the IP
192.168.2.22
• Restrict the bandwidth usage to 1024kb for the user Mac if he logs on in working hours from the IP
192.168.2.22
Processing of firewall rules is top downwards and the first suitable rule found is applied.
Hence, while adding multiple rules, it is necessary to put specific rules before general rules. Otherwise, a
general rule might allow a packet that you specifically have a rule written to deny later in the list. When a
packet matches the rule, the packet is immediately dropped or forwarded without being tested by the rest
of the rules in the list.
Select Firewall Create Rule
41
Cyberoam User Guide
Screen - Create Firewall rule
Screen Elements
Matching Criteria
Source
Description
Specify source zone and host IP address/network address to which the
rule applies.
To define host group based firewall rule you need to define host group.
Under Select Address, click Create Host Group to define host group from
firewall rule itself or from Firewall Host Group Create
Under Select Address, click Add Host to define host group from firewall
rule itself rule itself or from Firewall Host Add Host
42
Cyberoam User Guide
Check Identity
(Only if source
zone is
LAN/DMZ)
Destination
Check identity allows you to check whether the specified user/user group
from the selected zone is allowed the access of the selected service or not.
Click Enable to check the user identity.
Enable check identity to apply following policies per user:
• Internet Access policy for Content Filtering (User’s Internet access
policy will be applied automatically but will not be effective till the
Web and Content Filtering module is subscribed)
• Schedule Access
• IDP (User’s IDP policy will be applied automatically but will not be
effective till the IDP module is subscribed)
• Anti Virus scanning (User’s anti virus scanning policy will be applied
automatically but it will not be effective till the Gateway Anti Virus
module is subscribed)
• Anti Spam scanning (User’s anti spam scanning policy will be applied
automatically but it will not be effective till the Gateway Anti Spam
module is subscribed)
• Bandwidth policy - User’s bandwidth policy will be applied
automatically
• The policy selected in Route through Gateway is the static routing
policy that is applicable only if more then one gateway is defined and
used for load balancing.
and limit access to available services.
Specify destination zone and host IP address /network address to which
the rule applies.
Under Select Address, click Create Host Group to define host group from
firewall rule itself or from Firewall Host Group Create
Service/Service
group
Under Select Address, click Add Host to define host group from firewall
rule itself rule itself or from Firewall Host Add Host
Services represent types of Internet data transmitted via particular
protocols or applications.
Select service/service group to which the rule applies.
Under Select Here, click Create Service Group to define service group
from firewall rule itself rule itself or from Firewall Service
Create Service
Cyberoam provides several standard services and allows creating the
custom services also. Under Select Here, click Create Service to define
service from firewall rule itself rule itself or from Firewall Service
Create Service
43
Cyberoam User Guide
Protect by configuring rules to
• block services at specific zone
• limit some or all users from accessing certain services
• allow only specific user to communicate using specific service
Apply Schedule Select Schedule for the rule
Firewall Action When Criteria Match
Action
Select rule action
Accept – Allow access
Drop – Silently discards
Reject – Denies access and ‘ICMP port unreachable’ message will be sent
to the source
When sending response it might be possible that response is sent using a
different interface than the one on which request was received. This may
happen depending on the Routing configuration done on Cyberoam.
Apply Source
NAT (Only if
Action is
‘ACCEPT’)
For example,
If the request is received on the LAN port using a spoofed IP address
(public IP address or the IP address not in the LAN zone network) and
specific route is not defined, Cyberoam will send a response to these hosts
using default route. Hence, response will be sent through the WAN port.
Select the SNAT policy to be applied
It allows access but after changing source IP address i.e. source IP
address is substituted by the IP address specified in the SNAT policy.
You can create SNAT policy from firewall rule itself or from Firewall
SNAT Policy Create
44
Cyberoam User Guide
This option is not available if Cyberoam is deployed as Bridge
Advanced Settings
Click to apply different protection settings to the traffic controlled by firewall. You can:
• Enable load balancing and failover when multiple links are configured. Applicable only
if Destination Zone is WAN
• Configure antivirus protection and spam filtering for SMTP, IMAP, POP3, and HTTP
policies. To apply antivirus protection and spam filtering, you need to subscribe for
Gateway Anti Virus and Gateway Anti Spam modules individually. Refer to Licensing
section for details.
• Implement Intrusion detection and prevention. To apply IDP policy you need to
subscribe for Intrusion Detection and Prevention module. Refer to Licensing section for
details.
• Configure content filtering policies. To apply content filtering you need to subscribe for
Web and Application Filter module. Refer to Licensing section for details.
• Apply bandwidth policy
Destination NAT Settings
Destination NAT Select DNAT policy to be applied
policy
DNAT rule tells the firewall to forward the requests from the specified
machine and port to the specified machine and port.
Under Select Here, click Create DNAT Policy to define dnat policy from
firewall rule itself rule itself or from Firewall DNAT Policy
Create
This option is not available if Cyberoam is deployed as Bridge
Policy Settings
IDP Policy
Select IDP policy for the rule.
Internet
Policy
Access
To use IDP, you have to subscribe for the module. Refer to Licensing for
more details.
Refer to IDP, Policy for details on creating IDP policy
Select Internet access policy for the rule. It can be applied only to LAN to
WAN rule.
Internet Access policy controls web access.
Refer to Policies, Internet Access Policy for details on creating Internet
Access policy.
45
Cyberoam User Guide
Bandwidth Policy
Select Bandwidth policy for the rule. Only the Firewall Rule based
Bandwidth policy can be applied.
Route
Gateway
Through
Bandwidth policy allocates & limits the maximum bandwidth usage of the
user.
Refer to Policies, Bandwidth Policy for details on creating Bandwidth
policy.
Select routing policy
Can be applied only if more than one gateway is defined.
This option is not available if Cyberoam is deployed as Bridge
Refer to Multiple Gateway Implementation Guide for more details.
Virus & Spam Settings
Scan Protocol(s) Click the protocol for which the virus and spam scanning is to be enabled
By default, HTTP scanning is enabled.
To implement Anti Virus and Anti Spam scanning, you have to subscribe
for the Gateway Anti Virus and Anti Spam modules individually. Refer to
Licensing for more details.
Log Traffic
Refer to Anti Virus Implementation Guide and Anti Spam Implementation
Guide for details.
Click to enable traffic logging for the rule i.e. traffic permitted and denied by
the firewall rule.
Make sure, firewall rule logging in ON/Enable from the Logging
Management. Refer to Cyberoam Console Guide, Cyberoam Management
for more details.
To log the traffic permitted and denied by the firewall rule, you need to
ON/Enable the firewall rule logging from the Web Admin ConsoleFirewall
rule and from the Telnet ConsoleCyberoam Management. Refer to
Cyberoam Console Guide for more details.
Description
Save button
Refer to Appendix B - Network Traffic Logging Entry for more details.
Specify full description of the rule
Saves the rule
Table - Create Firewall rule screen elements
Manage Firewall
Use to:
• Enable/disable SMTP, POP3, IMAP and HTTP scanning
• Deactivate rule
• Delete rule
• Change rule order
• Append rule (zone to zone)
• Insert rule
• Select display columns
Select Firewall Manage Firewall to display the list of rules
46
Cyberoam User Guide
Screen components
Append Rule button - Click to add zone to zone rule
Select Column button – Click to customize the number of columns to be displayed on the page
Subscription icon - Indicates subscription module. To implement the functionality of the subscription
module you need to subscribe the respective module. Click to open the licensing page.
Enable/Disable rule icon - Click to activate/deactive the rule. If you do not want to apply the firewall
rule temporarily, disable rule instead of deleting.
Green – Active Rule
Red – Deactive Rule
Edit icon
Insert icon
details.
Move icon
details.
Delete icon
- Click to edit the rule. Refer to Edit Firewall rule for more details.
- Click to insert a new rule before the existing rule. Refer to Define Firewall Rule for more
- Click to change the order of the selected rule. Refer to Change the firewall rule order for
- Click to delete the rule. Refer to Delete Firewall Rule for more details.
Update Rule
Select Firewall Manage Firewall to view the list of rules. Click the rule to be modified.
47
Cyberoam User Guide
Screen- Edit Firewall Rule
Screen Elements
Matching Criteria
Source
Description
Displays source zone and host IP address /network address to which the
rule applies.
Zone Type cannot be modified
Modify host/network address if required
To define host group based firewall rule you need to define host group.
Under Select Address, click Create Host Group to define host group from
firewall rule itself or from Firewall Host Group Create
Under Select Address, click Add Host to define host group from firewall
rule itself rule itself or from Firewall Host Add Host
48
Cyberoam User Guide
Check Identity
(Only if source
zone is LAN or
DMZ)
Destination
Check identity allows you to check whether the specified user/user group
from the selected zone is allowed the access of the selected service or not.
Click Enable to check the user identity
Displays destination zone and host IP address /network address to which
the rule applies.
Zone Type cannot be modified
Modify host/network address if required.
To define host group based firewall rule you need to define host group.
Under Select Address, click Create Host Group to define host group from
firewall rule itself or from Firewall Host Group Create
Service/Service
group
Under Select Address, click Add Host to define host group from firewall
rule itself rule itself or from Firewall Host Add Host
Services represent types of Internet data transmitted via particular
protocols or applications.
Displays service/service group to which the rule applies, modify if required
Under Select Here, click Create Service Group to define service group
from firewall rule itself rule itself or from Firewall Service
Create Service
Cyberoam provides several standard services and allows creating the
custom services also. Under Select Here, click Create Service to define
service from firewall rule itself rule itself or from Firewall Service
Create Service
Protect by configuring rules to
• block services at specific zone
• limit some or all users from accessing certain services
• allow only specific user to communicate using specific service
49
Cyberoam User Guide
Apply Schedule Displays rule’s schedule, modify if required
Firewall Action When Criteria Match
Action
Displays rule action, modify if required
Apply Source
NAT (Only if
Action is
‘ACCEPT’)
Accept – Allow access
Drop – Silently discards i.e. without sending ‘ICMP port unreachable’
message to the source
Reject – Denies access and sends ‘ICMP port unreachable’ message to
the source
Displays the SNAT policy applied to the rule, modify if required
It allows access but after changing source IP address i.e. source IP
address is substituted by the specified IP address in the SNAT policy.
You can create SNAT policy from firewall rule itself or from Firewall
SNAT Policy Create
This option is not available if Cyberoam is deployed as Bridge
Advanced Settings
Click to apply different protection settings to the traffic controlled by firewall. You can:
• Enable load balancing between multiple links
• Configure antivirus protection and spam filtering for SMTP, IMAP, POP3, and HTTP
policies
• Apply bandwidth policy
• Configure content filtering policies
Destination NAT Settings
Destination NAT Displays DNAT policy applied, modify if required
policy
DNAT rule tells the firewall to forward the requests from the specified
machine and port to the specified machine and port.
Under Select Here, click Create DNAT Policy to define DNAT policy from
firewall rule itself rule itself or from Firewall DNAT Policy
Create
50
Cyberoam User Guide
This option is not available if Cyberoam is deployed as Bridge
Policy Settings
IDP Policy
Displays IDP policy for the rule, modify if required
To use IDP, you have to subscribe for the module. Refer to Licensing for
more details.
Internet Access
Policy
(Only if source
zone is LAN)
Bandwidth Policy
Refer to IDP, Policy for details on creating IDP policy
Displays Internet access policy for the rule, modify if required
Internet Access policy controls web access.
Refer to Policies, Internet Access Policy for details on creating Internet
Access policy.
Displays Bandwidth policy for the rule, modify if required. Only the Firewall
Rule based Bandwidth policy can be applied.
Route
Gateway
Through
Bandwidth policy allocates & limits the maximum bandwidth usage of the
user.
Refer to Policies, Bandwidth Policy for details on creating Bandwidth
policy.
Displays routing policy, modify if required
Can be applied only if more than one gateway is defined.
This option is not available if Cyberoam is deployed as Bridge
Refer to Multiple Gateway Implementation Guide for more details.
Virus & Spam Settings
Scan Protocol(s) Displays protocols for which the virus and spam scanning is to be enabled,
modify if required
By default, HTTP scanning is enabled.
To implement Anti Virus and Anti Spam scanning, you have to subscribe
for the Gateway Anti Virus and Anti Spam modules individually. Refer to
Licensing for more details.
Log Traffic
Refer to Anti Virus Implementation Guide and Anti Spam Implementation
Guide for details.
Click to enable traffic logging for the rule
Cyberoam User Guide
Make sure, firewall rule logging in ON/Enable from the Logging
Management. Refer to Cyberoam Console Guide, Cyberoam Management
for more details.
To log the traffic permitted and denied by the firewall rule, you need to
ON/Enable the firewall rule logging from the Web Admin ConsoleFirewall
rule and from the Telnet ConsoleCyberoam Management. Refer to
Cyberoam Console Guide for more details.
Description
Save button
Refer to Appendix B - Network Traffic Logging Entry for more details.
Displays full description of the rule, modify if required
Saves the rule
Table – Edit Firewall Rule
51
52
Cyberoam User Guide
Change Firewall Rule order
Rules are ordered by their priority. When the rules are applied, they are processed from the top down
and the first suitable rule found is applied.
Hence, while adding multiple rules, it is necessary to put specific rules before general rules. Otherwise, a
general rule might allow a packet that you specifically have a rule written to deny later in the list. When a
packet matches the rule, the packet is immediately dropped or forwarded without being tested by the rest
of the rules in the list.
Select Firewall Manage Firewall
Click the move button
against the rule whose order is to be changed
Select Before or After as per the need
Click the rule to be moved and then click where it is to be moved.
Click Done to save the order
Append rule
Append Rule adds the new rule above the default rules if zone-to-zone rule set exists else append new
rule as new zone-to-zone rule set in the end.
For example, consider the screen given below. If the new rule is for DMZ to LAN then a new rule set
DMZ – LAN is created at the end and rule is added to it. If the new rule is for LAN to WAN then rule will
be added above Rule ID 4 as Rule ID 3 and ID 4 are default rules.
Select Firewall Manage Firewall Rules and click Append Rule
Refer to Define Firewall Rule for more details.
53
Cyberoam User Guide
Change Display Columns
By default, Manage Firewall Rules page displays details of the rule in the following eight columns: ID,
Enable, Source, Identity, Destination, Service, Action and Manage. You can customize the number of
columns to be displayed as per your requirement.
Screen – Default Screen Display of Manage Firewall Rules page
Select Firewall Manage Firewall to open the manage page.
Click Select Columns
It opens the new window. ‘Available Columns’ list displays the columns that can be displayed on the
page.
Click the required column and use Right arrow button to move the selected column to the ‘Selected
Columns’ list
Click Done
Screen – Customized Screen Display of Manage Firewall Rules page
Delete Firewall Rule
Select Firewall Manage Firewall Rules and click the delete icon against the rule to deleted
54
Cyberoam User Guide
Screen - Delete Firewall rule
Note
Default rules cannot be deleted or deactivated.
Cyberoam User Guide
Host Management
Firewall rule can be created for the individual host or host groups. By default, the numbers of hosts equal
to the ports in the appliance are already created.
Create Host Group
Host group is the grouping on hosts.
Select Firewall Host Group Create to open the create page
Screen – Create Host Group
Screen Elements
Description
Create Host Group
Host Group Name
Description
Create button
Specify host group name
Specify full description
Add a new host. If host group is created successfully,
click Add to add hosts to the host group. Refer to Manage
Host Groups for details.
Table – Create Host Group screen elements
Manage Host Group
Use to:
• Add host to Group
55
56
Cyberoam User Guide
• Remove host from the Group
• Delete Host Group
Add Host to Host Group
Select Firewall Host Group Manage to view the list of groups created.
Click host group to which host is to be added. Host Group details are displayed.
Click Add. List of hosts that can be added to the group is displayed.
Click against the host to be added
Click Add
Remove Host from Host Group
Select Firewall Host Group Manage and click host group from which the host is to be
removed
Screen – Remove Host from Host Group
Cyberoam User Guide
Screen Elements
Del
Description
Select host to be removed from the group
Click Del to select
Select All
More than one host can also be selected
Select all the hosts for deletion
Click Select All to select all the hosts
Delete button Deletes all the selected hosts
Table – Remove Host from Host Group screen elements
Delete Host Group
Select Firewall Host Group Manage
Screen – Delete Host Group
Screen Elements
Del
Description
Select host group for deletion
Click Del to select
Select All
More than one group can also be selected
Select all the groups for deletion
Click Select All to select all the groups
Delete button Deletes all the selected groups
Table – Delete host Group screen elements
57
Cyberoam User Guide
Add Host
Select Firewall Host Add to open the add page
Screen – Add Host
Screen Elements
Add Host
Host Name
Host Type
Network
Select Host Group
Create button
Description
Specify host name
Select host type i.e. single IP address with subnet or range
of IP address
Specify network address or range of IP address
Select host group
Add a new host
Table – Add Host screen elements
Manage Host
Select Firewall Host Manage to view the list of hosts
Screen – Delete Host
Screen Elements
Del
Description
Select host to be deleted
58
Cyberoam User Guide
Click Del to select
Select All
Delete button
More than one host can also be selected
Select all the hosts for deletion
Click Select All to select all the hosts
Deletes all the selected hosts
Table – Delete Host screen elements
59
Cyberoam User Guide
Setting up Logon Pools
Logon Pool is a collection of a single IP addresses or range of IP addresses. Add IP addresses/Nodes at
the time of creation of Logon Pool or after the creation.
Create a new Logon Pool
Prerequisite
• Bandwidth policy created
Select Group Logon Pool Add Logon Pool
Screen - Create Logon Pool
Screen Elements
Description
Logon Pool Details
Logon Pool name
Is Logon Pool
public
Specify name of Logon Pool
Public IP address is routable over the Internet and do not need Network
Address Translation (NAT)
Bandwidth policy
Click to Select, if the IP Addresses assigned to Users are Public IP
addresses
Specify Bandwidth Policy for Logon Pool
Click Bandwidth Policy list to select
Description
Machine details
From – To
Click View details link to view details of the policy
Specify full description
Specify range of IP Address that will be used by Users to login
60
Cyberoam User Guide
Machine name
Create button
Specify machine name
Add a new Logon Pool
Table - Add Logon Pool screen elements
61
62
Cyberoam User Guide
Traffic Discovery
"Network security" is controlling who can do what on your network. Control is all about detecting and
resolving any activity that does not align with your organization's policies.
Traffic discovery provides a comprehensive, integrated tool to tackle all your Network issues. It performs
network traffic monitoring by aggregating the traffic passing through Cyberoam. It helps in determining
the amount of network traffic generated by an application, IP address or user.
View your network's traffic statistics, including protocol mix, top senders, top broadcasters, and error
sources. Identify and locate bandwidth hogs and isolate them from the network if necessary. Analyze
performance trends with baseline data reports.
The discovered traffic pattern is presented in terms of
• Application
• User
• LAN IP Address
Apart from details of live connection’s traffic pattern, Cyberoam also provides current date’s connection
history.
Live Connections report
Application wise
Application wise Live Connections displays list of Applications running on the network currently. It also
displays which user is using the application currently and total data transferred using the application.
Select Traffic Discovery Live Connections Application wise
Screen – Application wise Live connections
63
Cyberoam User Guide
Screen Elements
Application Name
Description
Applications running on network
Click Total Connections to view the connection details for
selected Application. Refer to Connection details for selected
Application
Click
to view list of Users using respective Applications
Click Total Connections to view the connection details for
selected Application. Refer to Connection details for selected
Application
Click to view WAN IP Address wise Connection details for
selected Application
Click to view Destination Port wise Connection details for
selected Application
Data Transfer details
Upload Transfer Displays data uploaded using the Application
Download Transfer Displays data downloaded using the Application
Upstream Bandwidth Displays upstream bandwidth used by Application
(Kbit/sec)
Downstream Bandwidth Displays downstream bandwidth used by Application
(Kbits/sec)
Connection Details
Total Connections Displays number of connections initiating/requesting the
Application
Click to view the connection details for the respective Application
for each connection
LAN Initiated
Displays number of connections initiated by LAN IP Address for
the Application
WAN Initiated
Displays number of connections initiated by WAN IP Address for
the Application
Table – Application wise Live connections screen elements
Cyberoam User Guide
Connection details for selected Application
Report columns
Established Time
LAN IP Address
LAN PORT
WAN IP Address
WAN PORT
Direction
Upload Transfer
Download Transfer
Upstream Bandwidth
Downstream Bandwidth
Description
Time when connection was established
LAN IP Address from which the connection for the application
was established
LAN port through which connection was established for the
application
WAN IP Address to which connection was established
WAN port to which connection was established for the application
Traffic direction
Data uploaded using the Application
Data downloaded using the Application
Upstream bandwidth used by Application
Downstream bandwidth used by Application
Connection details for selected LAN IP Address and Application
Report columns
Established Time
LAN IP Address
LAN Port
WAN IP Address
WAN Port
Direction
Upload Transfer
Download Transfer
Upstream Bandwidth
Downstream Bandwidth
Description
Time when connection was established
LAN IP Address from which the connection for the application
was established
LAN port through which connection was established for the
application
WAN IP Address to which connection was established
WAN port to which connection was established for the application
Traffic direction
Data uploaded using the Application
Data downloaded using the Application
Upstream bandwidth used by Application
Downstream bandwidth used by Application
64
Cyberoam User Guide
WAN IP Address wise Connection details for selected Application
Report columns
WAN IP Address
Total Connections
LAN Initiated
WAN Initiated
Upload Transfer
Download Transfer
Upstream Bandwidth
Downstream Bandwidth
Description
WAN IP Addresses to which Connection was established by the
selected Application
Number of connections established to the WAN IP Address
Number of connections initiated from LAN
Number of connections initiated from WAN
Data uploaded during the connection
Data downloaded during the connection
Upstream bandwidth used by Application
Downstream bandwidth used by Application
Destination Port wise Connection details for selected Application
Report columns
Destination Port
Total Connections
LAN Initiated
WAN Initiated
Upload Transfer
Download Transfer
Upstream Bandwidth
Downstream Bandwidth
Description
Destination ports to which Connection was established by the
selected Application
Number of connections established through the destination port
Number of connections initiated from LAN
Number of connections initiated from WAN
Data uploaded during the connection
Data downloaded using the connection
Upstream bandwidth used by Application
Downstream bandwidth used by Application
65
66
Cyberoam User Guide
User wise
User wise Live Connections displays which user is using which Application and is consuming how much
bandwidth currently.
Select Traffic Discovery Live Connections User wise
Screen – User wise Live connections
Screen Elements
User Name
Description
Network Users requesting various Applications
Click Total Connections to view the connection details for selected
User.
Click
to view list of Applications used by the respective users
Click Total Connections to view the connection details for selected
User and Application
Click to view WAN IP Addresses wise Connection details for
selected User
Data Transfer details
Upload Transfer
Download Transfer
Upstream Bandwidth
(Kbit/sec)
Downstream Bandwidth
(Kbits/sec)
Connection Details
Total Connections
Click to view Destination ports wise Connection details for
selected User
Displays data uploaded by the User
Displays data downloaded by the User
Displays upstream bandwidth used by User
Displays downstream bandwidth used by User
Displays number of connections initiated by the User
LAN Initiated
WAN Initiated
Click to view connection details initiated by the User for each
connection
Displays number of connections initiated from LAN IP Address by
the User
Displays number of connections initiated from WAN IP Address by
the User
Table – User wise Live connections screen elements
67
Cyberoam User Guide
LAN IP Address wise
LAN IP Address wise Live Connections displays list of Applications currently accessed by LAN IP
Address.
Select Traffic Discovery Live Connections LAN IP Address wise
Screen –LAN IP Address wise Live connections
Screen Elements
LAN IP Address
Description
LAN IP Address requesting various Applications
Click Total Connections to view the connection details for
selected LAN IP Address.
Click to view list of Applications requested by the respective
LAN IP Address
Click Total Connections to view the connection details for
selected LAN IP Address and Application
Click to view WAN IP Addresses wise Connection details for
selected LAN IP Address
Data Transfer details
Upload Transfer
Download Transfer
Upstream Bandwidth
(Kbit/sec)
Downstream Bandwidth
(Kbits/sec)
Connection Details
Click to view Destination ports wise Connection details for
selected LAN IP Address
Displays data uploaded from the LAN IP Address
Displays data downloaded from the LAN IP Address
Displays upstream bandwidth used by LAN IP Address
Displays downstream bandwidth used by the LAN IP Address
Cyberoam User Guide
Total Connections
Displays number of connections initiated by the LAN IP Address
Click to view connection details initiated by the LAN IP Address
for each connection
LAN Initiated
Displays number of connections initiated from LAN IP Address
WAN Initiated
Displays total number of connections initiated from WAN IP
Address
Table –LAN IP Address wise Live connection screen elements
Apart from the live connection details, details of the connections that are closed can be also be viewed.
The details for all the connections that are closed during last 24 hours are shown. You can also select the
history duration.
68
69
Cyberoam User Guide
Today’s Connection History
Application wise
It displays list of Applications accessed during the selected duration and by user and/or LAN IP Address.
Select Traffic Discovery Today’s Connection History Application wise
Screen – Today’s Connection History – Application wise
Screen Elements
Description
Select Start time and Stop time
Start time & Stop time Select the history duration
Refresh Data button Click to refresh the data after the start time or stop time is
changed to get the latest data
Application Name Applications running on network
Click Total Connections to view the connection details for
selected Application. Refer to Connection details for selected
Application
Click
to view list of users using respective Applications
Click Total Connections to view the connection details for
selected LAN IP Address and Application. Refer to Connection
details for selected LAN IP Address and Application
Click to view WAN IP Address wise Connection details for
selected Application
Data Transfer details
Upload Transfer
Download Transfer
Upstream Bandwidth
(Kbit/sec)
Click to view Destination Port wise Connection details for
selected Application
Displays data uploaded using the Application
Displays data downloaded using the Application
Displays upstream bandwidth used by Application
Cyberoam User Guide
Downstream Bandwidth Displays downstream bandwidth used by Application
(Kbits/sec)
Connection Details
Total Connections Displays number of connections initiating/requesting the
Application
Click to view the connection details for the respective Application
for each connection
LAN Initiated
Displays number of connections initiated by LAN IP Address for
the Application
WAN Initiated
Displays number of connections initiated by WAN IP Address for
the Application
Table – Today’s Connection History – Application screen elements
70
71
Cyberoam User Guide
User wise
It displays list of Users who has logged on to network during the selected duration and accessed which
applications.
Select Traffic Discovery Today’s Connection History User wise
Screen – Today’s Connection History – User wise
Screen Elements
Description
Select Start time and Stop time
Start time & Stop time Select the history duration
Refresh Data button Click to refresh the data after the start time or stop time is
changed to get the latest data
User Name
Network Users requesting various Applications
Click Total Connections to view the connection details for
selected User.
Click
to view list of Applications used by the respective users
Click Total Connections to view the connection details for
selected User and Application
Click to view WAN IP Addresses wise Connection details for
selected User
Data Transfer details
Upload Transfer
Click to view Destination ports wise Connection details for
selected User
Displays data uploaded by the User
72
Cyberoam User Guide
Download Transfer
Upstream Bandwidth
(Kbit/sec)
Downstream Bandwidth
(Kbits/sec)
Connection Details
Total Connections
Displays data downloaded by the User
Displays upstream bandwidth used by User
Displays downstream bandwidth used by User
Displays number of connections initiated by the User
Click to view connection details initiated by the User for each
connection
LAN Initiated
Displays number of connections initiated from LAN IP Address by
the User
WAN Initiated
Displays number of connections initiated from WAN IP Address
by the User
Table – Today’s Connection History – User wise screen elements
73
Cyberoam User Guide
LAN IP Address wise
It displays list of Applications accessed during the selected duration by each LAN IP Address.
