User Guide Cyberoam

User Guide Version 9

Document version 9410-2.0-24/01/2007

2

Cyberoam User Guide

IMPORTANT NOTICE

Elitecore has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of

any kind, expressed or implied. Users must take full responsibility for their application of any products. Elitecore assumes no

responsibility for any errors that may appear in this document. Elitecore reserves the right, without notice to make changes in product

design or specifications. Information is subject to change without notice.

USER’S LICENSE

The Appliance described in this document is furnished under the terms of Elitecore’s End User license agreement. Please read these

terms and conditions carefully before using the Appliance. By using this Appliance, you agree to be bound by the terms and conditions

of this license. If you do not agree with the terms of this license, promptly return the unused Appliance and manual (with proof of

payment) to the place of purchase for a full refund.

LIMITED WARRANTY

Software: Elitecore warrants for a period of ninety (90) days from the date of shipment from Elitecore: (1) the media on which the

Software is furnished will be free of defects in materials and workmanship under normal use; and (2) the Software substantially

conforms to its published specifications except for the foregoing, the software is provided AS IS. This limited warranty extends only to

the customer as the original licenses. Customers exclusive remedy and the entire liability of Elitecore and its suppliers under this

warranty will be, at Elitecore or its service center’s option, repair, replacement, or refund of the software if reported (or, upon, request,

returned) to the party supplying the software to the customer. In no event does Elitecore warrant that the Software is error free, or that

the customer will be able to operate the software without problems or interruptions. Elitecore hereby declares that the anti virus and anti

spam modules are powered by Kaspersky Labs and the performance thereof is under warranty provided by Kaspersky Labs. It is

specified that Kaspersky Lab does not warrant that the Software identifies all known viruses, nor that the Software will not occasionally

erroneously report a virus in a title not infected by that virus.

Hardware: Elitecore warrants that the Hardware portion of the Elitecore Products excluding power supplies, fans and electrical

components will be free from material defects in workmanship and materials for a period of One (1) year. Elitecore's sole obligation

shall be to repair or replace the defective Hardware at no charge to the original owner. The replacement Hardware need not be new or

of an identical make, model or part; Elitecore may, in its discretion, replace the defective Hardware (or any part thereof) with any

reconditioned product that Elitecore reasonably determines is substantially equivalent (or superior) in all material respects to the

defective Hardware.

DISCLAIMER OF WARRANTY

Except as specified in this warranty, all expressed or implied conditions, representations, and warranties including, without limitation,

any implied warranty or merchantability, fitness for a particular purpose, non-infringement or arising from a course of dealing, usage, or

trade practice, and hereby excluded to the extent allowed by applicable law.

In no event will Elitecore or its supplier be liable for any lost revenue, profit, or data, or for special, indirect, consequential, incidental, or

punitive damages however caused and regardless of the theory of liability arising out of the use of or inability to use the product even if

Elitecore or its suppliers have been advised of the possibility of such damages. In the event shall Elitecore’s or its supplier’s liability to

the customer, whether in contract, tort (including negligence) or otherwise, exceed the price paid by the customer. The foregoing

limitations shall apply even if the above stated warranty fails of its essential purpose.

In no event shall Elitecore or its supplier be liable for any indirect, special, consequential, or incidental damages, including, without

limitation, lost profits or loss or damage to data arising out of the use or inability to use this manual, even if Elitecore or its suppliers

have been advised of the possibility of such damages.

RESTRICTED RIGHTS

Copyright 2000 Elitecore Technologies Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of Elitecore Technologies Ltd.

Information supplies by Elitecore Technologies Ltd. Is believed to be accurate and reliable at the time of printing, but Elitecore

Technologies assumes no responsibility for any errors that may appear in this documents. Elitecore Technologies reserves the right,

without notice, to make changes in product design or specifications. Information is subject to change without notice

CORPORATE HEADQUARTERS

Elitecore Technologies Ltd.

904 Silicon Tower,

Off. C.G. Road,

Ahmedabad – 380015, INDIA

Phone: +91-79-66065606

Fax: +91-79-26407640

Web site: www.elitecore.com , www.cyberoam.com

3

Cyberoam User Guide

Contents

Guide Sets _______________________________________________________________________________ 6

Technical Support _________________________________________________________________________ 7

Typographic Conventions___________________________________________________________________ 8

Preface ____________________________________________________________________________ 9

Guide Organization _______________________________________________________________________ 10

Cyberoam Basics__________________________________________________________________ 11

Benefits of Cyberoam _____________________________________________________________________ 11

Accessing Cyberoam _____________________________________________________________________ 11

Accessing the Web Admin Console _________________________________________________________ 13

Getting Started______________________________________________________________________________ 16

Dashboard ______________________________________________________________________________ 18

Management ________________________________________________________________________________ 20

Setting up Zones __________________________________________________________________ 20

Create Zone _____________________________________________________________________________ 21

Setting up Users __________________________________________________________________ 22

Define Authentication _____________________________________________________________________ 22

Define User______________________________________________________________________________ 24

Setting up Groups _________________________________________________________________ 33

Firewall ___________________________________________________________________________ 38

Create Firewall rule _______________________________________________________________________ 40

Manage Firewall__________________________________________________________________________ 45

Host Management ________________________________________________________________________ 55

Setting up Logon Pools ____________________________________________________________ 60

Traffic Discovery __________________________________________________________________ 62

Live Connections report ___________________________________________________________________ 62

Today’s Connection History ________________________________________________________________ 69

Policy Management________________________________________________________________ 75

Surfing Quota policy ______________________________________________________________________ 76

Access Time policy _______________________________________________________________________ 80

Internet Access policy _____________________________________________________________________ 84

Bandwidth policy _________________________________________________________________________ 92

Data Transfer policy _____________________________________________________________________ 107

SNAT Policy ____________________________________________________________________________ 111

DNAT Policy ____________________________________________________________________________ 115

Zone Management ________________________________________________________________ 118

Manage Zone ___________________________________________________________________________ 118

Delete Zone ____________________________________________________________________________ 119

Group Management_______________________________________________________________ 120

Manage Group __________________________________________________________________________ 120

Delete Group ___________________________________________________________________________ 125

User Management ________________________________________________________________ 126

Search User ____________________________________________________________________________ 126

Live User_______________________________________________________________________________ 127

Manage User ___________________________________________________________________________ 128

Logon Pool Management__________________________________________________________ 140

Search Node____________________________________________________________________________ 140

4

Cyberoam User Guide

Update Logon Pool ______________________________________________________________________ 141

Delete Logon Pool _______________________________________________________________________ 144

System Management _____________________________________________________________ 145

Configure Network_______________________________________________________________________ 145

Configure DNS __________________________________________________________________________ 145

Configure DHCP ________________________________________________________________________ 147

View Interface details ____________________________________________________________________ 148

Configuring Dynamic DNS service _________________________________________________________ 149

PPPoE_________________________________________________________________________________ 151

Manage Gateway________________________________________________________________________ 154

DoS Settings____________________________________________________________________________ 155

Bypass DoS Settings ____________________________________________________________________ 159

Reset Console Password _________________________________________________________________ 161

System Module Configuration _____________________________________________________________ 162

SNMP ___________________________________________________________________________ 163

Cyberoam SNMP Implementation__________________________________________________________ 164

Cyberoam MIB __________________________________________________________________________ 165

Cyberoam Traps ________________________________________________________________________ 168

Manage SNMP__________________________________________________________________________ 169

Configure SNMP Agent __________________________________________________________________ 170

Create SNMP Community ________________________________________________________________ 171

Manage SNMP Community _______________________________________________________________ 171

Delete SNMP Community_________________________________________________________________ 172

Create SNMP V3 User ___________________________________________________________________ 174

Manage SNMP V3 User __________________________________________________________________ 174

Delete SNMP V3 User ___________________________________________________________________ 175

Manage Data _____________________________________________________________________ 176

Client Services __________________________________________________________________________ 182

Customize Access Deny messages ________________________________________________________ 187

Upload Corporate logo ___________________________________________________________________ 188

Customize Login message________________________________________________________________ 189

HTTP Proxy Management _________________________________________________________ 190

Manage HTTP Proxy_____________________________________________________________________ 190

Configure HTTP Proxy ___________________________________________________________________ 191

Set Default Internet Access Policy _________________________________________________________ 192

Manage Servers __________________________________________________________________ 193

Monitoring Bandwidth Usage______________________________________________________ 194

Migrate Users ____________________________________________________________________ 199

Migration from PDC server________________________________________________________________ 199

Migration from External file________________________________________________________________ 200

Customization _____________________________________________________________________________ 202

Schedule ________________________________________________________________________ 202

Define Schedule_________________________________________________________________________ 202

Manage Schedule _______________________________________________________________________ 205

Delete Schedule_________________________________________________________________________ 207

Services _________________________________________________________________________ 208

Define Custom Service ___________________________________________________________________ 208

Manage Custom Service _________________________________________________________________ 209

Delete Custom Service ___________________________________________________________________ 210

Create Service Group ____________________________________________________________________ 211

Update Service Group ___________________________________________________________________ 212

Delete Service Group ____________________________________________________________________ 213

Categories _______________________________________________________________________ 214

Web Category __________________________________________________________________________ 215

5

Cyberoam User Guide

File Type Category ______________________________________________________________________ 224

Application Protocol Category _____________________________________________________________ 228

Access Control___________________________________________________________________ 234

Product Licensing & Updates _____________________________________________________ 236

Product Version information_______________________________________________________________ 236

Upgrade Cyberoam ______________________________________________________________________ 237

Licensing_______________________________________________________________________________ 240

Download________________________________________________________________________ 245

Clients _________________________________________________________________________________ 245

Documentation __________________________________________________________________________ 246

Appendix A – Audit Log___________________________________________________________ 247

Appendix B – Network Traffic Log Fields ___________________________________________ 253

Appendix C – Web Categories _____________________________________________________ 257

Appendix D – Services ____________________________________________________________ 262

Appendix E – Application Protocols _______________________________________________ 264

Menu wise Screen and Table Index ________________________________________________ 266

Cyberoam User Guide

Guide Sets

Guide

User Guide

Console Guide

Windows Client Guide

Linux Client Guide

HTTP Client Guide

Analytical Tool Guide

LDAP Integration Guide

ADS Integration Guide

PDC Integration Guide

RADIUS Integration Guide

High Availability Configuration

Guide

Data transfer Management

Guide

Multi Link Manager User Guide

Cyberoam Anti Virus

Implementation Guide

Cyberoam Anti Spam

Implementation Guide

VPN Management

Describes

Console Management

Installation & configuration of Cyberoam

Windows Client

Installation & configuration of Cyberoam Linux

Client

Installation & configuration of Cyberoam HTTP

Client

Using the Analytical tool for diagnosing and

troubleshooting common problems

Configuration for integrating LDAP with

Cyberoam for external authentication

Configuration for integrating ADS with Cyberoam

for external authentication

Configuration for integrating PDC with Cyberoam

for authentication

Configuration for integrating RADIUS with

Cyberoam for external authentication

Configuration of High Availability (HA)

Configuration and Management of user based

data transfer policy

Configuration of Multiple Gateways, load

balancing and failover

Configuring and implementing anti virus solution

Configuring and implementing anti spam solution

Implementing and managing VPN

6

7

Cyberoam User Guide

Technical Support

You may direct all questions, comments, or requests concerning the software you purchased, your

registration status, or similar issues to Customer care/service department at the following address:

Corporate Office

eLitecore Technologies Ltd.

904, Silicon Tower

Off C.G. Road

Ahmedabad 380015

Gujarat, India.

Phone: +91-79-66065606

Fax: +91-79-26407640

Web site: www.elitecore.com

Cyberoam contact:

Technical support (Corporate Office): +91-79-26400707

Email: support@cyberoam.com

Web site: www.cyberoam.com

Visit www.cyberoam.com for the regional and latest contact information.

Cyberoam User Guide

Typographic Conventions

Material in this manual is presented in text, screen displays, or command-line notation.

Item Convention Example

Server

Client

User

Username

Part titles

Bold and

shaded font

typefaces

Machine where Cyberoam Software - Server component is

installed

Machine where Cyberoam Software - Client component is

installed

The end user

Username uniquely identifies the user of the system

Report

Topic titles

Shaded font

typefaces

Introduction

Subtitles

Bold & Black

typefaces

Notation conventions

Navigation link Bold typeface Group Management → Groups → Create

it means, to open the required page click on Group

management then on Groups and finally click Create tab

Name of a

particular

parameter /

field / command

button text

Cross

references

Lowercase

italic type

Hyperlink in

different color

Enter policy name, replace policy name with the specific

name of a policy

Or

Click Name to select where Name denotes command button

text which is to be clicked

refer to Customizing User database Clicking on the link will

open the particular topic

Notes & points

to remember

Prerequisites

Bold typeface

between the

black borders

Bold typefaces

between the

black borders

Note

Prerequisite

Prerequisite details

8

9

Cyberoam User Guide

Preface

Welcome to Cyberoam’s - User guide.

Cyberoam is an Identity-based UTM Appliance. Cyberoam’s solution is purpose-built to meet the security

needs of corporates, government organizations, and educational institutions.

Cyberoam’s perfect blend of best-of-breed solutions includes User based Firewall, Content filtering, Anti

Virus, Anti Spam, Intrusion Detection and Prevention (IDP), and VPN.

Cyberoam provides increased LAN security by providing separate port for connecting to the publicly

accessible servers like Web server, Mail server, FTP server etc. hosted in DMZ which are visible the

external world and still have firewall protection.

This Guide helps you manage and customize Cyberoam to meet your organization’s various

requirements including creating groups and users and assigning policies to control internet access.

Default Web Admin Console username is ‘cyberoam’ and password is ‘cyber’

It is recommended that you change the default password immediately after installation to avoid unauthorized

access.

10

Cyberoam User Guide

Guide Organization

This Guide provides information regarding the administration, maintenance, and customization of

Cyberoam.

How do I search for relevant content?

For help on how to perform certain task use Contents

For help on a specific menu or screen function use Menu wise – Screen and Table Index

This Guide is organized into three parts:

Part I – Getting started

It describes how to start using Cyberoam after successful installation.

Part II Management

It describes how to define groups and users to meet the specific requirements of your Organization. It

also describes how to manage and customize Cyberoam.

1. Define Authentication process and firewall rule.

2. Manage Groups and Users. Describes how to add, edit and delete Users and User Groups

3. Manage & Customize Policies. Describes how to define and manage Surfing Quota policy,

Access Time policy, Internet Access policy, Bandwidth policy and Data transfer policy

4. Manage Logon Pools. Describes how to add, edit and delete Logon Pools

5. Manage Cyberoam server

Part III Customization

Customize Services, Schedules and Categories. Describes how to create and manage Categories,

Schedules and Services and Cyberoam upgrade process.

11

Cyberoam User Guide

Cyberoam Basics

Cyberoam is an Identity-based UTM Appliance. Cyberoam’s solution is purpose-built to meet the security

needs of corporates, government organizations, and educational institutions.

Cyberoam’s perfect blend of best-of-breed solutions includes Identity based Firewall, Content filtering,

Anti Virus, Anti Spam, Intrusion Detection and Prevention (IDP), and VPN.

Cyberoam provides increased LAN security by providing separate port for connecting to the publicly

accessible servers like Web server, Mail server, FTP server etc. hosted in DMZ which are visible the

external world and still have firewall protection.

It also provides assistance in improving Bandwidth management, increasing Employee productivity and

reducing legal liability associated with undesirable Internet content access.

Benefits of Cyberoam

1. Boost Employee productivity by

a. Blocking access to the sites like Gaming, Shopping, news, Pornography

2. Conserve bandwidth by

a. Controlling access to non-productive site access during working hours

b. Controlling rate of uploading & downloading of data

3. Load balancing over multiple links

a. Improved User response time

b. Failover solution

c. Continuous availability of Internet

d. Reduced bandwidth bottlenecks

5. Enforce acceptable Internet usage policies

6. Comprehensive, easy-to-use reporting tool enabling the IT managers to compile reports on Internet

and other resources usage and consumption patterns

Accessing Cyberoam

Two ways to access Cyberoam:

1. Web Admin Console

• Managing Firewall rules

• Used for policy configuration

• Managing users, groups and policies

• Managing Bandwidth

• Viewing bandwidth graphs as well as reports

2. Telnet Console

• Used for Network and System configuration (setting up IP Addresses, setting up gateway)

• Managing Cyberoam application

a) Using Console Interface via remote login utility – TELNET

b) Direct Console connection - attaching a keyboard and monitor directly to Cyberoam server

Accessing Console via remote login utility - TELNET

Access Cyberoam Console with the help of TELNET utility. To use TELNET, IP Address of the Cyberoam

server is required.

To start the TELNET utility:

Click Start, and then click Run

12

Cyberoam User Guide

In Open, type TELNET xxx.xxx.x.xxx

Click OK, opens a console login window and prompts to enter Password

Default password for Cyberoam TELNET console is “admin”.

Screen - Console access

Screen - Console login screen

Accessing Console using SSH client

Access Cyberoam Console using any of the SSH client. Cyberoam server IP Address is required.

Start SSH client and create new Connection with the following parameters:

Hostname - <Cyberoam server IP Address>

Username – admin

Password – admin

13

Cyberoam User Guide

Accessing the Web Admin Console

Cyberoam Web Admin Console (GUI) access requires Microsoft Internet Explorer 5.5+ or Mozilla Firefox

1.5+ and Display settings as True color (32 bits)

Log on & log off from the Cyberoam Web Admin Console

The Log on procedure verifies validity of user and creates a session until the user logs off.

Log on procedure

To get the log in window, open the browser and type IP Address in browser’s URL box. A dialog box

appears prompting you to enter username and password to log on. Use the default user name

‘cyberoam’ and password ‘cyber’ if you are logging in for the first time after installation.

Asterisks are the placeholders in the password field.

Log on Methods

HTTP log in

To open unencrypted login page, in the browser’s Address box, type

http://<IP address of Cyberoam>

Screen - HTTP login screen

HTTPS log in

Cyberoam provides secured communication method which encrypts the User log on information and

which prevents unauthorized users from viewing the user information. For this, Cyberoam uses https

protocol.

The secure Hypertext Transfer Protocol (HTTPS) is a communication protocol designed to transfer

encrypted information between computers over the World Wide Web. HTTPS is http using a Secure

Socket Layer (SSL). A secure socket layer is an encryption protocol invoked on a Web server that uses

HTTPS.

HTTPS protocol opens a secure hypertext transfer session with the specified site address.

Cyberoam User Guide

To open login over secure HTTP, type

https://<IP address of Cyberoam>

Screen - HTTPS login

Screen Elements

Login

User name

Password

Description

Specify user login name.

If you are logging on for the first time after installation, please use

default username ‘cyberoam’

Specify user account Password

14

Cyberoam User Guide

Log on to

Login button

If you are logging on for the first time after installation, please use

default password ‘cyber’

To administer Cyberoam, select ‘Web Admin Console’

Logs on to Web Admin Console

Click Login

Table - Login screen elements

Web console Authorization and Access control

By default, Cyberoam has four types of user groups:

Administrator group

Log in as Administrator group User to maintain, control and administer Cyberoam.

Administrator group User can create, update and delete system configuration and user information.

Administrator can create multiple administrator level users.

Manager group

Manager group User can only view the reports.

User group

User group User is the user who accesses the resources through Cyberoam.

Clientless group

Clientless User group User who can bypass Cyberoam Client login to access resources. Cyberoam itself

takes care of login of this level user.

For Administrators and Managers, IP address based access restriction/control can be implemented.

Refer to Access Configuration to implement.

Log out procedure

To avoid un-authorized users from accessing Cyberoam, log off after you have finished working. This will

end the session and exit from Cyberoam.

15

16

Cyberoam User Guide

Getting Started

Once you have configured network, you can start using Cyberoam.

PART

1

1. Start monitoring

Once you have installed Cyberoam successfully, you can monitor user activity in your Network.

Depending on the Internet Access policy configured at the time of installation, certain categories will be

blocked/allowed for LAN to WAN traffic with or without authentication.

2. View Cyberoam Reports

Monitor your Network activities using Cyberoam Reports.

To view Reports, log on to Reports from Web Admin Console using following URL: http://<Internal IP

Address>

To log on, use default username ‘cyberoam’ and password ‘cyber’.

View your organization’s surfing pattern from Web Surfing Organization wise report

View your organization’s general surfing trends from Trends Web Trends report

View your organization’s Category wise surfing trends from Trends Category Trends report

3. Discover Network Application Traffic

Detect your network traffic i.e. applications and protocols accessed by your users.

To view traffic pattern of your network, log on to Cyberoam Web Management Console using following

URL: http://<Internal IP Address>

To log on, use default username ‘cyberoam’ and password ‘cyber’.

View amount of network traffic generated by various applications from Traffic Discovery Live

Connections Application wise

4. Configure for User name based monitoring

As Cyberoam monitors and logs user activity based on IP address, all the reports generated are also IP

address based. To monitor and log user activities based on User names, you have to configure

Cyberoam for integrating user information and authentication process.

Integration will identify access request based on User names and generate reports based on Usernames.

If your Network uses Active Directory Services and users are already created in ADS, configure

Cyberoam to communicate your ADS. Refer to Cyberoam – ADS Integration guide for more details.

If your Network uses Windows Domain Controller, configure for Cyberoam to communicate with Windows

Domain Controller. Refer to Cyberoam – PDC Integration guide for more details.

17

Cyberoam User Guide

5. Customize

Depending on the Internet Access configuration done at the time of installation, default firewall rules will

be created.

You can create additional firewall rules and other policies to meet your organization’s requirement.

Cyberoam allows you to:

1. Control user based per zone traffic by creating firewall rule. Refer to Firewall for more details.

2. Control individual user surfing time by defining Surfing quota policy. Refer to Policy Management-

Surfing Quota policy for more details.

3. Schedule Internet access for individual users by defining Access time policy. Refer to Policy

Management-Access time policy for more details.

4. Control web access by defining Internet Access policy. Refer to Policy Management-Internet

Access policy for more details.

5. Allocate and restrict the bandwidth usage by defining Bandwidth policy. Refer to Policy

Management-Bandwidth policy for more details.

6. Limit total as well as individual upload and/or download data transfer by defining data transfer

policy. Refer Data transfer policy for more details.

18

Cyberoam User Guide

Dashboard

As soon as you logon to the Web Admin Console, Dashboard is displayed.

Dashboard provides one solution to many analytical needs. Using the "dashboard" concept of information

presentation, Cyberoam makes it easy to view access data from multiple perspectives, allowing

management to identify patterns and potential areas of risk and productivity loss. It will empower

organizations to plan, understand, integrate and leverage strategy all from a single page report.

The goal of dashboard is to provide fast access to monitor and analyze employee Internet usage. As a

result, managers gain an unprecedented ability to report on and manage a wide spectrum of the data and

applications that employees use during their working hours.

Dashboard is the answer to – ‘Why can't Cyberoam automatically show me things that will help me with

what I'm doing, instead of making me search around for them?’

Dashboard is divided into following section:

1. HTTP Traffic Analysis

2. User Surfing pattern

3. Usage Summary

4. Recent Mail Viruses detected

5. Recent HTTP Viruses detected

6. Installation Information

7. System Resources

8. System Status

9. Installation Information

10. DoS attack status

11. Recent IDP Alerts

12. License Information

13. Gateway status

Cyberoam User Guide

19

20

Cyberoam User Guide

Management

Setting up Zones

PART

2

A Zone is a logical grouping of ports.

Zones provide flexible layer of security for the firewall. With the zone-based security, the administrator

can group similar ports and apply the same policies to them, instead of having to write the same policy

for each interface.

Default Zones Types

LAN – Depending on the appliance in use and on your network design, you can group one to six ports in

this zone. Even though each interface will have a different network subnet attached to it, when grouped

together they can be managed as a single entity. Group all the LAN networks under this zone.

By default the traffic to and from this zone is blocked and hence the highest secured zone. However,

traffic between ports belonging to the same zone will be allowed.

DMZ (DeMilitarized Zone) - This zone is normally used for publicly accessible servers. Depending on the

appliance in use and on your network design, you can group one to five ports in this zone.

WAN – This zone is used for Internet services. It can also be referred as Internet zone. Depending on the

appliance in use and on your network design, you can group one to six ports in this zone.

Local - This zone is the grouping of all the available ports of Cyberoam.

Cyberoam provides single zone of each type. These are called System Zones. Administrator can add

LAN and DMZ zone types.

By default, entire traffic will be blocked except LAN to Local zone service likes Administration,

Authentication and Network.

Cyberoam User Guide

Create Zone

Select System Zone Create to open the create page

Screen - Create Zone

Screen Elements

Create Zone

Zone Name

Zone Type

Description

Specify name of the Zone

Select zone type

LAN – Depending on the appliance in use and on your network design,

you can group one to six ports in this zone.

By default the traffic to and from this zone is blocked and hence the

highest secured zone.

DMZ (DeMilitarized Zone) - This zone is normally used for publicly

accessible servers. Depending on the appliance in use and on your

network design, you can group one to five ports in this zone.

WAN – This zone type is used for the Internet services. Only one WAN

zone is allowed, hence you will not be able to create additional WAN

zones.

Multiple LAN is not possible if Cyberoam is placed deployed as Bridge

Select Port

It is not possible to add Zone if Cyberoam is placed deployed as Bridge

Allows to bind port to the zone

‘Available Ports’ list displays the list of ports that can be binded to the

selected zone.

Description

Create button

Use Right arrow button to move the selected ports to ‘Member Port’ list.

Specify zone description

Saves the configuration and creates zone

Table – Create Zone

21

22

Cyberoam User Guide

Setting up Users

Define Authentication

Cyberoam provides policy-based filtering that allows defining individual filtering plans for various users of

your organization. You can assign individual policies to users (identified by IP address), or a single policy

to number of users (Group).

Cyberoam detects users as they log on to Windows domains in your network via client machines.

Cyberoam can be configured to allow or disallow users based on username and password. In order to

use User Authentication, you must select at least one database against which Cyberoam should

authenticate users.

Cyberoam supports user authentication against:

• an Active Directory

• an Windows Domain controller

• an LDAP server

• an RADIUS server

• an internal database defined in Cyberoam

To filter Internet requests based on policies assigned, Cyberoam must be able to identify a user making a

request.

When the user attempts to access, Cyberoam requests a user name and password and authenticates the

user's credentials before giving access. User level authentication can be performed using the local user

database on the Cyberoam, an External ADS server, RADIUS server, LDAP or Windows Domain

Controller.

Integrate with ADS, LDAP or Domain Controller if external authentication is required.

If your network uses an Active Directory service, configure Cyberoam to communicate with ADS. Refer to

Cyberoam - ADS Integration Guide for details.

If your network uses a Windows Domain controller, configure Cyberoam to communicate with Domain

controller. Refer to Cyberoam - PDC Integration for details.

If your Network uses LDAP, configure Cyberoam to communicate with LDAP server. Refer to Cyberoam

– LDAP Integration for details.

If your Network uses RADIUS server, configure Cyberoam to communicate with RADIUS server. Refer to

RADIUS Integration Guide for details.

Cyberoam can prompt for user identification if your network does not use Windows environment. Refer to

Cyberoam Authentication for details.

Cyberoam Authentication

When Cyberoam is installed in Non PDC environment, it is necessary to create users and groups in

Cyberoam.

Before users log on to Cyberoam, Administrator has to create all the users in Cyberoam, assign them to

a Group and configure for Cyberoam authentication. Refer to Define Group and Define User for details

on creating groups and users.

Cyberoam User Guide

When user attempts to log on, Cyberoam server performs authentication i.e. User is authenticated

directly by the Cyberoam server.

Select User Authentication Settings to open configuration page

Screen – Cyberoam Authentication

Screen Elements

Description

Configure Authentication & Integration parameters

Integrate with

Select Cyberoam as the authentication server

Default Group

Allows to select default group for users

Update button

Click Default Group list to select

Updates and saves the configuration

Table – Cyberoam Authentication screen elements

23

Cyberoam User Guide

Define User

User

Users are identified by an IP address or a user name and assigned to a group. All the users in a group

inherit all the group policies. Refer to Policy Management to define new policies.

User types

Cyberoam supports three types of Users:

1. Normal

2. Clientless

3. Single Sign on

Normal User has to logon to Cyberoam. Requires Cyberoam client (client.exe) on the User machine or

user can use HTTP Client component and all the policy-based restriction can be applied.

Clientless Does not require Cyberoam client component (client.exe) on the User machines. Symbolically

represented as User name (C)

Single Sign On If User is configured for Single Sign On, whenever User logs on to Windows, he/she is

automatically logged to the Cyberoam. Symbolically represented as User name (S)

Use the given decision matrix below to decide which type of the user should be created.

Decision matrix for creation of User

Feature Normal User Clientless User Single Sign on User

User Login required Yes No No

Type of Group

Normal

Clientless

Yes

No

No

Yes

Yes

No

Apply Login restriction Yes Yes Yes

Apply Surfing Quota policy Yes No No

Apply Access Time policy Yes No No

Apply Bandwidth policy Yes Yes Yes

Apply Internet Access policy Yes Yes Yes

Apply Data Transfer policy Yes No Yes

Table - Create User - Decision matrix

24

25

Cyberoam User Guide

Add a User

Prerequisite

• Group created – for Normal Users only

Select User User Add User to open add user page

Screen - Add User

Screen Elements

User Information

Name

Username

Password

Confirm Password

Windows Domain

Controller

Only if Authentication

is done by Windows

Domain Controller

Description

Specify name of the User

Specify a name that uniquely identifies user & used for logging

Specify Password

Specify password again for conformation

Should be same as typed in the Password field

Displays Authentication Server IP Address

26

Cyberoam User Guide

User Type

Specify the user group type. Depending on user group type default

web console access control will be applied. Refer to Web console

Authorization and Access control for more details.

Number

simultaneous

allowed

OR

Unlimited

of

login(s)

Available option:

Administrator

Manager

User

Click User type list to select

Refer to Add Clientless User on how to create clientless user

Customize the maximum number of concurrent logins allowed to the

user

Specify number of concurrent logins allowed to the user

OR

Allows unlimited concurrent logins to the user

The setting specified will override the setting specified in client

preference.

Group Information

Group

View details link

Login Restriction

Select any one option

For example,

If in Client preferences, the number of concurrent logins allowed is 5

and here you have specified 3, then this particular user will be

allowed to login from 3 machines concurrently and not from 5

machines.

Specify in Group in which user is to be added. User will inherit all the

group policies.

Click Group list to select

Open a new Window and displays details of the selected Group

Refer to View Group details table for more details

Allows to apply login restriction

Available options

1) All Nodes

Allows Users to login from all the nodes in the network

2) Group Nodes only

Allows Users to login only from the nodes assigned to the group

3) Selected Nodes only

Allows Users to login from the selected nodes only. Refer to Apply

Login Node Restriction for details. Nodes from which the User is

allowed login can be specified after creating the user also.

Click to select

Personal details link Allows to enter personal details of the user

Personal information

Only if Personal details link is clicked

Birth date

Specify date of birth of user

Email

Click Calendar to select date

Specify Email Id of User

Cyberoam User Guide

Add button

Review button

Adds user

Click to add

Opens a new page and displays the user details for reviewing.

Review details before adding to make sure details entered are

correct.

Click to review

View Group details table

Screen Elements

Group name

Surfing Quota policy

Access Time policy

Internet Access policy

Bandwidth policy

Data transfer policy

Allotted time (HH:mm)

Expiry date

Used minutes

Close button

Click Submit to add user

Table - Add User screen elements

Description

Displays name of the Group

Displays name of the Surfing Quota policy assigned to the

group

Displays name of the Access Time policy assigned to the

group

Displays name of the Internet Access policy assigned to the

group

Displays name of the Bandwidth policy assigned to the

group

Displays name of the Data Transfer policy assigned to the

group

Displays total allotted surfing time to User

Displays User policy Expiry date

Displays total time used by the user in minutes

At the time of creation of user, it will be displayed as 0:0

Closes window

Table - View Group details screen elements

Apply Login Node Restriction

27

Cyberoam User Guide

Screen Elements

Select Node(s) button

Only if the option ‘Selected

Node(s) Only’ is selected

Logon Pool name

Select

Description

Opens a new page and allows to select the node

Click to select the Node for restriction

Logon Pool from which the Node/IP address is to be

added

Click Logon Pool name list to select

Selects the Node

OK button

Cancel button

Multiple nodes can also be selected

Click to apply restriction

Cancels the current operation

Table - Apply Login Node Restriction screen elements

28

Cyberoam User Guide

Add Clientless users

Clientless Users are the Users who can bypass Cyberoam Client login to access resources. It is possible

to add a single clientless user as well as more than one clientless user at a time.

When you add multiple clientless users, users are represented by IP addresses and not by the User

name.

Add multiple clientless users

Creates Clientless users with given IP addresses as their username. Change the Username of the

clientless users if required.

Prerequisite

• Clientless Group created

Select User Clientless Users Add Multiple Clientless Users to open create user page

Screen - Add multiple Clientless users

Screen Elements

Host Group Details

Host Group name

Is Host Group public

Description

Specify name of Logon Pool

Public IP address is routable over the Internet and do not need

Network Address Translation (NAT)

29

Cyberoam User Guide

Bandwidth policy

Click to Select, if IP Addresses assigned to the Users are public

IP Addresses

By default, group bandwidth policy is applied to the user but you

can override this policy.