Select Traffic Discovery Today’s Connection History LAN IP Address wise
Screen – Today’s Connection History – LAN IP Address wise
Screen Elements
Description
Select Start time and Stop time
Start time & Stop time Select the history duration
Refresh Data button Click to refresh the data after the start time or stop time is
changed to get the latest data
LAN IP Address LAN IP Address requesting various Applications
Click Total Connections to view the connection details for
selected LAN IP Address.
Click to view list of Applications requested by the respective
LAN IP Address
Click Total Connections to view the connection details for
selected LAN IP Address and Application
Click to view WAN IP Addresses wise Connection details for
selected LAN IP Address
Data Transfer details
Upload Transfer
Download Transfer
Upstream Bandwidth
(Kbit/sec)
Downstream Bandwidth
(Kbits/sec)
Connection Details
Click to view Destination ports wise Connection details for
selected LAN IP Address
Displays data uploaded from the LAN IP Address
Displays data downloaded from the LAN IP Address
Displays upstream bandwidth used by LAN IP Address
Displays downstream bandwidth used by the LAN IP Address
Cyberoam User Guide
Total Connections
Displays number of connections initiated by the LAN IP Address
Click to view connection details initiated by the LAN IP Address
for each connection
LAN Initiated
Displays number of connections initiated from LAN IP Address
WAN Initiated
Displays total number of connections initiated from WAN IP
Address
Table – Today’s Connection History – LAN IP Address wise screen elements
74
75
Cyberoam User Guide
Policy Management
Cyberoam allows controlling access to various resources with the help of Policy.
Cyberoam allows defining following types of policies:
1. Control individual user surfing time by defining Surfing quota policy. See Surfing Quota policy for
more details.
2. Schedule Internet access for individual users by defining Access time policy. See Access time
policy for more details.
3. Control web access by defining Internet Access policy. See Internet Access policy for more
details.
4. Allocate and restrict the bandwidth usage by defining Bandwidth policy. See Bandwidth policy for
more details.
5. Limit total as well as individual upload and/or download data transfer by defining data transfer
policy. See Data Transfer policy for more details.
Cyberoam comes with several predefined policies. These predefined policies are immediately available
for use until configured otherwise.
Cyberoam also lets you define customized policies to define different levels of access for different users
to meet your organization’s requirements.
Cyberoam User Guide
Surfing Quota policy
Surfing quota policy defines the duration of Internet surfing time. Surfing time duration is the allowed time
in hours for a Group or an Individual User to access Internet.
Surfing quota policy:
• Allocates Internet access time on cyclic or non-cyclic basis
• Single policy can be applied to number of Groups or Users
Cyberoam comes with several predefined policies. These predefined policies are immediately available
for use until configured otherwise. Cyberoam also lets you define customized policies to define different
levels of access for different users to meet your organization’s requirements.
Create Surfing Quota policy
Select Policies Surfing Quota Policy Create policy to open the create page
Screen - Create Surfing Quota policy
Screen Elements
Description
Create Surfing Quota policy
Name
Specify policy name. Choose a name that best describes the policy
Cycle type
Specify cycle type
Cycle hours
Only if cycle type
is not ‘Non cyclic’
Allotted Days
Available options
Daily – restricts surfing hours up to cycle hours defined on daily basis
Weekly – restricts surfing hours up to cycle hours defined on weekly
basis
Monthly – restricts surfing hours up to cycle hours defined on monthly
basis
Yearly – restricts surfing hours up to cycle hours defined on yearly basis
Non-cyclic – no restriction
Specify upper limit of surfing hours for cyclic type policies
At the end of each Cycle, cycle hours are reset to zero i.e. for ‘Weekly’
Cycle type, cycle hours will to reset to zero every week even if cycle
hours are unused
Restricts surfing days
76
77
Cyberoam User Guide
Unlimited Days
Allotted Time
Unlimited Time
Specify total surfing days allowed to limit surfing hours
Does not restrict surfing days and creates Unlimited Surfing Quota
policy.
Click to select
Allotted time defined the upper limit of the total surfing time allowed i.e.
restricts total surfing time to allotted time
Specify surfing time in Hours & minutes
Select if you do not want to restrict the total surfing time
Shared allotted
time with group
members
Policy Description
Create button
Click to select
Specify whether the allotted time will be shared among all the group
members or not
Click to share
Specify full description of the policy
Creates policy
Table - Create Surfing Quota policy screen elements
Note
Policies with the same name cannot be created
Cyberoam User Guide
Update Surfing Quota policy
Select Policies → Surfing Quota policy → Manage policy and click Policy name to be
modified
Screen - Update Surfing Quota policy
Screen Elements
Description
Edit Surfing Quota policy
Name
Displays policy name, modify if required
Cycle Type
Displays Cycle type, modify if required
Cycle Hours
Displays allotted Cycle hours
Allotted Days Displays allotted days, modify if required
Or
Unlimited Days
78
Allotted time
Or
Unlimited time
Shared allotted time
with group members
Policy Description
Update button
Cancel button
Displays allotted time in hours, minutes, modify if required
Cyberoam User Guide
Displays whether the total allotted time is shared among the
group members or not, modify if required
Displays description of the policy, modify if required
Updates and saves the policy
Cancels the current operation and returns to Manage Surfing
Quota policy page
Table - Update Surfing Quota policy screen elements
Note
The changes made in the policy become effective immediately on updating the changes.
Delete Surfing Quota policy
Prerequisite
• Not assigned to any User or Group
Select Policies → Surfing Quota policy → Manage policy to view list of policies
Screen - Delete Surfing Quota policy
Screen Elements
Del
Description
Select policy for deletion
Click Del to select
Select All
More than one policy can also be selected
Select all the policies for deletion
Click Select All to select all the policies
Delete button Deletes all the selected policies
Table - Delete Surfing Quota policy screen elements
79
Cyberoam User Guide
Access Time policy
Access time is the time period during which user can be allowed/denied the Internet access. An example
would be “only office hours access” for a certain set of users.
Access time policy enables to set time interval - days and time - for the Internet access with the help of
schedules. See Schedules for more details.
A time interval defines days of the week and times of each day of the week when the user will be
allowed/denied the Internet access.
Two strategies based on which Access time policy can be defined:
Allow strategy By default, allows access during the schedule
Deny strategy By default, disallows access during the schedule
Create Access Time policy
Prerequisite
• Schedule created
Select Policies Access Time Policy Create policy to open create policy page
Screen - Create Access Time policy
Screen Elements
Description
Access Time policy details
Name
Specify policy name. Choose a name that best describes the policy to
be created
Schedule
Specify policy schedule
Users will be allowed/disallowed access during the time specified in the
schedule.
Click Schedule list to select
Click View details link to view the details of selected schedule
80
Cyberoam User Guide
Strategy for selected
Schedule
Refer to Define Schedule on how to create a new schedule
Specify strategy to policy
Allow – Allows the Internet access during the scheduled time interval
Disallow - Does not allow the Internet access during the scheduled time
interval
Description
Create button
Click to select
Specify full description of policy
Creates policy
Table - Create Access Time policy screen elements
Note
Policies with the same name cannot be created
81
82
Cyberoam User Guide
Update Access Time policy
Select Policies → Access Time policy → Manage policy and Click Policy name to be
modified
Screen - Update Access Time policy
Screen Elements
Description
Access Time policy details
Name
Displays policy name, modify if required
Schedule
Displays selected policy schedule
To modify,
Click Schedule list and select new schedule
Cyberoam User Guide
Strategy for selected
Schedule
Click View details link to view details of the selected schedule
Displays Schedule strategy
Description
Save button
Cancel button
Cannot be modified
Displays description of the policy, modify if required
Saves the modified details
Cancels current operation and returns to Manage Access Time
policy
Table - Update Access Time policy screen elements
Note
The changes made in the policy become effective immediately on saving the changes.
Delete Access Time policy
Prerequisite
• Not assigned to any User or Group
Select Policies → Access Time policy → Manage policy to view the list of policies
Screen - Delete Access Time policy
Screen Elements
Del
Description
Select policy for deletion
Click Del to select
Select All
More than one policy can also be selected
Select all the policies for deletion
Click Select All to select all the policies
Delete button Deletes all the selected policies
Table - Delete Access Time policy screen elements
83
84
Cyberoam User Guide
Internet Access policy
Internet Access policy controls user’s web access. It helps to manage web access specific to the
organization’s need. It specifies which user has access to which sites or applications and allows defining
policy based on almost limitless parameters like:
1. Individual users
2. Groups of users
3. Time of day
4. Location/Port/Protocol type
5. Content type
6. Bandwidth usage (for audio, video and streaming content)
When defining a policy, you can deny or allow access to an entire application category, or to individual
file extensions within a category. For example, you can define a policy that blocks access to all audio files
with .mp3 extensions.
Two basic types of Internet Access policy:
1. Default Allow
2. Default Disallow
Default Allow
By default, allows user to view everything except the sites and files specified in the web categories
E.g. To allow access to all sites except Mail sites
Default Disallow
By default, prevents user from viewing everything except the sites and files specified in the web
categories
E.g. To disallow access to all sites except certain sites
85
Cyberoam User Guide
Create a new Internet Access policy
Select Policies Internet Access Policy Create Policy to open the create policy page
Screen - Create Internet Access policy
86
Cyberoam User Guide
Screen Elements
Description
Internet Access policy details
Name
Specify policy name. Choose a name that best describes the policy
to be created
Using Template Select a template if you want to create a new policy based on an
existing policy and want to inherit all the categories restrictions from
the existing policy
Policy Type
Only for ‘Blank’
option in Using
Template field
Description
Reporting
Select ‘Blank’ template, if you want to create a fresh policy without
any restrictions. After creation you can always customize the
category restrictions according to the requirement.
Select default policy type
Available options
Allow – Allows access to all the Internet sites except the sites and
files specified in the Categories
Deny – Allows access to only those sites and files that are specified
in the Categories
Specify full description of policy
By default, Internet usage report is generated for all the users. But
Cyberoam allows to bypass reporting of certain users.
Click ‘Off’ to create Bypass reporting Internet access policy. Internet
usage reports will not include access details of all the users to whom
this policy will be applied.
Create button
Click ‘On’ to create policy which will include access details of all the
users in Internet usage reports to whom this policy is applied.
Creates policy and allows to add Category restriction
Refer to Add Category for more details
Internet Access policy Rules
Add button
Allows to define Internet Access policy rules and assign Web, File
Type and Application Protocol Categories to Internet Access policy
Save button
Show Policy
Members button
Cancel button
Click to add
Refer to Add Internet Access policy rule for more details
Saves policy
Opens a new page and displays list of policy members
Cancels the current operation and return to Manage Internet Access
policy page
Table - Create Internet Access policy screen elements
Note
Policies with the same name cannot be created
Add Internet Access policy rule
Cyberoam User Guide
Screen – Add Internet Access policy rule
Screen Elements
Rule details
Select Category
Description
Displays list of custom Web, File Type and Application Protocol
Categories
Displays list of Categories assigned to policy
In Category Name column,
W represents Web Category
F represents File Type Category
A represents Application Protocol Category
D represents Default Category
C represents Customized i.e. User defined Category
Select Categories to be assigned to policy.
In Web Category list, click to select
In File Type list, click to select
In Application Protocol list, click to select
Use Ctrl/Shift and click to select multiple Categories
Strategy
During Schedule
If ‘Web and Application Filter’ subscription module is registered, all
the default categories will also be listed and can be for restriction.
Allows/Disallows access to the selected Categories during the period
defined in the schedule
Click Strategy box to see options and select
Allows/Disallows access to the selected Categories according to the
strategy defined during the period defined in the schedule
Allow/Disallow will depend on the strategy selected
View details link
Click Schedule box to see options and select
Opens a new window and displays details of the selected schedule
Add button
Click to view
Click Close to close the window
Add rule to Internet Access policy
87
Cyberoam User Guide
Cancel button
Click to add rule
Cancels the current operation
Table – Add Internet Access policy rule screen elements
Update Internet Access policy
Select Policy Internet Access policy Manage Policy and click policy name to be
modified
Screen - Update Internet Access policy
Screen Elements
Description
Internet Access policy details
Name
Displays policy name
Policy Type
Description
Reporting
Cannot be modified
Displays policy type
Cannot be modified
Displays policy description, modify if required
By default, Internet usage report is generated for all the users. But
Cyberoam allows to bypass reporting of certain users.
Click ‘Off’ to create Bypass reporting Internet access policy.
Internet usage reports will not include access details of all the
users to whom this policy will be applied.
Click ‘On’ to create policy which will include access details of all the
users in Internet usage reports to whom this policy is applied.
Internet Access policy Rules
88
Cyberoam User Guide
Displays list of Categories assigned to policy
In Category Name column,
W represents Web Category
F represents File Type Category
A represents Application Protocol Category
Add button
D represents Default Category
C represents Customized i.e. User defined Category
Allows to define a new rule
Click to add
Delete button
MoveUp button
Only when more
than one rule is
defined
Refer to Add Internet Access policy rule for more details
Allows to delete the selected rule(s)
Refer to Delete Internet Access policy rule for more details
Moves the selected rule one step up
Click rule that is to be moved one-step up. This will highlight
selected rule.
Click MoveUp to move the selected rule one step upwards
MoveDown button
Only when more
than one rule is
defined
Update button
Only when more
than one rule is
defined
Save button
Show Policy members
button
Cancel button
Moves the selected rule one step down
Click rule, which is to be moved one-step down. This will highlight
selected rule.
Click Move Down to move the selected rule one step downwards
Saves the modified sequence of the rules
Saves the modifications
Opens a new page and displays list of policy members
Cancels the current operation and returns to Manage Internet
Access policy page
Delete Internet Access policy rule
Table - Update Internet Access policy screen elements
Screen - Delete Internet Access policy rule
89
Cyberoam User Guide
Screen Elements
Del
Description
Select rule to be deleted
Click Del to select
Select All
More than one rule can also be selected
Selects all rules for deletion
Click Select All to select all rules for deletion
Delete button Delete(s) selected rules
Table - Delete Internet Access policy rule screen elements
Note
Do not forget to update after changing the order
Delete Internet Access policy
Prerequisite
• Not assigned to any User or Group
Select Policies Internet Access policy Manage Policy
Screen - Delete Internet Access policy
90
Cyberoam User Guide
Screen Elements
Del
Description
Select policy for deletion
Click Del to select
Select All
More than one policy can also be selected
Selects all policies for deletion
Click Select All to select all policies for deletion
Delete button
Delete(s) selected policies
Table - Delete Internet Access policy screen elements
91
92
Cyberoam User Guide
Bandwidth policy
Bandwidth is the amount of data passing through a media over a period of time and is measured in terms
of kilobytes per second (kbps) or kilobits per second (kbits) (1 Byte = 8 bits).
The primary objective of bandwidth policy is to manage and distribute total bandwidth on certain
parameters and user attributes. Bandwidth policy allocates & limits the maximum bandwidth usage of the
user and controls web and network traffic.
Policy can be defined/created for:
1. Logon Pool
It restricts the bandwidth of a Logon Pool i.e. all the users defined under the Logon Pool share
the allocated bandwidth.
2. User
It restricts the bandwidth of a particular user.
3. Firewall Rule
It restricts the bandwidth of any entity to which the firewall rule is applied.
Logon Pool based bandwidth policy
Policy restricts the bandwidth for a Logon Pool i.e. all the users defined under the Logon Pool will share
the allocated bandwidth.
User based bandwidth policy
Strict
Policy restricts the bandwidth for a particular user. There are two types of bandwidth restriction
• Strict
• Committed
In this type of bandwidth restriction, user cannot exceed the defined bandwidth limit. Two ways to
implement strict policy:
• Total (Upstream + Downstream)
• Individual Upstream and Individual Downstream
Implementation on Bandwidth specified Example
Total
(Upstream +
Downstream)
Total bandwidth
Total bandwidth is 20 kbps and
upstream and downstream combined
cannot cross 20 kbps
Individual Upstream Individual bandwidth i.e. Upstream and Downstream
and Individual separate for both
bandwidth is 20 kbps then either
Downstream
cannot cross 20 kbps
Table - Implementation types for Strict - Bandwidth policy
Strict policy – Bandwidth usage
Bandwidth usage
Bandwidth specified
Individual
Shared
For a particular user
Shared among all the users who have been assigned this policy
Table - Bandwidth usage for Strict - Bandwidth policy
93
Cyberoam User Guide
Committed
In this type of bandwidth restriction, user is allocated the guaranteed amount of bandwidth and user can
draw bandwidth up to the defined burstable limit, if available.
It enables to assign fixed minimum and maximum amounts of bandwidth to users. By borrowing excess
bandwidth when it is available, users are able to burst above guaranteed minimum limits, up to the burstable
rate. Guaranteed rates also assure minimum bandwidth to critical users to receive constant levels of
bandwidth during peak and non-peak traffic periods.
Guaranteed represents the minimum guaranteed bandwidth and burstable represents the maximum
bandwidth that a user can use, if available.
Two ways to implement committed policy:
• Total (Upstream + Downstream)
• Individual Upstream and Individual Downstream
Implementation on Bandwidth specified Example
Total
(Upstream +
Downstream)
Individual Upstream
and Individual
Downstream
Guaranteed bandwidth
Burstable bandwidth
Individual Guaranteed and
Brustable bandwidth i.e.
separate for both
Guaranteed bandwidth is 20 kbps then
upstream and downstream combined will
get 20 kbps guaranteed (minimum)
bandwidth
Burstable bandwidth is 50 kbps then
upstream and downstream combined can
get up to 50 kbps of bandwidth
(maximum), if available
Individual guaranteed bandwidth is 20
kbps then upstream and downstream
get 20 kbps guaranteed (minimum)
bandwidth individually
Individual brustable bandwidth is 50 kbps
then upstream and downstream get
maximum bandwidth up to 50 kbps, if
available individually
Table - Implementation types for Committed - Bandwidth policy
Committed policy – Bandwidth usage
Bandwidth usage
Bandwidth specified
Individual
Shared
For a particular user
Shared among all the users who have been assigned this policy
Table - Bandwidth usage for Committed - Bandwidth policy
Firewall Rule based bandwidth policy
Policy restricts the bandwidth for a particular IP address. It is similar to the User based policy with the
same type of restrictions on Implementation type & Bandwidth usage.
Cyberoam User Guide
Create Bandwidth policy
Select Policies Bandwidth Policy Create policy to open the create policy pane
Screen - Create Bandwidth policy
Common Screen Elements
Screen Elements
Description
Bandwidth Policy Details
Name
Specify policy name. Choose a name that best describes
the policy to be created
Description Specify full description of policy
Priority
Set the bandwidth priority
Create button
Cancel button
Priority can be set from 0 (highest) to 7 (lowest)
Set the priority for SSH/Voice/Telnet traffic to be highest as
this traffic is more of the interaction
Creates policy
Cancels the current operation
Table - Create Bandwidth policy - Common screen elements
Note
Policies with the same name cannot be created
94
Cyberoam User Guide
Create Logon Pool based bandwidth policy
Select Policies Bandwidth Policy Create policy to open the create policy page
Screen - Create Logon Pool based Bandwidth policy
Screen Elements
Bandwidth Policy Details
Policy based on
Total Bandwidth (in KB)
Description
Click Logon Pool to create Logon Pool based policy
Specify maximum amount of total bandwidth, expressed
in terms of kbps.
Specified bandwidth will be shared by all the users of the
Logon Pool
Maximum bandwidth limit is 4096 kbps
Table - Create Logon Pool based Bandwidth policy screen elements
95
Cyberoam User Guide
Create User/Firewall Rule based Strict bandwidth policy
Screen - Create User/IP based Strict Bandwidth policy
Screen Elements
Description
Bandwidth Policy Details
Policy based on Based on the selection creates policy for User or IP address
Policy Type
Click User to create User based policy
Click IP Address to create IP Address based policy
Based on the selection bandwidth restriction will be applied
In Strict type of bandwidth restriction, user cannot exceed the defined
bandwidth limit
Implementation on
In Committed type of bandwidth restriction, user is allocated the guaranteed
amount of bandwidth and can draw bandwidth up to the defined burst-able
limit, if available.
Specify implementation type of Bandwidth restriction
Click Total to implement bandwidth restriction on the Total usage
Total bandwidth
(Only for ‘TOTAL’
implementation type)
Upload Bandwidth
(Only for ‘INDIVIDUAL’
implementation type)
Download Bandwidth
(Only for ‘INDIVIDUAL’
implementation type)
Click Individual to implement bandwidth restriction on the Individual
Upstream and Individual Downstream bandwidth usage
Specify maximum amount of Total bandwidth, expressed in terms of kbps
Minimum bandwidth allowed is 2 kbps and maximum is 4096 kbps
Specify maximum amount of Upstream Bandwidth, expressed in terms of
kbps
Minimum bandwidth allowed is 2 kbps and maximum is 4096 kbps
Specify maximum amount of Downstream Bandwidth, expressed in terms of
kbps
96
Cyberoam User Guide
Minimum bandwidth allowed is 2 kbps and maximum is 4096 kbps
Bandwidth usage Specify whether the Bandwidth allocated is for particular user or shared
among all the policy users
Table - Create User/IP based Strict Bandwidth policy screen elements
97
Cyberoam User Guide
Create User/Firewall Rule based Committed bandwidth policy
Screen - Create User/IP based Committed Bandwidth policy
Screen Elements
Bandwidth Policy Details
Policy based on
Policy Type
Description
Creates policy based on the selection
Click User to create User based policy
Click IP Address to create IP address based policy
Based on the selection bandwidth restriction will be applied
In Strict type of bandwidth restriction, user cannot exceed the defined
bandwidth limit
In Committed type of bandwidth restriction, user is allocated the
guaranteed amount of bandwidth and can draw bandwidth up to the
defined burst-able limit, if available.
Implementation on
Click Committed to apply committed policy
Specify implementation type for Bandwidth restriction
Guaranteed (Min)/ Burstable
(Max)
(Only for ‘TOTAL’
implementation type)
Guaranteed (Min)/ Burstable
(Max) Upload Bandwidth
(Only for ‘INDIVIDUAL’
implementation type)
Click Total to implement bandwidth restriction on Total
Click Individual to implement bandwidth restriction on Individual
Upstream and Individual Downstream bandwidth
Specify Guaranteed and Burstable amount of Total bandwidth,
expressed in terms of kbps
Minimum bandwidth allowed is 2 kbps and maximum is 4096 kbps
Specifies Guaranteed and Burstable amount of Upstream Bandwidth,
expressed in terms of kbps
Minimum bandwidth allowed is 2 kbps and maximum is 4096 kbps
Guaranteed (Min)/ Specifies Guaranteed and Burstable amount of Downstream Bandwidth,
98
99
Burstable(Max) Download
Bandwidth
(Only for ‘INDIVIDUAL’
implementation type)
Bandwidth usage
expressed in terms of kbps
Cyberoam User Guide
Minimum bandwidth allowed is 2 kbps and maximum is 4096 kbps
Specify whether bandwidth specified is for a particular User or Shared
among all the policy users
Table - Create User/IP based Committed Bandwidth policy screen elements
Cyberoam User Guide
Update Bandwidth policy
Need to update Bandwidth Policy
1. Add/remove schedule based details to User/IP address based policy
2. Update bandwidth values
Select Policies → Bandwidth policy → Manage policy and click Policy name to be updated
Screen - Update Bandwidth policy
Common Screen Elements
Screen Elements
Description
Bandwidth Policy details
Name
Displays Bandwidth policy name, modify if required
Priority
Displays the bandwidth priority, modify if required
Priority can be set from 0 (highest) to 7 (lowest)
Set the priority for SSH/Voice/Telnet traffic to be
highest as this traffic is more of the interaction
Description Displays policy description, modify if required
Update button Updates and saves the policy
Cancel button Cancels current operation and returns to the Manage
Bandwidth policy page
Table - Update Bandwidth policy Common screen elements
100
Cyberoam User Guide
Update Logon Pool based bandwidth policy
Screen - Update Logon Pool based Bandwidth policy
Screen Elements
Bandwidth Policy Details
Show Members link
Policy Based On
Description
Opens a new browser window and displays bandwidth
restriction details and the member Logon Pools of the
policy
Click Close to close the window
Displays type of policy
Cannot be modified
Default values to be applied all the time
Implementation on Displays Implementation type of the policy
Total Bandwidth (in KB)
Cannot be modified
Displays total bandwidth for the group, modify if required
Maximum bandwidth limit is 4096 kbps
Table - Update Logon Pool based Bandwidth policy screen elements
101
Cyberoam User Guide
Update User/Firewall Rule based Bandwidth policy
Screen - Update User based Bandwidth policy
Screen Elements
Bandwidth Policy Details
Show members link
Policy based on
Description
Opens a new browser window and displays bandwidth
restriction details, schedule details and the
members/users of the policy
Click Close to close the window
Displays type of policy
Cannot be modified
Default values to be applied all the time
Implementation on
Displays implementation type of policy
Total Bandwidth
(Only for ‘TOTAL’ implementation
type)
Upload Bandwidth (in KB)
(Only for ‘STRICT’ policy type
and ‘INDIVIDUAL’ implementation
type)
Download Bandwidth (in KB)
(Only for ‘STRICT’ policy type
and ‘INDIVIDUAL’ implementation
type)
Guaranteed – Brustable Upload
Bandwidth (in KB)
(Only for ‘COMMITTED’ policy
Cannot be modified
Displays total bandwidth assigned, modify if required
Modify Upstream bandwidth value
Modify Downstream bandwidth value
Modify Upstream bandwidth value
102
Cyberoam User Guide
type and ‘INDIVIDUAL’
implementation type)
Guaranteed – Brustable Download
Bandwidth (in KB)
(Only for ‘COMMITTED’ policy
type and ‘INDIVIDUAL’
implementation type)
Policy type
Update button
Add details button
Modify Downstream bandwidth value
Displays policy type i.e. committed or strict
Cannot be modified
Updates the changes made in ‘Bandwidth restriction
details’ and ‘Default values to be applied all the time’
Allows to attach schedule to override default bandwidth
restriction
Click Add details
Refer to Attach Schedule details for more details
Table - Update User based Bandwidth policy screen elements
Attach Schedule details
Strict
Screen – Assign Schedule to User based Strict Bandwidth policy
Screen Elements
Description
Bandwidth Policy Schedule wise details
Name
Displays policy name
Policy Type
Displays Type of bandwidth restriction
Implementation on
Click Strict to apply strict policy
Specify whether bandwidth restriction implementation is on Total or
Upstream & downstream individually
For Total
Total Bandwidth - Specify maximum amount of Total bandwidth,
expressed in terms of kbps
For Individual
Upload Bandwidth - Specify maximum amount of Upstream bandwidth,
expressed in terms of kbps
Download Bandwidth - Specify maximum amount of Downstream
bandwidth, expressed in terms of kbps
103
Cyberoam User Guide
Schedule
View details link
Specify Schedule
Click Schedule list to select
Opens the new browser window and displays the details of the schedule
selected
Click Close to close the window
Add button
Assigns schedule
Cancel button Cancels the current operation
Table – Assign Schedule to User based Strict Bandwidth policy screen elements
Committed
Screen - Assign Schedule to User based Committed Bandwidth policy
Screen Elements
Description
Bandwidth Policy Schedule wise details
Name
Displays policy name
Policy Type Displays Type of bandwidth restriction
Implementation on
Click Committed to apply committed policy
Specify whether bandwidth restriction implementation is on Total or Upstream
& downstream individually
For Total
Guaranteed(Min) Bandwidth - Specify minimum guaranteed amount of Total
bandwidth, expressed in terms of kbps
Brustable(Max) Bandwidth - Specify maximum amount of Total bandwidth,
expressed in terms of kbps
For Individual
Guaranteed(Min) Upload Bandwidth - Specify minimum guaranteed amount of
Upstream bandwidth, expressed in terms of kbps
Brustable(Max) Upload Bandwidth - Specify maximum amount of Upstream
bandwidth, expressed in terms of kbps
104
Cyberoam User Guide
Guaranteed(Min) Download Bandwidth - Specify minimum guaranteed
amount of Downstream bandwidth, expressed in terms of kbps
Schedule
View details link
Brustable(Max) Download Bandwidth - Specify maximum amount of
Downstream bandwidth, expressed in terms of kbps
Specify Schedule
Click Schedule list to select
Opens new browser window and displays the details of the schedule selected
Click Close to close the window
Add button Assigns schedule to the bandwidth policy
Cancel button Cancels the current operation
Table – Assign Schedule to User based Committed Bandwidth policy screen elements
Remove Schedule details
Screen - Remove Schedule from User based Bandwidth policy
Screen Elements
Select
Description
Select Schedule detail(s) for deletion
Click Select to select
Select All
More than one schedule details can also be selected
Select all details for deletion
Click Select All to select all details
Remove Detail button Removes the selected schedule detail(s)
Table - Remove Schedule from User based Bandwidth policy screen elements
Note
The changes made in the policy become effective immediately on saving the changes.
105
Cyberoam User Guide
Delete Bandwidth policy
Prerequisite
• Bandwidth policy not attached to any Logon Pool, user or IP address
Select Policies → Bandwidth policy → Manage policy to view the list of policies
Screen - Delete Bandwidth policy
Screen Elements
Del
Description
Select policy for deletion
Click Del to select
Select All
More than one policy can also be selected
Selects all polices for deletion
Click Select All to select all policies
Delete button Deletes selected policies
Table - Delete Bandwidth policy screen elements
106
107
Cyberoam User Guide
Data Transfer policy
Data transfer policy:
• Limits data transfer on a cyclic or non-cyclic basis.
• Single policy can be applied to number of Groups or Users.
Data transfer restriction can be based on:
• Total Data transfer (Upload+Download)
• Individual Upload and/or Download
Cyberoam provides several predefined policies, which are available for use until configured otherwise.
You can also define customized policies to define different limit for different users to meet your
organization’s requirements.
Create Data transfer policy
Select Policies Data Transfer Policy Create Policy to open the create policy page
Screen – Create Data transfer policy
Screen Elements
Description
Create Data Transfer policy
Name
Specify policy name. Choose a name that best describes the policy
Cycle type
Specify cycle type
Available options
108
Cyberoam User Guide
Restriction based on
Daily – restricts data transfer up to cycle hours defined on daily basis
Weekly – restricts data transfer up to cycle hours defined on weekly
basis
Monthly – restricts data transfer up to cycle hours defined on monthly
basis
Yearly – restricts data transfer up to cycle hours defined on yearly basis
Non-cyclic – data restriction is defined by the Total data transfer limit
Specify whether the data transfer restriction is on total data transfer or
on individual upload or download
Click Total Data Transfer to apply data transfer restriction on the Total
(Upload + Download) data transfer
Shared allotted data
transfer with group
members
Only if Cycle Type is
‘Non-cyclic’
Policy Description
Restriction Details
Cycle Total Data
Transfer Limit (MB)
Only if Cycle Type is
not ‘Non-cyclic’ and
Restriction is based on
‘Total Data Transfer’
Cycle Upload Data
Transfer Limit (MB)
Only if Cycle Type is
not ‘Non-cyclic’ and
Restriction is based on
‘Individual Data
Transfer’
Cycle Download Data
Transfer Limit (MB)
Only if Cycle Type is
not ‘Non-cyclic’ and
Restriction is based on
‘Individual Data
Transfer’
Total Data Transfer Limit
(MB)
Only if Restriction is
based on ‘Total Data
Transfer’
Upload Data Transfer
Limit (MB)
Click Individual Data Transfer to apply data transfer restriction on the
Individual Upload and Individual Download data transfer
Specify whether the allotted data transfer will be shared among all the
group members or not
Click to share
Specify full description of the policy
Specify Cycle Total Data transfer limit
It is the upper limit of total data transfer allowed to the user per cycle.
User will be disconnected if limit is reached.
Specify Cycle Upload Data transfer limit.
It is the upper limit of upload data transfer allowed to the user per cycle.
User will be disconnected if limit is reached.
OR
If you do not want to restrict upload data transfer per cycle, click
Unlimited Cycle Upload Data transfer
Enter Cycle Download Data transfer limit.
It is the upper limit of download data transfer allowed to the user per
cycle. User will be disconnected if limit is reached.
OR
If you do not want to restrict download data transfer per cycle, click
Unlimited Cycle Download Data transfer
Specify Total Data transfer limit.
It is the data transfer allowed to the user and if the limit is reached user
will not be able to log on until the policy is renewed.
OR
If you do not want to restrict total data transfer, click Unlimited Total
Data Transfer
Specify Upload Data transfer limit.
It is the total upload data transfer allowed to the user and if the limit is
Cyberoam User Guide
Only if Restriction is
based on ‘Individual
Data Transfer’
Download Data Transfer
Limit (MB)
Only if Restriction is
based on ‘Individual
Data Transfer’
reached user will not be able to log on until the policy is renewed.
OR
If you do not want to restrict total upload data transfer, click Unlimited
Upload Data Transfer
Specify Download Data transfer limit.
It is the upper download data transfer allowed to the user and if the limit
is reached user will not be able to log on until the policy is renewed.
OR
Create button
Cancel button
If you do not want to restrict total download data transfer, click Unlimited
Download Data Transfer
Creates policy
Cancels the current operation and returns to Manage Data transfer
policy page
Table – Create Data transfer policy screen elements
Update Data transfer policy
Select Policies → Data transfer policy → Manage policy and click Policy name to be modified
Screen – Update Data transfer policy screen
Screen Elements
Description
Edit Data Transfer policy
Name
Displays policy name, modify if required.
Cycle type
Displays cycle type
Restriction based on Displays whether the data transfer restriction is on total data transfer or
on individual upload or download
109
110
Cyberoam User Guide
Shared allotted data
transfer with group
members
Policy Description
Restriction Details
Cycle Total Data
Transfer Limit (MB)
Only if Restriction is
based on ‘Total Data
Transfer’
Displays whether the allotted data transfer is shared among all the group
members or not
Displays full description of the policy, modify if required.
Displays Cycle Total Data transfer limit
It is the upper limit of total data transfer allowed to the user per cycle.
User will be disconnected if limit is reached.
Cycle Upload Data
Transfer Limit (MB)
Only if Restriction is
based on ‘Individual
Data Transfer’
Cycle Download Data
Transfer Limit (MB)
Only if Restriction is
based on ‘Individual
Data Transfer’
Total Data Transfer
Limit (MB)
Only if Restriction is
based on ‘Total Data
Transfer’
Upload Data Transfer
Limit (MB)
Only if Restriction is
based on ‘Individual
Data Transfer’
Download Data
Transfer Limit (MB)
Only if Restriction is
based on ‘Individual
Data Transfer’
Update button
Cancel button
Displays Cycle Upload Data transfer limit.
It is the upper limit of upload data transfer allowed to the user per cycle.
User will be disconnected if limit is reached.
Displays Cycle Download Data transfer limit.
It is the upper limit of download data transfer allowed to the user per
cycle. User will be disconnected if limit is reached.
Displays Total Data transfer limit.
It is the data transfer allowed to the user and if the limit is reached user
will not be able to log on until the policy is renewed.
Displays Upload Data transfer limit.
It is the total upload data transfer allowed to the user and if the limit is
reached user will not be able to log on until the policy is renewed.
Displays Download Data transfer limit.
It is the upper download data transfer allowed to the user and if the limit
is reached user will not be able to log on until the policy is renewed.
Updates policy
Cancels the current operation and returns to Manage Data transfer policy
page
Table – Update Data transfer policy screen elements
Delete Data transfer policy
Prerequisite
• Not assigned to any User or Group
Select Policies → Data transfer policy → Manage policy to view list of policies
Cyberoam User Guide
Screen – Delete Data transfer policy screen
Screen Elements
Del
Description
Select policy for deletion
Click Del to select
Select All
More than one policy can also be selected
Select all the policies for deletion
Click Select All to select all the policies
Delete button Deletes all the selected policy/policies
Table - Delete Data transfer policy screen element
SNAT Policy
SNAT policy tells firewall rule to allow access but after changing source IP address i.e. source IP address
is substituted by the IP address specified in the SNAT policy.
Create SNAT policy
Select Firewall → SNAT policy → Create to open the create page
111
Cyberoam User Guide
Screen – Create SNAT policy
Screen Elements
SNAT policy
SNAT Policy Name
Description
Source Translation
Map Source IP with
Description
Specify policy name
Specify description
Specify IP address
MASQUERADE – will replace source IP address with Cyberoam’s
WAN IP address
IP – will replace source IP address with the specified IP address
IP Range – will replace source IP address with any of the IP address
from the specified range
Create button
Creates the SNAT policy
Table – Create SNAT policy screen elements
Manage SNAT policy
Use to
• Edit policy
• Delete policy
Update policy
Select Firewall → SNAT policy → Manage to view the list of polices. Click the policy to be
modified.
112
Cyberoam User Guide
Screen – Update SNAT policy
Screen Elements
SNAT policy
SNAT Policy Name
Description
Source Translation
Map Source IP with
Update button
Description
Displays policy name, modify if required
Displays description, modify if required
Specify IP address
MASQUERADE – will replace source IP address with Cyberoam’s
WAN IP address
IP – will replace source IP address with the specified IP address
IP Range – will replace source IP address with any of the IP address
from the specified range
Saves the modifications
Table – Update SNAT policy screen elements
Delete SNAT policy
Select Firewall → SNAT policy → Manage to view the list of polices.
113
Cyberoam User Guide
Screen – Delete SNAT policy
Screen Elements
Del
Description
Select policy for deletion
Click Del to select
Select All
More than one policy can also be selected
Select all the policies for deletion
Click Select All to select all the policies
Delete button Deletes all the selected policy/policies
Table – Delete SNAT policy screen elements
114
Cyberoam User Guide
DNAT Policy
DNAT rule tells the firewall to forward the requests from the specified machine/port to the specified
machine/port.
Create DNAT policy
Select Firewall → DNAT policy → Create to open the create page
Screen - Create DNAT policy
Screen Elements
DNAT policy
DNAT Policy Name
Description
Destination Translation
Map Destination IP with
Port Forward
Description
Specify policy name
Specify description
Specify IP address
IP – will replace destination IP address with the specified IP
address
IP Range – will replace destination IP address with any of the IP
address from the specified range
Enable port forwarding if you want to replace the port also.
Create button
Specify TCP Port number
Specify UDP Port number
Creates DNAT policy
Table - Create DNAT policy screen elements
115
Cyberoam User Guide
Manage DNAT policy
Use to
• Edit policy
• Delete policy
Update policy
Select Firewall → DNAT policy → Manage to view the list of polices. Click the policy to be
modified.
Screen – Edit DNAT policy
Screen Elements
DNAT policy
DNAT Policy Name
Description
Destination Translation
Map Destination IP with
Port Forward
Description
Displays policy name, modify if required
Displays description, modify if required
Specify IP address
IP – will replace destination IP address with the specified IP
address
IP Range – will replace destination IP address with any of the IP
address from the specified range
Displays whether port forwarding is enabled or not.
116
Cyberoam User Guide
Enable port forwarding if you want to replace the port also.
Update button
Specify TCP Port number
Specify UDP Port number
Updates DNAT policy
Table – Edit DNAT policy screen elements
Delete DNAT policy
Select Firewall → DNAT policy → Manage to view the list of polices.
Screen – Delete DNAT policy
Screen Elements
Del
Description
Select policy for deletion
Click Del to select
Select All
More than one policy can also be selected
Select all the policies for deletion
Click Select All to select all the policies
Delete button Deletes all the selected policy/policies
Table – Delete DNAT policy screen elements
117
Cyberoam User Guide
Zone Management
Use to
• Update Zone details
• Delete Zone
Manage Zone
Select System Zone Manage to open the manage zone page
Screen – Edit Zone
Screen Elements
Create Zone
Zone Name
Zone Type
Description
Displays zone name
Displays zone type
LAN – Depending on the appliance in use and on your network
design, you can group one to six ports in this zone.
By default the traffic to and from this zone is blocked and hence the
highest secured zone.
DMZ (DeMilitarized Zone) - This zone is normally used for publicly
accessible servers. Depending on the appliance in use and on your
network design, you can group one to five ports in this zone.
Select Port
WAN - Depending on the appliance in use and on your network
design, you can group one to six ports in this zone.
Displays the ports binded to the to the zone, modify if required
118
Cyberoam User Guide
‘Available Ports’ list displays the list of ports that can be binded to the
selected zone.
‘Member Port’ list displays the list of ports binded to the zone
Use Right arrow button to move the selected ports to ‘Member Port’
list.
Description
Save button
Use Left arrow button to move the selected ports to ‘Available Port’
list.
Displays zone description, modify if required
Saves the zone configuration
Table – Edit Zone
Delete Zone
Prerequisite
• No hosts attached to the zone
Select System Zone Manage to open the manage zone page
Screen – Delete Zone
Screen Elements
Del
Description
Select Zone(s) for deletion
Click Del to select
Select All
Delete Group button
More than one zone can also be selected
Selects all the zones
Click Select All to select all the zones for
deletion
Delete the selected zone(s)
Table – Delete Zone
Note
Default Zones cannot be deleted
119
120
Cyberoam User Guide
Group Management
Manage Group
Update Group to:
• Change Surfing time policy applied
• Change Access time policy applied
• Change Internet Access policy applied
• Change Bandwidth policy applied
• Change Data transfer policy applied
• Change the login restriction for the users of the group
• Add new users to the group
Select Group Manage Group and click the Group to be modified
Screen - Manage Group
Screen Elements
Group Information
Group Name
Show Group
Members button
Surfing Quota policy
Change policy button
Description
Displays Group name, modify if required
Opens a new window and displays list of group members
Displays currently attached Surfing Quota policy to the Group
Click to change the attached Surfing Quota policy
121
Cyberoam User Guide
Only for ‘Normal’
Group type
Opens a new window and allows to select a new Surfing Quota policy
Time
(HH:mm)
Expiry date
allotted
Click Change policy
Click Select to select from available policy
Click Done to confirm the selection
Click Cancel to cancel the operation
Surfing quota policy, Time allotted & Expiry date changes accordingly
Displays total surfing time allotted by Surfing Quota policy to the Group
Cannot be modified
Displays Expiry date of the Surfing Quota policy
Period Time
(HH:mm)
Only if Surfing
Quota policy is
Non-Cyclic
Period Cycle
Only if Surfing
Quota policy is
Non-Cyclic
Used Surfing Time
Access Time policy
Only for ‘Normal’
Group type
Cannot be modified
Displays cycle hours
Cannot be modified
Displays type of cycle
Cannot be modified
Displays total time used by the Group members
Cannot be modified
Displays currently attached Access Time policy to the Group
To change
Click Access Time policy list to select
Internet
policy
Access
Click View details to view the details of the policy
Displays currently attached Internet Access policy to the Group
To change
Click Internet Access policy list to select
Bandwidth policy
Click View details to view the details of the policy
Displays currently attached Bandwidth policy to the Group
To change
Click Bandwidth policy list to select
Data Transfer policy
Click View details to view the details of the policy
Displays currently attached Data Transfer policy to the Group
To change
Click Data Transfer policy list to select
Login Restriction
Change Login
Restriction button
Save button
Add Members
Click View details to view the details of the policy
Display login restriction applied to the Group members
Click to change login restriction
Refer to Change Login Restriction for more details
Saves the modified details
Allows to add members to the group
Click to add
122
Cyberoam User Guide
Renew Data Transfer
(Only if Data
transfer policy is
Non-cyclic and
shared)
Cancel button
Note
Refer to Add Group Members for details
Renews data transfer policy of all the group memebers
Cancels the current operation
Table - Manage Group screen elements
Any changes made are applicable to all the group members
Add Group Member(s)
Screen – Add Group Member
Screen Elements
Select Group
Username/Name
starting with (* for All)
Search button
Description
Members from the selected group will be transferred to the
current group
Click to select the Group
Search user
Specify username or * to display all the users
Search user from the selected Group
Displays list of users in the selected Group
Add button
Close button
Click Add to select the user to be added
More than one user can also be selected
Adds selected user(s) to the group
Closes the window and returns to Edit Group page
Table – Add Group Member screen elements
Cyberoam User Guide
Update Group
Need may arise to change the Group setting after the creation of Group.
To
Show Group Members
Change Surfing Quota Policy
Only for ‘Normal’ Group type
Change Access Time Policy
Change Internet Access policy
Change Bandwidth Policy
Change Data transfer policy
Change Login Restriction
Click
Show Group Members button
Refer to View Group members for details
Change Policy button
Access Time Policy list
Internet Access policy list
Bandwidth Policy list
Data transfer policy list
Change Login Restriction button
Table - Need to Update group
Show Group Members
Screen - Show Group Members
Screen Elements
Group name
Total members
User Name
Employee Name
Allotted Time
Expiry Date
Description
Displays Group name
Displays Total Group members/users
User name
Name with which the Employee logs in
Employee name
Total Allotted time to the user
Refer to Access Time policy for details
Expiry date of the policy attached to the User
Refer to Surfing time policy for details
Used Time
Total time used by the User
Close button
Closes the window
Table - Show Group Members screen elements
123
Cyberoam User Guide
Change Login Restriction
Screen - Change Login Restriction
Screen Elements
Description
Login Restriction
Displays the current login restriction
Click to change the current restriction
Save button
Saves if the restriction is changed
Cancel button
Cancels the current operation
Select Node(s) button
Click to select the Node for restriction
Only if the option ‘Allowed login
from selected nodes’ is selected
IP address
Displays IP address
Machine name
Displays Machine name if given
Allowed from
Click to select
Multiple nodes can be selected
Apply Restriction button
Applies the login restriction for the group
members i.e. Group members will be able to
login from the above selected nodes only
Cancel button
Cancels the current operation
Table - Change Login Restriction screen elements
124
Cyberoam User Guide
Delete Group
Prerequisite
• No Group members defined
Select Group Manage Group and view the list of Groups
Screen - Delete Group
Screen Elements
Del
Description
Select Group(s) for deletion
Click Del to select
Select All
More than one Group can also be selected
Selects all the Groups
Click Select All to select all the Groups for
deletion
Delete Group button Delete the selected Group(s)
Table - Delete Group screen elements
125
Cyberoam User Guide
User Management
Search User
Use to search the User
Select User Search User
Screen - Search User
Screen Elements
Search User
Enter Username
Search User button
Description
Specify Search criteria
Searches all types of users based on the entered criteria
Click to search
Table - Search User screen elements
Search criteria
Result
Mark
Details of the user ‘Mark’
A
Details of all the users whose User name or Name contains ‘a’
192.9.203.102 Details of the user ‘192.9.203.102’
8 Details of all the users whose User name or Name contains ‘8’
Table - Search User – Result
126
Cyberoam User Guide
Live User
Use Live users page to
• view list of all the currently logged on Users
• modify user details
• send message to any live user
• disconnect any live user
Select User Manage Live Users
Screen – Manage Live Users
Report Columns
Concurrent Sessions
Current System time
User name
Click to change the display order
Name
Connected from
Click to change the display order
Public IP
Start time
Click to change the display order
Time (HH:mm)
Upload Data transfer
Click to change the display order
Download Data transfer
Click to change the display order
Bandwidth (bits/sec)
Select
Description
Displays currently connected total users (Normal, Clientless,
and Single sign on client Users)
Displays current system time in the format - Day, Month
Date,HH:MM
Displays name with which user has logged in
Click User name link to View/Update user details
Displays User name
Click Name link to view Group and policies details attached
to the User
Displays IP address of the machine from which user has
logged in
Displays Public IP address if User has logged in using public
IP address
Displays login time
Displays total time used in hours and minutes
Displays Data uploaded
Displays Data downloaded
Displays Bandwidth used
Select User for sending message or disconnecting
Send Message button
Disconnect button
More than one User can be selected
Sends message to the selected User(s)
Disconnects the selected User(s)
Table – Manage Live User screen elements
127
Cyberoam User Guide
Manage User
Update User
Manage Normal & Single Sign on Client Users
Select User User Manage Active to view the list of Users and click User name to be modified
OR
Select User User Manage Deactive to view the list of Users and click User name to be
modified
Manage Clientless Users
Select User Clientless Users Manage Clientless Users to view list of Users and click
User name to be modified
Need may arise to change the User setting after the creation of User.
To
Change the personal details or password
of the User
View User Accounts details
Change the User Group
Change Access Time Policy assigned to
the User
Change Internet Access Policy assigned
to the User
Change Bandwidth Policy assigned to the
User
Change Data Transfer policy assigned to
the User
Change Login Restriction of the User
Click
Edit personal details/Change Password
Refer to Change Personal details for more
details
User My Account
Refer to User My Account for more details
Change Group
Refer to Change Group for more details
Access Time policy list
Refer to Change Individual Policy for more
details
Internet Access policy list
Refer to Change Individual Policy for more
details
Bandwidth policy list
Refer to Change Individual Policy for more
details
Data Transfer policy list
Refer to Change Individual Policy for more
details
Change Login restriction button
Refer to Change Login Restriction for more
details
Table - Need to Update User
128
Cyberoam User Guide
Screen - Manage User
Screen Elements
Personal Information
Username
Edit Personal details/Change
Password button
Description
Displays username with which the user logs on
Cannot be modified
Allows to change the User’s personal details and login
password
Click Edit Personal details to change
Name
Birth date
User My Account button
Windows Domain Controller
Only if Authentication is done
by Windows Domain Controller
User type
Refer to Personal details table for more details
Displays User/Employee name
Cannot be modified
Displays Birth date of User
Displays Email ID of User
Click to view/update the my account details
Refer to User My Account
Displays Authentication server address, modify if
required
Displays User type
129
Cyberoam User Guide
Number of simultaneous login(s)
allowed
Policy Information
Group
Change Group button
Cannot be modified
Displays whether simultaneous login is allowed or not,
modify if required
Displays Group in which User is defined
Allows to change Group of the User
Time Allotted to User (HH:mm)
User Policy Expiry Date
Time used (HH:mm)
Opens a new window and allows to select a new Group
Displays total time allotted to User in the format Hours:
Minutes
Cannot be modified
Displays Expiry date
Cannot be modified
Displays total time used by the User in the format
Hours: Minutes
Period time
Period Cycle
Cycle Time used
Access Time Policy
Cannot be modified
Displays allowed total cycle hours
Displays cycle type
Displays cycle time used
Displays currently assigned Access Time policy to the
User, modify if required
To view the details of the policy
Click View details
Internet Access policy
Refer to Change Individual Policy on how to change the
assigned policy
Displays currently assigned Internet Access policy to
the User
To view the details of the policy
Click View details
Bandwidth policy
Refer to Change Individual Policy on how to change the
assigned policy
Displays currently assigned Bandwidth policy to the
User
To view the details of the policy
Click View details
Data Transfer policy
Refer to Change Individual Policy on how to change the
assigned policy
Displays currently assigned Data Transfer policy to the
User
To view the details of the policy
Click View details
Login Restriction
Refer to Change Individual Policy on how to change the
assigned policy
Display currently applied login restriction to the User
130
Cyberoam User Guide
Change login restriction button
Click to change user login restriction applied
Refer to Change User Login restriction for details
Save button
Saves the modified details
Re-apply Current policy button Reapplies all the current policies at the time of renewal
Cancel button
Cancels the current operation
Table - Manage User screen elements
Change Personal details
Screen - Change User Personal details
Screen Elements
Personal Information
Username
Name
New password
Re-enter New password
Birth date
Description
Displays the name with which user has logged in
User name, modify if required
Type the new password
Re-enter new password
Should be same as typed in new password
Displays birth date, modify if required
User My Account
Use Popup Calendar to change
Displays Email ID of the user, modify if required
User type
Displays User type, modify if required
Update button
Updates the changes made
Cancel button
Cancels the current operation and returns to Edit User page
Table - Change User personal details screen elements
User My Account gives details like Personal details and Internet usage of a particular user. User can
change his/her password using this tab.
Administrator and User both can view these details.
1. Administrator can view details of various users from User → User → Manage Active and click
Username whose detail is to be checked. Click User My Account, it opens a new browser window.
131
132
Cyberoam User Guide
Screen - User My Account
2. Normal Users can view their MyAccount details from task bar.
In the task bar, double click the Cyberoam client icon and click My Account. It opens a new window
and prompts for MyAccount login Username and Password.
Screen - User My Account
Opens a new window with following sub modules: Personal, Client, Account status, Logout
Cyberoam User Guide
Personal
Allows viewing and updating password and personal details of the user
Change Password
Select Personal → Change Password
Screen - Change Password
Screen Elements
Change Password
Username
Current Password
New password
Re-enter New password
Description
Displays the name with which user has logged in
Type the current password
Type the new password
Re-enter new password
Update
Should be same as new password
Update the changes made
Table - Change password screen elements
Change Personal details
Select Personal → Personal Detail
Screen - Change Personal details
Screen Elements
Description
Personal Information
Username
Displays the name with which user logs in
Name
Birth Date
Update
Cannot be modified
Displays User name, modify if required
Displays birth date
Use Popup Calendar to change
Displays Email ID of the user
Cannot be modified
Update the changes made
Table - Change Personal details screen elements
133
Cyberoam User Guide
Account status
Allows viewing Internet & Printer usage of the user
Internet Usage
Screen - Internet Usage Status
Screen Elements
Policy Information
Username
Group
Time allotted to User
(HH:mm)
Expiry date
Time used by User
(HH:mm)
Usage Information
Upload Data transfer
Download Data transfer
Total Data transfer
Description
Displays the name with which user has logged in
Displays the name of the User Group
Displays total surfing time allotted to the user in the Surfing
time policy
Displays Expiry date
Displays total time used by the User
Displays allotted, used and remaining upload data transfer
Allotted upload data transfer is configured from Data transfer
policy
Displays allotted, used and remaining download data transfer
Allotted download data transfer is configured from Data
transfer policy
Displays allotted, used and remaining total data transfer
Get Internet Usage
information for month
Submit button
Allotted total data transfer is configured from Data transfer
policy
Select Month
Select Year
Click to view the Internet usage report for the selected period
Table - Internet Usage screen elements
Report displays IP address from where user had logged in, session start and stop time, total used time,
data uploaded and downloaded during the session and total data transferred during the session.
134
Cyberoam User Guide
Change Group
Screen - Change Group
Screen Elements
Policy Information
Change Group button
Description
Opens a new window and displays list of Groups
Select
Done button
Cancel button
Click to change the User group
Click to select
Adds User to the Group
Cancels the current operation
Table - Change Group screen elements
Change Individual Policy
Screen Elements
Policy Information
Access Time policy
Internet Access policy
Bandwidth policy
Data Transfer policy
Save
Description
Specify Access Time policy. It overrides the assigned Group
Access time policy.
Click Access policy list to select
Specify Internet Access policy. It overrides the assigned Group
Internet Access policy.