Specify Bandwidth Policy to be applied.

Click Bandwidth Policy list to select

Description

Machine details

From – To

Machine name

Select Group

Group

Click View details link to view details of the policy

Specify full description

Specify range of IP Address that will be used by Users to login

Specify Machine name

Specify Group in which User is to be added

Create button


Adds multiple Clientless Users

Table - Add multiple Clientless users screen elements

30

Cyberoam User Guide

Add single Clientless user

Prerequisite

• Group created

• Logon Pool created

Select User Clientless Users Add Single Clientless User to open create user page

Screen - Add single Clientless user

Screen Elements

User Information

Name

Username

Activate on Creation

Description

Specify name of the User

Specify a unique name used for logging

Specifies whether user should be logged in automatically after

registration

Options:

Yes – Automatically logs in as soon as registered successfully i.e.

becomes a live user

No – User is registered but is in De-active mode. Activate user before

first log in. Refer to Activate Clientless User for more details

User type

Displays User type

User Group Information

Group

Specify Group in which User is to be added

31

Cyberoam User Guide

View details link


Open a new window and displays details of the selected group

Login Restriction

Allowed Login from

IP Address

Click to view details

Specifies IP address from where User can login

Click Select Node, opens a new window and allows to select IP

Address

Refer to Select Node table for more details

Personal details link Allows to enter the personal details of the user

Personal information

Only if Personal details link is clicked

Birth date

Specify date of birth of User

Email

Register

Cancel button

Use Popup Calendar to enter date

Specify Email Id of User

Registers a clientless user

Cancels current operation

Table - Create single Clientless user screen elements

Select Node table

Screen Elements

Logon Pool name

Select

Apply Restriction button

Description

Allows to select the Logon Pool


Selects the Node

User will be allowed to login from the selected node

only.

Close button

Click to apply login restriction

Closes window

Table - Select Node screen elements

NOTE

Duplicate Usernames cannot be created

Make sure that subnets or individually defined IP addresses do not overlap

Create Group before assigning it to a User. Refer to Create Groups to create new groups

32

Cyberoam User Guide

Setting up Groups

Group

Group is a collection of users having common policies and a mechanism of assigning access of

resources to a number of users in one operation/step.

Instead of attaching individual policies to the user, create group of policies and simply assign the

appropriate Group to the user and user will automatically inherit all the policies added to the group. This

simplifies user configuration.

A group can contain default as well as custom policies.

Various policies that can be grouped are:

1. Surfing Quota policy which specifies the duration of surfing time and the period of subscription

2. Access Time policy which specifies the time period during which the user will be allowed access

3. Internet Access policy which specifies the access strategy for the user and sites

4. Bandwidth policy which specifies the bandwidth usage limit of the user

5. Data Transfer policy which specifies the data transfer quota of the user

Refer to Policy Management for more details on various policies.

Group types

Two types of groups:

1. Normal

2. Clientless

Normal A user of this group need to logon to Cyberoam using the Cyberoam Client to access the

Internet

Clientless A user of this group need not logon to Cyberoam using the Cyberoam Client to access the

Internet. Access control is placed on the IP Address. Symbolically represented as Group name (C)

Use the below given decision matrix to decide which type of group will best suited for your network

configuration.

Decision matrix for creation of Group

Feature Normal Group Clientless Group

Logon into Cyberoam required Yes No

Type of User

Normal

Clientless

Yes

No

No

Yes

Apply Login restriction Yes No

Apply Surfing Quota policy Yes No

Apply Access Time policy Yes No

Apply Bandwidth policy Yes Yes

Apply Internet Access policy Yes Yes

Apply Data transfer policy Yes No

Table - Group creation - Decision matrix

33

Cyberoam User Guide

Add a New Group

Prerequisite

• All the policies which are to be added to the Group are created

• Logon Pool created if login is to be restricted from a particular Node/IP Address

Select Group Add Group to open add group page

Screen - Create Group

Screen Elements

Create Group

Group name

Group type

Description

Specify Group name. Choose a name that best describes the Group.

Specify type of Group

Click Group type to select

Select Normal if Group members are required to log on using

Cyberoam Client

Surfing Quota Policy

Select Clientless if Group members are not required to log on using

Cyberoam Client

Specify Surfing Quota Policy for Group

34

35

Cyberoam User Guide

Only if Group type

is ‘Normal’

Access Time Policy

Only if Group type

is ‘Normal’

Click Surfing Quota Policy list to select

By default, ‘Unlimited policy’ is assigned to the ‘Clientless’

Group type

Refer to Surfing Quota Policy for more details

Specify Access Time policy for Group

Click Access Time Policy list to select

By default, ‘Unlimited policy’ is assigned to ‘Clientless’ Group

type

Internet

policy

Access

Refer to Access Time Policy for more details

Specify Internet Access policy for Group

Click Internet Access policy list to select

Bandwidth Policy

Refer Internet Access policy for details

Specify Bandwidth Policy for Group


Data Transfer policy

Only if Group type is

‘Normal’

Login Restriction

Select any one

option

Refer Bandwidth Policy for details

Specify data transfer policy for Group

Click Data Transfer policy list to select

Refer Data Transfer Policy for details

Apply login restriction if required for the users defined under the

Group

Available options

1) Allowed login from all nodes

Allows Users defined under the Group to login from all the nodes

2) Allowed login from the selected nodes

Allow Users defined under the Group to login from the selected

nodes only.

Specifies IP address from where User can login

Click Select Node, opens a new window and allows to select IP

Address

Refer to Select Node table for more details Refer to Apply Login

Node restriction for more details

Select Node button

Only if ‘Allowed

Login from

selected node’

option is selected

for

Login

restriction

Create button

Click to select

Opens a new page and allows to select the node

Click to select the Node

Creates Group

Cyberoam User Guide

Cancel button

Cancels the current operation and returns to the Manage Group

page

Table - Create Group screen elements

Note

It is not necessary to add user at the time of the creation of Group. Users can be added even after the creation

the group.

Apply Login Node Restriction

Screen – Apply Login Node Restriction

Screen Elements

Logon Pool name

Select

Description

Logon Pool from which the Node/IP address is to be added


User will be allowed to login from the selected nodes only.

Click to select Node

OK button

Multiple nodes can also be selected

Applies login restriction and closes the window

Click to apply restriction

36

37

Cyberoam User Guide

Cancel button


Table - Apply Login Node Restriction screen elements

38

Cyberoam User Guide

Firewall

A firewall protects the network from unauthorized access and typically guards the LAN and DMZ

networks against malicious access; however, firewalls may also be configured to limit the access to

harmful sites for LAN users.

The responsibility of firewall is to grant access from Internet to DMZ or Service Network according to the

Rules and Policies configured. It also keeps watch on state of connection and denies any traffic that is

out of connection state.

Firewall rules control traffic passing through the Cyberoam. Depending on the instruction in the rule,

Cyberoam decides on how to process the access request. When Cyberoam receives the request, it

checks for the source address, destination address and the services and tries to match with the firewall

rule. If Identity match is also specified then firewall will search in the Live Users Connections for the

Identity check. If Identity (User) found in the Live User Connections and all other matching criteria fulfills

then action specified in the rule will be applied. Action can be allow or deny.

If Action is ‘Allow’ then each rule can be further configured to apply source or destination NATting

(Network Address Translation). You can also apply different protection settings to the traffic controlled by

firewall:

• Enable load balancing between multiple links

• Configure antivirus protection and spam filtering for SMTP, IMAP, POP3, and HTTP traffic. To

apply antivirus protection and spam filtering, you need to subscribe for Gateway Anti Virus and

Gateway Anti Spam modules individually. Refer to Licensing section for details.

• Implement Intrusion detection and prevention. To apply IDP policy you need to subscribe for

Intrusion Detection and Prevention module. Refer to Licensing section for details.

• Configure content filtering policies. To apply content filtering you need to subscribe for Web and

Application Filter module. Refer to Licensing section for details.

• Apply bandwidth policy restriction

By default, Cyberoam blocks any traffic to LAN.

Default Firewall rules

At the time of deployment, Cyberoam allows to define one of the following Internet Access policies using

Network Configuration Wizard:

• Monitor only

• General Internet policy

• Strict Internet policy

Depending on the Internet Access policy set through Network Configuration Wizard, Cyberoam defines

the two default firewall rules as follows:

Monitor only

Cyberoam applies the firewall rules in the order as specified below.

1. Masquerade and Allow entire LAN to WAN traffic for all the authenticated users after applying

following policies:

Internet Access policy – User specific

Bandwidth policy – User specific

Anti Virus & Anti Spam policy – Allows SMTP, POP3, IMAP and HTTP traffic without scanning

2. Masquerade and Allow entire LAN to WAN traffic for all the users without scanning SMTP, POP3,

39

Cyberoam User Guide

IMAP and HTTP traffic

General Internet policy



following policies:



Anti Virus & Anti Spam policy - Scan SMTP, POP3, IMAP and HTTP traffic

2. Masquerade and Allow entire LAN to WAN traffic for all the users after applying following policies:

Internet Access policy – Applies ‘General Corporate Policy’ to block Porn, Nudity,

AdultContent, URL TranslationSites, Drugs, CrimeandSuicide, Gambling, MilitancyandExtremist,

PhishingandFraud, Violence, Weapons categories

IDP – General policy


Strict Internet policy



following policies:



IDP policy – General policy


2. Drop entire LAN to WAN traffic for all the users

Note

Default Firewall rules can be modified as per the requirement but cannot be deleted

IDP policy will not be effective until the Intrusion Detection and Prevention (IDP) module is subscribed.

Virus and Spam policy will not be effective until the Gateway Anti Virus and Gateway Anti-spam modules are

subscribed respectively.

If Internet Access Policy is not set through Network Configuration Wizard at the time of deployment, the entire

traffic is dropped.

Additional firewall rules can be defined to extend or override the default rules. For example, rules can be

created that block certain types of traffic such as FTP from the LAN to the WAN, or allow certain types of

traffic from specific WAN hosts to specific LAN hosts, or restrict use of certain protocols such as Telnet to

authorized users on the LAN.

Custom rules evaluate network traffic source IP addresses, destination IP addresses, User, IP protocol

types, and compare the information to access rules created on the Cyberoam appliance. Custom rules

take precedence, and override the default Cyberoam firewall rules.

40

Cyberoam User Guide

Create Firewall rule

Previous versions allowed creating firewall rules based on source and destination IP addresses and

services but now Cyberoam’s Identity based firewall allows to create firewall rules embedding user

identity into the firewall rule matching criteria.

Firewall rule matching criteria now includes:

• Source and Destination Zone and Host

• User

• Service

Prior to this version, all the Unified Threat Control policies were to be enabled individually from their

respective pages. Now one can attach the following policies to the firewall rule as per the defined

matching criteria:

• Intrusion Detection and Prevention (IDP)

• Anti Virus

• Anti Spam

• Internet Access

• Bandwidth Management

• Routing policy i.e. define user and application based routing

To create a firewall rule, you should:

• Define matching criteria

• Associate action to the matching criteria

• Attach the threat management policies

For example, now you can:

• Restrict the bandwidth usage to 256kb for the user John every time he logs on from the IP

192.168.2.22

• Restrict the bandwidth usage to 1024kb for the user Mac if he logs on in working hours from the IP

192.168.2.22

Processing of firewall rules is top downwards and the first suitable rule found is applied.

Hence, while adding multiple rules, it is necessary to put specific rules before general rules. Otherwise, a

general rule might allow a packet that you specifically have a rule written to deny later in the list. When a

packet matches the rule, the packet is immediately dropped or forwarded without being tested by the rest

of the rules in the list.

Select Firewall Create Rule

41

Cyberoam User Guide

Screen - Create Firewall rule

Screen Elements

Matching Criteria

Source

Description

Specify source zone and host IP address/network address to which the

rule applies.

To define host group based firewall rule you need to define host group.

Under Select Address, click Create Host Group to define host group from

firewall rule itself or from Firewall Host Group Create

Under Select Address, click Add Host to define host group from firewall

rule itself rule itself or from Firewall Host Add Host

42

Cyberoam User Guide

Check Identity

(Only if source

zone is

LAN/DMZ)

Destination

Check identity allows you to check whether the specified user/user group

from the selected zone is allowed the access of the selected service or not.

Click Enable to check the user identity.

Enable check identity to apply following policies per user:

• Internet Access policy for Content Filtering (User’s Internet access

policy will be applied automatically but will not be effective till the

Web and Content Filtering module is subscribed)

• Schedule Access

• IDP (User’s IDP policy will be applied automatically but will not be

effective till the IDP module is subscribed)

• Anti Virus scanning (User’s anti virus scanning policy will be applied

automatically but it will not be effective till the Gateway Anti Virus

module is subscribed)

• Anti Spam scanning (User’s anti spam scanning policy will be applied

automatically but it will not be effective till the Gateway Anti Spam

module is subscribed)

• Bandwidth policy - User’s bandwidth policy will be applied

automatically

• The policy selected in Route through Gateway is the static routing

policy that is applicable only if more then one gateway is defined and

used for load balancing.

and limit access to available services.

Specify destination zone and host IP address /network address to which

the rule applies.



Service/Service

group



Services represent types of Internet data transmitted via particular

protocols or applications.

Select service/service group to which the rule applies.

Under Select Here, click Create Service Group to define service group

from firewall rule itself rule itself or from Firewall Service

Create Service

Cyberoam provides several standard services and allows creating the

custom services also. Under Select Here, click Create Service to define

service from firewall rule itself rule itself or from Firewall Service

Create Service

43

Cyberoam User Guide

Protect by configuring rules to

• block services at specific zone

• limit some or all users from accessing certain services

• allow only specific user to communicate using specific service

Apply Schedule Select Schedule for the rule

Firewall Action When Criteria Match

Action

Select rule action

Accept – Allow access

Drop – Silently discards

Reject – Denies access and ‘ICMP port unreachable’ message will be sent

to the source

When sending response it might be possible that response is sent using a

different interface than the one on which request was received. This may

happen depending on the Routing configuration done on Cyberoam.

Apply Source

NAT (Only if

Action is

‘ACCEPT’)

For example,

If the request is received on the LAN port using a spoofed IP address

(public IP address or the IP address not in the LAN zone network) and

specific route is not defined, Cyberoam will send a response to these hosts

using default route. Hence, response will be sent through the WAN port.

Select the SNAT policy to be applied

It allows access but after changing source IP address i.e. source IP

address is substituted by the IP address specified in the SNAT policy.

You can create SNAT policy from firewall rule itself or from Firewall

SNAT Policy Create

44

Cyberoam User Guide

This option is not available if Cyberoam is deployed as Bridge

Advanced Settings

Click to apply different protection settings to the traffic controlled by firewall. You can:

• Enable load balancing and failover when multiple links are configured. Applicable only

if Destination Zone is WAN

• Configure antivirus protection and spam filtering for SMTP, IMAP, POP3, and HTTP

policies. To apply antivirus protection and spam filtering, you need to subscribe for

Gateway Anti Virus and Gateway Anti Spam modules individually. Refer to Licensing

section for details.

• Implement Intrusion detection and prevention. To apply IDP policy you need to

subscribe for Intrusion Detection and Prevention module. Refer to Licensing section for

details.

• Configure content filtering policies. To apply content filtering you need to subscribe for

Web and Application Filter module. Refer to Licensing section for details.

• Apply bandwidth policy

Destination NAT Settings

Destination NAT Select DNAT policy to be applied

policy

DNAT rule tells the firewall to forward the requests from the specified

machine and port to the specified machine and port.

Under Select Here, click Create DNAT Policy to define dnat policy from

firewall rule itself rule itself or from Firewall DNAT Policy

Create


Policy Settings

IDP Policy

Select IDP policy for the rule.

Internet

Policy

Access

To use IDP, you have to subscribe for the module. Refer to Licensing for

more details.

Refer to IDP, Policy for details on creating IDP policy

Select Internet access policy for the rule. It can be applied only to LAN to

WAN rule.

Internet Access policy controls web access.

Refer to Policies, Internet Access Policy for details on creating Internet

Access policy.

45

Cyberoam User Guide

Bandwidth Policy

Select Bandwidth policy for the rule. Only the Firewall Rule based

Bandwidth policy can be applied.

Route

Gateway

Through

Bandwidth policy allocates & limits the maximum bandwidth usage of the

user.

Refer to Policies, Bandwidth Policy for details on creating Bandwidth

policy.

Select routing policy

Can be applied only if more than one gateway is defined.


Refer to Multiple Gateway Implementation Guide for more details.

Virus & Spam Settings

Scan Protocol(s) Click the protocol for which the virus and spam scanning is to be enabled

By default, HTTP scanning is enabled.