Click Internet Access policy list to select
Specify Bandwidth policy. It overrides the assigned Group
Bandwidth policy
Click Bandwidth policy list to select
Specify Data Transfer policy. It overrides the assigned Group
Data Transfer policy
Click Data Transfer policy list to select
Saves the changes
Table - Change Individual policy
135
Cyberoam User Guide
Change User Login Restriction
Screen - Change User Login Restriction
Screen Elements
Description
Login restriction
Change login restriction
button
Allowed login from all the
nodes
Allowed login from Group
node(s)
Allowed login from selected
node(s)
Save button
Cancel button
Click to change the login restriction
Allows user to login from all the nodes of the Network
Allows Users to login only from the nodes assigned to the
group
Allows user to login from the selected nodes only
To select node
Click Select node
Select a Logon Pool from the Logon Pool name list
Click Select to select the IP addresses to be added to the policy
Click Select All to select all IP addresses
Click OK to assign policy to the selected IP Addresses
Click Close to cancel the operation
Saves the above selection
Cancel the current operation
Table - Change User Login Restriction screen elements
136
Cyberoam User Guide
Delete User
User can be deleted from Active list as well as from Deactive list
To delete active user, click User → User → Manage Active
Screen - Delete Active User
To delete de-active user, click User → User → Manage Deactive
Screen - Delete Deactive User
To delete Clientless user, click User → Clientless User → Manage Clientless User
Screen - Delete Clientless User
Screen Elements
Select
Description
Select User to be deleted
Click Select to select
Select All
Delete button
More than one user can also be selected
Selects all the users for deletion
Click Select All to select all
Deletes all the selected User(s)
Table - Delete User screen elements
137
Cyberoam User Guide
Deactivate User
User is de-activated automatically in case he has overused one of the resources defined by policies
assigned. In case, need arises to de-activate user manually, select User → User → Manage Active
Screen - Deactivate User
Screen Elements
Select
Description
Select User to be deactivated
Click Select to select
More than one user can be selected
Select All
Select all the users
Deactivate button Deactivates all the selected User(s)
Table - Deactivate User screen elements
View the list of deactivated users by User → User → Manage Deactive
138
Cyberoam User Guide
Activate User
To activate normal and Single sign on Client user, click User → User → Manage Deactive
To activate Clientless user, click User → Clientless Users → Manage Clientless Users
Screen - Activate Normal User
Screen - Activate Clientless User
Screen Elements
Select
Description
Select User to be activated
Click Activate to select
Select All
Activate button
More than one user can be selected
Selects all the users
Click Select All to select
Activates all the selected User(s)
Table - Activate User screen elements
139
140
Cyberoam User Guide
Logon Pool Management
Search Node
Use Search Node Tab to search the Node/IP address based on: IP address OR MAC address
Select Group Logon Pool Search Node
Screen - Search Node
Example Search criteria
Result
‘1’ list of nodes whose address contains ‘1’
‘192’ list of nodes whose address contains ‘192’
‘192.9.203.203 ‘ node whose address is ‘192.9.203.203’
‘b’
list of nodes whose address contains ‘B’
‘4C’
list of nodes whose address contains ‘4C’
‘B7’
list of nodes whose address contains ‘B7’
Table - Search Node results
Cyberoam User Guide
Update Logon Pool
Select Group Logon Pool Manage Logon Pool and click Logon Pool name to be modified
Screen - Update Logon Pool
Screen Elements
Logon Pool Details
Logon Pool name
Is Logon Pool Public
Bandwidth policy
Description
Show Nodes link
Description
Displays Logon Pool name, modify if required
Displays whether Logon Pool is of public IP addresses or not
Displays bandwidth policy attached, modify if required
Click View details link to view bandwidth restriction details and
policy members
Displays description of the Logon Pool, modify if required
Displays IP addresses defined under the Logon Pool. Allows to
Add or Delete node
Click Show nodes
Click Add Node
Refer to Add node for more details
Update button
Cancel button
Click Delete Node
Refer to Delete node for more details
Updates and saves the details
Cancels the current
Table - Update Logon Pool screen elements
141
Cyberoam User Guide
Add Node
Screen - Add Node
Screen Elements
Machine details
IP address
Range link
Machine name
Create button
Cancel button
Description
IP address of the Node to be added to the Logon Pool
Click to add range of IP Address
From – To - IP addresses to be included in the Logon
Pool
Specify machine name
Adds the nodes to the Logon Pool
Cancels the current operation
Table - Add Node screen elements
142
Cyberoam User Guide
Delete Node
Prerequisite
• Not assigned to any User
Screen - Delete Node
Screen Elements
Select
Description
Select the IP address of the node for deletion
Click Select to select
Select All
More than one node can also be selected
Selects all the nodes for deletion
Click Select All to select all the nodes
Delete button Deletes the selected Node(s)
Table - Delete Node screen elements
143
Cyberoam User Guide
Delete Logon Pool
Prerequisite
• IP address from Group not assigned to any User
Select Group Logon Pool Manage Logon Pool
Screen - Delete Logon Pool
Screen Elements
Del
Description
Select the Logon Pool(s) for deletion
Click Del to select
Select All
More than one Logon Pool can also be selected
Select all the Logon Pools for deletion
Delete Logon Pool
button
Click Select All to select all the Logon Pools for
deletion
Delete the selected Logon Pool(s)
Table - Delete Logon Pool screen elements
144
145
Cyberoam User Guide
System Management
Configure Network
Network setting consists of Interface Configuration, DHCP Configuration and DNS Configuration.
Configure DNS
A Domain Name Server translates domain names to IP addresses. You can configure domain name
server for your network as follows.
At the time of installation, you configured the IP address of a single primary DNS server. You can change
this primary DNS server any time and also define additional DNS servers.
Select System Configure Network Configure DNS
Screen – Configure DNS
146
Cyberoam User Guide
Screen Elements
DNS List
Description
Displays list of Domain name servers
Add button
List order indicates preference of DNS. If more than one
Domain name server exists, query will be resolved
according to the order specified.
Allows to add IP address of Domain Name Server
Multiple DNS server can be defined
Click Add
Remove button
Move Up button
Type IP address
Click OK
Allows to remove IP address of Domain Name Server
Click IP address to select
Click Remove
Changes the order of server when more than one DNS
server defined
Moves the selected Server one step up
Move Down button
Click IP address which is to be moved up
Click MoveUp
Changes the order of server when more than one DNS
server is defined
Moves the selected Server one step down
Save button
Click IP address which is to be moved down
Click Move Down
Updates the DNS details and order, if modified
Click Save
Redirect DNS traffic to local DNS Server
DNS traffic Redirects all the DNS traffic to Cyberoam
redirection
Click Enable to redirect
Table - Configure DNS
To add multiple DNS repeat the above-described procedure. Use Move Up & Move Down buttons to
change the order of DNS. If more than one Domain name server exists, query will be resolved according
to the order specified.
Cyberoam User Guide
Configure DHCP
Dynamic Host Configuration Protocol (DHCP) is a protocol that assigns a unique IP address to a device,
releases and renews the address as device leaves and re-joins the network. The device can have
different IP address every time it connects to the network.
In other words, it provides a mechanism for allocating IP address dynamically so that addresses can be
re-used.
Select System → Configure Network → Configure DHCP
Screen - Configure DHCP
Screen Elements
DHCP Details
Network Interface
Interface IP
Netmask
IP address
From – To
Domain name
Subnet Mask
Gateway
Domain name server
Update DHCP button
Description
Displays Network Interface i.e. Internal or External
Displays IP address assigned to Interface
Displays Netmask
Displays IP address range for clients, modify if required
The DHCP server assigns an available IP address in the range to the
client upon request
Displays domain name for the specified subnet, modify if required
Displays subnet mask for the client/network, modify if required
Displays IP address of Gateway, modify if required
Displays IP address of Domain name server, modify if required
Updates the modified details
Table - Configure DHCP screen elements
147
Cyberoam User Guide
View Interface details
Use to view the Interface configuration
Select System Configure Network View Interface details
Screen – Cyberoam as Gateway - View Interface details
Screen Elements
Network
Zone/Zone Type
Description
Displays port wise configuration details
Displays IP address and Net mask
Displays port to zone relationship i.e. port is binded to
which zone
LAN – Depending on the appliance in use and on your
network design, you can group one to six ports in this
zone.
By default the traffic to and from this zone is blocked
and hence the highest secured zone.
DMZ (DeMilitarized Zone) - This zone is normally used
for publicly accessible servers. Depending on the
appliance in use and on your network design, you can
group one to five ports in this zone.
WAN - Depending on the appliance in use and on your
network design, you can group one to six ports in this
zone.
If PPPoE is configured, WAN port will be displayed as
the PPPoE Interface.
Table – View Interface details screen elements
148
Cyberoam User Guide
Configuring Dynamic DNS service
Dynamic DNS (Domain Name Service) is a method of keeping a static domain/host name linked to a
dynamically assigned IP address allowing your server to be more easily accessible from various locations
on the Internet.
Powered by Dynamic Domain Name System (DDNS), you can now access your Cyberoam server by the
domain name, not the dynamic IP address. DDNS will tie a domain name (e.g. mycyberoam.com, or
elitecore.cyberoam.com) to your dynamic IP address.
Register hostname with DDNS service provider
Select System Dynamic DNS Configuration Create Account to open configuration
page
Screen – Register Hostname with DDNS
Screen Elements
Description
Host Name Detail
Hostname
Description
Service Provider’s details
Service name
Login Name and
Password
IP detail
Specify hostname you want to use on DDNS server i.e. domain
name that you registered with your DDNS service provider
Specify description
Specify description
Select Service provider with whom you have registered your
hostname.
Specify your DDNS account’s login name and password
149
150
Cyberoam User Guide
IP address
IP Update
Checking Interval
Create button
Select WAN Interface if Cyberoam WAN interface is assigned
Public IP address. IP address of the selected interface will be
binded with the specified host name.
Select NATed Public IP if Cyberoam WAN interface is assigned
private IP address and is behind NAT box.
Enter the time interval after which DDNS server should check
and update the IP address of your server if changed.
For example if time interval is set to 10 minutes, after every 10
minutes, DDNS server will check for any changes in your server
IP address
Click Create to save the configuration
Table – Register hostname with DDNS
Testing your Dynamic DNS configuration
You can test your Dynamic DNS by:
• Access your Cyberoam server using the host name you have registered with DDNS service
provider - If you are able to access Cyberoam then your configuration is correct and DDNS is
working properly.
• Ping your host - If you get the IP address of your external interface then your configuration is
correct and DDNS is working properly.
Manage Account
Check the IP address updation status from the Manage Account page. It also displays the reason incase
updation was not successful.
Select System Dynamic DNS Configuration Manage Account to open configuration
page and click the hostname to be
151
Cyberoam User Guide
PPPoE
PPPoE Client is a network protocol that uses Point to Point Protocol over Ethernet to connect with a
remote site using various Remote Access Service products. This protocol is typically founding broadband
network of service provider. The ISP may then allow you to obtain an IP address automatically or give
you a specific IP address.
PPPoE Access Concentrator is a router that acts as a server in a Point-to-Point Protocol over Ethernet
(PPPoE) session and is used to:
• For Ethernet LANs, to assign IP addresses to workstations, e.g. Multi-apartment buildings, Offices,
to provide user authentication and accounting
• Schools and universities, computer classes
• Connections to Wireless ISPs
• Connections to xDSL providers
Access Concentrators (AC) also known as PPPoE Termination units, answer the PPPoE request coming
from a client site PPPoE application for PPP negotiation and authentication.
When using Cyberoam as a PPPoE client, computers on LAN are transparent to WAN side PPPoE link.
This alleviates Administrator from having to manage the PPPoE clients on the individual computers.
To configure PPPoE Interface
Before configuring the Interface for PPPoE:
1. Run Wizard from Web Admin Console
2. In the Network Configuration, for the WAN port:
Enable option ‘Obtain an IP from PPPoE’
Under PPPoE Details, specify PPPoE username and password
3. Click Finish to exit from Wizard
4. To confirm log on to Web Admin Console, go to System Configure Network View
Interface Details. PPPoE Interface will be defined under WAN zone.
Note:
• A new dynamic IP address will be leased to the PPPoE Interface, each time a new PPP session is
establish with Access Concentrator
• IP address in Firewall rules will automatically change when the new IP address is leased
• If multiple gateways are defined then IP address in the failover condition will automatically change
when the new IP address is leased
• As IP address to PPPoE interface is assigned dynamically:
a) Network Configuration from Telnet Console will not display the PPPoE interface configuration
b) You will not be able to change the IP address of the PPPoE interface from Telnet Console using
Network Configuration
Select System Configure Network View Interface Details and click PPPoE Interface
152
Cyberoam User Guide
Screen – PPPoE configuration
Screen Elements
Description
PPPoE Configuration
Interface
Displays the Port which configured as PPPoE Interface from
Wizard
User and Specify username and password. Username and password
Password
should be same as specified in the Network Configuration using
Wizard
Access
Concentrator
Name
Service name
Specify Access Concentrator name (PPPoE server).
Cyberoam will initiate sessions with the specified Access
Concentrator only. In most of the cases, you can leave this field
blank. Use it only if you know that there are multiple Access
Concentrators.
Specify Service Name.
Cyberoam will initiate only those sessions with Access
Concentrator, which can provide the specified service. In most of
the cases, you can leave this field blank. Use it only if you need
a specific service.
LCP Interval Specify LCP interval in seconds. Default is 20 seconds. Every 20
seconds LCP echo request is send to check whether the link is
alive or not.
LCP Failure Specify Failure. Default is 3 attempts. Cyberoam will wait for the
LCP echo request response for the LCP interval defined after
every attempt. Cyberoam declares PPPoE link as closed if it
does not receive response after defined attempts.
Update button Click Update to save the configuration
Table – PPPoE configuration screen elements
153
Cyberoam User Guide
Establish PPPoE session
1. Select System Configure Network View Interface Details and click PPPoE
Interface through which you want to establish connection
2. Click Reconnect. It establishes 128bit tunnel with Access Concentrator. Cyberoam will
automatically detect the presence of PPPoE server on the WAN interface.
Remove PPPoE Interface configuration
1. Run Wizard from Web Admin Console
2. In the Network Configuration, for the WAN port:
3. Enable option ‘Use Static IP’
4. Click Finish to exit from Wizard
5. To confirm log on to Web Admin Console, go to System Configure Network View
Interface Details and check under WAN zone
154
Cyberoam User Guide
Manage Gateway
Gateway routes traffic between the networks and if gateway fails, communication with outside Network is
not possible. In this case, organization and its customers are left with the significant downtime and
financial loss.
By default, Cyberoam supports only one gateway. However, since organizations opt for multiple
gateways to cope with gateway failure problems, Cyberoam also provides an option for supporting
multiple gateways. However, simply adding one more gateway is not an end to the problem. Optimal
utilization of all the gateways is also necessary.
Cyberoam not only supports multiple gateways but also provides a way to utilize total bandwidth of all the
gateways optimally.
At the time of installation, you configured the IP address for a default gateway. You can change this
configuration any time and configure for additional gateways.
Refer to Multi link Configuration Guide for source based static routing. Policy based routing can be done
from firewall rule.
To view the Gateway details, select System Gateway Manage Gateway(s)
Screen – Gateway Configuration
Screen Elements
Gateway Details
Gateway Name
Gateway IP
address and port
Save button
Cancel button
Description
Displays Gateway name
Displays IP address and port of the Gateway configured
IP address of a device Cyberoam uses to reach devices on different
Network, typically a router
Saves the modified details
Click to save
Cancels the current operation and returns to Manage Gateway page
Click to cancel
Table - Gateway Configuration screen elements
155
Cyberoam User Guide
DoS Settings
Cyberoam provides several security options that cannot be defined by the firewall rules. This includes
protection from several kinds of “Denial of Service attacks”. These attacks disable computers and
circumvent security.
Denial of Service (DoS) attack is a method hackers use to prevent or deny legitimate users access to a
service.
DoS attacks are typically executed by sending many request packets to a targeted server (usually Web,
FTP, or Mail server), which floods the server's resources, making the system unusable. Their goal is not
to steal the information but disable or deprive a device or network so that users no longer have access to
the network services/resources.
All servers can handle traffic volume up to a maximum, beyond which they become disabled. Hence,
attackers send a very high volume of redundant traffic to a system so it cannot examine and allow
permitted network traffic. Best way to protect against the DoS attack is to identify and block such
redundant traffic.
SYN Flood In this attack, huge amount of connections are send so that the backlog queue overflows.
The connection is created when the victim host receives a connection request and allocates for it some
memory resources. A SYN flood attack creates so many half-open connections that the system becomes
overwhelmed and cannot handle incoming requests any more.
Click Apply Flag to apply the SYN flood definition and control the allowed number of packets.
To generate log, enable DoS Attack logging from Network Logging Management (Telnet Console). By
default, the DoS attack logging is Off.
To enable logging:
1. Log on to Telnet Console
1. Go to Cyberoam Management>Logging Management>Network Logging Management
2. Enable/On DoS Attack Logging
Refer to Cyberoam Console Guide, Logging Management for more details.
User Datagram Protocol (UDP) Flood This attack links two systems. It hooks up one system's UDP
character-generating service, with another system's UDP echo service. Once the link is made, the two
systems are tied up exchanging a flood of meaningless data.
Click Apply Flag to apply the UDP flood definition and control the allowed number of packets.
To generate log, enable DoS Attack logging from Network Logging Management (Telnet Console). By
default, the DoS attack logging is Off.
To enable logging:
1. Log on to Telnet Console
2. Go to Cyberoam Management>Logging Management>Network Logging Management
3. Enable/On DoS Attack Logging
Refer to Cyberoam Console Guide, Logging Management for more details.
TCP attack This attack sends huge amount of TCP packet than the host/victim computer can handle.
156
Click Apply Flag to apply the TCP flood definition and control the allowed number of packets.
Cyberoam User Guide
To generate log, enable DoS Attack logging from Network Logging Management (Telnet Console). By
default, the DoS attack logging is Off.
To enable logging:
1. Log on to Telnet Console
2. Go to Cyberoam Management>Logging Management>Network Logging Management
3. Enable/On DoS Attack Logging
Refer to Cyberoam Console Guide, Logging Management for more details.
ICMP attack This attack sends huge amount of packet/traffic than the protocol implementation can
handle to the host/victim computer.
Click Apply Flag to apply the ICMP flood definition and control the allowed number of packets.
To generate log, enable DoS Attack logging from Network Logging Management (Telnet Console). By
default, the DoS attack logging is Off.
To enable logging:
1. Log on to Telnet Console
2. Go to Cyberoam Management>Logging Management>Network Logging Management
3. Enable/On DoS Attack Logging
Refer to Cyberoam Console Guide, Logging Management for more details.
Drop Source Routed Packet This will block any source routed connections or any packets with internal
address from entering your network.
Click Apply Flag to enable blocking.
To generate log, enable Dropped Source Routed Packet Logging from Network Logging Management
(Telnet Console). By default, the DoS attack logging is Off.
To enable logging:
1. Log on to Telnet Console
2. Go to Cyberoam Management>Logging Management>Network Logging Management
3. Enable/On DoS Attack Logging
Refer to Cyberoam Console Guide, Logging Management for more details.
Disable ICMP redirect packet An ICMP redirect packet is used by routers to inform the hosts what the
correct route should be. If an attacker is able to forge ICMP redirect packets, he or she can alter the
routing tables on the host and possibly weaken the security of the host by causing traffic to flow via
another path.
Set the flag to disable the ICMP redirection.
To generate log, enable Dropped ICMP Redirected Packet Logging from Network Logging Management
(Telnet Console). By default, the DoS attack logging is Off.
To enable logging:
157
1. Log on to Telnet Console
2. Go to Cyberoam Management>Logging Management>Network Logging Management
3. Enable/On DoS Attack Logging
Cyberoam User Guide
Refer to Cyberoam Console Guide, Logging Management for more details.
ARP Flooding This attack sends ARP requests to the server at a very high. Because of this server is
overloaded with requests and will not be able to respond to the valid requests. Cyberoam protects by
dropping such invalid ARP requests.
Threshold values
Cyberoam uses threshold value to detect DoS attack.
Threshold value depends on various factors like:
• Network bandwidth
• Nature of traffic
• Capacity of servers in the network
Threshold = Total number of connections/packet rate allowed to a particular user at a given time
When threshold value exceeds, Cyberoam detects it as an attack and the traffic from the said
source/destination is blocked till the lockdown period.
Threshold is applicable to the individual source/destination i.e. requests per user/IP address and
not globally to the complete network traffic. For example, if source threshold is 2500
packets/minute and the network is of 100 users then each source is allowed packet rate of 2500
packets/minute.
You can define different threshold values for source and destination.
Configuring high values will degrade the performance and too low values will block the regular requests.
Hence, it is very important to configure appropriate values for both source and destination IP address.
Source threshold
Source threshold is the total number of connections/packet rate allowed to a particular user at a given
time.
Destination threshold
Destination threshold is the total number of connections/packet rate allowed from a particular user at a
given time.
How it works
When threshold is crossed, Cyberoam detects it as an attack. Cyberoam provides DoS attack protection
by dropping all the excess packets from the particular source/destination. Cyberoam will continue to drop
the packets till the attack subsides. Because Cyberoam applies threshold value per IP address, traffic
from the particular source/destination will only be dropped while the rest of the network traffic will not be
dropped at all i.e. traffic from the remaining IP addresses will not be affected at all.
Time taken to re-allow traffic from the blocked source/destination = time taken to subside the attack + 30
seconds
158
Cyberoam User Guide
Configure DoS Settings
Select Firewall → DoS Setting
Screen – DoS Settings
Screen Elements
Attack type
Source Packets Rate
(packets/minute)
Apply flag
Source Packets
dropped
Destination Packets
Rate (packets/minute)
Description
Type of Attack
Click to view the real time updates on flooding. It displays the source IP
address - which was used for flooding and IP address which was
targeted.
Allowed Packets per minute (Packet rate)
If the packet rate exceeds, it is considered as an attack and the rest of
the packets are dropped.
The specified packet rate is applicable to individual IP address i.e.
requests per user and not globally to the complete traffic.
Set flag to control allowed number of packets
Displays number of packets dropped from the said source
Allowed Packets per minute (Packet rate)
When the packet rate exceeds, all the excess packets are dropped for
the next 30 seconds. You can call this the lockdown period which
means the traffic from the destination IP address will be blocked for
next 30 seconds. Because Cyberoam applies threshold value per IP
address, the traffic from rest of the IP addresses is not blocked.
Apply flag
Destination
dropped
Update button
Packets
The specified packet rate is applicable to individual IP address i.e.
requests per user and not globally to the complete traffic.
Set flag to control allowed number of packets
Displays number of packets dropped at destination
Updates Packet rate
Updated details will be applied only after restarting the Management
services from Console
Table – DoS Settings screen elements
159
Cyberoam User Guide
Bypass DoS Settings
Cyberoam allows bypassing the DoS rule in case you are sure that the specified source/destination will
never be used for flooding or want to ignore if flooding occurs from the specified source.
Create DoS bypass rule
Select Firewall → Bypass DoS
Screen – Create DoS bypass rule
Screen Elements
Description
Source and Destination Information
Source Domain Source Domain name, IP address or Network on which the DoS rule is not
name/IP Address to be applied
Source Port
Specify source information
Specify * if you want to bypass the complete network
Specify source port address.
Specify * if you want to bypass all the ports
Destination
Domain name/IP
Address
Destination Port
DoS will not be applied on all the requests from the specified source IP
address and port
Destination Domain name or IP address on which the DoS rule is not to be
applied
Specify destination information
Specify * if you want to bypass the complete network
Specify destination port address.
Cyberoam User Guide
Specify * if you want to bypass all the ports
Network Protocol
Create button
DoS will not be applied on all the requests from the specified destination IP
address and port
Select protocol whose traffic is to be bypassed for specified source to
destination.
For example,
If you select TCP protocol then DoS rules will not be applied on the TCP
traffic from the specified source to destination.
Creates the bypass rule
Table – Create DoS bypass rule screen elements
Delete DoS bypass rule
Select Firewall → Bypass DoS
Screen – Delete DoS bypass rule
Screen Elements
Select
Description
Select rule for deletion
Click Del to select
Select All
Delete button
More than one rule can also be selected
Select all rules
Click Select All to select all rules
Deletes all the selected rules
Click to delete
Table – Delete DoS bypass rule screen elements
160
Cyberoam User Guide
Reset Console Password
You can change Telnet Console password from Web based Console or Telnet Console itself. To change
password from Telnet Console, refer to Cyberoam Console guide.
Select System → Reset Console Password
Screen - Reset Console Password
Screen Elements
Description
Reset Console Password
GUI Admin Password Specify current GUI Admin password i.e. the
password with which Administrator has logged on
to Web Admin Console
New password
Specify new console password
Confirm New password Type again the same password as entered in the
New password field
Submit button
Saves new password
Click Submit
Table - Reset Console Password screen elements
161
162
Cyberoam User Guide
System Module Configuration
Enable/disable services to enhance the network performance and reduce the potential security risk. Do
not enable any local services that are not in use. Any enabled services could present a potential security
risk. A hacker might find a way to misuse the enabled services to access your network.
By default, all the services are enabled.
Cyberoam allows enabling/disabling of following services and VPN and Traffic Discovery modules:
TFTP - Trivial File Transfer Protocol (TFTP) is a simple form of the File Transfer Protocol (FTP). TFTP
uses the User Datagram Protocol (UDP) and provides no security features.
PPTP - PPTP (Point to Point Tunneling Protocol) is a network protocol that enables secure transfer of
data from a remote client to a private server, creating a VPN tunnel using a TCP/IP based network
IRC - IRC (Internet Relay Chat) is a multi-user, multi-channel chatting system based on a client-server
model. Single Server links with many other servers to make up an IRC network, which transport
messages from one user (client) to another. In this manner, people from all over the world can talk to
each other live and simultaneously. DoS attacks are very common as it is an open network and with no
control on file sharing, performance is affected.
H323 - The H.323 standard provides a foundation for audio, video, and data communications across IPbased
networks, including the Internet. H.323 is an umbrella recommendation from the International
Telecommunications Union (ITU) that sets standards for multimedia communications over Local Area
Networks (LANs) that do not provide a guaranteed Quality of Service (QoS). It enables users to
participate in the same conference even though they are using different videoconferencing applications.
P2P Traffic Modules - Identifies peer-to-peer (P2P) data in IP traffic. It works together with connection
tracking and connection marking which helps in identifying the bigger part of all P2P packets and limit the
bandwidth rate.
Select Firewall → System Modules and enable or disable the required service and modules.
Screen – System Modules Configuration
163
Cyberoam User Guide
SNMP
Simple Network Management Protocol (SNMP) is used as the transport protocol for network
management. Network management consists of network management station/manager communicating
with network elements such as hosts, routers, servers, or printers. The agent is the software on the
network element (host, router, printer) that runs the network management software. In other words, agent
is the network element. The agent will store information in a management information base (MIB).
Management software will poll the various network elements/agents and get the information stored in
them. The manager uses UDP port 161 to send requests to the agent and the agent uses UDP port 162
to send replies or messages to the manager. The manager can ask for data from the agent or set
variable values in the agent. Agents can reply and report events.
Cyberoam supports SNMPv1, SNMPv2c and SNMPv3.
If SNMP agent is installed, SNMP will collect information in two ways:
• The SNMP management station/Manager will poll the network devices/agents
• Network devices/agents will send trap/alert to SNMP management station/Manager.
SNMP terms
• Trap - Alert that management station receive from the agents.
• Agent - A program at devices that can be set to watch for some event and send a trap message to
a management station if the event occurs
• SNMP community - Group of SNMP management stations. The community name identifies the
group. A SNMP agent may belong to more than one SNMP community. It will not respond to the
requests from management stations that do not belong to one of its communities.
164
Cyberoam User Guide
Cyberoam SNMP Implementation
Cyberoam has implemented SNMP in the following ways:
• Cyberoam will act as an SNMP Agent
• Cyberoam SNMP agent is to be configured to report system information and send traps (alarms or
event messages) to SNMP managers. SNMP manager can access SNMP traps and data from the
configured port only.
• The Cyberoam SNMP implementation is read-only. SNMP v1, v2c and v3 compliant SNMP
managers have read-only access to Cyberoam system information and can receive Cyberoam
traps.
• To monitor Cyberoam system information and receive Cyberoam traps, Cyberoam proprietary MIB
is to be compiled into SNMP manager.
• SNMP managers are grouped in SNMP Communities. Cyberoam can support maximum ____
members in each community.
• Each community has read-only permission for the MIB data.
• Each Community can support SNMPv1, SNMPv2c or both. You must specify a trap version for
each community member.
• Cyberoam sends traps to all the communities.
Cyberoam User Guide
Cyberoam MIB
The Cyberoam SNMP implementation is read-only. SNMP v1, v2c and v3 compliant SNMP managers
have read-only access to Cyberoam system information and can receive Cyberoam traps. To monitor
Cyberoam system information and receive Cyberoam traps you must compile Cyberoam proprietary
MIBs into your SNMP manager.
SNMP allows network administrators to monitor the status of the Cyberoam appliance and receive
notification of critical events as they occur on the network. The Cyberoam appliance supports SNMPv1,
SNMPv2c, and SNMPv3 and custom Management Information Base (MIB). The Cyberoam appliance
replies to SNMP Get commands for MIB via configured interface and supports a custom Cyberoam MIB
for generating trap messages. The custom Cyberoam MIB is available for download from the Cyberoam
Web site and can be loaded into any third-party SNMP management software.
The Cyberoam MIB contains fields that report current Cyberoam Appliance status information. The tables
below list the names of the MIB fields and describe the status information available for each one. You
can view more details about the information available from all Cyberoam MIB fields by compiling the
cyberoam.mib file into your SNMP manager and browsing the Cyberoam MIB fields.
Cyberoam supports following read-only MIB objects/fields:
Cyberoam Appliance MIB fields
MIB field
(sysInstall)
applianceKey
applianceModel
cyberoamVersion
wabcatVersion
avVersion
asVersion
idpVersion
Description
Appliance key number of the Cyberoam Appliance in use
Appliance model number of the Cyberoam Appliance in
use
The Cyberoam version currently running on the
Cyberoam Appliance.
The Webcat version installed on the Cyberoam
Appliance
The antivirus definition version installed on the
Cyberoam Appliance
The antispam definition version installed on the
Cyberoam Appliance
The IDP signature definition version installed on the
Cyberoam Appliance
System MIB fields
MIB field
Description
(sysStatus)
cyberoamOpMode The Cyberoam appliance operation mode -
Transparent or Bridge
systemDate
Current date
cpuPercentageUsage
diskCapacity
diskUsage
memoryCapacity
memoryPercentageUsage
The current CPU usage (as a percent)
The hard disk capacity (MB)
The current hard disk usage (MB)
The memory capacity (MB)
The current memory utilization (as a percent)
165
Cyberoam User Guide
swapCapacity
swapPercentageUsage
haMode
liveUsers
httpHits
ftpHits
pop3Hits
(mailHits)
imapHits
(mailHits)
smtpHits
(mailHits)
pop3Service
(serviceStats)
imapService
(serviceStats)
smtpService
(serviceStats)
ftpService
(serviceStats)
httpService
(serviceStats)
avService
(serviceStats)
asService
(serviceStats)
dnsService
(serviceStats)
haService
(serviceStats)
IDPService
(serviceStats)
analyzerService
(serviceStats)
snmpService
(serviceStats)
The swap capacity (MB)
The current swap utilization (as a percent).
The current Cyberaom High-Availability (HA)
mode (standalone, A-P)
The current live connected users i.e. logged on
users in Cyberoam
Total HTTP hits
Total TTP hits
Total POP3 hits
Total IMAP hits
Total SMTP hits
The current status of POP3 service
The current status of IMAP service
The current status of SMTP service
The current status of FTP service
The current status of HTTP service
The current status of AntiVirus service
The current status of AntiSpam service
The current status of DNS
The current status of HA
The current status of IDP service
The current status of Analyzer
The current status of SNMP
License MIB fields
MIB field
(sysLicesne)
appRegStatus
(liAppliance)
appExpiryDate
(liAppliance)
supportSubStatus
(lisupport)
supportExpiryDate
(lisupport)
avSubStatus
(liAntiVirus)
supportExpiryDate
Description
Current Registration status of Cyberoam
Appliance
Expiry date of the Cyberoam Appliance, if
Appliance is the Demo Appliance
Current subscription status for Cyberoam Support
Subscription Expiry date for Cyberoam Support, if
subscribed
Current subscription status for AntiVirus module
Subscription Expiry date for AntiVirus module, if
166
Cyberoam User Guide
(liAntiVirus)
asSubStatus
(liAntiSpam)
supportExpiryDate
(liAntiSpam)
asSubStatus
(liIdp)
supportExpiryDate
(liIdp)
asSubStatus
(liWebcat)
supportExpiryDate
(liWebcat)
subscribed
Current subscription status for AntiSpam module
Subscription Expiry date for AntiSpam module, if
subscribed
Current subscription status for IDP module
Subscription Expiry date for IDP module, if
subscribed
Current subscription status for Web and
Application Filter module
Subscription Expiry date for Web and Application
Filter module, if subscribed
Alert MIB field
MIB field
(sysAlerts)
Description
highCpuUsage High CPU usage i.e. CPU usage exceed 90%
highDiskUsage High Disk usage i.e. Disk usage exceed 90%
highMemUsage
httpVirus
(avAlerts)
smtpVirus
(avAlerts)
pop3Virus
(avAlerts)
imap4Virus
(avAlerts)
ftpVirus
(avAlerts)
linkToggle
(dgdAlerts)
idpAlert1
(idpAlerts)
synFlood
(dosAlerts)
tcpFlood
(dosAlerts)
udpFlood
(dosAlerts)
icmpFlood
(dosAlerts)
High Memory usage i.e. memory usage exceed
90%
HTTP virus detected by Cyberoam
SMTP virus detected by Cyberoam
POP3 virus detected by Cyberoam
IMAP virus detected by Cyberoam
FTP virus detected by Cyberoam
Change of link status (up or down)
IDP alert
DoS attack – SYN flood detected by Cyberoam
DoS attack – TCP flood detected by Cyberoam
DoS attack – UDP flood detected by Cyberoam
DoS attack – ICMP flood detected by Cyberoam
167
168
Cyberoam User Guide
Cyberoam Traps
All the SNMP communities added in Cyberoam will receive traps. All traps include the trap message as
well as the Cyberoam unit serial number or Cyberoam WAN IP address.
To receive traps, SNMP Manager must load and compile the Cyberoam MIB.
If SNMP manager has already included standard and private MIBs in a compiled database that is in use
then you must add the Cyberoam proprietary MIB to this database.
Cyberoam generates the following traps, when the specified events or conditions occur:
Trap Message
Description
High Disk Usage Disk usage exceed 90%
169
Cyberoam User Guide
Manage SNMP
You can manage the Cyberoam appliance using SNMP.
SNMP allows network administrators to monitor the status of the Cyberoam appliance and receive
notification of critical events as they occur on the network. The Cyberoam appliance supports SNMPv1,
SNMPv2c and SNMPv3 and custom Management Information Base (MIB). The Cyberoam appliance
replies to SNMP Get commands for MIB via configured interface and supports a custom Cyberoam MIB
for generating trap messages. The custom Cyberoam MIB is available for download from the Cyberoam
Web site and can be loaded into any third-party SNMP management software.
The Cyberoam SNMP implementation is read-only. SNMP v1,v2c and V3 compliant SNMP managers
have read-only access to Cyberoam system information and can receive Cyberoam traps.
By default SNMP server is disabled.
To start the SNMP server, go to System SNMP Manage SNMP
To restart SNMP server automatically on Cyberoam re-start, enable Autostart from System SNMP
Manage SNMP
Screen – Manage SNMP
After enabling SNMP:
1. Configure Agent
2. Create SNMP Community if SNMP manager supports protocols v1 and v2c OR Create V3 user if
SNMP manager supports protocol v3
Cyberoam User Guide
Configure SNMP Agent
Select System SNMP Agent Configuration
Screen – SNMP Agent Configuration
Screen Elements
Agent Configuration
System Name
System Location
System Contact
Agent Port
Description
Specify name to identify the Agent
Specify physical location of the Cyberoam
Appliance
Specify the contact information for the person
responsible for the above specified Cyberoam
appliance
Specify port to be used by Cyberoam to send
traps
Default Port: 161
Manager Port
Specify port that the Remote SNMP Management
station/Manager can use to connect to the
Cyberoam appliance
System Description Specify description
Update button
Click to save the details
Table – SNMP Agent Configuration screen elements
170
Cyberoam User Guide
Create SNMP Community
Select System SNMP Create Community
Screen – Create SNMP Community
Screen Elements
Description
Manager Configuration
Community Name Specify name to identify the Community
IP Address (Source) Specify IP address of the SNMP Manager that
can use the settings in the SNMP community to
monitor Cyberoam
Protocol Version Enable the required SNMP protocol version
support. SNMP v1 and v2c compliant SNMP
managers have read-only access to Cyberoam
system information and can receive Cyberoam
traps
Trap Support
Enable the required version for trap support.
Traps will be sent to the SNMP Managers who
support the specified versions only
Description
Specify description
Create button
Click to save the details
Table – Create SNMP Community screen elements
Manage SNMP Community
Select System SNMP Manage Community and click the Community to updated
171
Cyberoam User Guide
Screen – Manage SNMP Community
Screen Elements
Description
Manager Configuration
Community Name Displays Community name, modify if required
IP Address (Source) Displays IP address of the SNMP Manager that
can use the settings in the SNMP community to
monitor Cyberoam, modify if required
Protocol Version Enable the required SNMP protocol version
support. SNMP v1 and v2c compliant SNMP
managers have read-only access to Cyberoam
system information and can receive Cyberoam
traps
Trap Support
Enable the required version for trap support.
Traps will be sent to the SNMP Managers who
support the specified versions only
Description
Specify description
Update button
Click to update and save the details
Table – Manage SNMP Community screen elements
Delete SNMP Community
Select System SNMP Manage Community to view the list of communities created
Screen – Delete SNMP Community
Screen Elements
Del
Description
Select community for deletion
Click Del to select
172
Cyberoam User Guide
Select All
Delete button
More than one community can also be
selected
Selects all the communities
Click Select All to select all communities
Deletes all the selected communities
Click to delete
Table – Delete SNMP Community screen elements
173
Cyberoam User Guide
Create SNMP V3 User
Select System SNMP Create V3 User
Screen – Create SNMP V3 User
Screen Elements
Description
SNMP V3 User Configuration
Username
Specify username
Password
Specify password
Confirm Password Type again the same password as entered in the
Password field
Create button
Creates user
Table – Create SNMP V3 User screen elements
Manage SNMP V3 User
Select System SNMP Manage V3 User to view list of created users. Click the user whose
details are to be updated
174
Cyberoam User Guide
Screen – Edit V3 User
Screen Elements
Description
SNMP V3 User Configuration
Username
Displays username, modify if required
Password
Displays password, modify if required
Confirm Password Type again the same password as entered in the
Password field, if changed
Update button
Updates and saves the user details
Table – Edit V3 User screen elements
Delete SNMP V3 User
Select System SNMP Manage V3 User to view list of created users
Screen – Delete SNMP V3 User
Screen Elements
Del
Description
Select user to be deleted
Click Del to select
Select All
Delete button
More than one user can also be selected
Selects all the users
Click Select All to select all users
Deletes all the selected users
Click to delete
Table – Delete SNMP V3 User screen elements
175
176
Cyberoam User Guide
Manage Data
Backup data
Backup is the essential part of data protection. No matter how well you treat your system, no matter how
much care you take, you cannot guarantee that your data will be safe if it exists in only one place.
Backups are necessary in order to recover data from the loss due to the disk failure, accidental deletion
or file corruption. There are many ways of taking backup and just as many types of media to use as well.
Cyberoam provides facility of taking regular and reliable data backup. Backup consists of all the policies,
logs and all other user related information.
Cyberoam maintains five logs:
Web surfing log This log stores the information of all the websites visited by all the users
User session log Every time the user logs in, session is created. This log stores the session entries of
all the users and specifies the login and logout time.
Audit log This log stores the details of all the actions performed the User administrating Cyberoam.
Refer to Appendix A – Audit Log for more details.
Virus log This log stores the details of malicious traffic requests received.
Set Backup Schedule
Select System → Manage Data → Set Backup Schedule
Screen – Set Backup schedule
Cyberoam User Guide
Screen Elements
Description
Backup of Data only (Does not include Logs)
Backup Frequency Backup schedule. Only data backup will be taken.
Select any one
Daily – backup will be send daily
Weekly – backup will be send weekly
Monthly – backup will be send monthly
Never – backup will never be send
In general, it is best to schedule backup on regular basis.
Depending on how much information you add or change will help
you determine the schedule
Incremental Backup of Log files only (in CSV format)
Backup process only copies what has changed since the last backup. This creates a
much smaller backup file.
Log
Select the logs for backup. Backup of log files will be taken in CSV
format.
Backup Frequency
Set Backup Mode
Backup mode
Available logs for backup:
1. Web surfing
2. Virus
3. Audit
Select any one
Daily – backup will be send daily
Weekly – backup will be send weekly
Never – backup will never be send
Specifies how backup should be taken and send
Select
FTP backup OR
Mail backup
Only for FTP backup
FTP server
Specify IP address of FTP server
User name
Specify User name with which user has to logon to the FTP server
Password
Specify Password
Only for Mail backup
To Mail Id
Specify email address to which the backup is to be mailed
Save button
Saves the configuration
Table – Set Backup Schedule screen elements
177
178
Cyberoam User Guide
Backup Data
Select System → Manage Data → Backup Data
Screen – Backup Data
Screen Elements
Backup System Data
(Does not include logs)
Backup button
Description
Takes the recent backup and allows to download
Download button
Only if backup is taken
previously
Click Backup data to take backup
Download the backup already taken. Also displays date and
time of backup
Click Download to download
To download follow the screen instructions
Backup Log (in CSV format)
Logs
Backup of selected logs will be taken
Backup button
Select the logs for backup
1. Web surfing
2. Virus
3. Audit
Takes the recent backup of logs and allows to download
Download button
Only if backup is taken
previously
Click Backup data to take the recent backup
Download the backup of logs already taken. Also displays date
and time of backup
Click Download to download
To download follow the screen instructions
Table – Backup Data screen elements
Cyberoam User Guide
Restore Data
With the help of restore facility, restore data from the backup taken. Restoring data older than the current
data will lead to the loss of current data.
Select System → Manage Data → Restore Data
Screen – Restore Data screen
Screen Elements
Description
Upload Backup
File to upload Specify name of backup file to be uploaded
Browse button Select the backup file
Upload button Uploads the backup file
Table - Restore Data screen elements
Note
Restore facility is version dependant i.e. it will work only if the backup and restore versions are same e.g. if
backup is taken from Cyberoam version 7.4.0.0 then restore will work only for version 7.4.0.0 and not for any
other version.
179
Cyberoam User Guide
Purge
Purging of data means periodic deletion of the data. Cyberoam provides Auto purge and Manual purge
facility for deleting log records.
Configure Auto purge Utility
Select System → Manage Data → Configure Auto purge utility
Screen – Configure Auto purge Utility screen
Screen Elements
Purge Frequency
Purge Web surfing logs every
Save button
Popup Notification
Enable Alert Popup
Description
Specify number of days after which web surfing
log should be purged automatically
Saves purging schedule configuration
Enabling Popup Notification displays alert popup
before purging the logs
Click to enable
Save button
Saves popup alert configuration
Download Purged Logs
Only if Logs have been Auto purged
Download button
Allows to download the purged log files
Click to download
Delete button
Deletes the purged log files
Table – Configure Auto purge Utility screen elements
Note
System will preserve logs only for the specified number of days and automatically purges the logs generated
there after.
180
181
Cyberoam User Guide
Manual purge
Use manual purge to delete log records manually
Select System → Manage Data → Purge Logs
Screen – Purge Logs screen
Screen Elements
Description
Purge
Select log for purging
Web surfing logs
User session logs
Audit logs
Till Date
Select the date from Calendar till which the
selected log(s) is to be purged
Purge button Purges the selected log till the specified date
Click Purge to purge
Table - Purge Logs screen elements
Note
Auto purge option is always on
182
Cyberoam User Guide
Client Services
Client Messages
Message Management tab allows Administrator to send messages to the various users. Messages help
Administrator to notify users about problems as well as Administrative alerts in areas such as access,
user sessions, incorrect password, and successful log on and log off etc.
Message is send to the User whenever the event occurs.
Message can be up to 256 characters and send to the number of users at a time.
Select System → Configure Client Settings → Customize Client Message
Screen – Customized Client Messages screen
Screen Elements
Message Key
Description
Message code
Click Message link to customize the message which will be
received by user
Click Save to save the changes
Click Cancel to cancel the current operation
Message
Message description
Configure Usage to Alert User before Expiration
Enter Remaining Alert will be displayed to all the users when the specified data
Usage in
transfer is remaining
Remaining usage can be entered in absolute value or in
percentage
Cyberoam User Guide
Data Transfer (MB)
Specify remaining data transfer usage when all the users should
receive alert.
Eg. Absolute Remaining data transfer usage: 20 MB
User1: Total Data transfer limit (as defined in Data transfer policy):
150 MB
User2: Total Data transfer limit (as defined in Data transfer policy):
640 MB
User1 will receive alert when he is left with 20 MB of data transfer
i.e has done total data transfer of 130 MB
User2 will receive alert when he is left with 20 MB of data transfer
i.e has done total data transfer of 620 MB
Percentage Remaining data transfer usage: 20%
User1: Total Data transfer limit (as defined in Data transfer policy):
150 MB
User2: Total Data transfer limit (as defined in Data transfer policy):
640 MB
User1 will receive alert when he is left with 30 MB (20% of 150 MB)
of data transfer i.e. has done data transfer of 120 MB
Cycle Data Transfer
(MB)
User2 will receive alert when he is left with 128 MB (20% of 640
MB) of data transfer i.e. has done data transfer of 512 MB
Specify remaining cycle data transfer usage when all the users
should receive alert.
Cycle data transfer is the upper limit of total data transfer allowed
to the user per cycle. User will be disconnected if the limit is
reached. It is applicable the users to whom the cyclic data transfer
policies are applied.
E.g. Absolute Remaining cycle data transfer usage: 20 MB
User1: Cycle Total Data transfer limit (as defined in Data transfer
policy): 150 MB
User2: Cycle Total Data transfer limit (as defined in Data transfer
policy): 640 MB
User1 will receive alert when he is left with 20 MB of data transfer
per cycle i.e. has done data transfer of 130 MB
User2 will receive alert when he is left with 20 MB of data transfer
per cycle i.e. has done data transfer of 620 MB
Percentage Remaining cycle data transfer usage: 20%
User1: Cycle Total Data transfer limit (as defined in Data transfer
policy): 150 MB
User2: Cycle Total Data transfer limit (as defined in Data transfer
policy): 640 MB
Save details button
User1 will receive alert when he is left with 30 MB (20% of 150 MB)
of data transfer per cycle i.e. has done data transfer of 120 MB
User2 will receive alert when he is left with 128 MB (20% of 640
MB) of data transfer per cycle i.e. has done data transfer of 512 MB
Saves the data transfer alert configuration
Table - Customized Client Message screen elements
183
Cyberoam User Guide
List of Predefined messages
Messages
AlertMessageWithCycleData
AlertMessageWithData
Description/Reason
Message is sent to the user when the remaining cycle data
transfer is equal to the configured value.
Value can be configured from Customize Client Messages page.
Refer to Client Messages for more details
Message is sent to the user when the remaining data transfer is
equal to the configured value.
Value can be configured from Customize Client Messages page.
Refer to Client Messages for more details
DeactiveUser
Administrator has deactivated the User and the User will not be
able to log on
DisconnectbyAdmin
When the administrator disconnects the user from the live users
page
InvalidMachine
Message is sent if User tries to login from the IP address not
assigned to him/her
LoggedoffsuccessfulMsg Message is sent when User logs off successfully
LoggedonsuccessfulMsg Message is sent when User logs on successfully
Loggedinfromsomewhereelse Message is sent if User has already logged in from other
machine
MaxLoginLimit
Message is sent if User has reached the maximum login limit
MultipleLoginnotallowed Message is sent if User is not allowed multiple login
NotAuthenticate
Message is sent if User name or password are incorrect
NotCurrentlyAllowed
Message is sent if User is not permitted to access at this time
Someoneloggedin
SurfingtimeExhausted
SurfingtimeExpired
LiveIPinuse
Nmpoolexceedlimit
Access Time policy applied to the User account defines the
allowed access time and not allowed access at any other time.
Message is sent if someone has already logged in on that
particular machine
Message is sent when User is disconnected because his/her
allotted surfing time is exhausted
The surfing time duration is the time in hours the User is allowed
Internet access that is defined in Surfing time policy. If hours are
exhausted, User is not allowed to access
Administrator has temporarily deactivated the User and will not
be able to log in because User surfing time policy has expired
Message is sent if connection is requesting a public IP Address
from the server that is already in use
Message is sent if the maximum number of IP Addresses in the
public Logon Pool at any given time has exceeded the limit
Table - List of predefined messages
184
Cyberoam User Guide
Client preferences
Use Client preference to specify
• which page to open every time user logs on to Cyberoam
• whether HTTP client log on page should pop up if user tries to surf without logging in
• port from which Web Administration Console can be accessed
• number of concurrent log on allowed
Select System → Configure Client Settings → Customize Client preferences
Screen – Customized Client Preferences screen
Screen Elements
Description
Open following site after client logs on to the server
URL
Specify URL which is to be opened every time user logs
on
Update button
HTTP Client
Pop up HTTP client
Leave this field blank, if you do not want to open any
specific page every time user logs in
Updates configuration
Whenever User tries to surf without logging, page with a
message ‘Cyberoam Access Denied‘ displayed
If HTTP client pop up option is selected, User will get a
HTTP Client pop up along with the ‘Cyberoam Access
Denied' page.
Update button
Once User logs on successfully using the HTTP client,
user will be able to surf the requested site.
Updates configuration
185
Cyberoam User Guide
Web Admin Console
Web Admin Console
Port
Update button
Number of Logins
Number of Logins
Allowed
OR
Unlimited Login
Specify Port number on which Web Admin Console is
running
Updates configuration
Specify number of concurrent logins allowed to all the
users
OR
Allows unlimited concurrent logins
Updates configuration
Update button
Table – Customized Client Preferences screen elements
Note
The preferences set are applicable to all the users by default i.e. by default, all the preferences set will be
applicable when the user is created. Refer to Create User, for customizing number of concurrent logins allowed
to the particular user.
186
187
Cyberoam User Guide
Customize Access Deny messages
Use to customize Access deny message for:
• all web categories
• individual web category
• all file type categories
This customized message will be displayed when user tries to access the site, which is not allowed.
1. Select System → Configure → Customize Denied Message
2. Select category for which you want to customize access deny message
Select ‘All Web categories’ to display the same access deny message for all the web categories.
The message specified for ‘All Web Categories’ becomes the default message.
Select a particular category for which you want to display a different message
By default, the message specified for ‘All Web Categories’ is displayed.
Disable Use Default Message, if you want to display a different message for a particular category
and modify the message
Select ‘All File type category’ to customize the access deny message for all the file type
categories
3. In Denied Message, modify the message contents
4. Click Update to save if any changes are made
188
Cyberoam User Guide
Upload Corporate logo
Use to display your company’s logo in all the messages displayed to the user.
1. Select System → Configure → Customize Denied Message
2. In Top Bar, specify the image to be displayed at the top of the message page.
3. In the Bottom Bar, specify the image to be displayed at the bottom of the message page
4. Click Upload
Note
Dimension of Image should be 700 * 80 and jpg file only
189
Cyberoam User Guide
Customize Login message
Use to customize login page messages and client login links provided on login page.
1. Select System → Configure → Customize Login Message
2. Under Client Login Links, select Login Clients that you want to be displayed on Login page.
In the login page, download links are provided so that user can download the required login
client. If you do not want user to download a particular login client, deselect the link
In the Login message box, specify the message to be displayed. You can further customize the
message by using clientip address, category and URL
3. Enable Blink Message to display blinking message
4. Before saving the configuration, click Preview and see how message will be displayed to the user
5. Click Save to save the configuration
Cyberoam User Guide
HTTP Proxy Management
Proxy server is a kind of buffer between your computer and the internet resources you are accessing.
Proxy server accumulates and saves all those files that are most often requested by other Internet users
in a ‘Cache’. The cache of a proxy server may already contain information you need by the time of your
request, making it possible for the proxy to deliver it immediately. Therefore, proxy servers are able to
improve the network performance by reducing the access time.
Cyberoam can also act as a HTTP proxy server. All visited static sites are cached on the Cyberoam
server hard drive. The advantage of a cache server is that it will cache the static web pages once
requested and serve them locally when requested next time.
Manage HTTP Proxy
Select System → HTTP Proxy → Manage HTTP Proxy
Screen - Manage HTTP Proxy
Screen Elements
Description
Server Status
Start button
Only if Current Status is ‘Stopped’
Stop button
Only if Current Status is ‘Running’
Restart button
Displays current status of Cache server
Click to start Cache server
Click to stop Cache server
Click to restart Cache server
Table - Manage HTTP Proxy screen elements
190
191
Cyberoam User Guide
Configure HTTP Proxy
Use to
• configure http proxy port
• configure trusted ports
Select System → HTTP Proxy → Configure HTTP Proxy
Screen - Configure HTTP Proxy
Screen Elements
Description
HTTP Proxy Port Setting
HTTP Proxy port Specify proxy port to be used
Save button
Click to save the port setting
HTTP Proxy Trusted Ports Setting
Cyberoam allows the access to those sites which are hosted on
standard port only if deployed as HTTP proxy.
To allow access to the sites hosted on the non-standard ports,
you have to define non-standard ports as trusted ports.
You can define individual port or range of ports for http and https
protocols.
192
Cyberoam User Guide
Click Add to define non-standard ports
Pharming Protection Configuration
Enable Pharming Pharming attacks require no additional action from the user from
Protection
their regular web surfing activities. Pharming attack succeeds by
redirecting the users from legitimate web sites instead of similar
fraudulent web sites that has been created to look like the
legitimate site.
Enable to protect against pharming attacks and direct users to
the legitimate web sites instead of fraudulent web sites.
Save button
Click to enable/disable
Click to save the port setting
Table - Configure HTTP Proxy screen elements
Set Default Internet Access Policy
Go to System → HTTP Proxy → Default Policy to specify default internet access policy when
Cyberoam is being used as HTTP Proxy
Cyberoam User Guide
Manage Servers
Use Services tab to Start/Stop and Enable/Disable Autostart various configured servers. According to the
requirement, one can Start, Stop, Enable or Disable the services.
Types of the servers available:
1. DHCP
2. Domain Name Server
3. Antivirus server
4. Antispam server
5. Cyberoam server
6. Proxy servers – HTTP, SMTP, POP3, IMAP, FTP
Select System → Manage Services
Screen - Manage Services
Screen Elements
Service name
Status
Commands
Description
Name of the server
Status of the respective server
Running – if server is on
Stopped – if server is off
Starts or stops the respective servers
Enables or disables Autostart
Action table
Button
Start
Stop
Enable Autostart
Disable Autostart
Restart
Shutdown
Refer to Action table for details
Table - Manage Control Service screen elements
Usage
Starts the Server whose status is ‘Stopped’
Stops the server whose status is ‘Started’
Automatically starts the configured server with the startup of Cyberoam
Disables the Autostart process
Restarts Cyberoam
All the servers with ‘Enable Autostart’ will restart
Shuts down Cyberoam server and all the servers will be stopped
Table - Manage Control Service – Action
193
Cyberoam User Guide
Monitoring Bandwidth Usage
Bandwidth is the amount of data passing through a media over a period. In other words, it is the amount
of data accessed by the Users. Each time the data is accessed – uploaded or downloaded, the amount is
added to the total bandwidth. Because of the limited resource, it needs periodic monitoring.
Bandwidth usage graphical report allows Administrator to monitor the amount of data uploaded or
downloaded by the Users. Administrator can use this information to help determine:
• Whether to increase or decrease the bandwidth limit?
• Whether all the gateways are utilized optimally?
• Which gateway is underutilized?
• What type of traffic is consuming the majority of the Bandwidth?
• Which inbound/ outbound traffic has consumed the most Bandwidth in the last week/month?
Select System → View Bandwidth usage
Screen – View Bandwidth Usage
Screen Elements
Bandwidth report
Graph type
Description
Generates graph
Select any one
Gateway wise – Displays list of Gateways defined, click the Gateway
whose data transfer report is to be generated
Logon Pool wise – Displays list of Logon Pools defined, click the Logon
Pool whose data transfer report is to be generated
Total – Generates total (all gateways and Logon Pools) data transfer
report. Also generates Live user report
Graph period
Gatewaywise breakup - Generates total (all gateways) data transfer report.