To implement Anti Virus and Anti Spam scanning, you have to subscribe

for the Gateway Anti Virus and Anti Spam modules individually. Refer to

Licensing for more details.

Log Traffic

Refer to Anti Virus Implementation Guide and Anti Spam Implementation

Guide for details.

Click to enable traffic logging for the rule i.e. traffic permitted and denied by

the firewall rule.

Make sure, firewall rule logging in ON/Enable from the Logging

Management. Refer to Cyberoam Console Guide, Cyberoam Management

for more details.

To log the traffic permitted and denied by the firewall rule, you need to

ON/Enable the firewall rule logging from the Web Admin ConsoleFirewall

rule and from the Telnet ConsoleCyberoam Management. Refer to

Cyberoam Console Guide for more details.

Description

Save button

Refer to Appendix B - Network Traffic Logging Entry for more details.

Specify full description of the rule

Saves the rule

Table - Create Firewall rule screen elements

Manage Firewall

Use to:

• Enable/disable SMTP, POP3, IMAP and HTTP scanning

• Deactivate rule

• Delete rule

• Change rule order

• Append rule (zone to zone)

• Insert rule

• Select display columns

Select Firewall Manage Firewall to display the list of rules

46

Cyberoam User Guide

Screen components

Append Rule button - Click to add zone to zone rule

Select Column button – Click to customize the number of columns to be displayed on the page

Subscription icon - Indicates subscription module. To implement the functionality of the subscription

module you need to subscribe the respective module. Click to open the licensing page.

Enable/Disable rule icon - Click to activate/deactive the rule. If you do not want to apply the firewall

rule temporarily, disable rule instead of deleting.

Green – Active Rule

Red – Deactive Rule

Edit icon

Insert icon

details.

Move icon

details.

Delete icon

- Click to edit the rule. Refer to Edit Firewall rule for more details.

- Click to insert a new rule before the existing rule. Refer to Define Firewall Rule for more

- Click to change the order of the selected rule. Refer to Change the firewall rule order for

- Click to delete the rule. Refer to Delete Firewall Rule for more details.

Update Rule

Select Firewall Manage Firewall to view the list of rules. Click the rule to be modified.

47

Cyberoam User Guide

Screen- Edit Firewall Rule

Screen Elements

Matching Criteria

Source

Description

Displays source zone and host IP address /network address to which the

rule applies.

Zone Type cannot be modified

Modify host/network address if required






48

Cyberoam User Guide

Check Identity

(Only if source

zone is LAN or

DMZ)

Destination

Check identity allows you to check whether the specified user/user group

from the selected zone is allowed the access of the selected service or not.

Click Enable to check the user identity

Displays destination zone and host IP address /network address to which

the rule applies.

Zone Type cannot be modified

Modify host/network address if required.




Service/Service

group



Services represent types of Internet data transmitted via particular

protocols or applications.

Displays service/service group to which the rule applies, modify if required

Under Select Here, click Create Service Group to define service group

from firewall rule itself rule itself or from Firewall Service

Create Service

Cyberoam provides several standard services and allows creating the

custom services also. Under Select Here, click Create Service to define

service from firewall rule itself rule itself or from Firewall Service

Create Service

Protect by configuring rules to

• block services at specific zone



49

Cyberoam User Guide

Apply Schedule Displays rule’s schedule, modify if required

Firewall Action When Criteria Match

Action

Displays rule action, modify if required

Apply Source

NAT (Only if

Action is

‘ACCEPT’)

Accept – Allow access

Drop – Silently discards i.e. without sending ‘ICMP port unreachable’

message to the source

Reject – Denies access and sends ‘ICMP port unreachable’ message to

the source

Displays the SNAT policy applied to the rule, modify if required

It allows access but after changing source IP address i.e. source IP

address is substituted by the specified IP address in the SNAT policy.

You can create SNAT policy from firewall rule itself or from Firewall

SNAT Policy Create


Advanced Settings

Click to apply different protection settings to the traffic controlled by firewall. You can:

• Enable load balancing between multiple links

• Configure antivirus protection and spam filtering for SMTP, IMAP, POP3, and HTTP

policies

• Apply bandwidth policy

• Configure content filtering policies

Destination NAT Settings

Destination NAT Displays DNAT policy applied, modify if required

policy

DNAT rule tells the firewall to forward the requests from the specified

machine and port to the specified machine and port.

Under Select Here, click Create DNAT Policy to define DNAT policy from

firewall rule itself rule itself or from Firewall DNAT Policy

Create

50

Cyberoam User Guide


Policy Settings

IDP Policy

Displays IDP policy for the rule, modify if required

To use IDP, you have to subscribe for the module. Refer to Licensing for

more details.

Internet Access

Policy

(Only if source

zone is LAN)

Bandwidth Policy

Refer to IDP, Policy for details on creating IDP policy

Displays Internet access policy for the rule, modify if required

Internet Access policy controls web access.

Refer to Policies, Internet Access Policy for details on creating Internet

Access policy.

Displays Bandwidth policy for the rule, modify if required. Only the Firewall

Rule based Bandwidth policy can be applied.

Route

Gateway

Through

Bandwidth policy allocates & limits the maximum bandwidth usage of the

user.

Refer to Policies, Bandwidth Policy for details on creating Bandwidth

policy.

Displays routing policy, modify if required

Can be applied only if more than one gateway is defined.


Refer to Multiple Gateway Implementation Guide for more details.

Virus & Spam Settings

Scan Protocol(s) Displays protocols for which the virus and spam scanning is to be enabled,

modify if required

By default, HTTP scanning is enabled.

To implement Anti Virus and Anti Spam scanning, you have to subscribe

for the Gateway Anti Virus and Anti Spam modules individually. Refer to

Licensing for more details.

Log Traffic

Refer to Anti Virus Implementation Guide and Anti Spam Implementation

Guide for details.

Click to enable traffic logging for the rule

Cyberoam User Guide

Make sure, firewall rule logging in ON/Enable from the Logging

Management. Refer to Cyberoam Console Guide, Cyberoam Management

for more details.

To log the traffic permitted and denied by the firewall rule, you need to

ON/Enable the firewall rule logging from the Web Admin ConsoleFirewall

rule and from the Telnet ConsoleCyberoam Management. Refer to

Cyberoam Console Guide for more details.

Description

Save button

Refer to Appendix B - Network Traffic Logging Entry for more details.

Displays full description of the rule, modify if required

Saves the rule

Table – Edit Firewall Rule

51

52

Cyberoam User Guide

Change Firewall Rule order

Rules are ordered by their priority. When the rules are applied, they are processed from the top down

and the first suitable rule found is applied.

Hence, while adding multiple rules, it is necessary to put specific rules before general rules. Otherwise, a

general rule might allow a packet that you specifically have a rule written to deny later in the list. When a

packet matches the rule, the packet is immediately dropped or forwarded without being tested by the rest

of the rules in the list.

Select Firewall Manage Firewall

Click the move button

against the rule whose order is to be changed

Select Before or After as per the need

Click the rule to be moved and then click where it is to be moved.

Click Done to save the order

Append rule

Append Rule adds the new rule above the default rules if zone-to-zone rule set exists else append new

rule as new zone-to-zone rule set in the end.

For example, consider the screen given below. If the new rule is for DMZ to LAN then a new rule set

DMZ – LAN is created at the end and rule is added to it. If the new rule is for LAN to WAN then rule will

be added above Rule ID 4 as Rule ID 3 and ID 4 are default rules.

Select Firewall Manage Firewall Rules and click Append Rule

Refer to Define Firewall Rule for more details.

53

Cyberoam User Guide

Change Display Columns

By default, Manage Firewall Rules page displays details of the rule in the following eight columns: ID,

Enable, Source, Identity, Destination, Service, Action and Manage. You can customize the number of

columns to be displayed as per your requirement.

Screen – Default Screen Display of Manage Firewall Rules page

Select Firewall Manage Firewall to open the manage page.

Click Select Columns

It opens the new window. ‘Available Columns’ list displays the columns that can be displayed on the

page.

Click the required column and use Right arrow button to move the selected column to the ‘Selected

Columns’ list

Click Done

Screen – Customized Screen Display of Manage Firewall Rules page

Delete Firewall Rule

Select Firewall Manage Firewall Rules and click the delete icon against the rule to deleted

54

Cyberoam User Guide

Screen - Delete Firewall rule

Note

Default rules cannot be deleted or deactivated.

Cyberoam User Guide

Host Management

Firewall rule can be created for the individual host or host groups. By default, the numbers of hosts equal

to the ports in the appliance are already created.

Create Host Group

Host group is the grouping on hosts.

Select Firewall Host Group Create to open the create page

Screen – Create Host Group

Screen Elements

Description

Create Host Group

Host Group Name

Description

Create button

Specify host group name


Add a new host. If host group is created successfully,

click Add to add hosts to the host group. Refer to Manage

Host Groups for details.

Table – Create Host Group screen elements

Manage Host Group

Use to:

• Add host to Group

55

56

Cyberoam User Guide

• Remove host from the Group

• Delete Host Group

Add Host to Host Group

Select Firewall Host Group Manage to view the list of groups created.

Click host group to which host is to be added. Host Group details are displayed.

Click Add. List of hosts that can be added to the group is displayed.

Click against the host to be added

Click Add

Remove Host from Host Group

Select Firewall Host Group Manage and click host group from which the host is to be

removed

Screen – Remove Host from Host Group

Cyberoam User Guide

Screen Elements

Del

Description

Select host to be removed from the group

Click Del to select

Select All

More than one host can also be selected

Select all the hosts for deletion

Click Select All to select all the hosts

Delete button Deletes all the selected hosts

Table – Remove Host from Host Group screen elements

Delete Host Group

Select Firewall Host Group Manage

Screen – Delete Host Group

Screen Elements

Del

Description

Select host group for deletion

Click Del to select

Select All

More than one group can also be selected

Select all the groups for deletion

Click Select All to select all the groups

Delete button Deletes all the selected groups

Table – Delete host Group screen elements

57

Cyberoam User Guide

Add Host

Select Firewall Host Add to open the add page

Screen – Add Host

Screen Elements

Add Host

Host Name

Host Type

Network

Select Host Group

Create button

Description

Specify host name

Select host type i.e. single IP address with subnet or range

of IP address

Specify network address or range of IP address

Select host group

Add a new host

Table – Add Host screen elements

Manage Host

Select Firewall Host Manage to view the list of hosts

Screen – Delete Host

Screen Elements

Del

Description

Select host to be deleted

58

Cyberoam User Guide

Click Del to select

Select All

Delete button

More than one host can also be selected

Select all the hosts for deletion

Click Select All to select all the hosts

Deletes all the selected hosts

Table – Delete Host screen elements

59

Cyberoam User Guide

Setting up Logon Pools

Logon Pool is a collection of a single IP addresses or range of IP addresses. Add IP addresses/Nodes at

the time of creation of Logon Pool or after the creation.

Create a new Logon Pool

Prerequisite

• Bandwidth policy created

Select Group Logon Pool Add Logon Pool

Screen - Create Logon Pool

Screen Elements

Description

Logon Pool Details

Logon Pool name

Is Logon Pool

public

Specify name of Logon Pool

Public IP address is routable over the Internet and do not need Network

Address Translation (NAT)

Bandwidth policy

Click to Select, if the IP Addresses assigned to Users are Public IP

addresses

Specify Bandwidth Policy for Logon Pool


Description

Machine details

From – To

Click View details link to view details of the policy


Specify range of IP Address that will be used by Users to login

60

Cyberoam User Guide

Machine name

Create button

Specify machine name

Add a new Logon Pool

Table - Add Logon Pool screen elements

61

62

Cyberoam User Guide

Traffic Discovery

"Network security" is controlling who can do what on your network. Control is all about detecting and

resolving any activity that does not align with your organization's policies.

Traffic discovery provides a comprehensive, integrated tool to tackle all your Network issues. It performs

network traffic monitoring by aggregating the traffic passing through Cyberoam. It helps in determining

the amount of network traffic generated by an application, IP address or user.

View your network's traffic statistics, including protocol mix, top senders, top broadcasters, and error

sources. Identify and locate bandwidth hogs and isolate them from the network if necessary. Analyze

performance trends with baseline data reports.

The discovered traffic pattern is presented in terms of

• Application

• User

• LAN IP Address

Apart from details of live connection’s traffic pattern, Cyberoam also provides current date’s connection

history.

Live Connections report

Application wise

Application wise Live Connections displays list of Applications running on the network currently. It also

displays which user is using the application currently and total data transferred using the application.

Select Traffic Discovery Live Connections Application wise

Screen – Application wise Live connections

63

Cyberoam User Guide

Screen Elements

Application Name

Description

Applications running on network

Click Total Connections to view the connection details for

selected Application. Refer to Connection details for selected

Application

Click

to view list of Users using respective Applications



Application

Click to view WAN IP Address wise Connection details for

selected Application

Click to view Destination Port wise Connection details for


Data Transfer details

Upload Transfer Displays data uploaded using the Application

Download Transfer Displays data downloaded using the Application

Upstream Bandwidth Displays upstream bandwidth used by Application

(Kbit/sec)

Downstream Bandwidth Displays downstream bandwidth used by Application

(Kbits/sec)

Connection Details

Total Connections Displays number of connections initiating/requesting the

Application

Click to view the connection details for the respective Application

for each connection

LAN Initiated

Displays number of connections initiated by LAN IP Address for

the Application

WAN Initiated

Displays number of connections initiated by WAN IP Address for

the Application

Table – Application wise Live connections screen elements

Cyberoam User Guide

Connection details for selected Application

Report columns

Established Time

LAN IP Address

LAN PORT

WAN IP Address

WAN PORT

Direction

Upload Transfer

Download Transfer

Upstream Bandwidth

Downstream Bandwidth

Description

Time when connection was established

LAN IP Address from which the connection for the application

was established

LAN port through which connection was established for the

application

WAN IP Address to which connection was established

WAN port to which connection was established for the application

Traffic direction

Data uploaded using the Application

Data downloaded using the Application

Upstream bandwidth used by Application

Downstream bandwidth used by Application

Connection details for selected LAN IP Address and Application

Report columns

Established Time

LAN IP Address

LAN Port

WAN IP Address

WAN Port

Direction

Upload Transfer

Download Transfer

Upstream Bandwidth


Description

Time when connection was established

LAN IP Address from which the connection for the application

was established

LAN port through which connection was established for the

application

WAN IP Address to which connection was established

WAN port to which connection was established for the application

Traffic direction

Data uploaded using the Application

Data downloaded using the Application



64

Cyberoam User Guide

WAN IP Address wise Connection details for selected Application

Report columns

WAN IP Address

Total Connections

LAN Initiated

WAN Initiated

Upload Transfer

Download Transfer

Upstream Bandwidth


Description

WAN IP Addresses to which Connection was established by the


Number of connections established to the WAN IP Address

Number of connections initiated from LAN

Number of connections initiated from WAN

Data uploaded during the connection

Data downloaded during the connection



Destination Port wise Connection details for selected Application

Report columns

Destination Port

Total Connections

LAN Initiated

WAN Initiated

Upload Transfer

Download Transfer

Upstream Bandwidth


Description

Destination ports to which Connection was established by the


Number of connections established through the destination port

Number of connections initiated from LAN

Number of connections initiated from WAN

Data uploaded during the connection

Data downloaded using the connection



65

66

Cyberoam User Guide

User wise

User wise Live Connections displays which user is using which Application and is consuming how much

bandwidth currently.

Select Traffic Discovery Live Connections User wise

Screen – User wise Live connections

Screen Elements

User Name

Description

Network Users requesting various Applications

Click Total Connections to view the connection details for selected

User.

Click

to view list of Applications used by the respective users

Click Total Connections to view the connection details for selected

User and Application

Click to view WAN IP Addresses wise Connection details for

selected User


Upload Transfer

Download Transfer

Upstream Bandwidth

(Kbit/sec)


(Kbits/sec)

Connection Details

Total Connections

Click to view Destination ports wise Connection details for

selected User

Displays data uploaded by the User

Displays data downloaded by the User

Displays upstream bandwidth used by User

Displays downstream bandwidth used by User

Displays number of connections initiated by the User

LAN Initiated

WAN Initiated

Click to view connection details initiated by the User for each

connection

Displays number of connections initiated from LAN IP Address by

the User

Displays number of connections initiated from WAN IP Address by

the User

Table – User wise Live connections screen elements

67

Cyberoam User Guide

LAN IP Address wise

LAN IP Address wise Live Connections displays list of Applications currently accessed by LAN IP

Address.

Select Traffic Discovery Live Connections LAN IP Address wise

Screen –LAN IP Address wise Live connections

Screen Elements

LAN IP Address

Description

LAN IP Address requesting various Applications


selected LAN IP Address.