Generates graph based on time interval selected
Click Graph period to select
Table - Bandwidth usage screen elements
194
195
Cyberoam User Guide
It generates eight types of graphical reports:
1. Live users - Graph shows time and live users connected to Internet. In addition, shows minimum,
maximum and average no. of users connected during the selected graph period. This will help in
knowing the peak hour of the day.
X axis – Hours
Y axis – No. of users
Peak hour – Maximum no. of live users
Screen - Bandwidth usage - Live Users graph
2. Total data transfer – Graph shows total data transfer (upload + download) during the day. In
addition, shows minimum, maximum and average data transfer.
X axis – Hours
Y-axis – Total data transfer (upload + download) in KB/Second
Maximum
data transfer
Minimum
data
Screen - Bandwidth usage - Total Data transfer graph
196
Cyberoam User Guide
3. Composite data transfer – Combined graph of Upload & Download data transfer. Colors
differentiate upload & download data traffic. In addition, shows the minimum, maximum and
average data transfer for upload & download individually
X axis – Hours
Y-axis – Upload + Download in Bits/Second
Orange Color - Upload traffic
Blue Color – Download traffic
Screen - Bandwidth usage - Composite Data transfer graph
4. Download data transfer – Graph shows only download traffic during the day. In addition, shows
the minimum, maximum and average download data transfer.
X axis – Hours
Y-axis – Download data transfer in Bits/Second
Screen - Bandwidth usage - Download Data transfer graph
197
Cyberoam User Guide
5. Upload data transfer - Graph shows only upload traffic during the day. In addition, shows
minimum, maximum and average upload data transfer.
X axis – Hours
Y-axis – Upload data transfer in Bits/Second
Screen - Bandwidth usage - Upload Data transfer graph
6. Integrated total data transfer for all Gateways – Combined graph of total (Upload + Download)
data transfer for all the gateways. Colors differentiate gateways. In addition, shows the minimum,
maximum and average data transfer of individual gateway
X axis – Hours
Y-axis – Total (Upload + Download) data transfer in Bits/Second
Orange Color – Gateway1
Blue Color – Gateway2
198
Cyberoam User Guide
7. Integrated Download data transfer of all Gateways – Graph shows only the download traffic of all
the gateways during the day. In addition, shows the minimum, maximum and average download
data transfer.
X axis – Hours
Y-axis – Download data transfer in Bits/Second
Orange Color – Gateway1
Blue Color – Gateway2
8. Integrated Upload data transfer for all the Gateways - Graph shows only the upload traffic of all
the gateways during the day. In addition, shows minimum, maximum and average upload data
transfer.
X axis – Hours
Y-axis – Upload data transfer in Bits/Second
Orange Color – Gateway1
Blue Color – Gateway2
199
Cyberoam User Guide
Migrate Users
Cyberoam provides a facility to migrate the existing users from PDC or LDAP server. Alternately, you can
also import user definition from an external file (CSV format file).
If you do not want to migrate users, configure for Automatic User creation. This reduces Administrator’s
burden of creating the same users again in Cyberoam.
Migration from PDC server
All the migrated users will be created under Group type – ‘Normal’ and default policies will be applied.
Administrator can change the assigned group or status at the time of migration or later.
After migration, Username will be set as password in Cyberoam.
Select User Migrate Users to open migration page
Step 1: Click Download User Migration Utility link
Screen - Download User Migration Utility
Step 2: Opens the File Download window and prompts to run or save the utility. Select the appropriate
option and click OK button
Screen - Save User Migration Utility
Step 3: Opens a new browser window and prompts for the login. Provide the administrator username and
200
Cyberoam User Guide
password. E.g. Username: “cyberoam” and password: “cyber”
Step 4: On successful authentication, following screen will be shown. Upload the specified file.
Screen – Upload downloaded User Migration Utility
Step 5: Change the group or status of the user at this stage, if required. To migrate all the users, click
Select All or select the individual users and click Migrate Users.
Note
After migration, for Cyberoam login password will be same as the username
Once the users are migrated, configure for single sign on login utility.The configuration is required to be
done on the Cyberoam server.
Migration from External file
Instead of creating user again in Cyberoam, if you already have User details in a CSV file then you can
upload CSV file.
CSV file should be in the following format:
1. Header (first) row should contain field names. Format of header row:
Compulsory first field: username
Optional fields in any order: password, name, groupname
2. Subsequent rows should contain values corresponding to the each field in header row
3. Number of fields in each row should be same as in the header row
4. Error will be displayed if data is not provided for any field specified in the header
5. Blank rows will be ignored
6. If password field is not included in the header row then it will set same as username
7. If name field is not included in the header row then it will set same as username
8. If groupname is not included in the header row, administrator will be able to configure group at the
time of migration
Step 1 Upload CSV file
Select System Migrate User to open migration page
201
Cyberoam User Guide
Screen – Upload CVS file
Step 2 Change Group or Active status of user at this stage, if required. To migrate all the users, click
Select All or select the individual users and click Migrate Users.
Screen - Register migrated users from External file
If migration is successful, Manage Active User page will be displayed with all the migrated users as
Active users.
202
Cyberoam User Guide
Customization
Schedule
PART
3
Schedule defines a time schedule for applying firewall rule or Internet Access policy i.e. used to control
when firewall rules or Internet Access policies are active or inactive.
Types of Schedules:
• Recurring – use to create policies that are effective only at specified times of the day or on
specified days of the week.
• One-time - use to create firewall rules/policies that are effective once for the period of time specified
in the schedule.
Define Schedule
Select Firewall Schedule Define Schedule to open define schedule page
Screen - Define One Time Schedule
Cyberoam User Guide
Screen Elements
Schedule details
Name
Schedule Type
Start time & Stop
time (only if
Schedule Type is
‘One Time’)
Description
Create button
Description
Specify schedule name. Choose a name that best describes schedule
Specify type of schedule
Recurring – applied at specified times of the day or on specified days
of the week
One time – applied only once for the period of time specified in the
schedule
Defines start and stop time for the schedule
Start & stop time cannot be same
Specify full description of schedule
Creates schedule
Add Schedule Entry details
Refer to Add Schedule Entry details to add time details
Table - Define Schedule screen elements
Select Firewall Schedule Manage Schedule to view the list of schedule and click the
Schedule name in which the schedule entry details is to be added.
203
Cyberoam User Guide
Screen – Add Schedule Entry details
Screen Elements
Schedule Entry
Weekday
Start time & Stop time
Description
Select weekday
Defines the access hours/duration
Start & stop time cannot be same
Add Schedule detail Attaches the schedule details for the selected
button
weekday to the schedule
Cancel button
Cancels the current operation
Table – Add Schedule Entry details screen elements
204
Cyberoam User Guide
Manage Schedule
Use to modify:
1. Schedule Name
2. Description
3. Add Schedule Entry details
4. Delete Schedule Entry details
Select Firewall Schedule Manage Schedule and click Schedule name to be updated
Screen - Manage Schedule
Screen Elements
Schedule details
Schedule name
Schedule description
Schedule Entry
Add button
Delete button
Description
Displays schedule name, modify if required
Displays schedule description, modify if required
Allows to add the schedule entry details
Refer to ‘Add Schedule Entry details’ for more details
Allows to delete the schedule entry details
Save button
Cancel button
Refer to ‘Delete Schedule Entry details’ for more details
Saves schedule
Cancels the current operation and returns to Manage
Schedule page
Table - Manage Schedule screen elements
205
Cyberoam User Guide
Delete Schedule Entry details
Screen – Delete Schedule Entry details
Screen Elements
Del
Description
Select Schedule Entry detail to be deleted
Click Del to select Schedule Entry details
Select All
More than one Schedule Entry details can also be
selected
Selects all the Schedule Entry details
Click Select All to select all the Schedule Entry details
Delete button Deletes the selected Schedule Entry detail(s)
Table - Delete Schedule Entry details screen elements
206
Cyberoam User Guide
Delete Schedule
Select Firewall Schedule Manage Schedule to view the list of Schedules
Screen - Delete Schedule
Screen Elements
Del
Description
Select schedule to be deleted
Click Del to select schedule
Select All
Delete button
More than one schedule can also be selected
Selects all the schedules
Click Select All to select all the schedules
Deletes the selected schedule(s)
Table - Delete Schedule screen elements
207
Cyberoam User Guide
Services
Services represent types of Internet data transmitted via particular protocols or applications.
Protect your network by configuring firewall rules to
• block services for specific zone
• limit some or all users from accessing certain services
• allow only specific user to communicate using specific service
Cyberoam provides several standard services and allows creating:
• Customized service definitions
• Firewall rule for customized service definitions
Define Custom Service
Select Firewall Services Create to open the create page
Screen - Define Custom Service
Screen Elements
Create Service
Service Name
Select Protocol
Description
Specify service name
Select the type of protocol
Description
Create button
Cancel button
For IP - Select Protocol No.
For TCP - Specify Source and Destination port
For UDP - Specify Source and Destination port
For ICMP – Select ICMP Type and Code
Specify service description
Creates a new service
Cancels the current operation and returns Manage Service
Table – Define Custom Service screen elements
208
Cyberoam User Guide
Manage Custom Service
Use to modify:
1. Description
2. Add Protocol details
3. Delete Protocol details
Select Firewall Services Manage to view the list of custom services. Click service to be
modified
Screen - Update Custom Service
Screen Elements
Custom Service
Service Name
Description
Protocol Details
Add button
Description
Displays service name
Displays description, modify if required
Allows to add protocol details
Click to add
Delete button
Save button
Cancel button
Select protocol
For IP - Select Protocol No.
For TCP - Specify Source and Destination port
For UDP - Specify Source and Destination port
For ICMP – Select ICMP Type and Code
Click Add
Allows to delete protocol details
Click to delete against the protocol details to be deleted
Click Delete
Updates the modified details
Cancels the current operation
Table - Update Custom Service screen elements
209
Cyberoam User Guide
Delete Custom Service
Select Firewall services Manage to view the list of services.
Screen - Delete Custom Service
Screen Elements
Del
Description
Select the Service for deletion
More than one services can be selected
Select All
Delete button
Click to select
Allows to select all the services for deletion
Click to select
Deletes all the selected service(s)
Click to delete
Table - Delete Custom Service screen elements
Note
Default Services cannot be deleted
210
Cyberoam User Guide
Create Service Group
Service Group is the grouping of services. Custom and default services can be grouped in a single group.
Use to configure firewall rules to
• block group of services for specific zone
• limit some or all users from accessing group of services
• allow only specific user to communicate using group of service
Select Firewall Service Group Create to open the create page
Screen – Create Service Group screen
Screen Elements
Create Service Group
Service Group Name
Select Service
Description
Specify service group name
Select the services to be grouped.
‘Available Services’ column displays the services that can
be grouped
Using right arrow button move all the services that are to
be grouped in the ‘Member Services’ list
Description
Create button
Cancel button
‘Member Services’ column displays the services that will
be grouped
Specify group description
Creates a new service group
Cancels the current operation and returns Manage
Service Group page
Table – Create Service Group screen elements
211
Cyberoam User Guide
Update Service Group
Select Firewall Service Group Manage to view the list of groups created. Click the group to
be modified
Screen – Edit Service Group
Screen Elements
Edit Service Group
Service Group Name
Select Service
Description
Displays service group name
Displays grouped services
‘Available Services’ column displays the services that can
be grouped
Using right arrow button move all the services that are to
be grouped in the ‘Member Services’ list
Description
Save button
Cancel button
‘Member Services’ column displays the services that will
be grouped
Displays group description, modify if required
Saves the modified details
Cancels the current operation and returns Manage
Service Group page
Table – Edit Service Group screen elements
212
Cyberoam User Guide
Delete Service Group
Select Firewall Service Group Manage to view the list of groups created.
Screen – Delete Service Group
Screen Elements
Del
Description
Select the group for deletion
More than one groups can be selected
Select All
Delete button
Click to select
Allows to select all the groups for deletion
Click to select
Deletes all the selected group(s)
Click to delete
Table – Delete Service Group
213
214
Cyberoam User Guide
Categories
Cyberoam’s content filtering capabilities prevent Internet users from accessing non-productive or
objectionable websites that take valuable system resources from your network at the same time prevents
hackers and viruses that can gain access to your network through their Internet connections.
Cyberoam lets you prevent Internet users from accessing URLs that contain content the company finds
objectionable. Cyberoam’s Categories Database contains categories covering Web page subject matter
as diverse as adult material, astrology, games, job search, and weapons. It is organized into general
categories, many of which contain collections of related Internet sites with specific content focus. In other
words, database is a collection of site/host names that are assigned a category based on the major
theme or content of the site.
Categories Database consists of three types:
Web category – Grouping of Domains and Keywords. Default web categories are available for use only if
‘Web and Application Filter’ subscription module is registered.
File Type category – Grouping of File extensions
Application protocol – Grouping of protocols. Standard protocol definitions are available for use only if
‘Web and Application Filter’ subscription module is registered.
Apart from the default categories provided by Cyberoam, custom category can also be created if
required. Creating custom category gives increased flexibility in managing Internet access for your
organization. After creating a new category, it must be added to a policy so that Cyberoam knows when
to enforce it and for which groups/users.
215
Cyberoam User Guide
Web Category
Web category is the grouping of Domains and Keywords used for Internet site filtering. Domains and any
URL containing the keywords defined in the Web category will be blocked.
Each category is grouped according to the type of sites. Categories are grouped into four types and
specifies whether accessing sited specified those categories is considered as productive or not:
• Neutral
• Productive
• Non-working
• Un-healthy
For your convenience, Cyberoam provides a database of default Web categories. You can use these or
even create new web categories to suit your needs. To use the default web categories, the subscription
module Web and Application Filter should be registered.
Depending on the organization requirement, allow or deny access to the categories with the help of
policies by groups, individual user, time of day, and many other criteria.
Custom web category is given priority over default category while allowing/restricting the access.
Search URL
Use Search URL to search whether the URL is categorized or not. It searches the specified URL and
displays Category name under which the URL is categorized and category description.
When a custom category is created with a domain/URL which is already categorized in default category
then the custom category overrides the default category and the search result displays custom category
name and not the default category name.
Select Categories Web Category Search URL
Screen – Search URL
216
Cyberoam User Guide
Manage Default Web Category
Default Web categories are available for use only if ‘Web and Application Filter’ subscription module is
registered. Database of web categories is constantly updated by Cyberoam.
If the module is not registered, page is displayed with the message ‘Web and Application Filter module is
not registered’. See Register Add on Modules for registering Web and Application Filter module. Module
can also be registered as ‘Demo’ version if you have yet not purchased but will expire after 15 days of
registration.
Once the module is registered, the default categories can be used in Internet Access for filtering.
Select Categories Web Category Manage Default to view list of default Web Categories
Screen - Manage Default Web Category
Note
Default Web categories cannot be modified or deleted.
Custom web category is given the priority over the default category while allowing/restricting access.
Cyberoam User Guide
Create Custom Web category
Select Categories Web Category Create Custom to open create page
Screen - Create Custom Web Category
Screen Elements
Description
Create Custom Web Category
Name
Specify Web category name
Description Specify full description
Category type Categories are grouped into four types and specifies whether
accessing sites specified in those categories is considered as Neutral,
Productive, Non-working or Un-healthy
Select category type
217
Cyberoam User Guide
Create button Creates a new custom Web Category. Web Category configuration is
incomplete until domain names or keywords are attached
Domain Management
Add button Use to define domains for the web category. Depending on the user’s
Internet access policy, accessing specified domain(s) will be allowed
or denied.
Click to add
Refer to Add Domain(s) for more details
Keywords Management
Add button Use to define keywords for the web category. Depending on the user’s
Internet access policy, accessing sites with the specified keyword(s)
will be allowed or denied.
Click to add
Update button
Cancel button
Refer to Add Keyword(s) for details
Saves the web category
Cancels the current operation and returns to View Web Category page
Table - Create Web Category screen elements
Note
Custom category name cannot be same as default category name.
Add Domain
Screen - Add Domain
Screen Elements
Description
Domains Management
Domains
Specify domains for the category. Depending upon the Internet
access policy and schedule strategy any site falling under the
specified domain will be allowed or blocked access.
Add Domain button Assigns domains to the web category
Cancel button Cancels the current operation
Table - Add Domain screen elements
218
Cyberoam User Guide
Note
Domains can be added at the time of creation of web category or whenever required.
Add Keyword
Screen - Add keyword
Screen Elements
Description
Keywords Management
Keywords
Specify domains for the category. Depending on the Internet
access policy and schedule strategy any site falling under the
specified domain will be allowed or blocked access
Add button
Assigns keywords to the Web Category
Cancel button Cancels the current operation
Table - Add keyword screen elements
Note
Keywords can be added at the time of creation of web category or whenever required.
219
Cyberoam User Guide
Manage Custom Web Category
Use to modify:
1. Description
2. Add Domains
3. Delete Domains
4. Add Keywords
5. Delete Keywords
Select Categories Web Category Manage Custom to view the list of Web categories and
click Web Category to be modified
Screen - Manage Custom Web category
Screen Elements
Description
Update Custom Web Category
Name
Displays name of the web category, modify if required
Description
Displays description of the Category
Category type Categories are grouped into four types and specifies whether accessing
sites specified in those categories is considered as Neutral, Productive,
Non-working or Un-healthy
Select category type
Domain Management
Add button
Allows to add domain name(s) to the web category
Click to add
Delete button
Refer to Add Domains for details
Allows to remove domain name(s) from the web category
Click to remove
Refer to Delete Domains for details
220
Cyberoam User Guide
Keywords Management
Add button
Allows to add keyword(s) to the web category
Click to add
Delete button
Refer to Add Keywords for details
Allows to remove keywords from the web category
Click to remove
Update button
Cancel button
Refer to Delete Keywords for details
Modifies and saves the updated details
Click to Update
Cancels the current operation and returns to the Manage Custom Web
Category page
Table - Update Custom Web category screen elements
Delete Domain
Screen – Delete Domain
Screen Elements
Select
Select All button
Delete button
Description
Click all the domains required to be removed
Allows to select all the domains for deletion
Click Select All to select all domains
Remove(s) domains from the web category
Click to remove
Table – Delete Domain screen elements
221
Cyberoam User Guide
Delete Keyword
Screen - Delete keyword
Screen Elements
Select
Select All button
Delete button
Description
Click all the keywords required to be removed
Allows to select all the keywords for deletion
Click Select All to select all keywords
Remove(s) keywords from the web category
Click to remove
Table - Delete keywords screen elements
222
Cyberoam User Guide
Delete Web Category
Prerequisite
• Not attached to any Policy
Select Categories Web Category Manage Custom to view the list of Web Categories.
Screen - Delete Custom Web Category
Screen Elements
Del
Description
Select web category to be deleted
More than one web category can be selected
Select All
Delete button
Click to select
Allows to select all the web categories for deletion
Click to select
Deletes all the selected web categories
Click to delete
Table - Delete Custom Web Category screen elements
223
224
Cyberoam User Guide
File Type Category
File type is a grouping of file extensions. Cyberoam allows filtering Internet content based on file
extension. For example, you can restrict access to particular types of files from sites within an otherwisepermitted
category.
For your convenience, Cyberoam provides several default File Types categories. You can use these or
even create new categories to suit your needs.
Depending on the organization requirement, allow or deny access to the categories with the help of
policies by groups, individual user, time of day, and many other criteria.
Manage Default File Type Category
Cyberoam provides five default File Type categories that cannot be modified or deleted.
Select Categories File Type Category Manage Default to view the list of default File
Type Categories. Click the Category to view extensions included in the Category.
Screen – Manage Custom File Type Category
Cyberoam User Guide
Create Custom File Type Category
Select Categories File Type Category Create Custom to open the create page
Screen - Create Custom File Type Category
Screen Elements
Description
Custom File Type details
Name
Assign name to File Type Category
File Extensions Specify file extensions to be included in the File Type
Category
Extensions defined here will be blocked or filtered
Description Specify full description
Create button Creates a new File Type Category
Cancel button Cancels the current operation and returns to Manage
Custom File Type Category page
Table - Create Custom File Type screen elements
225
Cyberoam User Guide
Manage Custom File Type Category
Use to modify:
1. File Extensions
2. Description
Select Categories File Type Category Manage Custom to view the list of File Type
Categories and click File Type Category to be modified.
Screen - Manage Custom File Type Category
Screen Elements
Description
Update Custom File Type Category
Name
Displays name of the File Type Category, modify if necessary
File Extensions Displays file extension(s) added to the Category, modify if
required
Description
Displays description of Category
Update button Modifies and saves the updated details
Cancel button
Click to Update
Cancels the current operation and returns to the Manage Custom
File Type Category page
Screen - Manage Custom File Type Category
226
Cyberoam User Guide
Delete Custom File Type Category
Prerequisite
• Not attached to any Policy
Select Categories File Type Category Manage Custom to view the list of File Type
Categories created
Screen - Delete Custom File Type Category
Screen Elements
Del
Select All button
Delete button
Description
Click all the File Types required to be deleted
Allows to select all the File Types for deletion
Click Select All to select all File Types
Delete(s) the File Type Category
Click to delete
Table - Delete Custom File Type screen elements
227
228
Cyberoam User Guide
Application Protocol Category
Application Protocol Category is the grouping of Application Protocols used for filtering Internet content.
You can also filter Internet requests based on protocols or applications other than HTTP, HTTPS or FTP,
for example those used for instant messaging, file sharing, file transfer, mail, and various other network
operations.
For your convenience, Cyberoam provides a database of default Application Protocol categories. To use
the default Application Protocol categories, the subscription module ‘Web and Application Filter’ should
be registered.
You can also create:
• Customized Application protocol category, if required
• Firewall rule based on customized Application protocol category
Manage Default Application Protocol Category
Default Application protocol categories are available for use only if ‘Web and Application Filter’
subscription module is registered. Database of protocol category is constantly updated by Cyberoam.
If the module is not registered, page is displayed with the message ‘Web and Application Filter’ module is
not registered.
See Register Add on Modules for registering Web and Application Filter module. Module can also be
registered as ‘Demo’ version if you have yet not purchased but will expire after 15 days of registeration.
Once the module is registered, the default protocol categories can be used in Internet Access for filtering.
Default Application protocol category cannot be modified or deleted.
Select Categories Application Protocol Category Manage Default to view the list of
default Application protocols Categories
Screen - Manage Default Application Protocol Category
Cyberoam User Guide
Create Custom Application Protocol Category
Select Categories Application Protocol Category Create Custom to open the create
page
Screen - Create Custom Application Protocol Category
Screen Elements
Description
Custom Application Protocol Category
Name
Specify name to Application Protocol Category
Description Specify full description
Create button Creates a new custom Application Protocol Category
Application Protocol details
Add button
Use to assign application protocols to Category for blocking.
Select application protocol you want to include in a Category.
Cyberoam gives access to the Category based on the
Schedule.
229
230
Cyberoam User Guide
Allows to add application protocol(s) to Category
Click to add
Refer to Add Custom Application Protocol details for more
details
Update button Saves Application Protocol Category
Cancel button Cancels the current operation and returns to View Custom
Application Protocol Category page
Table – Create Custom Application Category screen elements
Note
Custom category name cannot be same as default category name.
Add Custom Application Protocol Details
Screen – Add Custom Application Protocol Category details
Screen Elements
Description
Custom Application Protocol details
Application
Select Application Protocols that are to be grouped in the
Category.
Destination
Address
Add button
Cancel button
IP
Custom and Default both can be grouped in a single
Application Protocol Category
Specify destination IP Address
Groups the application protocols in the Category
Cancels the current operation
Table – Add Custom Application Protocol Category details
Cyberoam User Guide
Manage Custom Application Protocol Category
Use to modify:
1. Description
2. Add Application Protocol details
3. Delete Application Protocol details
Select Categories Application Protocol Category Manage Custom to view the list of
custom Application Protocol Categories. Click Application Protocol Category to be modified.
Screen – Manage Custom Application Protocol Category
Screen Elements
Description
Update Custom Application Protocol Category
Name
Displays name of Application Protocol Category, modify if necessary
Description
Displays description of the Category
Application Protocol Details
Add button
Allows to add Application Protocol(s) to Category
Click to add
Delete button
Refer to Add Custom Application Protocols for details
Allows to remove Application Protocol(s) from Category
Click to remove
Update button
Refer to Delete Custom Application Protocol for details
Modifies and saves the updated details
Click to Update
Cancel button Cancels the current operation and returns to the Manage Custom
Application Protocol Category page
Table – Manage Custom Application Protocol Category screen elements
231
Cyberoam User Guide
Delete Custom Application Protocol Category details
Screen – Delete Application Protocol Category details
Screen Elements
Del
Select All button
Delete button
Description
Click Application Protocol(s) required to be
deleted
Allows to select all Application Protocol(s) for
deletion
Click Select All to select all Application
Protocol(s)
Delete(s) Application Protocol(s)
Click to delete
Table – Delete Application Protocol Category screen elements
232
Cyberoam User Guide
Delete Custom Application Protocol Category
Prerequisite
• Not attached to any Policy
Select Categories Application Protocol Category Manage Custom to view the list of
Application Protocol Categories created
Screen - Delete Custom Application Protocol Category
Screen Elements
Del
Description
Select Category to be deleted
More than one Category can be selected
Select All
Delete button
Click to select
Allows to select all the Categories for deletion
Click to select
Deletes all the selected Categories
Click to delete
Table - Delete Custom Application Protocol Category screen elements
233
234
Cyberoam User Guide
Access Control
Use Local ACLs to limit the Administrative access to the following Cyberoam services from
LAN/WAN/DMZ:
• Admin Services
• Authentication Services
• Proxy Services
• Network Services
Default Access Control configuration
When Cyberoam is connected and powered up for the first time, it will have a default Access
configuration as specified below:
Admin Services
HTTPS (TCP port 443) and SSH (TCP port 22) services will be open for administrative functions
for LAN zone
Authentication Services
Cyberoam (UDP port 6060) and HTTP Authentication (TCP port 8090) will be open for User
Authentication Services for LAN zone. User Authentication Services are not required for any of
the Administrative functions but required to apply user based internet surfing, bandwidth and
data transfer restrictions.
Customize Access Control configuration
Use access control to limit the access to Cyberoam for administrative purposes from the specific
authenticated/trusted networks only. You can also limit access to administrative services within the
specific authenticated/trusted network.
Select Firewall Local ACL
Screen – Access Configuration
Screen Elements
Description
Cyberoam User Guide
Admin Services
Enable/disable access to Cyberoam using following service from the specified zone and
network:
• HTTP
• HTTPS
• Telnet
Authentication Services
Enable/disable following service from the specified zone and network:
• Cyberoam
• HTTP
Proxy Services
Enable/disable HTTP service from the specified zone and network
Network Services
Enable/disable following service from the specified zone and network:
• DNS
• ICMP
Update button
Add button
Saves configuration
Allows to add the trusted networks from which the above
specified services will be allowed/disallowed
Click Add to add network details
Specify Network IP address and Zone
Click Add
Table – Access Configuration screen elements
235
236
Cyberoam User Guide
Product Licensing & Updates
Product Version information
Check which version of the Cyberoam is installed on your computer, and determine the appliance key.
Click Cyberoam icon (on the rightmost corner of the screen) to get the information.
Screen – About Cyberoam
237
Cyberoam User Guide
Upgrade Cyberoam
Cyberoam provides two types of upgrades:
• Automatic – Correction to any critical software errors, performance improvement or changes in
system behavior leads to automatic upgrade of Cyberoam without manual intervention or
notification.
• Manual – Manual upgrades requires human intervention.
Automatic Upgrade
By default, AutoUpgrade mode is ON. It is possible to disable the automatic upgrades. Follow the
procedure to disable the AutoUpgrade mode:
1. Log on to Telnet Console
2. Go to option 4 Cyberoam Console
3. At the prompt, type the command, cyberoam autoupgrade off
Manual Upgrade
Step 1. Check for Upgrades
Press F10 to go to Dashboard from any of the screens.