Click to view list of Applications requested by the respective

LAN IP Address


selected LAN IP Address and Application


selected LAN IP Address


Upload Transfer

Download Transfer

Upstream Bandwidth

(Kbit/sec)


(Kbits/sec)

Connection Details



Displays data uploaded from the LAN IP Address

Displays data downloaded from the LAN IP Address

Displays upstream bandwidth used by LAN IP Address

Displays downstream bandwidth used by the LAN IP Address

Cyberoam User Guide

Total Connections

Displays number of connections initiated by the LAN IP Address

Click to view connection details initiated by the LAN IP Address

for each connection

LAN Initiated

Displays number of connections initiated from LAN IP Address

WAN Initiated

Displays total number of connections initiated from WAN IP

Address

Table –LAN IP Address wise Live connection screen elements

Apart from the live connection details, details of the connections that are closed can be also be viewed.

The details for all the connections that are closed during last 24 hours are shown. You can also select the

history duration.

68

69

Cyberoam User Guide

Today’s Connection History

Application wise

It displays list of Applications accessed during the selected duration and by user and/or LAN IP Address.

Select Traffic Discovery Today’s Connection History Application wise

Screen – Today’s Connection History – Application wise

Screen Elements

Description

Select Start time and Stop time

Start time & Stop time Select the history duration

Refresh Data button Click to refresh the data after the start time or stop time is

changed to get the latest data

Application Name Applications running on network



Application

Click

to view list of users using respective Applications


selected LAN IP Address and Application. Refer to Connection

details for selected LAN IP Address and Application

Click to view WAN IP Address wise Connection details for



Upload Transfer

Download Transfer

Upstream Bandwidth

(Kbit/sec)

Click to view Destination Port wise Connection details for


Displays data uploaded using the Application

Displays data downloaded using the Application

Displays upstream bandwidth used by Application

Cyberoam User Guide

Downstream Bandwidth Displays downstream bandwidth used by Application

(Kbits/sec)

Connection Details

Total Connections Displays number of connections initiating/requesting the

Application

Click to view the connection details for the respective Application

for each connection

LAN Initiated

Displays number of connections initiated by LAN IP Address for

the Application

WAN Initiated

Displays number of connections initiated by WAN IP Address for

the Application

Table – Today’s Connection History – Application screen elements

70

71

Cyberoam User Guide

User wise

It displays list of Users who has logged on to network during the selected duration and accessed which

applications.

Select Traffic Discovery Today’s Connection History User wise

Screen – Today’s Connection History – User wise

Screen Elements

Description





User Name

Network Users requesting various Applications


selected User.

Click

to view list of Applications used by the respective users


selected User and Application


selected User


Upload Transfer


selected User

Displays data uploaded by the User

72

Cyberoam User Guide

Download Transfer

Upstream Bandwidth

(Kbit/sec)


(Kbits/sec)

Connection Details

Total Connections

Displays data downloaded by the User

Displays upstream bandwidth used by User

Displays downstream bandwidth used by User

Displays number of connections initiated by the User

Click to view connection details initiated by the User for each

connection

LAN Initiated

Displays number of connections initiated from LAN IP Address by

the User

WAN Initiated

Displays number of connections initiated from WAN IP Address

by the User

Table – Today’s Connection History – User wise screen elements

73

Cyberoam User Guide

LAN IP Address wise

It displays list of Applications accessed during the selected duration by each LAN IP Address.

Select Traffic Discovery Today’s Connection History LAN IP Address wise

Screen – Today’s Connection History – LAN IP Address wise

Screen Elements

Description





LAN IP Address LAN IP Address requesting various Applications


selected LAN IP Address.

Click to view list of Applications requested by the respective

LAN IP Address


selected LAN IP Address and Application




Upload Transfer

Download Transfer

Upstream Bandwidth

(Kbit/sec)


(Kbits/sec)

Connection Details



Displays data uploaded from the LAN IP Address

Displays data downloaded from the LAN IP Address

Displays upstream bandwidth used by LAN IP Address

Displays downstream bandwidth used by the LAN IP Address

Cyberoam User Guide

Total Connections

Displays number of connections initiated by the LAN IP Address

Click to view connection details initiated by the LAN IP Address

for each connection

LAN Initiated

Displays number of connections initiated from LAN IP Address

WAN Initiated

Displays total number of connections initiated from WAN IP

Address

Table – Today’s Connection History – LAN IP Address wise screen elements

74

75

Cyberoam User Guide

Policy Management

Cyberoam allows controlling access to various resources with the help of Policy.

Cyberoam allows defining following types of policies:

1. Control individual user surfing time by defining Surfing quota policy. See Surfing Quota policy for

more details.

2. Schedule Internet access for individual users by defining Access time policy. See Access time

policy for more details.

3. Control web access by defining Internet Access policy. See Internet Access policy for more

details.

4. Allocate and restrict the bandwidth usage by defining Bandwidth policy. See Bandwidth policy for

more details.

5. Limit total as well as individual upload and/or download data transfer by defining data transfer

policy. See Data Transfer policy for more details.

Cyberoam comes with several predefined policies. These predefined policies are immediately available

for use until configured otherwise.

Cyberoam also lets you define customized policies to define different levels of access for different users

to meet your organization’s requirements.

Cyberoam User Guide


Surfing quota policy defines the duration of Internet surfing time. Surfing time duration is the allowed time

in hours for a Group or an Individual User to access Internet.

Surfing quota policy:

• Allocates Internet access time on cyclic or non-cyclic basis

• Single policy can be applied to number of Groups or Users

Cyberoam comes with several predefined policies. These predefined policies are immediately available

for use until configured otherwise. Cyberoam also lets you define customized policies to define different

levels of access for different users to meet your organization’s requirements.

Create Surfing Quota policy

Select Policies Surfing Quota Policy Create policy to open the create page

Screen - Create Surfing Quota policy

Screen Elements

Description

Create Surfing Quota policy

Name

Specify policy name. Choose a name that best describes the policy

Cycle type

Specify cycle type

Cycle hours

Only if cycle type

is not ‘Non cyclic’

Allotted Days

Available options

Daily – restricts surfing hours up to cycle hours defined on daily basis

Weekly – restricts surfing hours up to cycle hours defined on weekly

basis

Monthly – restricts surfing hours up to cycle hours defined on monthly

basis

Yearly – restricts surfing hours up to cycle hours defined on yearly basis

Non-cyclic – no restriction

Specify upper limit of surfing hours for cyclic type policies

At the end of each Cycle, cycle hours are reset to zero i.e. for ‘Weekly’

Cycle type, cycle hours will to reset to zero every week even if cycle

hours are unused

Restricts surfing days

76

77

Cyberoam User Guide

Unlimited Days

Allotted Time

Unlimited Time

Specify total surfing days allowed to limit surfing hours

Does not restrict surfing days and creates Unlimited Surfing Quota

policy.

Click to select

Allotted time defined the upper limit of the total surfing time allowed i.e.

restricts total surfing time to allotted time

Specify surfing time in Hours & minutes

Select if you do not want to restrict the total surfing time

Shared allotted

time with group

members

Policy Description

Create button

Click to select

Specify whether the allotted time will be shared among all the group

members or not

Click to share

Specify full description of the policy

Creates policy

Table - Create Surfing Quota policy screen elements

Note

Policies with the same name cannot be created

Cyberoam User Guide

Update Surfing Quota policy

Select Policies → Surfing Quota policy → Manage policy and click Policy name to be

modified

Screen - Update Surfing Quota policy

Screen Elements

Description

Edit Surfing Quota policy

Name

Displays policy name, modify if required

Cycle Type

Displays Cycle type, modify if required

Cycle Hours

Displays allotted Cycle hours

Allotted Days Displays allotted days, modify if required

Or

Unlimited Days

78

Allotted time

Or

Unlimited time

Shared allotted time

with group members

Policy Description

Update button

Cancel button

Displays allotted time in hours, minutes, modify if required

Cyberoam User Guide

Displays whether the total allotted time is shared among the

group members or not, modify if required

Displays description of the policy, modify if required

Updates and saves the policy

Cancels the current operation and returns to Manage Surfing

Quota policy page

Table - Update Surfing Quota policy screen elements

Note

The changes made in the policy become effective immediately on updating the changes.

Delete Surfing Quota policy

Prerequisite

• Not assigned to any User or Group

Select Policies → Surfing Quota policy → Manage policy to view list of policies

Screen - Delete Surfing Quota policy

Screen Elements

Del

Description

Select policy for deletion

Click Del to select

Select All

More than one policy can also be selected

Select all the policies for deletion

Click Select All to select all the policies

Delete button Deletes all the selected policies

Table - Delete Surfing Quota policy screen elements

79

Cyberoam User Guide

Access Time policy

Access time is the time period during which user can be allowed/denied the Internet access. An example

would be “only office hours access” for a certain set of users.

Access time policy enables to set time interval - days and time - for the Internet access with the help of

schedules. See Schedules for more details.

A time interval defines days of the week and times of each day of the week when the user will be

allowed/denied the Internet access.

Two strategies based on which Access time policy can be defined:

Allow strategy By default, allows access during the schedule

Deny strategy By default, disallows access during the schedule

Create Access Time policy

Prerequisite

• Schedule created

Select Policies Access Time Policy Create policy to open create policy page

Screen - Create Access Time policy

Screen Elements

Description

Access Time policy details

Name

Specify policy name. Choose a name that best describes the policy to

be created

Schedule

Specify policy schedule

Users will be allowed/disallowed access during the time specified in the

schedule.

Click Schedule list to select

Click View details link to view the details of selected schedule

80

Cyberoam User Guide

Strategy for selected

Schedule

Refer to Define Schedule on how to create a new schedule

Specify strategy to policy

Allow – Allows the Internet access during the scheduled time interval

Disallow - Does not allow the Internet access during the scheduled time

interval

Description

Create button

Click to select

Specify full description of policy

Creates policy

Table - Create Access Time policy screen elements

Note


81

82

Cyberoam User Guide

Update Access Time policy

Select Policies → Access Time policy → Manage policy and Click Policy name to be

modified

Screen - Update Access Time policy

Screen Elements

Description

Access Time policy details

Name


Schedule

Displays selected policy schedule

To modify,

Click Schedule list and select new schedule

Cyberoam User Guide

Strategy for selected

Schedule

Click View details link to view details of the selected schedule

Displays Schedule strategy

Description

Save button

Cancel button

Cannot be modified

Displays description of the policy, modify if required

Saves the modified details

Cancels current operation and returns to Manage Access Time

policy

Table - Update Access Time policy screen elements

Note

The changes made in the policy become effective immediately on saving the changes.

Delete Access Time policy

Prerequisite


Select Policies → Access Time policy → Manage policy to view the list of policies

Screen - Delete Access Time policy

Screen Elements

Del

Description


Click Del to select

Select All




Delete button Deletes all the selected policies

Table - Delete Access Time policy screen elements

83

84

Cyberoam User Guide


Internet Access policy controls user’s web access. It helps to manage web access specific to the

organization’s need. It specifies which user has access to which sites or applications and allows defining

policy based on almost limitless parameters like:

1. Individual users

2. Groups of users

3. Time of day

4. Location/Port/Protocol type

5. Content type

6. Bandwidth usage (for audio, video and streaming content)

When defining a policy, you can deny or allow access to an entire application category, or to individual

file extensions within a category. For example, you can define a policy that blocks access to all audio files

with .mp3 extensions.

Two basic types of Internet Access policy:

1. Default Allow

2. Default Disallow

Default Allow

By default, allows user to view everything except the sites and files specified in the web categories

E.g. To allow access to all sites except Mail sites

Default Disallow

By default, prevents user from viewing everything except the sites and files specified in the web

categories

E.g. To disallow access to all sites except certain sites

85

Cyberoam User Guide

Create a new Internet Access policy

Select Policies Internet Access Policy Create Policy to open the create policy page

Screen - Create Internet Access policy

86

Cyberoam User Guide

Screen Elements

Description

Internet Access policy details

Name


to be created

Using Template Select a template if you want to create a new policy based on an

existing policy and want to inherit all the categories restrictions from

the existing policy

Policy Type

Only for ‘Blank’

option in Using

Template field

Description

Reporting

Select ‘Blank’ template, if you want to create a fresh policy without

any restrictions. After creation you can always customize the

category restrictions according to the requirement.

Select default policy type

Available options

Allow – Allows access to all the Internet sites except the sites and

files specified in the Categories

Deny – Allows access to only those sites and files that are specified

in the Categories

Specify full description of policy

By default, Internet usage report is generated for all the users. But

Cyberoam allows to bypass reporting of certain users.

Click ‘Off’ to create Bypass reporting Internet access policy. Internet

usage reports will not include access details of all the users to whom

this policy will be applied.

Create button

Click ‘On’ to create policy which will include access details of all the

users in Internet usage reports to whom this policy is applied.

Creates policy and allows to add Category restriction

Refer to Add Category for more details

Internet Access policy Rules

Add button

Allows to define Internet Access policy rules and assign Web, File

Type and Application Protocol Categories to Internet Access policy

Save button

Show Policy

Members button

Cancel button

Click to add

Refer to Add Internet Access policy rule for more details

Saves policy

Opens a new page and displays list of policy members

Cancels the current operation and return to Manage Internet Access

policy page

Table - Create Internet Access policy screen elements

Note


Add Internet Access policy rule

Cyberoam User Guide

Screen – Add Internet Access policy rule

Screen Elements

Rule details

Select Category

Description

Displays list of custom Web, File Type and Application Protocol

Categories

Displays list of Categories assigned to policy

In Category Name column,

W represents Web Category

F represents File Type Category

A represents Application Protocol Category

D represents Default Category

C represents Customized i.e. User defined Category

Select Categories to be assigned to policy.

In Web Category list, click to select

In File Type list, click to select

In Application Protocol list, click to select

Use Ctrl/Shift and click to select multiple Categories

Strategy

During Schedule

If ‘Web and Application Filter’ subscription module is registered, all

the default categories will also be listed and can be for restriction.

Allows/Disallows access to the selected Categories during the period

defined in the schedule

Click Strategy box to see options and select

Allows/Disallows access to the selected Categories according to the

strategy defined during the period defined in the schedule

Allow/Disallow will depend on the strategy selected

View details link

Click Schedule box to see options and select

Opens a new window and displays details of the selected schedule

Add button

Click to view

Click Close to close the window

Add rule to Internet Access policy

87

Cyberoam User Guide

Cancel button

Click to add rule


Table – Add Internet Access policy rule screen elements

Update Internet Access policy

Select Policy Internet Access policy Manage Policy and click policy name to be

modified

Screen - Update Internet Access policy

Screen Elements

Description

Internet Access policy details

Name

Displays policy name

Policy Type

Description

Reporting

Cannot be modified

Displays policy type

Cannot be modified

Displays policy description, modify if required

By default, Internet usage report is generated for all the users. But

Cyberoam allows to bypass reporting of certain users.

Click ‘Off’ to create Bypass reporting Internet access policy.

Internet usage reports will not include access details of all the

users to whom this policy will be applied.

Click ‘On’ to create policy which will include access details of all the

users in Internet usage reports to whom this policy is applied.

Internet Access policy Rules

88

Cyberoam User Guide

Displays list of Categories assigned to policy

In Category Name column,

W represents Web Category

F represents File Type Category

A represents Application Protocol Category

Add button

D represents Default Category

C represents Customized i.e. User defined Category

Allows to define a new rule

Click to add

Delete button

MoveUp button

Only when more

than one rule is

defined

Refer to Add Internet Access policy rule for more details

Allows to delete the selected rule(s)

Refer to Delete Internet Access policy rule for more details

Moves the selected rule one step up

Click rule that is to be moved one-step up. This will highlight

selected rule.

Click MoveUp to move the selected rule one step upwards

MoveDown button

Only when more

than one rule is

defined

Update button

Only when more

than one rule is

defined

Save button

Show Policy members

button

Cancel button

Moves the selected rule one step down

Click rule, which is to be moved one-step down. This will highlight

selected rule.

Click Move Down to move the selected rule one step downwards

Saves the modified sequence of the rules

Saves the modifications

Opens a new page and displays list of policy members

Cancels the current operation and returns to Manage Internet

Access policy page

Delete Internet Access policy rule

Table - Update Internet Access policy screen elements

Screen - Delete Internet Access policy rule

89

Cyberoam User Guide

Screen Elements

Del

Description

Select rule to be deleted

Click Del to select

Select All

More than one rule can also be selected

Selects all rules for deletion

Click Select All to select all rules for deletion

Delete button Delete(s) selected rules

Table - Delete Internet Access policy rule screen elements

Note

Do not forget to update after changing the order

Delete Internet Access policy

Prerequisite


Select Policies Internet Access policy Manage Policy

Screen - Delete Internet Access policy

90

Cyberoam User Guide

Screen Elements

Del

Description


Click Del to select

Select All


Selects all policies for deletion

Click Select All to select all policies for deletion

Delete button

Delete(s) selected policies

Table - Delete Internet Access policy screen elements

91

92

Cyberoam User Guide

Bandwidth policy

Bandwidth is the amount of data passing through a media over a period of time and is measured in terms

of kilobytes per second (kbps) or kilobits per second (kbits) (1 Byte = 8 bits).

The primary objective of bandwidth policy is to manage and distribute total bandwidth on certain

parameters and user attributes. Bandwidth policy allocates & limits the maximum bandwidth usage of the

user and controls web and network traffic.

Policy can be defined/created for:

1. Logon Pool

It restricts the bandwidth of a Logon Pool i.e. all the users defined under the Logon Pool share

the allocated bandwidth.

2. User

It restricts the bandwidth of a particular user.

3. Firewall Rule

It restricts the bandwidth of any entity to which the firewall rule is applied.

Logon Pool based bandwidth policy

Policy restricts the bandwidth for a Logon Pool i.e. all the users defined under the Logon Pool will share

the allocated bandwidth.

User based bandwidth policy

Strict

Policy restricts the bandwidth for a particular user. There are two types of bandwidth restriction

• Strict

• Committed

In this type of bandwidth restriction, user cannot exceed the defined bandwidth limit. Two ways to

implement strict policy:

• Total (Upstream + Downstream)

• Individual Upstream and Individual Downstream

Implementation on Bandwidth specified Example

Total

(Upstream +

Downstream)

Total bandwidth

Total bandwidth is 20 kbps and

upstream and downstream combined

cannot cross 20 kbps

Individual Upstream Individual bandwidth i.e. Upstream and Downstream

and Individual separate for both

bandwidth is 20 kbps then either

Downstream

cannot cross 20 kbps

Table - Implementation types for Strict - Bandwidth policy

Strict policy – Bandwidth usage

Bandwidth usage

Bandwidth specified

Individual

Shared

For a particular user

Shared among all the users who have been assigned this policy

Table - Bandwidth usage for Strict - Bandwidth policy

93

Cyberoam User Guide

Committed

In this type of bandwidth restriction, user is allocated the guaranteed amount of bandwidth and user can

draw bandwidth up to the defined burstable limit, if available.

It enables to assign fixed minimum and maximum amounts of bandwidth to users. By borrowing excess

bandwidth when it is available, users are able to burst above guaranteed minimum limits, up to the burstable

rate. Guaranteed rates also assure minimum bandwidth to critical users to receive constant levels of

bandwidth during peak and non-peak traffic periods.

Guaranteed represents the minimum guaranteed bandwidth and burstable represents the maximum

bandwidth that a user can use, if available.

Two ways to implement committed policy:

• Total (Upstream + Downstream)

• Individual Upstream and Individual Downstream

Implementation on Bandwidth specified Example

Total

(Upstream +

Downstream)

Individual Upstream

and Individual

Downstream

Guaranteed bandwidth

Burstable bandwidth

Individual Guaranteed and

Brustable bandwidth i.e.

separate for both

Guaranteed bandwidth is 20 kbps then

upstream and downstream combined will

get 20 kbps guaranteed (minimum)

bandwidth

Burstable bandwidth is 50 kbps then

upstream and downstream combined can

get up to 50 kbps of bandwidth

(maximum), if available

Individual guaranteed bandwidth is 20

kbps then upstream and downstream

get 20 kbps guaranteed (minimum)

bandwidth individually

Individual brustable bandwidth is 50 kbps

then upstream and downstream get

maximum bandwidth up to 50 kbps, if

available individually

Table - Implementation types for Committed - Bandwidth policy

Committed policy – Bandwidth usage

Bandwidth usage

Bandwidth specified

Individual

Shared

For a particular user

Shared among all the users who have been assigned this policy

Table - Bandwidth usage for Committed - Bandwidth policy

Firewall Rule based bandwidth policy

Policy restricts the bandwidth for a particular IP address. It is similar to the User based policy with the

same type of restrictions on Implementation type & Bandwidth usage.

Cyberoam User Guide

Create Bandwidth policy

Select Policies Bandwidth Policy Create policy to open the create policy pane

Screen - Create Bandwidth policy

Common Screen Elements

Screen Elements

Description

Bandwidth Policy Details

Name

Specify policy name. Choose a name that best describes

the policy to be created

Description Specify full description of policy

Priority

Set the bandwidth priority

Create button

Cancel button

Priority can be set from 0 (highest) to 7 (lowest)

Set the priority for SSH/Voice/Telnet traffic to be highest as

this traffic is more of the interaction

Creates policy


Table - Create Bandwidth policy - Common screen elements

Note


94

Cyberoam User Guide

Create Logon Pool based bandwidth policy

Select Policies Bandwidth Policy Create policy to open the create policy page

Screen - Create Logon Pool based Bandwidth policy

Screen Elements


Policy based on

Total Bandwidth (in KB)

Description

Click Logon Pool to create Logon Pool based policy

Specify maximum amount of total bandwidth, expressed

in terms of kbps.

Specified bandwidth will be shared by all the users of the

Logon Pool

Maximum bandwidth limit is 4096 kbps

Table - Create Logon Pool based Bandwidth policy screen elements

95

Cyberoam User Guide

Create User/Firewall Rule based Strict bandwidth policy

Screen - Create User/IP based Strict Bandwidth policy

Screen Elements

Description


Policy based on Based on the selection creates policy for User or IP address

Policy Type

Click User to create User based policy

Click IP Address to create IP Address based policy

Based on the selection bandwidth restriction will be applied

In Strict type of bandwidth restriction, user cannot exceed the defined

bandwidth limit

Implementation on

In Committed type of bandwidth restriction, user is allocated the guaranteed

amount of bandwidth and can draw bandwidth up to the defined burst-able

limit, if available.

Specify implementation type of Bandwidth restriction

Click Total to implement bandwidth restriction on the Total usage

Total bandwidth

(Only for ‘TOTAL’

implementation type)

Upload Bandwidth

(Only for ‘INDIVIDUAL’


Download Bandwidth



Click Individual to implement bandwidth restriction on the Individual

Upstream and Individual Downstream bandwidth usage

Specify maximum amount of Total bandwidth, expressed in terms of kbps

Minimum bandwidth allowed is 2 kbps and maximum is 4096 kbps

Specify maximum amount of Upstream Bandwidth, expressed in terms of

kbps


Specify maximum amount of Downstream Bandwidth, expressed in terms of

kbps

96

Cyberoam User Guide


Bandwidth usage Specify whether the Bandwidth allocated is for particular user or shared

among all the policy users

Table - Create User/IP based Strict Bandwidth policy screen elements

97

Cyberoam User Guide

Create User/Firewall Rule based Committed bandwidth policy

Screen - Create User/IP based Committed Bandwidth policy

Screen Elements


Policy based on

Policy Type

Description

Creates policy based on the selection

Click User to create User based policy

Click IP Address to create IP address based policy

Based on the selection bandwidth restriction will be applied

In Strict type of bandwidth restriction, user cannot exceed the defined

bandwidth limit

In Committed type of bandwidth restriction, user is allocated the

guaranteed amount of bandwidth and can draw bandwidth up to the

defined burst-able limit, if available.

Implementation on

Click Committed to apply committed policy

Specify implementation type for Bandwidth restriction

Guaranteed (Min)/ Burstable

(Max)

(Only for ‘TOTAL’


Guaranteed (Min)/ Burstable

(Max) Upload Bandwidth



Click Total to implement bandwidth restriction on Total

Click Individual to implement bandwidth restriction on Individual

Upstream and Individual Downstream bandwidth

Specify Guaranteed and Burstable amount of Total bandwidth,

expressed in terms of kbps


Specifies Guaranteed and Burstable amount of Upstream Bandwidth,



Guaranteed (Min)/ Specifies Guaranteed and Burstable amount of Downstream Bandwidth,

98

99

Burstable(Max) Download

Bandwidth



Bandwidth usage


Cyberoam User Guide


Specify whether bandwidth specified is for a particular User or Shared

among all the policy users

Table - Create User/IP based Committed Bandwidth policy screen elements

Cyberoam User Guide

Update Bandwidth policy

Need to update Bandwidth Policy

1. Add/remove schedule based details to User/IP address based policy

2. Update bandwidth values

Select Policies → Bandwidth policy → Manage policy and click Policy name to be updated

Screen - Update Bandwidth policy

Common Screen Elements

Screen Elements

Description

Bandwidth Policy details

Name

Displays Bandwidth policy name, modify if required

Priority

Displays the bandwidth priority, modify if required

Priority can be set from 0 (highest) to 7 (lowest)

Set the priority for SSH/Voice/Telnet traffic to be

highest as this traffic is more of the interaction

Description Displays policy description, modify if required

Update button Updates and saves the policy

Cancel button Cancels current operation and returns to the Manage

Bandwidth policy page

Table - Update Bandwidth policy Common screen elements

100

Cyberoam User Guide

Update Logon Pool based bandwidth policy

Screen - Update Logon Pool based Bandwidth policy

Screen Elements


Show Members link

Policy Based On

Description

Opens a new browser window and displays bandwidth

restriction details and the member Logon Pools of the

policy


Displays type of policy

Cannot be modified

Default values to be applied all the time

Implementation on Displays Implementation type of the policy

Total Bandwidth (in KB)

Cannot be modified

Displays total bandwidth for the group, modify if required

Maximum bandwidth limit is 4096 kbps

Table - Update Logon Pool based Bandwidth policy screen elements

101

Cyberoam User Guide

Update User/Firewall Rule based Bandwidth policy

Screen - Update User based Bandwidth policy

Screen Elements


Show members link

Policy based on

Description

Opens a new browser window and displays bandwidth

restriction details, schedule details and the

members/users of the policy


Displays type of policy

Cannot be modified

Default values to be applied all the time

Implementation on

Displays implementation type of policy

Total Bandwidth

(Only for ‘TOTAL’ implementation

type)

Upload Bandwidth (in KB)

(Only for ‘STRICT’ policy type

and ‘INDIVIDUAL’ implementation

type)

Download Bandwidth (in KB)

(Only for ‘STRICT’ policy type

and ‘INDIVIDUAL’ implementation

type)

Guaranteed – Brustable Upload

Bandwidth (in KB)

(Only for ‘COMMITTED’ policy

Cannot be modified

Displays total bandwidth assigned, modify if required

Modify Upstream bandwidth value

Modify Downstream bandwidth value

Modify Upstream bandwidth value

102

Cyberoam User Guide

type and ‘INDIVIDUAL’


Guaranteed – Brustable Download

Bandwidth (in KB)

(Only for ‘COMMITTED’ policy

type and ‘INDIVIDUAL’


Policy type

Update button

Add details button

Modify Downstream bandwidth value

Displays policy type i.e. committed or strict

Cannot be modified

Updates the changes made in ‘Bandwidth restriction

details’ and ‘Default values to be applied all the time’

Allows to attach schedule to override default bandwidth

restriction

Click Add details

Refer to Attach Schedule details for more details

Table - Update User based Bandwidth policy screen elements

Attach Schedule details

Strict

Screen – Assign Schedule to User based Strict Bandwidth policy

Screen Elements

Description

Bandwidth Policy Schedule wise details

Name


Policy Type

Displays Type of bandwidth restriction

Implementation on

Click Strict to apply strict policy

Specify whether bandwidth restriction implementation is on Total or

Upstream & downstream individually

For Total

Total Bandwidth - Specify maximum amount of Total bandwidth,


For Individual

Upload Bandwidth - Specify maximum amount of Upstream bandwidth,


Download Bandwidth - Specify maximum amount of Downstream

bandwidth, expressed in terms of kbps

103

Cyberoam User Guide

Schedule

View details link

Specify Schedule


Opens the new browser window and displays the details of the schedule

selected


Add button

Assigns schedule

Cancel button Cancels the current operation

Table – Assign Schedule to User based Strict Bandwidth policy screen elements

Committed

Screen - Assign Schedule to User based Committed Bandwidth policy

Screen Elements

Description

Bandwidth Policy Schedule wise details

Name


Policy Type Displays Type of bandwidth restriction

Implementation on

Click Committed to apply committed policy

Specify whether bandwidth restriction implementation is on Total or Upstream

& downstream individually

For Total

Guaranteed(Min) Bandwidth - Specify minimum guaranteed amount of Total


Brustable(Max) Bandwidth - Specify maximum amount of Total bandwidth,


For Individual

Guaranteed(Min) Upload Bandwidth - Specify minimum guaranteed amount of

Upstream bandwidth, expressed in terms of kbps

Brustable(Max) Upload Bandwidth - Specify maximum amount of Upstream


104

Cyberoam User Guide

Guaranteed(Min) Download Bandwidth - Specify minimum guaranteed

amount of Downstream bandwidth, expressed in terms of kbps

Schedule

View details link

Brustable(Max) Download Bandwidth - Specify maximum amount of

Downstream bandwidth, expressed in terms of kbps

Specify Schedule


Opens new browser window and displays the details of the schedule selected


Add button Assigns schedule to the bandwidth policy


Table – Assign Schedule to User based Committed Bandwidth policy screen elements

Remove Schedule details

Screen - Remove Schedule from User based Bandwidth policy

Screen Elements

Select

Description

Select Schedule detail(s) for deletion

Click Select to select

Select All

More than one schedule details can also be selected

Select all details for deletion

Click Select All to select all details

Remove Detail button Removes the selected schedule detail(s)

Table - Remove Schedule from User based Bandwidth policy screen elements

Note

The changes made in the policy become effective immediately on saving the changes.

105

Cyberoam User Guide

Delete Bandwidth policy

Prerequisite

• Bandwidth policy not attached to any Logon Pool, user or IP address

Select Policies → Bandwidth policy → Manage policy to view the list of policies

Screen - Delete Bandwidth policy

Screen Elements

Del

Description


Click Del to select

Select All


Selects all polices for deletion

Click Select All to select all policies

Delete button Deletes selected policies

Table - Delete Bandwidth policy screen elements

106

107

Cyberoam User Guide


Data transfer policy:

• Limits data transfer on a cyclic or non-cyclic basis.

• Single policy can be applied to number of Groups or Users.

Data transfer restriction can be based on:

• Total Data transfer (Upload+Download)

• Individual Upload and/or Download

Cyberoam provides several predefined policies, which are available for use until configured otherwise.

You can also define customized policies to define different limit for different users to meet your

organization’s requirements.

Create Data transfer policy

Select Policies Data Transfer Policy Create Policy to open the create policy page

Screen – Create Data transfer policy

Screen Elements

Description

Create Data Transfer policy

Name


Cycle type

Specify cycle type

Available options

108

Cyberoam User Guide

Restriction based on

Daily – restricts data transfer up to cycle hours defined on daily basis

Weekly – restricts data transfer up to cycle hours defined on weekly

basis

Monthly – restricts data transfer up to cycle hours defined on monthly

basis

Yearly – restricts data transfer up to cycle hours defined on yearly basis

Non-cyclic – data restriction is defined by the Total data transfer limit

Specify whether the data transfer restriction is on total data transfer or

on individual upload or download

Click Total Data Transfer to apply data transfer restriction on the Total

(Upload + Download) data transfer

Shared allotted data

transfer with group

members

Only if Cycle Type is

‘Non-cyclic’

Policy Description

Restriction Details

Cycle Total Data

Transfer Limit (MB)


not ‘Non-cyclic’ and

Restriction is based on

‘Total Data Transfer’

Cycle Upload Data

Transfer Limit (MB)




‘Individual Data

Transfer’

Cycle Download Data

Transfer Limit (MB)




‘Individual Data

Transfer’

Total Data Transfer Limit

(MB)

Only if Restriction is

based on ‘Total Data

Transfer’

Upload Data Transfer

Limit (MB)

Click Individual Data Transfer to apply data transfer restriction on the

Individual Upload and Individual Download data transfer

Specify whether the allotted data transfer will be shared among all the

group members or not

Click to share

Specify full description of the policy

Specify Cycle Total Data transfer limit

It is the upper limit of total data transfer allowed to the user per cycle.

User will be disconnected if limit is reached.

Specify Cycle Upload Data transfer limit.

It is the upper limit of upload data transfer allowed to the user per cycle.


OR

If you do not want to restrict upload data transfer per cycle, click

Unlimited Cycle Upload Data transfer

Enter Cycle Download Data transfer limit.

It is the upper limit of download data transfer allowed to the user per

cycle. User will be disconnected if limit is reached.

OR

If you do not want to restrict download data transfer per cycle, click

Unlimited Cycle Download Data transfer

Specify Total Data transfer limit.

It is the data transfer allowed to the user and if the limit is reached user

will not be able to log on until the policy is renewed.

OR

If you do not want to restrict total data transfer, click Unlimited Total

Data Transfer

Specify Upload Data transfer limit.