Under the Installation Information section, click Check for Upgrades
238
Cyberoam User Guide
Page displays the list of available upgrades and the upgrade details like release date and size. Order
specifies the sequence in which Cyberoam should be upgraded.
Step 2. Download Upgrade
Click Download against the version to be downloaded and follow the on screen instructions to save the
upgrade file.
Step 3. Upload downloaded version to Cyberoam
Select Help Upload Upgrade
Type the file name with full path or select using ‘Browse’ and click Upload
239
Cyberoam User Guide
Screen - Upload Upgrade version
Step 4. Upgrade
Once the upgrade file is uploaded successfully, log on to Console to upgrade the version.
Log on to Cyberoam Telnet Console.
Type ‘6’ to upgrade from the Main menu and follow the on-screen instructions.
Successful message will displayed if upgraded successfully.
Repeat above steps if more than one upgrade is available. If more than one upgrade is available, please
upgrade in the same sequence as displayed on the Available Upgrades page.
240
Cyberoam User Guide
Licensing
You need a customer account to
• register your Cyberoam appliance
• avail 8 X 5 support
• register subscription modules
• subscribe for free 30-days Trial subscription
Select Help Licensing to view the list of subscription modules. Screen shows licensing status of
Appliances and subscription modules along with the subscription expiry date if subscribed.
Screen – Licensing
Status - ‘Registered’ – Appliance registered
Status - ‘Unregistered’ – Appliance not registered
Status - ‘Subscribed’ - Module subscribed
Status - ‘Unsubscribed’ - Module not subscribed
Status - ‘Trial’ - Trial subscription
Status - ‘Expired’ - Subscription expired
241
Cyberoam User Guide
Create Customer account and register appliance
Select Help Licensing and click Register against your appliance name.
You need to create a customer account to register appliance. If you have already created an account,
type your username and password to register appliance and click register
Cyberoam User Guide
If you have not created account, fill in the form to create your customer account and register appliance.
Screen – Registration
Screen Elements
Description
Appliance Registration form
Appliance key
Displays Appliance key
Appliance Model No. Displays Appliance model number
Email ID
Specify email ID
Password
Company name
Contact person
Address, City, State,
Country, Zip, Phone,
Fax
Account will be created with this id and will be username for
customer my account.
Specify password for your account and retype to confirm.
Remember to choose a password that is easy for you to remember
but hard for others to guess.
Specify company name under whose name appliance is to be
registered
Cannot be modified
Specify name of the contact person in the company
Specify complete address of the company
242
243
Cyberoam User Guide
Secret Question and Question and answer related to your password
Answer
This question will be mailed to the customer in case he forgets his
password.
If customer’s reply to the question matches the answer, new
password will be mailed at his email id.
External Proxy Server Information
Configure for proxy server if HTTP Proxy Server is used to connect to Web
Proxy Server
Specify HTTP proxy server setting (name or IP address) to
connect to Cyberoam registration server
Proxy Port
Specify port number if proxy server is running on the port than
other than the default port (80)
Username and Specify username and password to be used to log on to proxy
Password
server (if configured)
Register button
This process will create user account and register the appliance
Table - Registration screen elements
Subscribe Modules
Cyberoam includes following Subscription modules, which are not included in basic package:
• Intrusion Detection and Prevention
• Gateway Anti Virus
• Gateway Anti Spam
• Web and Application Filter
Customer has to procure a different license and subscribe for using any of the Subscription modules. You
can also subscribe for the 30-days free Trial subscription of any of the modules.
Prerequisite
• Account created
• Appliance registered
Select Help Licensing and click Subscribe against the module to be subscribed.
244
Cyberoam User Guide
Screen – Subscribe Module
Screen – Subscribe Trial Module
Screen Elements
Description
Subscribe
Appliance key
Displays Appliance key
Appliance Model No. Displays Appliance model number
Module
Displays module name to be subscribed
Registered Email ID and Specify email ID and password of your registered account
Password
Subscription Key Specify subscription key of the module obtained from Sales person
(Only if you have
purchased the module)
External Proxy Server Information
Configure for proxy server if HTTP Proxy Server is used to connect to Web
Proxy Server
Specify HTTP proxy server setting (name or IP address) to
connect to Cyberoam registration server
Proxy Port
Specify port number if proxy server is running on the port than
other than the default port (80)
Username and Specify username and password to be used to log on to proxy
Password
server (if configured)
Subscribe/Trial button Registers the specified module
Table – Subscribe Module
245
Cyberoam User Guide
Download
Clients
Cyberoam Client supports Users using following platforms:
Windows Enables Users using Windows Operating System to log-on to Cyberoam Server
Linux Enables Users using Linux Operating System to log-on to Cyberoam server
HTTP Enables Users using any other Operating System than Windows & Linux to log-on to Cyberoam
Server
Single Sign on Client Enables Windows-migrated Users to log on to Cyberoam using Windows
Username and password.
Single Sign on Client Auto Setup Download the setup.
Depending on the requirement, download the Cyberoam Client.
Select Help Downloads to download Cyberoam Client
Screen – Download Clients
246
Cyberoam User Guide
Documentation
Select Help Guides to download various guides
Screen – Download Cyberoam Guides
247
Cyberoam User Guide
Appendix A – Audit Log
Audit logs are an important part of any secure system that provides an invaluable view into the current
and past state of almost any type of complex system, and they need to be carefully designed in order to
give a faithful representation of system activity.
Cyberoam Audit log can identify what action was taken by whom and when. The existence of such logs
can be used to enforce correct user behavior, by holding users accountable for their actions as recorded
in the audit log.
An audit log is the simplest, yet also one of the most effective forms of tracking temporal information. The
idea is that any time something significant happens you write some record indicating what happened and
when it happened.
Audit logs can be accessed in two ways:
1. Log on to Cyberoam Web Admin Console and click Reports to open the reports page in a new
window
Screen - Reports
2. Log on to Reports, click on the Reports link to open the reports login page in a new window
Screen – Reports Login
248
Cyberoam User Guide
Viewing Log details
Tailor the report by setting filters on data by arbitrary date range. Use the Calendar to select the date
range of the report.
Screen – Audit Log report
Screen – Sample Audit Log Report
249
Cyberoam User Guide
Audit Log Components
Entity – Cyberoam Component through which the event was generated/Audit Resource Type
Entity Name – Unique Identifier of Entity
Action – Operation requested by entity/Audit Action
Action By – User who initiated the action/Accessor name
Action Status – Action result/Audit Outcome
Entity Entity Name Action Action By
Action
Status
Message
IP
Address
Report GUI Login <username> Successful - <IP
address>
Report GUI Login <username> Failed Wrong
username
password
Management
GUI
Management
GUI
Management
GUI
Configuration
Wizard
Configuration
Wizard
or
<IP
address>
Login <username> Successful - <IP
address>
Login <username> Failed User not found <IP
address>
Login <username> Failed User has no
previllege of
Administration
<IP
address>
Started <username> Successful - <IP
address>
Finished <username> Successful - <IP
address>
System Started <username> Successful Cyberoam-
System
Started
SSh authentication <username> Successful User admin,
coming from
192.168.1.241,
authenticated.
SSh authentication <username> Failed Login Attempt
failed from
192.168.1.241
by user root
SSh authentication <username> Failed Password
authentication
failed. Login to
account hello
not allowed or
account nonexistent
<IP
address>
<IP
address>
<IP
address>
<IP
address>
Explanation
Login attempt to
Report GUI by User
<username> was
successful
Login attempt to
Report GUI by User
<username> was not
successful because of
wrong username and
password
Login attempt to
Management GUI by
User <username> was
successful
Login attempt to
Management GUI by
User <username> was
not successful
because system did
not find the User
<username>
Login attempt to
Management GUI by
User <username> was
not successful as user
does not have
administrative
privileges
User <username>’s
request to start
Configuration Wizard
was successful
User <username>’s
request to close
Configuration Wizard
was successful
Cyberoam was
successfully started by
the User <username>
<username> trying to
log on from <ip
address> using SSH
client was successfully
authenticated
Authentication of
<username> trying to
log on from <ip
address> using SSH
client was not
successful
Log on to account
<username> using
SSH client was not
successful
telnet authentication <username> Successful Login <IP Remote Login attempt
250
Cyberoam User Guide
telnet authentication <username> Failed Authentication
Failure
console authentication <username> Successful Login
Successful
console authentication <username> Successful Login
Successful
console authentication <username> Failed Authentication
Failure
Successful address> through Telnet by User
<username> was
successful
<IP
address>
Authentication of
<username> trying to
log on remotely
through Telnet was
not successful
ttyS0 Login attempt to
Console using
Console Interface via
remote login utility by
User <username> was
successful
tty1 Login attempt to
Console via direct
Console connection by
User <username> was
successful
<IP
address>
Firewall Started System Successful - <IP
address>
Firewall Rule
Firewall Rule
Firewall Rule
Firewall Rule
<firewall rule
id>
e.g. 7
<firewall rule
id>
e.g. 6
<firewall rule
id>
e.g. 21
<firewall rule
id>
e.g. 10
Create <username> Successful - <IP
address>
Update <username> Successful - <IP
address>
Update System Successful - <IP
address>
Delete System Successful - <IP
address>
Host N/A Delete <username> Failed - <IP
address>
Host
<host name>
e.g.
192.168.1.68,
#Port D
Host
<host name>
e.g.
192.168.1.66,
#Port D
HostGroup <host group
name>
e.g.
mkt group
HostGroup <host group
name>
e.g.
sys group
HostGroup <host group
name>
e.g.
Trainee
Service
<service
name>
e.g.
vypress chat
Delete <username> Successful - <IP
address>
Insert <username> Successful - <IP
address>
Delete <username> Successful - <IP
address>
Update <username> Successful - <IP
address>
Insert <username> Successful - <IP
address>
Delete <username> Successful - <IP
address>
Login attempt to
Console by User
<username> was not
successful
Firewall subsystem
started successfully
without any error
Firewall rule <firewall
rule id> was created
successfully by user
<username>
Firewall rule <firewall
rule id> was updated
successfully by user
<username>
Firewall rule <firewall
rule id> was updated
successfully by user
<username>
Firewall rule <firewall
rule id> was deleted
successfully by user
<username>
Request to delete Host
by user <username>
was not successful
Host <host name>
was
deleted
successfully by user
<username>
Host <host name>
was
added
successfully by user
<username>
Host Group <host
group name>
was deleted
successfully by user
<username>
Host Group <host
group name>
was updated
successfully by user
<username>
Host Group <host
group name>
was updated
successfully by user
<username>
Service <service
name>
was deleted
successfully by user
<username>
251
Cyberoam User Guide
Service
Service
ServiceGroup
ServiceGroup
ServiceGroup
SNAT Policy
SNAT Policy
SNAT Policy
DNAT Policy
DNAT Policy
DNAT Policy
Schedule
Schedule
Schedule
Schedule
Detail
<service
name>
e.g.
vypress chat
<service
name >
e.g.
vypress chat
<service
group name
>
e.g.
Intranet chat
<service
group name
>
e.g.
Intranet chat
<service
group name
>
e.g.
Intranet chat
<policy
name>
<policy
name>
<policy
name>
<policy
name>
<policy
name>
<policy
name>
<schedule
name>
<schedule
name>
<schedule
name>
<schedule
name>
Update <username> Successful - <IP
address>
Insert <username> Successful - <IP
address>
Insert <username> Successful - <IP
address>
Update <username> Successful - <IP
address>
Delete <username> Successful - <IP
address>
Insert <username> Successful - <IP
address>
Update <username> Successful - <IP
address>
Delete <username> Successful - <IP
address>
Insert <username> Successful - <IP
address>
Update <username> Successful - <IP
address>
Delete <username> Successful - <IP
address>
Insert <username> Successful - <IP
address>
Update <username> Successful - <IP
address>
Delete <username> Successful - <IP
address>
Insert <username> Successful - <IP
address>
Local ACLs Local ACLs Update <username> Successful - <IP
address>
DoS Bypass DoS Bypass Delete <username> Successful - <IP
address>
Service <service
name>
was updated
successfully by user
<username>
Service <service
name>
was inserted
successfully by user
<username>
Service group
<service group name
>
was inserted
successfully by user
<username>
Service group
<service group name
>
was updated
successfully by user
<username>
Service group
<service group name
>
was deleted
successfully by
SNAT policy <policy
name> was inserted
successfully by user
<username>
SNAT policy <policy
name> was updated
successfully by user
<username>
SNAT policy <policy
name> was deleted
successfully by user
<username>
DNAT policy <policy
name> was inserted
successfully by user
<username>
DNAT policy <policy
name> was updated
successfully by user
<username>
DNAT policy <policy
name> was deleted
successfully by user
<username>
Schedule <schedule
name> was inserted
successfully by user
<username>
Schedule <schedule
name> was updated
successfully by user
<username>
Schedule <schedule
name> was deleted
successfully by user
<username>
Schedule details to
Schedule <schedule
name> was inserted
successfully by user
<username>
Local ACL was
updated successfully
by user <username>
DoS Bypass rule
deleted successfully
252
Cyberoam User Guide
DoS Bypass DoS Bypass Insert <username> Successful - <IP
address>
DoS Settings DoS Settings Update <username> Successful - <IP
address>
Online
Registraion
Upload
Version
Register <username> Successful - <IP
address>
Upload
Version
<username> Successful - <IP
address>
Date Update <username> Successful System time
changed from
2006-06-19
23:15:50 IST
to 2006-07-19
23:15:03 IST
<IP
address>
by <username>
DoS Bypass rule
inserted successfully
by
user <username>
DoS settings updated
successfully by
user <username>
User <username>
successfully registered
Appliance/Subscription
module(s) through
Online Registration
User <username>
successfully uploaded
the version
Request to update the
Date from Console by
User <username> was
successful
Apart from the tabular format, Cyberoam allows to view the log details in:
• Printable format Click
to open a new window and display the report in the printer
friendly format. Report can be printed from File -> Print.
• Export as CSV (Comma Separated Value) Click
to export and save the report in CSV
format. Report can be very easily exported to MS Excel and all the Excel functionalities can be
used to analyze the data.
Cyberoam User Guide
Appendix B – Network Traffic Log Fields
Cyberoam provides extensive logging capabilities for traffic, system and network protection functions.
Detailed log information and reports provide historical as well as current analysis of network activity to
help identify security issues and reduce network misuse and abuse.
Cyberoam provides following logs:
• DoS Attack Log
• Invalid Traffic Log
• Firewall Rule Log
• Local ACL Log
• Dropped ICMP Redirected Packet Log
• Dropped Source Routed Packet Log
By default, only the firewall rule logging will be ON i.e. only traffic allowed/denied by the firewall will be
logged. Refer to Cyberoam Console Guide on how to enable/disable logging.
SR.
No.
DATA FIELDS TYPE DESCRIPTION
1. Date date Date (yyyy-mm-dd) when the event occurred
For the allowed traffic - the date on which connection was
started on Cyberoam
For the dropped traffic - the date when the packet was dropped
by Cyberoam
2. Time time Time (hh:mm:ss) when the event occurred
For the allowed traffic - the tome when the connection was
started on Cyberoam
For the dropped traffic - the time when the packet was dropped
by Cyberoam
3. Device Name String Model Number of the Cyberoam Appliance
4. Device Id String Unique Identifier of the Cyberoam Appliance
5. Log Id string Unique 7 characters code (c1c2c3c4c5c6c7) e.g. 0101011,
0102011
c1c2 represents Log Type e.g. 01
c3c4 represents Log Component e.g. Firewall, local ACL
c5c6 represents Log Sub Type e.g. allow, violation
c7 represents Priority e.g. 1
4. Log Type string Section of the system where event occurred e.g. Traffic for
traffic logging.
Possible values:
01 – Traffic - Entire traffic intended for Cyberoam
5. Log Component string Component responsible for logging
Possible values:
01 - Firewall rule
253
254
Cyberoam User Guide
Event due to any traffic allowed or dropped based on the
firewall rule created
02 - Local ACL
Event due to any traffic allowed or dropped based on the local
ACL configuration or all other traffic intended for the firewall
03 - DoS Attack
Event due to any packets dropped based on the dos attack
settings i.e. Dropped tcp, udp and icmp packets.
04 - Invalid traffic
Event due to any traffic dropped which does not follow the
protocol standards, invalid fragmented traffic and traffic whose
packets Cyberoam is not able to relate to any connection.
Refer to Invalid traffic list for more details.
05 - Invalid Fragmented traffic
Event when any invalid fragmented traffic is dropped. Refer to
Invalid Fragmented traffic list for more details.
06 - ICMP redirect
Event due to any ICMP Redirected packets dropped based on
the DoS attack setting
07 - Source routed packet
Event due to any source routed packets dropped based on the
DoS attack setting
08 – Fragmented traffic
Event when any fragmented traffic is dropped due to Advanced
Firewall settings. Refer to Console Guide Page no. 59 for more
details.
6. Log Sub Type string Decision taken on traffic
Possible values:
01 – Allowed
Traffic permitted to and through Cyberoam based on the
firewall rule settings
02 – Violation
Traffic dropped based on the firewall rule settings, local ACL
settings, DOS settings or due to invalid traffic.
7. Status string Ultimate state of traffic (accept/deny)
8. Priority string Severity level of traffic
Possible values:
01 – Notice
9. Duration integer Durability of traffic
10. Firewall Rule ID integer Firewall rule id of traffic
11. User string User Id
12. User Group string Group Id of user
13. IAP integer Internet Access policy Id applied for traffic
14. In Interface string Interface for incoming traffic e.g. eth0
Blank for outgoing traffic
15. Out Interface string Interface for outgoing traffic e.g. eth1
Blank for incoming traffic
Cyberoam User Guide
16. Source IP string Source IP address of traffic
17. Destination IP string Destination IP address of traffic
18. Protocol integer Protocol number of traffic
19. Source Port integer Source Port of TCP and UDP traffic
20. Destination Port integer Destination Port of TCP and UDP traffic
21. ICMP Type integer ICMP type of ICMP traffic
22. ICMP Code integer ICMP code of ICMP traffic
23. Sent Packets integer Total number of packets sent
24. Received integer Total number of packets received
Packets
25. Sent Bytes integer Total number of bytes sent
26. Received Bytes integer Total number of bytes received
27. Translated
Source IP
integer
Translated Source IP address – if Cyberoam is deployed as
Gateway
28. Translated
Source Port
29. Translated
Destination IP
30. Translated
Destination Port
integer
integer
integer
"N/A" - if Cyberoam is deployed as Bridge
Translated Source port – if Cyberoam is deployed as Gateway
"N/A" - if Cyberoam is deployed as Bridge
Translated Destination IP address – if Cyberoam is deployed
as Gateway
"N/A" - if Cyberoam is deployed as Bridge
Translated Destination port – if Cyberoam is deployed as
Gateway
"N/A" - if Cyberoam is deployed as Bridge
Invalid traffic
Cyberoam will define following traffic as Invalid traffic:
• Short IP Packet
• IP Packets with bad IP checksum
• IP Packets with invalid header and/or data length
• Truncated/malformed IP packet
• Packets of Ftp-bounce Attack
• Short ICMP packet
• ICMP packets with bad ICMP checksum
• ICMP packets with wrong ICMP type/code
• Short UDP packet
• Truncated/malformed UDP packet
• UDP Packets with bad UDP checksum
• Short TCP packet
• Truncated/malformed TCP packet
• TCP Packets with bad TCP checksum
• TCP Packets with invalid flag combination
• Cyberoam TCP connection subsystem not able to relate TCP Packets to any connection
If Strict Internet Access Policy is applied then Cyberoam will define following traffic also as Invalid traffic:
• UDP Packets with Destination Port 0
• TCP Packets with Source Port and/or Destination Port 0
255
256
Cyberoam User Guide
• Land Attack
• Winnuke Attack
• TCP Syn Packets contains Data
• IP Packet with Protocol Number 0
• IP Packet with TTL Value 0
Invalid Fragmented traffic
Cyberoam will define following traffic as Invalid Fragmented traffic:
• Fragment Queue out of memory while reassembling IP fragments
• Fragment Queue Timeout while reassembling IP fragments
• Fragment too far ahead while reassembling IP fragments
• Oversized IP Packet while reassembling IP fragments
• Fragmentation failure while creating fragments
Cyberoam User Guide
Appendix C – Web Categories
The list includes all categories with a short description of each category.
Visit www.cyberoam.com for latest updates
Category Name Type Description
ActiveX Non Working Includes all ActiveX applications
AdultContent UnHealthy Adult sites not falling in "Porn, Nudity, Swimwear &
Lingerie, Sex Education, and Sexual Health &
Medicines" will be included in "Adult Content" and which
may contain material not suitable to be viewed for
audience under 18
Advertisements Non Working Sites providing advertising graphics or other pop ad
content files
AlcoholandTobacco Non Working Sites providing information about, promote, or support
the sale of alcoholic beverages or tobacco products or
associated paraphernalia
ALLWebTraffic Neutral Any HTTP Traffic
Applets Non Working All web pages containing Applets
ArtsAndHistory Non Working Sites primarily exhibiting artistic techniques like creative
painting, sculpture, poetry, dance, crafts, Literature, and
Drama. Sites that narrate historical details about
countries/places; events that changed the course of
history forever; sites providing details and events of all
wars i.e. World Wars, Civil Wars, and important persons
of world historical importance
Astrology Non Working Sites showing predictions about Sun signs and into
various subjects like Education & Career, Love
Relationships, etc.
BusinessAndEcono
my
Neutral
Sites sponsored by or devoted to business firms,
business associations, sites providing details for all
types of industrial sector like Chemicals, Machinery,
Factory Automation, Cable and Wire, sites providing
information about couriers and logistics, and Non-
Alcoholic Soft drinks and Beverages
Chat Non Working Sites hosting Web Chat services or providing support or
information about chat via HTTP or IRC
CommercialBanks Neutral Commercial Banks Category includes all Banking Sites
i.e. International / National Public or Private Sector
Banks providing a wide range of services such as all
types of Accounts and Cards, Fixed Deposits, and
Loans
Communication Neutral Sites offering telephone, wireless, long distance, and
paging services. It also includes sites providing details
about Mobile communications / cellular communications
ComputerSecurityA
ndHacking
Productive
Sites providing information about hacking, computer
security, sites providing Anti-Virus solutions, including
sites providing information about or promote illegal or
questionable access to or use of computer or
communication equipment, software, or databases
Cookies Non Working Includes all cookie based web pages
Cricket Non Working Sites providing Live Scores of cricket matches, Debates
on Cricketers, Top 10 Cricketers, Cricket News, and
forthcoming Cricket matches. Cricket Category is
differentiated from Sports Category and solely devoted
257
Cyberoam User Guide
to Cricket activities
CrimeAndSuicide UnHealthy Advocating, instructing, or giving advice on performing
illegal acts such as phone, service theft, evading law
enforcement, lock-picking, burglary techniques and
suicide
CulturalInstitutions Neutral Sites sponsored by museums, galleries, theatres ,
libraries, and similar institutions; also, sites whose
purpose is the display of artworks
DatingAndMatrimon
ials
DownloadFreeware
AndShareware
Non Working
UnHealthy
Sites assisting users in establishing interpersonal
relationships, friendship, excluding those of exclusively
gay, or lesbian or bisexual interest and Matrimonial
Sites providing photos and details of individuals seeking
life partners
Sites whose primary purpose is providing freeware and
shareware downloads of application, software, tools,
screensavers, wallpapers, and drivers
Drugs UnHealthy Sites providing information about the cultivation,
preparation, or use of prohibited drugs
EducationalInstition
s
EducationAndRefer
enceMaterial
Productive
Productive
Sites sponsored by schools, colleges, institutes, online
education and other educational facilities, by nonacademic
research institutions or that relate to
educational events and activities
Sites offering books, reference-shelf content such as
atlases, dictionaries, encyclopedias, formularies, white
and yellow pages, and public statistical data
Electronics Neutral Sites providing information on manufacturing of
electronics and electrical equipments, gadgets,
instruments like air conditioners, Semi conductors,
Television, Storage Devices, LCD Projectors, Home
Appliances, and Power Systems etc.
Entertainment Non Working Sites providing entertainment sources for Movies,
Celebrities, Theatres, about or promote motion pictures,
non-news radio and television, humor, Comics, Kids and
Teen amusement, Jokes, and magazines
Finance Non Working Sites providing information on Money matters,
investment, a wide range of financial services,
economics and accounting related sites and sites of
National & International Insurance companies providing
details for all types of Insurances & Policies
Gambling UnHealthy Sites providing information about or promote gambling
or support online gambling, involving a risk of losing
money
Games Non Working Sites providing information about or promote electronic
games, video games, computer games, role-playing
games, or online games
Government Neutral Sites sponsored by countries, government, branches,
bureaus, or agencies of any level of government
including defence. Government associated Sites
providing comprehensive details on Tax related issues
excluding Government sites providing Visa and
Immigration services
HealthAndMedicine
s
HobbiesAndRecrea
tion
Productive
Non Working
Sites providing information or advice on personal health
and fitness. Sites of pharmaceutical companies and
sites providing information about Medicines
Sites providing information about or promote private and
largely sedentary pastimes, but not electronic, video, or
online games. Homelife and family-related topics,
including parenting tips, gay/lesbian/bisexual (non-
258
Cyberoam User Guide
pornographic sites), weddings, births, and funerals
Foreign cultures, socio-cultural information
HTTPUpload Non Working HTTP Upload Restriction
HumanRightsandLi
berty
Neutral
ImageBanks Non Working Image Banks
InformationTechnol
ogy
Sites advocating sand protecting Human Rights and
Liberty to prevent discrimination and protect people from
inhumane
Productive Sites sponsoring or providing information about
computers, software applications, database, operating
system. Including sites providing information of
hardware, peripherals, and services. Sites offering
design, flash, graphics, multimedia, and web site
designing tutorials, tools, advice and services
InstantMessages Non Working Sites enabling instant messaging
IPAddress
Neutral
ISPWebHosting Neutral Sites enabling users to make telephone, lease line,
ISDN, Cable, V-SAT connections via Internet or
obtaining information for that purpose. Sites providing
hosting services, or top-level domain pages of Web
communities
JobsSearch UnHealthy Sites offering information about or support the seeking
of employment or employees
Kids Neutral Sites designed specifically for kids
MilitancyAndExtrem
ist
UnHealthy
Sites offering information about groups advocating
antigovernment beliefs or action
Music Non Working Sites providing songs and music and supporting
downloads of MP3 or other sound files or that serve as
directories of such sites
NatureAndWildLife Non Working Sites providing information about Nature, explorations,
discoveries, wild life, animals, birds, protecting
endangered species, habitats, Animal sanctuaries, etc.
NewsAndMedia Neutral Sites offering current news and opinions, including
those sponsored by newspapers, general-circulation
magazines or other media. It also includes sites of
advertising agencies and sites providing details of
weather forecast
None Neutral Uncategorized Traffic
Nudity UnHealthy Sites depicting nude or seminude human forms, singly
or in groups, not overtly sexual in intent or effect. It
includes Nude images of film stars, models, nude art
and photography
PersonalAndBisogr
aphySites
Non Working
Includes personal sites of individuals and biographical
sites of ordinary or famous personalities
PhishingAndFraud UnHealthy Sites gathering personal information (such as name,
address, credit card number, school, or personal
schedules) that may be used for malicious intent
PhotGallaries Non Working Sites providing photos of celebrities, models, and wellknown
personalities Such sites may also contain profiles
or additional elements as long as the primary focus is on
multi-celebrity photographs
PoliticalOrganizatio
ns
Neutral
Sites sponsored by or providing information about
political parties and interest groups focused on elections
or legislation
Porn UnHealthy Sites depicting or graphically describing sexual acts or
activity, including exhibitionism and sites offering direct
links to such sites. Sites providing information or
catering Gay, Lesbian, or Bisexual images and lifestyles
259
Cyberoam User Guide
are also included in this category
Portals Non Working Portals include web sites or online services providing a
broad array of resources and services such as search
engines, free email, shopping, news, and other features
PropertyAndRealEs
tate
Neutral
Sites providing information about renting, buying,
selling, or financing residential, real estate, plots, etc.