It is the total upload data transfer allowed to the user and if the limit is

Cyberoam User Guide


based on ‘Individual

Data Transfer’

Download Data Transfer

Limit (MB)



Data Transfer’

reached user will not be able to log on until the policy is renewed.

OR

If you do not want to restrict total upload data transfer, click Unlimited


Specify Download Data transfer limit.

It is the upper download data transfer allowed to the user and if the limit

is reached user will not be able to log on until the policy is renewed.

OR

Create button

Cancel button

If you do not want to restrict total download data transfer, click Unlimited

Download Data Transfer

Creates policy

Cancels the current operation and returns to Manage Data transfer

policy page

Table – Create Data transfer policy screen elements

Update Data transfer policy

Select Policies → Data transfer policy → Manage policy and click Policy name to be modified

Screen – Update Data transfer policy screen

Screen Elements

Description

Edit Data Transfer policy

Name

Displays policy name, modify if required.

Cycle type

Displays cycle type

Restriction based on Displays whether the data transfer restriction is on total data transfer or

on individual upload or download

109

110

Cyberoam User Guide

Shared allotted data

transfer with group

members

Policy Description

Restriction Details

Cycle Total Data

Transfer Limit (MB)



Transfer’

Displays whether the allotted data transfer is shared among all the group

members or not

Displays full description of the policy, modify if required.

Displays Cycle Total Data transfer limit

It is the upper limit of total data transfer allowed to the user per cycle.


Cycle Upload Data

Transfer Limit (MB)



Data Transfer’

Cycle Download Data

Transfer Limit (MB)



Data Transfer’

Total Data Transfer

Limit (MB)



Transfer’


Limit (MB)



Data Transfer’

Download Data

Transfer Limit (MB)



Data Transfer’

Update button

Cancel button

Displays Cycle Upload Data transfer limit.

It is the upper limit of upload data transfer allowed to the user per cycle.


Displays Cycle Download Data transfer limit.

It is the upper limit of download data transfer allowed to the user per

cycle. User will be disconnected if limit is reached.

Displays Total Data transfer limit.

It is the data transfer allowed to the user and if the limit is reached user

will not be able to log on until the policy is renewed.

Displays Upload Data transfer limit.

It is the total upload data transfer allowed to the user and if the limit is

reached user will not be able to log on until the policy is renewed.

Displays Download Data transfer limit.

It is the upper download data transfer allowed to the user and if the limit

is reached user will not be able to log on until the policy is renewed.

Updates policy

Cancels the current operation and returns to Manage Data transfer policy

page

Table – Update Data transfer policy screen elements

Delete Data transfer policy

Prerequisite


Select Policies → Data transfer policy → Manage policy to view list of policies

Cyberoam User Guide

Screen – Delete Data transfer policy screen

Screen Elements

Del

Description


Click Del to select

Select All




Delete button Deletes all the selected policy/policies

Table - Delete Data transfer policy screen element

SNAT Policy

SNAT policy tells firewall rule to allow access but after changing source IP address i.e. source IP address

is substituted by the IP address specified in the SNAT policy.

Create SNAT policy

Select Firewall → SNAT policy → Create to open the create page

111

Cyberoam User Guide

Screen – Create SNAT policy

Screen Elements

SNAT policy

SNAT Policy Name

Description

Source Translation

Map Source IP with

Description

Specify policy name

Specify description

Specify IP address

MASQUERADE – will replace source IP address with Cyberoam’s

WAN IP address

IP – will replace source IP address with the specified IP address

IP Range – will replace source IP address with any of the IP address

from the specified range

Create button

Creates the SNAT policy

Table – Create SNAT policy screen elements

Manage SNAT policy

Use to

• Edit policy

• Delete policy

Update policy

Select Firewall → SNAT policy → Manage to view the list of polices. Click the policy to be

modified.

112

Cyberoam User Guide

Screen – Update SNAT policy

Screen Elements

SNAT policy

SNAT Policy Name

Description

Source Translation

Map Source IP with

Update button

Description


Displays description, modify if required

Specify IP address

MASQUERADE – will replace source IP address with Cyberoam’s

WAN IP address

IP – will replace source IP address with the specified IP address

IP Range – will replace source IP address with any of the IP address

from the specified range

Saves the modifications

Table – Update SNAT policy screen elements

Delete SNAT policy

Select Firewall → SNAT policy → Manage to view the list of polices.

113

Cyberoam User Guide

Screen – Delete SNAT policy

Screen Elements

Del

Description


Click Del to select

Select All





Table – Delete SNAT policy screen elements

114

Cyberoam User Guide

DNAT Policy

DNAT rule tells the firewall to forward the requests from the specified machine/port to the specified

machine/port.

Create DNAT policy

Select Firewall → DNAT policy → Create to open the create page

Screen - Create DNAT policy

Screen Elements

DNAT policy

DNAT Policy Name

Description

Destination Translation

Map Destination IP with

Port Forward

Description

Specify policy name

Specify description

Specify IP address

IP – will replace destination IP address with the specified IP

address

IP Range – will replace destination IP address with any of the IP

address from the specified range

Enable port forwarding if you want to replace the port also.

Create button

Specify TCP Port number

Specify UDP Port number

Creates DNAT policy

Table - Create DNAT policy screen elements

115

Cyberoam User Guide

Manage DNAT policy

Use to

• Edit policy

• Delete policy

Update policy

Select Firewall → DNAT policy → Manage to view the list of polices. Click the policy to be

modified.

Screen – Edit DNAT policy

Screen Elements

DNAT policy

DNAT Policy Name

Description

Destination Translation

Map Destination IP with

Port Forward

Description



Specify IP address

IP – will replace destination IP address with the specified IP

address

IP Range – will replace destination IP address with any of the IP

address from the specified range

Displays whether port forwarding is enabled or not.

116

Cyberoam User Guide

Enable port forwarding if you want to replace the port also.

Update button

Specify TCP Port number

Specify UDP Port number

Updates DNAT policy

Table – Edit DNAT policy screen elements

Delete DNAT policy

Select Firewall → DNAT policy → Manage to view the list of polices.

Screen – Delete DNAT policy

Screen Elements

Del

Description


Click Del to select

Select All





Table – Delete DNAT policy screen elements

117

Cyberoam User Guide

Zone Management

Use to

• Update Zone details

• Delete Zone

Manage Zone

Select System Zone Manage to open the manage zone page

Screen – Edit Zone

Screen Elements

Create Zone

Zone Name

Zone Type

Description

Displays zone name

Displays zone type

LAN – Depending on the appliance in use and on your network

design, you can group one to six ports in this zone.

By default the traffic to and from this zone is blocked and hence the

highest secured zone.

DMZ (DeMilitarized Zone) - This zone is normally used for publicly

accessible servers. Depending on the appliance in use and on your

network design, you can group one to five ports in this zone.

Select Port

WAN - Depending on the appliance in use and on your network

design, you can group one to six ports in this zone.

Displays the ports binded to the to the zone, modify if required

118

Cyberoam User Guide

‘Available Ports’ list displays the list of ports that can be binded to the

selected zone.

‘Member Port’ list displays the list of ports binded to the zone

Use Right arrow button to move the selected ports to ‘Member Port’

list.

Description

Save button

Use Left arrow button to move the selected ports to ‘Available Port’

list.

Displays zone description, modify if required

Saves the zone configuration

Table – Edit Zone

Delete Zone

Prerequisite

• No hosts attached to the zone

Select System Zone Manage to open the manage zone page

Screen – Delete Zone

Screen Elements

Del

Description

Select Zone(s) for deletion

Click Del to select

Select All

Delete Group button

More than one zone can also be selected

Selects all the zones

Click Select All to select all the zones for

deletion

Delete the selected zone(s)

Table – Delete Zone

Note

Default Zones cannot be deleted

119

120

Cyberoam User Guide

Group Management

Manage Group

Update Group to:

• Change Surfing time policy applied

• Change Access time policy applied

• Change Internet Access policy applied

• Change Bandwidth policy applied

• Change Data transfer policy applied

• Change the login restriction for the users of the group

• Add new users to the group

Select Group Manage Group and click the Group to be modified

Screen - Manage Group

Screen Elements

Group Information

Group Name

Show Group

Members button


Change policy button

Description

Displays Group name, modify if required

Opens a new window and displays list of group members

Displays currently attached Surfing Quota policy to the Group

Click to change the attached Surfing Quota policy

121

Cyberoam User Guide

Only for ‘Normal’

Group type

Opens a new window and allows to select a new Surfing Quota policy

Time

(HH:mm)

Expiry date

allotted

Click Change policy

Click Select to select from available policy

Click Done to confirm the selection

Click Cancel to cancel the operation

Surfing quota policy, Time allotted & Expiry date changes accordingly

Displays total surfing time allotted by Surfing Quota policy to the Group

Cannot be modified

Displays Expiry date of the Surfing Quota policy

Period Time

(HH:mm)

Only if Surfing

Quota policy is

Non-Cyclic

Period Cycle

Only if Surfing

Quota policy is

Non-Cyclic

Used Surfing Time

Access Time policy

Only for ‘Normal’

Group type

Cannot be modified

Displays cycle hours

Cannot be modified

Displays type of cycle

Cannot be modified

Displays total time used by the Group members

Cannot be modified

Displays currently attached Access Time policy to the Group

To change

Click Access Time policy list to select

Internet

policy

Access

Click View details to view the details of the policy

Displays currently attached Internet Access policy to the Group

To change


Bandwidth policy


Displays currently attached Bandwidth policy to the Group

To change

Click Bandwidth policy list to select



Displays currently attached Data Transfer policy to the Group

To change


Login Restriction

Change Login

Restriction button

Save button

Add Members


Display login restriction applied to the Group members

Click to change login restriction

Refer to Change Login Restriction for more details


Allows to add members to the group

Click to add

122

Cyberoam User Guide

Renew Data Transfer

(Only if Data

transfer policy is

Non-cyclic and

shared)

Cancel button

Note

Refer to Add Group Members for details

Renews data transfer policy of all the group memebers


Table - Manage Group screen elements

Any changes made are applicable to all the group members

Add Group Member(s)

Screen – Add Group Member

Screen Elements

Select Group

Username/Name

starting with (* for All)

Search button

Description

Members from the selected group will be transferred to the

current group

Click to select the Group

Search user

Specify username or * to display all the users

Search user from the selected Group

Displays list of users in the selected Group

Add button

Close button

Click Add to select the user to be added

More than one user can also be selected

Adds selected user(s) to the group

Closes the window and returns to Edit Group page

Table – Add Group Member screen elements

Cyberoam User Guide

Update Group

Need may arise to change the Group setting after the creation of Group.

To

Show Group Members

Change Surfing Quota Policy

Only for ‘Normal’ Group type

Change Access Time Policy

Change Internet Access policy

Change Bandwidth Policy

Change Data transfer policy

Change Login Restriction

Click

Show Group Members button

Refer to View Group members for details

Change Policy button

Access Time Policy list

Internet Access policy list

Bandwidth Policy list

Data transfer policy list

Change Login Restriction button

Table - Need to Update group

Show Group Members

Screen - Show Group Members

Screen Elements

Group name

Total members

User Name

Employee Name

Allotted Time

Expiry Date

Description

Displays Group name

Displays Total Group members/users

User name

Name with which the Employee logs in

Employee name

Total Allotted time to the user

Refer to Access Time policy for details

Expiry date of the policy attached to the User

Refer to Surfing time policy for details

Used Time

Total time used by the User

Close button

Closes the window

Table - Show Group Members screen elements

123

Cyberoam User Guide

Change Login Restriction

Screen - Change Login Restriction

Screen Elements

Description

Login Restriction

Displays the current login restriction

Click to change the current restriction

Save button

Saves if the restriction is changed

Cancel button


Select Node(s) button

Click to select the Node for restriction

Only if the option ‘Allowed login

from selected nodes’ is selected

IP address

Displays IP address

Machine name

Displays Machine name if given

Allowed from

Click to select

Multiple nodes can be selected

Apply Restriction button

Applies the login restriction for the group

members i.e. Group members will be able to

login from the above selected nodes only

Cancel button


Table - Change Login Restriction screen elements

124

Cyberoam User Guide

Delete Group

Prerequisite

• No Group members defined

Select Group Manage Group and view the list of Groups

Screen - Delete Group

Screen Elements

Del

Description

Select Group(s) for deletion

Click Del to select

Select All

More than one Group can also be selected

Selects all the Groups

Click Select All to select all the Groups for

deletion

Delete Group button Delete the selected Group(s)

Table - Delete Group screen elements

125

Cyberoam User Guide

User Management

Search User

Use to search the User

Select User Search User

Screen - Search User

Screen Elements

Search User

Enter Username

Search User button

Description

Specify Search criteria

Searches all types of users based on the entered criteria

Click to search

Table - Search User screen elements

Search criteria

Result

Mark

Details of the user ‘Mark’

A

Details of all the users whose User name or Name contains ‘a’

192.9.203.102 Details of the user ‘192.9.203.102’

8 Details of all the users whose User name or Name contains ‘8’

Table - Search User – Result

126

Cyberoam User Guide

Live User

Use Live users page to

• view list of all the currently logged on Users

• modify user details

• send message to any live user

• disconnect any live user

Select User Manage Live Users

Screen – Manage Live Users

Report Columns

Concurrent Sessions

Current System time

User name

Click to change the display order

Name

Connected from


Public IP

Start time


Time (HH:mm)

Upload Data transfer


Download Data transfer


Bandwidth (bits/sec)

Select

Description

Displays currently connected total users (Normal, Clientless,

and Single sign on client Users)

Displays current system time in the format - Day, Month

Date,HH:MM

Displays name with which user has logged in

Click User name link to View/Update user details

Displays User name

Click Name link to view Group and policies details attached

to the User

Displays IP address of the machine from which user has

logged in

Displays Public IP address if User has logged in using public

IP address

Displays login time

Displays total time used in hours and minutes

Displays Data uploaded

Displays Data downloaded

Displays Bandwidth used

Select User for sending message or disconnecting

Send Message button

Disconnect button

More than one User can be selected

Sends message to the selected User(s)

Disconnects the selected User(s)

Table – Manage Live User screen elements

127

Cyberoam User Guide

Manage User

Update User

Manage Normal & Single Sign on Client Users

Select User User Manage Active to view the list of Users and click User name to be modified

OR

Select User User Manage Deactive to view the list of Users and click User name to be

modified

Manage Clientless Users

Select User Clientless Users Manage Clientless Users to view list of Users and click

User name to be modified

Need may arise to change the User setting after the creation of User.

To

Change the personal details or password

of the User

View User Accounts details

Change the User Group

Change Access Time Policy assigned to

the User

Change Internet Access Policy assigned

to the User

Change Bandwidth Policy assigned to the

User

Change Data Transfer policy assigned to

the User

Change Login Restriction of the User

Click

Edit personal details/Change Password

Refer to Change Personal details for more

details

User My Account

Refer to User My Account for more details

Change Group

Refer to Change Group for more details

Access Time policy list

Refer to Change Individual Policy for more

details

Internet Access policy list


details

Bandwidth policy list


details

Data Transfer policy list


details

Change Login restriction button

Refer to Change Login Restriction for more

details

Table - Need to Update User

128

Cyberoam User Guide

Screen - Manage User

Screen Elements

Personal Information

Username

Edit Personal details/Change

Password button

Description

Displays username with which the user logs on

Cannot be modified

Allows to change the User’s personal details and login

password

Click Edit Personal details to change

Name

Birth date

Email

User My Account button

Windows Domain Controller

Only if Authentication is done

by Windows Domain Controller

User type

Refer to Personal details table for more details

Displays User/Employee name

Cannot be modified

Displays Birth date of User

Displays Email ID of User

Click to view/update the my account details

Refer to User My Account

Displays Authentication server address, modify if

required

Displays User type

129

Cyberoam User Guide

Number of simultaneous login(s)

allowed

Policy Information

Group

Change Group button

Cannot be modified

Displays whether simultaneous login is allowed or not,

modify if required

Displays Group in which User is defined

Allows to change Group of the User

Time Allotted to User (HH:mm)

User Policy Expiry Date

Time used (HH:mm)

Opens a new window and allows to select a new Group

Displays total time allotted to User in the format Hours:

Minutes

Cannot be modified

Displays Expiry date

Cannot be modified

Displays total time used by the User in the format

Hours: Minutes

Period time

Period Cycle

Cycle Time used

Access Time Policy

Cannot be modified

Displays allowed total cycle hours

Displays cycle type

Displays cycle time used

Displays currently assigned Access Time policy to the

User, modify if required

To view the details of the policy

Click View details


Refer to Change Individual Policy on how to change the

assigned policy

Displays currently assigned Internet Access policy to

the User


Click View details

Bandwidth policy


assigned policy

Displays currently assigned Bandwidth policy to the

User


Click View details



assigned policy

Displays currently assigned Data Transfer policy to the

User


Click View details

Login Restriction


assigned policy

Display currently applied login restriction to the User

130

Cyberoam User Guide

Change login restriction button

Click to change user login restriction applied

Refer to Change User Login restriction for details

Save button


Re-apply Current policy button Reapplies all the current policies at the time of renewal

Cancel button


Table - Manage User screen elements

Change Personal details

Screen - Change User Personal details

Screen Elements


Username

Name

New password

Re-enter New password

Birth date

Description

Displays the name with which user has logged in

User name, modify if required

Type the new password

Re-enter new password

Should be same as typed in new password

Displays birth date, modify if required

User My Account

Use Popup Calendar to change

Email

Displays Email ID of the user, modify if required

User type

Displays User type, modify if required

Update button

Updates the changes made

Cancel button

Cancels the current operation and returns to Edit User page

Table - Change User personal details screen elements

User My Account gives details like Personal details and Internet usage of a particular user. User can

change his/her password using this tab.