Science Productive Sites providing news, research projects, ideas,
information of topics pertaining to physics, chemistry,
biology, cosmology, archeology, geography, and
astronomy
SearchEngines Neutral Sites supporting searching the Web, groups, or indices
or directories thereof
SeXHealthAndEduc
ation
SharesAndStockMa
rket
Neutral
Non Working
Sites providing information regarding Sexual Education
and Sexual Health and sites providing Medicines to cure
and overcome Sex related problems and difficulties,
with no pornographic intent
Sites providing charting, market commentary, forums,
prices, and discussion of Shares and Stock Market. It
also includes sites dealing in online share trading and
sites of stockbrokers
Shopping Non Working Sites supporting Online purchases of consumer goods
and services except: sexual materials, lingerie,
swimwear, investments, medications, educational
materials, computer software or hardware. Also Sites of
Showrooms, Stores providing shopping of consumer
products
Spirituality Non Working Sites featuring articles on healing solutions in wellness,
personal growth, relationship, workplace, prayer, articles
on God, Society, Religion, and ethics
Sports Non Working Sites providing any information about or promoting
sports, active games, and recreation. All types of Sites
providing information about Sports except Cricket
SpywareAndP2P UnHealthy Sites or pages that download software that, without the
user's knowledge, generates http traffic (other than
simple user identification and validation) and Sites
providing client software to enable peer-to-peer file
sharing and transfer
SwimwareAndLinge
rie
TravelFoodAndImm
igration
URLTranslationSite
s
Non Working
Non Working
UnHealthy
Sites showing images of models and magazines offering
lingerie/swimwear but not Nude or sexual images. It
also includes Arts pertaining Adult images and shopping
of lingerie
Sites providing information about traveling i.e. Airlines
and Railway sites. Sites providing details about Hotels,
Restaurants, Resorts, and information about worth
seeing places. Sites that list, review, advertise, or
promote food, dining, or catering services. Sites
providing Visa, Immigration, Work Permit and Holiday &
Work Visa details, procedures and services
Sites offering Online translation of URLs. These sites
access the URL to be translated in a way that bypasses
the proxy server, potentially allowing unauthorized
access
Vehicles Non Working Sites providing information regarding manufacturing and
shopping of vehicles and their parts
Violence UnHealthy Sites featuring or promoting violence or bodily harm,
including self-inflicted harm; or that gratuitously
displaying images of death, gore, or injury; or featuring
images or descriptions that are grotesque or frightening
260
261
Cyberoam User Guide
and of no redeeming value. These do not include news,
historical, or press incidents that may include the above
criteria
Weapons UnHealthy Sites providing information about, promote, or support
the sale of weapons and related items
WebBasedEmail Non Working Sites providing Web based E-mail
information regarding email services
services or
Cyberoam User Guide
Appendix D – Services
Service Name Details
All Services
All Services
Cyberoam UDP (1024:65535) / (6060)
AH
IP Protocol No 51 (IPv6-Auth)
AOL TCP (1:65535) / (5190:5194)
BGP TCP (1:65535) / (179)
DHCP UDP (1:65535) / (67:68)
DNS TCP (1:65535) / (53), UDP (1:65535) / (53)
ESP
IP Protocol No 50 (IPv6-Crypt)
FINGER TCP (1:65535) / (79)
FTP TCP (1:65535) / (21)
FTP_GET TCP (1:65535) / (21)
FTP_PUT TCP (1:65535) / (21)
GOPHER TCP (1:65535) / (70)
GRE IP Protocol No 47
H323 TCP (1:65535) / (1720), TCP (1:65535) / (1503), UDP (1:65535) /
(1719)
HTTP TCP (1:65535) / (80)
HTTPS TCP (1:65535) / (443)
ICMP_ANY
ICMP any / any
IKE UDP (1:65535) / (500), UDP (1:65535) / (4500)
IMAP TCP (1:65535) / (143)
INFO_ADDRESS ICMP 17 / any
INFO_REQUEST ICMP 15 / any
IRC TCP (1:65535) / (6660:6669)
Internet-Locator- TCP (1:65535) / (389)
Service
L2TP TCP (1:65535) / (1701), UDP (1:65535) / (1701)
LDAP TCP (1:65535) / (389)
NFS TCP (1:65535) / (111), TCP (1:65535) / (2049), UDP (1:65535) /
(111), UDP (1:65535) / (2049)
NNTP TCP (1:65535) / (119)
NTP TCP (1:65535) / (123), UDP (1:65535) / (123)
NetMeeting TCP (1:65535) / (1720)
OSPF
IP Protocol No 89 (OSPFIGP)
PC-Anywhere TCP (1:65535) / (5631), UDP (1:65535) / (5632)
PING
ICMP 8 / any
POP3 TCP (1:65535) / (110)
PPTP IP Protocol No 47, TCP (1:65535) / (1723)
QUAKE UDP (1:65535) / (26000), UDP (1:65535) / (27000), UDP (1:65535)
/ (27910), UDP (1:65535) / (27960)
RAUDIO UDP (1:65535) / (7070)
RIP UDP (1:65535) / (520)
RLOGIN TCP (1:65535) / (513)
SAMBA TCP (1:65535) / (139)
SIP UDP (1:65535) / (5060)
SIP-MSNmessenger TCP (1:65535) / (1863)
262
263
Cyberoam User Guide
SMTP TCP (1:65535) / (25)
SNMP TCP (1:65535) / (161:162), UDP (1:65535) / (161:162)
SSH TCP (1:65535) / (22), UDP (1:65535) / (22)
SYSLOG UDP (1:65535) / (514)
TALK TCP (1:65535) / (517:518)
TCP TCP (1:65535) / (1:65535)
TELNET TCP (1:65535) / (23)
TFTP UDP (1:65535) / (69)
TIMESTAMP ICMP 13 / any
UDP UDP (1:65535) / (1:65535)
UUCP TCP (1:65535) / (540)
VDOLIVE TCP (1:65535) / (7000:7010)
WAIS TCP (1:65535) / (210)
WINFRAME TCP (1:65535) / (1494)
X-WINDOWS TCP (1:65535) / (6000:6063)
Cyberoam User Guide
Appendix E – Application Protocols
Group
Application
Name
Definition
Any
All Services
File Transfer FTP File Transfer Protocol is a method to transfer files from one location to
another, either on local disks or via the Internet
yahoofilexfer Yahoo Messenger file transfer
File Transfer gnucleuslan Gnucleuslan P2P client
client
imesh
IMESH P2P client
File sharing Gnutella Gnutella is a system in which individuals can exchange files over the
Internet directly without going through a Web site. Gnutella is often
used as a way to download music files from or share them with other
Internet users
Kazaa
A decentralized Internet peer-to-peer (P2P) file-sharing program
directconnect peer-to-peer (P2P) file-sharing program
Mail Protocol POP3 Transport protocol used for receiving emails.
SMTP
A protocol for transferring email messages from one server to
another.
IMAP
A protocol for retrieving e-mail messages
Chat ymsgr Yahoo Messenger
msnmessenger MSN Messenger
AOL
Chat client
indiatimes Chat client
Media Player wmplayer Windows Media Player
quickplayer Quick Time Player
Voice over IP SIP (Session Initiation Protocol) Protocol for initiating an interactive user
session that involves multimedia elements such as video, voice, chat,
gaming, and virtual reality.
SIP works in the Application layer of the OSI communications model.
H323
A standard approved by the International Telecommunication Union
(ITU) that defines how audiovisual conferencing data is transmitted
across networks. It enables users to participate in the same
conference even though they are using different videoconferencing
applications.
RTSP
(Real Time Streaming Protocol) A standard for controlling streaming
data over the World Wide Web
Printing IPP (Internet Printing Protocol) Protocol used for printing documents over
the web. IPP defines basic handshaking and communication
methods, but does not enforce the format of the print data stream.
Network DHCP Protocol for assigning dynamic IP addresses to devices on a network
SNMP
DNS
RDP
(Simple Network Management Protocol) Protocol for network
management software. Defines methods for remotely managing
active network components such as hubs, routers, and bridges
An Internet service that translates domain names to or from IP
addresses, which are the actual basis of addresses on the Internet.
(Remote Desktop Protocol) Protocol that allows a Windows-based
terminal (WBT) or other Windows-based client to communicate with a
264
Cyberoam User Guide
Remote
logging
nbns
Telnet
SSH
HTTP
SSL
ICMP
Windows XP Professional–based computer. RDP works across any
TCP/IP connection
NetBIOS Naming Service
Protocol for remote computing on the Internet.
It allows a computer to act as a remote terminal on another machine,
anywhere on the Internet
(Secure Socket Shell) Protocol used for secure access to a remote
computer
Protocol for moving hypertext files across the Internet.
(Secure Socket Layer) Protocol used for secure Internet
communications.
(Internet Control Message Protocol) A message control and errorreporting
protocol
265
266
Cyberoam User Guide
Menu wise Screen and Table Index
Screen - Console access...........................................................................................................................................12
Screen - Console login screen.................................................................................................................................12
Screen - HTTP login screen ......................................................................................................................................13
Screen - HTTPS login .................................................................................................................................................14
Table - Login screen elements.................................................................................................................................15
Screen - Create Zone..................................................................................................................................................21
Table – Create Zone....................................................................................................................................................21
Screen – Cyberoam Authentication........................................................................................................................23
Table – Cyberoam Authentication screen elements ..........................................................................................23
Table - Create User - Decision matrix ....................................................................................................................24
Screen - Add User .......................................................................................................................................................25
Table - Add User screen elements..........................................................................................................................27
Table - View Group details screen elements........................................................................................................27
Table - Apply Login Node Restriction screen elements....................................................................................28
Screen - Add multiple Clientless users .................................................................................................................29
Table - Add multiple Clientless users screen elements....................................................................................30
Screen - Add single Clientless user .......................................................................................................................31
Table - Create single Clientless user screen elements .....................................................................................32
Table - Select Node screen elements.....................................................................................................................32
Table - Group creation - Decision matrix ..............................................................................................................33
Screen - Create Group................................................................................................................................................34
Table - Create Group screen elements ..................................................................................................................36
Screen – Apply Login Node Restriction ................................................................................................................36
Table - Apply Login Node Restriction screen elements....................................................................................37
Screen - Create Firewall rule ....................................................................................................................................41
Table - Create Firewall rule screen elements.......................................................................................................45
Screen- Edit Firewall Rule.........................................................................................................................................47
Table – Edit Firewall Rule..........................................................................................................................................51
Screen – Default Screen Display of Manage Firewall Rules page ..................................................................53
Screen – Customized Screen Display of Manage Firewall Rules page .........................................................53
Screen - Delete Firewall rule.....................................................................................................................................54
Screen – Create Host Group.....................................................................................................................................55
Table – Create Host Group screen elements .......................................................................................................55
Screen – Remove Host from Host Group..............................................................................................................56
Table – Remove Host from Host Group screen elements ................................................................................57
267
Cyberoam User Guide
Screen – Delete Host Group .....................................................................................................................................57
Table – Delete host Group screen elements ........................................................................................................57
Screen – Add Host ......................................................................................................................................................58
Table – Add Host screen elements .........................................................................................................................58
Screen – Delete Host ..................................................................................................................................................58
Table – Delete Host screen elements.....................................................................................................................59
Screen - Create Logon Pool......................................................................................................................................60
Table - Add Logon Pool screen elements.............................................................................................................61
Screen – Application wise Live connections .......................................................................................................62
Table – Application wise Live connections screen elements..........................................................................63
Screen – User wise Live connections....................................................................................................................66
Table – User wise Live connections screen elements.......................................................................................66
Screen –LAN IP Address wise Live connections................................................................................................67
Table –LAN IP Address wise Live connection screen elements.....................................................................68
Screen – Today’s Connection History – Application wise................................................................................69
Table – Today’s Connection History – Application screen elements............................................................70
Screen – Today’s Connection History – User wise ............................................................................................71
Table – Today’s Connection History – User wise screen elements ...............................................................72
Screen – Today’s Connection History – LAN IP Address wise .......................................................................73
Table – Today’s Connection History – LAN IP Address wise screen elements..........................................74
Screen - Create Surfing Quota policy ....................................................................................................................76
Table - Create Surfing Quota policy screen elements .......................................................................................77
Screen - Update Surfing Quota policy ...................................................................................................................78
Table - Update Surfing Quota policy screen elements......................................................................................79
Screen - Delete Surfing Quota policy.....................................................................................................................79
Table - Delete Surfing Quota policy screen elements........................................................................................79
Screen - Create Access Time policy.......................................................................................................................80
Table - Create Access Time policy screen elements .........................................................................................81
Screen - Update Access Time policy......................................................................................................................82
Table - Update Access Time policy screen elements ........................................................................................83
Screen - Delete Access Time policy .......................................................................................................................83
Table - Delete Access Time policy screen elements..........................................................................................83
Screen - Create Internet Access policy .................................................................................................................85
Table - Create Internet Access policy screen elements....................................................................................86
Screen – Add Internet Access policy rule.............................................................................................................87
Table – Add Internet Access policy rule screen elements ...............................................................................88
Screen - Update Internet Access policy ................................................................................................................88
Table - Update Internet Access policy screen elements...................................................................................89
Screen - Delete Internet Access policy rule .........................................................................................................89
Table - Delete Internet Access policy rule screen elements ............................................................................90
268
Cyberoam User Guide
Screen - Delete Internet Access policy..................................................................................................................90
Table - Delete Internet Access policy screen elements ....................................................................................91
Table - Implementation types for Strict - Bandwidth policy.............................................................................92
Table - Bandwidth usage for Strict - Bandwidth policy.....................................................................................92
Table - Implementation types for Committed - Bandwidth policy ..................................................................93
Table - Bandwidth usage for Committed - Bandwidth policy ..........................................................................93
Screen - Create Bandwidth policy...........................................................................................................................94
Table - Create Bandwidth policy - Common screen elements.........................................................................94
Screen - Create Logon Pool based Bandwidth policy .......................................................................................95
Table - Create Logon Pool based Bandwidth policy screen elements..........................................................95
Screen - Create User/IP based Strict Bandwidth policy ....................................................................................96
Table - Create User/IP based Strict Bandwidth policy screen elements.......................................................97
Screen - Create User/IP based Committed Bandwidth policy .........................................................................98
Table - Create User/IP based Committed Bandwidth policy screen elements ............................................99
Screen - Update Bandwidth policy .......................................................................................................................100
Table - Update Bandwidth policy Common screen elements........................................................................100
Screen - Update Logon Pool based Bandwidth policy ....................................................................................101
Table - Update Logon Pool based Bandwidth policy screen elements.......................................................101
Screen - Update User based Bandwidth policy .................................................................................................102
Table - Update User based Bandwidth policy screen elements....................................................................103
Screen – Assign Schedule to User based Strict Bandwidth policy..............................................................103
Table – Assign Schedule to User based Strict Bandwidth policy screen elements ................................104
Screen - Assign Schedule to User based Committed Bandwidth policy....................................................104
Table – Assign Schedule to User based Committed Bandwidth policy screen elements......................105
Screen - Remove Schedule from User based Bandwidth policy ..................................................................105
Table - Remove Schedule from User based Bandwidth policy screen elements.....................................105
Screen - Delete Bandwidth policy .........................................................................................................................106
Table - Delete Bandwidth policy screen elements............................................................................................106
Screen – Create Data transfer policy ...................................................................................................................107
Table – Create Data transfer policy screen elements ......................................................................................109
Screen – Update Data transfer policy screen.....................................................................................................109
Table – Update Data transfer policy screen elements .....................................................................................110
Screen – Delete Data transfer policy screen ......................................................................................................111
Table - Delete Data transfer policy screen element..........................................................................................111
Screen – Create SNAT policy .................................................................................................................................112
Table – Create SNAT policy screen elements....................................................................................................112
Screen – Update SNAT policy ................................................................................................................................113
Table – Update SNAT policy screen elements...................................................................................................113
Screen – Delete SNAT policy..................................................................................................................................114
Table – Delete SNAT policy screen elements ....................................................................................................114
269
Cyberoam User Guide
Screen - Create DNAT policy..................................................................................................................................115
Table - Create DNAT policy screen elements.....................................................................................................115
Screen – Edit DNAT policy......................................................................................................................................116
Table – Edit DNAT policy screen elements ........................................................................................................117
Screen – Delete DNAT policy .................................................................................................................................117
Table – Delete DNAT policy screen elements ....................................................................................................117
Screen – Edit Zone....................................................................................................................................................118
Table – Edit Zone.......................................................................................................................................................119
Screen – Delete Zone................................................................................................................................................119
Table – Delete Zone ..................................................................................................................................................119
Screen - Manage Group ...........................................................................................................................................120
Table - Manage Group screen elements..............................................................................................................122
Screen – Add Group Member.................................................................................................................................122
Table – Add Group Member screen elements....................................................................................................122
Table - Need to Update group ................................................................................................................................123
Screen - Show Group Members.............................................................................................................................123
Table - Show Group Members screen elements ...............................................................................................123
Screen - Change Login Restriction.......................................................................................................................124
Table - Change Login Restriction screen elements .........................................................................................124
Screen - Delete Group..............................................................................................................................................125
Table - Delete Group screen elements.................................................................................................................125
Screen - Search User................................................................................................................................................126
Table - Search User screen elements ..................................................................................................................126
Table - Search User – Result ..................................................................................................................................126
Screen – Manage Live Users ..................................................................................................................................127
Table – Manage Live User screen elements.......................................................................................................127
Table - Need to Update User...................................................................................................................................128
Screen - Manage User ..............................................................................................................................................129
Table - Manage User screen elements.................................................................................................................131
Screen - Change User Personal details...............................................................................................................131
Table - Change User personal details screen elements..................................................................................131
Screen - User My Account ......................................................................................................................................132
Screen - User My Account ......................................................................................................................................132
Screen - Change Password ....................................................................................................................................133
Table - Change password screen elements .......................................................................................................133
Screen - Change Personal details.........................................................................................................................133
Table - Change Personal details screen elements ...........................................................................................133
Screen - Internet Usage Status ..............................................................................................................................134
Table - Internet Usage screen elements..............................................................................................................134
Screen - Change Group ...........................................................................................................................................135
270
Cyberoam User Guide
Table - Change Group screen elements..............................................................................................................135
Table - Change Individual policy...........................................................................................................................135
Screen - Change User Login Restriction.............................................................................................................136
Table - Change User Login Restriction screen elements ...............................................................................136
Screen - Delete Active User ....................................................................................................................................137
Screen - Delete Deactive User................................................................................................................................137
Screen - Delete Clientless User .............................................................................................................................137
Table - Delete User screen elements....................................................................................................................137
Screen - Deactivate User .........................................................................................................................................138
Table - Deactivate User screen elements............................................................................................................138
Screen - Activate Normal User...............................................................................................................................139
Screen - Activate Clientless User..........................................................................................................................139
Table - Activate User screen elements ................................................................................................................139
Screen - Search Node...............................................................................................................................................140
Table - Search Node results ...................................................................................................................................140
Screen - Update Logon Pool...................................................................................................................................141
Table - Update Logon Pool screen elements .....................................................................................................141
Screen - Add Node ....................................................................................................................................................142
Table - Add Node screen elements.......................................................................................................................142
Screen - Delete Node................................................................................................................................................143
Table - Delete Node screen elements...................................................................................................................143
Screen - Delete Logon Pool ....................................................................................................................................144
Table - Delete Logon Pool screen elements.......................................................................................................144
Screen – Configure DNS..........................................................................................................................................145
Table - Configure DNS..............................................................................................................................................146
Screen - Configure DHCP........................................................................................................................................147
Table - Configure DHCP screen elements ..........................................................................................................147
Screen – Cyberoam as Gateway - View Interface details................................................................................148
Table – View Interface details screen elements ................................................................................................148
Screen – Register Hostname with DDNS ............................................................................................................149
Table – Register hostname with DDNS................................................................................................................150
Screen – PPPoE configuration...............................................................................................................................152
Table – PPPoE configuration screen elements .................................................................................................152
Screen – Gateway Configuration...........................................................................................................................154
Table - Gateway Configuration screen elements ..............................................................................................154
Screen – DoS Settings .............................................................................................................................................158
Table – DoS Settings screen elements................................................................................................................158
Screen – Create DoS bypass rule .........................................................................................................................159
Table – Create DoS bypass rule screen elements ............................................................................................160
Screen – Delete DoS bypass rule..........................................................................................................................160
271
Cyberoam User Guide
Table – Delete DoS bypass rule screen elements.............................................................................................160
Screen - Reset Console Password .......................................................................................................................161
Table - Reset Console Password screen elements ..........................................................................................161
Screen – System Modules Configuration............................................................................................................162
Screen – Manage SNMP...........................................................................................................................................169
Screen – SNMP Agent Configuration ...................................................................................................................170
Table – SNMP Agent Configuration screen elements......................................................................................170
Screen – Create SNMP Community ......................................................................................................................171
Table – Create SNMP Community screen elements.........................................................................................171
Screen – Manage SNMP Community....................................................................................................................172
Table – Manage SNMP Community screen elements ......................................................................................172
Screen – Delete SNMP Community.......................................................................................................................172
Table – Delete SNMP Community screen elements .........................................................................................173
Screen – Create SNMP V3 User .............................................................................................................................174
Table – Create SNMP V3 User screen elements................................................................................................174
Screen – Edit V3 User...............................................................................................................................................175
Table – Edit V3 User screen elements .................................................................................................................175
Screen – Delete SNMP V3 User..............................................................................................................................175
Table – Delete SNMP V3 User screen elements ................................................................................................175
Screen – Set Backup schedule ..............................................................................................................................176
Table – Set Backup Schedule screen elements ................................................................................................177
Screen – Backup Data..............................................................................................................................................178
Table – Backup Data screen elements.................................................................................................................178
Screen – Restore Data screen................................................................................................................................179
Table - Restore Data screen elements .................................................................................................................179
Screen – Configure Auto purge Utility screen...................................................................................................180
Table – Configure Auto purge Utility screen elements....................................................................................180
Screen – Purge Logs screen ..................................................................................................................................181
Table - Purge Logs screen elements....................................................................................................................181
Screen – Customized Client Messages screen .................................................................................................182
Table - Customized Client Message screen elements .....................................................................................183
Table - List of predefined messages ....................................................................................................................184
Screen – Customized Client Preferences screen..............................................................................................185
Table – Customized Client Preferences screen elements ..............................................................................186
Screen - Manage HTTP Proxy.................................................................................................................................190
Table - Manage HTTP Proxy screen elements ...................................................................................................190
Screen - Configure HTTP Proxy.............................................................................................................................191
Table - Configure HTTP Proxy screen elements ...............................................................................................192
Screen - Manage Services.......................................................................................................................................193
Table - Manage Control Service screen elements ............................................................................................193
272
Cyberoam User Guide
Table - Manage Control Service – Action............................................................................................................193
Screen – View Bandwidth Usage...........................................................................................................................194
Table - Bandwidth usage screen elements.........................................................................................................194
Screen - Bandwidth usage - Live Users graph ..................................................................................................195
Screen - Bandwidth usage - Total Data transfer graph ...................................................................................195
Screen - Bandwidth usage - Composite Data transfer graph ........................................................................196
Screen - Bandwidth usage - Download Data transfer graph..........................................................................196
Screen - Bandwidth usage - Upload Data transfer graph ...............................................................................197
Screen - Download User Migration Utility...........................................................................................................199
Screen - Save User Migration Utility.....................................................................................................................199
Screen – Upload downloaded User Migration Utility .......................................................................................200
Screen – Upload CVS file ........................................................................................................................................201
Screen - Register migrated users from External file........................................................................................201
Screen - Define One Time Schedule.....................................................................................................................202
Table - Define Schedule screen elements...........................................................................................................203
Screen – Add Schedule Entry details...................................................................................................................204
Table – Add Schedule Entry details screen elements .....................................................................................204
Screen - Manage Schedule .....................................................................................................................................205
Table - Manage Schedule screen elements ........................................................................................................205
Screen – Delete Schedule Entry details ..............................................................................................................206
Table - Delete Schedule Entry details screen elements..................................................................................206
Screen - Delete Schedule ........................................................................................................................................207
Table - Delete Schedule screen elements...........................................................................................................207
Screen - Define Custom Service............................................................................................................................208
Table – Define Custom Service screen elements .............................................................................................208
Screen - Update Custom Service ..........................................................................................................................209
Table - Update Custom Service screen elements.............................................................................................209
Table - Delete Custom Service screen elements...............................................................................................210
Screen – Create Service Group screen................................................................................................................211
Table – Create Service Group screen elements ................................................................................................211
Screen – Edit Service Group ..................................................................................................................................212
Table – Edit Service Group screen elements.....................................................................................................212
Screen – Delete Service Group..............................................................................................................................213
Table – Delete Service Group.................................................................................................................................213
Screen – Search URL................................................................................................................................................215
Screen - Manage Default Web Category..............................................................................................................216
Screen - Create Custom Web Category...............................................................................................................217
Table - Create Web Category screen elements .................................................................................................218
Screen - Add Domain................................................................................................................................................218
Table - Add Domain screen elements ..................................................................................................................218
273
Cyberoam User Guide
Screen - Add keyword..............................................................................................................................................219
Table - Add keyword screen elements.................................................................................................................219
Screen - Manage Custom Web category .............................................................................................................220
Table - Update Custom Web category screen elements .................................................................................221
Screen – Delete Domain ..........................................................................................................................................221
Table – Delete Domain screen elements .............................................................................................................221
Screen - Delete keyword..........................................................................................................................................222
Table - Delete keywords screen elements ..........................................................................................................222
Screen - Delete Custom Web Category ...............................................................................................................223
Table - Delete Custom Web Category screen elements..................................................................................223
............224
Screen – Manage Custom File Type Category...................................................................................................224
Screen - Create Custom File Type Category ......................................................................................................225
Table - Create Custom File Type screen elements ...........................................................................................225
Screen - Manage Custom File Type Category....................................................................................................226
Screen - Manage Custom File Type Category....................................................................................................226
Screen - Delete Custom File Type Category.......................................................................................................227
Table - Delete Custom File Type screen elements ...........................................................................................227
Screen - Manage Default Application Protocol Category ...............................................................................228
Screen - Create Custom Application Protocol Category ................................................................................229
Table – Create Custom Application Category screen elements ...................................................................230
Screen – Add Custom Application Protocol Category details.......................................................................230
274
Cyberoam User Guide
Table – Add Custom Application Protocol Category details .........................................................................230
Screen – Manage Custom Application Protocol Category .............................................................................231
Table – Manage Custom Application Protocol Category screen elements................................................231
Screen – Delete Application Protocol Category details ..................................................................................232
Table – Delete Application Protocol Category screen elements...................................................................232
Screen - Delete Custom Application Protocol Category.................................................................................233
Table - Delete Custom Application Protocol Category screen elements....................................................233
Screen – Access Configuration.............................................................................................................................234
Table – Access Configuration screen elements................................................................................................235
Screen – About Cyberoam ......................................................................................................................................236
Screen - Upload Upgrade version .........................................................................................................................239
Screen – Licensing ...................................................................................................................................................240
Screen – Registration...............................................................................................................................................242
Table - Registration screen elements ..................................................................................................................243
Screen – Subscribe Module....................................................................................................................................244
Screen – Subscribe Trial Module ..........................................................................................................................244
Table – Subscribe Module.......................................................................................................................................244
Screen – Download Clients.....................................................................................................................................245
Screen – Download Cyberoam Guides ................................................................................................................246
Screen - Reports........................................................................................................................................................247
Screen – Reports Login ...........................................................................................................................................247
Screen – Audit Log report.......................................................................................................................................248
Screen – Sample Audit Log Report ......................................................................................................................248