Administrator and User both can view these details.

1. Administrator can view details of various users from User → User → Manage Active and click

Username whose detail is to be checked. Click User My Account, it opens a new browser window.

131

132

Cyberoam User Guide

Screen - User My Account

2. Normal Users can view their MyAccount details from task bar.

In the task bar, double click the Cyberoam client icon and click My Account. It opens a new window

and prompts for MyAccount login Username and Password.

Screen - User My Account

Opens a new window with following sub modules: Personal, Client, Account status, Logout

Cyberoam User Guide

Personal

Allows viewing and updating password and personal details of the user

Change Password

Select Personal → Change Password

Screen - Change Password

Screen Elements

Change Password

Username

Current Password

New password

Re-enter New password

Description


Type the current password

Type the new password

Re-enter new password

Update

Should be same as new password

Update the changes made

Table - Change password screen elements

Change Personal details

Select Personal → Personal Detail

Screen - Change Personal details

Screen Elements

Description


Username

Displays the name with which user logs in

Name

Birth Date

Email

Update

Cannot be modified

Displays User name, modify if required

Displays birth date

Use Popup Calendar to change

Displays Email ID of the user

Cannot be modified

Update the changes made

Table - Change Personal details screen elements

133

Cyberoam User Guide

Account status

Allows viewing Internet & Printer usage of the user

Internet Usage

Screen - Internet Usage Status

Screen Elements

Policy Information

Username

Group

Time allotted to User

(HH:mm)

Expiry date

Time used by User

(HH:mm)

Usage Information

Upload Data transfer

Download Data transfer

Total Data transfer

Description


Displays the name of the User Group

Displays total surfing time allotted to the user in the Surfing

time policy

Displays Expiry date

Displays total time used by the User

Displays allotted, used and remaining upload data transfer

Allotted upload data transfer is configured from Data transfer

policy

Displays allotted, used and remaining download data transfer

Allotted download data transfer is configured from Data

transfer policy

Displays allotted, used and remaining total data transfer

Get Internet Usage

information for month

Submit button

Allotted total data transfer is configured from Data transfer

policy

Select Month

Select Year

Click to view the Internet usage report for the selected period

Table - Internet Usage screen elements

Report displays IP address from where user had logged in, session start and stop time, total used time,

data uploaded and downloaded during the session and total data transferred during the session.

134

Cyberoam User Guide

Change Group

Screen - Change Group

Screen Elements

Policy Information

Change Group button

Description

Opens a new window and displays list of Groups

Select

Done button

Cancel button

Click to change the User group

Click to select

Adds User to the Group


Table - Change Group screen elements

Change Individual Policy

Screen Elements

Policy Information

Access Time policy


Bandwidth policy


Save

Description

Specify Access Time policy. It overrides the assigned Group

Access time policy.

Click Access policy list to select

Specify Internet Access policy. It overrides the assigned Group

Internet Access policy.


Specify Bandwidth policy. It overrides the assigned Group

Bandwidth policy

Click Bandwidth policy list to select

Specify Data Transfer policy. It overrides the assigned Group



Saves the changes

Table - Change Individual policy

135

Cyberoam User Guide

Change User Login Restriction

Screen - Change User Login Restriction

Screen Elements

Description

Login restriction

Change login restriction

button

Allowed login from all the

nodes

Allowed login from Group

node(s)

Allowed login from selected

node(s)

Save button

Cancel button

Click to change the login restriction

Allows user to login from all the nodes of the Network

Allows Users to login only from the nodes assigned to the

group

Allows user to login from the selected nodes only

To select node

Click Select node

Select a Logon Pool from the Logon Pool name list

Click Select to select the IP addresses to be added to the policy

Click Select All to select all IP addresses

Click OK to assign policy to the selected IP Addresses

Click Close to cancel the operation

Saves the above selection

Cancel the current operation

Table - Change User Login Restriction screen elements

136

Cyberoam User Guide

Delete User

User can be deleted from Active list as well as from Deactive list

To delete active user, click User → User → Manage Active

Screen - Delete Active User

To delete de-active user, click User → User → Manage Deactive

Screen - Delete Deactive User

To delete Clientless user, click User → Clientless User → Manage Clientless User

Screen - Delete Clientless User

Screen Elements

Select

Description

Select User to be deleted


Select All

Delete button


Selects all the users for deletion

Click Select All to select all

Deletes all the selected User(s)

Table - Delete User screen elements

137

Cyberoam User Guide

Deactivate User

User is de-activated automatically in case he has overused one of the resources defined by policies

assigned. In case, need arises to de-activate user manually, select User → User → Manage Active

Screen - Deactivate User

Screen Elements

Select

Description

Select User to be deactivated


More than one user can be selected

Select All

Select all the users

Deactivate button Deactivates all the selected User(s)

Table - Deactivate User screen elements

View the list of deactivated users by User → User → Manage Deactive

138

Cyberoam User Guide

Activate User

To activate normal and Single sign on Client user, click User → User → Manage Deactive

To activate Clientless user, click User → Clientless Users → Manage Clientless Users

Screen - Activate Normal User

Screen - Activate Clientless User

Screen Elements

Select

Description

Select User to be activated

Click Activate to select

Select All

Activate button

More than one user can be selected

Selects all the users

Click Select All to select

Activates all the selected User(s)

Table - Activate User screen elements

139

140

Cyberoam User Guide

Logon Pool Management

Search Node

Use Search Node Tab to search the Node/IP address based on: IP address OR MAC address

Select Group Logon Pool Search Node

Screen - Search Node

Example Search criteria

Result

‘1’ list of nodes whose address contains ‘1’

‘192’ list of nodes whose address contains ‘192’

‘192.9.203.203 ‘ node whose address is ‘192.9.203.203’

‘b’

list of nodes whose address contains ‘B’

‘4C’

list of nodes whose address contains ‘4C’

‘B7’

list of nodes whose address contains ‘B7’

Table - Search Node results

Cyberoam User Guide

Update Logon Pool

Select Group Logon Pool Manage Logon Pool and click Logon Pool name to be modified

Screen - Update Logon Pool

Screen Elements

Logon Pool Details

Logon Pool name

Is Logon Pool Public

Bandwidth policy

Description

Show Nodes link

Description

Displays Logon Pool name, modify if required

Displays whether Logon Pool is of public IP addresses or not

Displays bandwidth policy attached, modify if required

Click View details link to view bandwidth restriction details and

policy members

Displays description of the Logon Pool, modify if required

Displays IP addresses defined under the Logon Pool. Allows to

Add or Delete node

Click Show nodes

Click Add Node

Refer to Add node for more details

Update button

Cancel button

Click Delete Node

Refer to Delete node for more details

Updates and saves the details

Cancels the current

Table - Update Logon Pool screen elements

141

Cyberoam User Guide

Add Node

Screen - Add Node

Screen Elements

Machine details

IP address

Range link

Machine name

Create button

Cancel button

Description

IP address of the Node to be added to the Logon Pool

Click to add range of IP Address

From – To - IP addresses to be included in the Logon

Pool

Specify machine name

Adds the nodes to the Logon Pool


Table - Add Node screen elements

142

Cyberoam User Guide

Delete Node

Prerequisite

• Not assigned to any User

Screen - Delete Node

Screen Elements

Select

Description

Select the IP address of the node for deletion


Select All

More than one node can also be selected

Selects all the nodes for deletion

Click Select All to select all the nodes

Delete button Deletes the selected Node(s)

Table - Delete Node screen elements

143

Cyberoam User Guide

Delete Logon Pool

Prerequisite

• IP address from Group not assigned to any User

Select Group Logon Pool Manage Logon Pool

Screen - Delete Logon Pool

Screen Elements

Del

Description

Select the Logon Pool(s) for deletion

Click Del to select

Select All

More than one Logon Pool can also be selected

Select all the Logon Pools for deletion

Delete Logon Pool

button

Click Select All to select all the Logon Pools for

deletion

Delete the selected Logon Pool(s)

Table - Delete Logon Pool screen elements

144

145

Cyberoam User Guide

System Management

Configure Network

Network setting consists of Interface Configuration, DHCP Configuration and DNS Configuration.

Configure DNS

A Domain Name Server translates domain names to IP addresses. You can configure domain name

server for your network as follows.

At the time of installation, you configured the IP address of a single primary DNS server. You can change

this primary DNS server any time and also define additional DNS servers.

Select System Configure Network Configure DNS

Screen – Configure DNS

146

Cyberoam User Guide

Screen Elements

DNS List

Description

Displays list of Domain name servers

Add button

List order indicates preference of DNS. If more than one

Domain name server exists, query will be resolved

according to the order specified.

Allows to add IP address of Domain Name Server

Multiple DNS server can be defined

Click Add

Remove button

Move Up button

Type IP address

Click OK

Allows to remove IP address of Domain Name Server

Click IP address to select

Click Remove

Changes the order of server when more than one DNS

server defined

Moves the selected Server one step up

Move Down button

Click IP address which is to be moved up

Click MoveUp

Changes the order of server when more than one DNS

server is defined

Moves the selected Server one step down

Save button

Click IP address which is to be moved down

Click Move Down

Updates the DNS details and order, if modified

Click Save

Redirect DNS traffic to local DNS Server

DNS traffic Redirects all the DNS traffic to Cyberoam

redirection

Click Enable to redirect

Table - Configure DNS

To add multiple DNS repeat the above-described procedure. Use Move Up & Move Down buttons to

change the order of DNS. If more than one Domain name server exists, query will be resolved according

to the order specified.

Cyberoam User Guide

Configure DHCP

Dynamic Host Configuration Protocol (DHCP) is a protocol that assigns a unique IP address to a device,

releases and renews the address as device leaves and re-joins the network. The device can have

different IP address every time it connects to the network.

In other words, it provides a mechanism for allocating IP address dynamically so that addresses can be

re-used.

Select System → Configure Network → Configure DHCP

Screen - Configure DHCP

Screen Elements

DHCP Details

Network Interface

Interface IP

Netmask

IP address

From – To

Domain name

Subnet Mask

Gateway

Domain name server

Update DHCP button

Description

Displays Network Interface i.e. Internal or External

Displays IP address assigned to Interface

Displays Netmask

Displays IP address range for clients, modify if required

The DHCP server assigns an available IP address in the range to the

client upon request

Displays domain name for the specified subnet, modify if required

Displays subnet mask for the client/network, modify if required

Displays IP address of Gateway, modify if required

Displays IP address of Domain name server, modify if required

Updates the modified details

Table - Configure DHCP screen elements

147

Cyberoam User Guide

View Interface details

Use to view the Interface configuration

Select System Configure Network View Interface details

Screen – Cyberoam as Gateway - View Interface details

Screen Elements

Network

Zone/Zone Type

Description

Displays port wise configuration details

Displays IP address and Net mask

Displays port to zone relationship i.e. port is binded to

which zone

LAN – Depending on the appliance in use and on your

network design, you can group one to six ports in this

zone.

By default the traffic to and from this zone is blocked

and hence the highest secured zone.

DMZ (DeMilitarized Zone) - This zone is normally used

for publicly accessible servers. Depending on the

appliance in use and on your network design, you can

group one to five ports in this zone.

WAN - Depending on the appliance in use and on your

network design, you can group one to six ports in this

zone.

If PPPoE is configured, WAN port will be displayed as

the PPPoE Interface.

Table – View Interface details screen elements

148

Cyberoam User Guide

Configuring Dynamic DNS service

Dynamic DNS (Domain Name Service) is a method of keeping a static domain/host name linked to a

dynamically assigned IP address allowing your server to be more easily accessible from various locations

on the Internet.

Powered by Dynamic Domain Name System (DDNS), you can now access your Cyberoam server by the

domain name, not the dynamic IP address. DDNS will tie a domain name (e.g. mycyberoam.com, or

elitecore.cyberoam.com) to your dynamic IP address.

Register hostname with DDNS service provider

Select System Dynamic DNS Configuration Create Account to open configuration

page

Screen – Register Hostname with DDNS

Screen Elements

Description

Host Name Detail

Hostname

Description

Service Provider’s details

Service name

Login Name and

Password

IP detail

Specify hostname you want to use on DDNS server i.e. domain

name that you registered with your DDNS service provider

Specify description

Specify description

Select Service provider with whom you have registered your

hostname.

Specify your DDNS account’s login name and password

149

150

Cyberoam User Guide

IP address

IP Update

Checking Interval

Create button

Select WAN Interface if Cyberoam WAN interface is assigned

Public IP address. IP address of the selected interface will be

binded with the specified host name.

Select NATed Public IP if Cyberoam WAN interface is assigned

private IP address and is behind NAT box.

Enter the time interval after which DDNS server should check

and update the IP address of your server if changed.

For example if time interval is set to 10 minutes, after every 10

minutes, DDNS server will check for any changes in your server

IP address

Click Create to save the configuration

Table – Register hostname with DDNS

Testing your Dynamic DNS configuration

You can test your Dynamic DNS by:

• Access your Cyberoam server using the host name you have registered with DDNS service

provider - If you are able to access Cyberoam then your configuration is correct and DDNS is

working properly.

• Ping your host - If you get the IP address of your external interface then your configuration is

correct and DDNS is working properly.

Manage Account

Check the IP address updation status from the Manage Account page. It also displays the reason incase

updation was not successful.

Select System Dynamic DNS Configuration Manage Account to open configuration

page and click the hostname to be

151

Cyberoam User Guide

PPPoE

PPPoE Client is a network protocol that uses Point to Point Protocol over Ethernet to connect with a

remote site using various Remote Access Service products. This protocol is typically founding broadband

network of service provider. The ISP may then allow you to obtain an IP address automatically or give

you a specific IP address.

PPPoE Access Concentrator is a router that acts as a server in a Point-to-Point Protocol over Ethernet

(PPPoE) session and is used to:

• For Ethernet LANs, to assign IP addresses to workstations, e.g. Multi-apartment buildings, Offices,

to provide user authentication and accounting

• Schools and universities, computer classes

• Connections to Wireless ISPs

• Connections to xDSL providers

Access Concentrators (AC) also known as PPPoE Termination units, answer the PPPoE request coming

from a client site PPPoE application for PPP negotiation and authentication.

When using Cyberoam as a PPPoE client, computers on LAN are transparent to WAN side PPPoE link.

This alleviates Administrator from having to manage the PPPoE clients on the individual computers.

To configure PPPoE Interface

Before configuring the Interface for PPPoE:

1. Run Wizard from Web Admin Console

2. In the Network Configuration, for the WAN port:

Enable option ‘Obtain an IP from PPPoE’

Under PPPoE Details, specify PPPoE username and password

3. Click Finish to exit from Wizard

4. To confirm log on to Web Admin Console, go to System Configure Network View

Interface Details. PPPoE Interface will be defined under WAN zone.

Note:

• A new dynamic IP address will be leased to the PPPoE Interface, each time a new PPP session is

establish with Access Concentrator

• IP address in Firewall rules will automatically change when the new IP address is leased

• If multiple gateways are defined then IP address in the failover condition will automatically change

when the new IP address is leased

• As IP address to PPPoE interface is assigned dynamically:

a) Network Configuration from Telnet Console will not display the PPPoE interface configuration

b) You will not be able to change the IP address of the PPPoE interface from Telnet Console using

Network Configuration

Select System Configure Network View Interface Details and click PPPoE Interface

152

Cyberoam User Guide

Screen – PPPoE configuration

Screen Elements

Description

PPPoE Configuration

Interface

Displays the Port which configured as PPPoE Interface from

Wizard

User and Specify username and password. Username and password

Password

should be same as specified in the Network Configuration using

Wizard

Access

Concentrator

Name

Service name

Specify Access Concentrator name (PPPoE server).

Cyberoam will initiate sessions with the specified Access

Concentrator only. In most of the cases, you can leave this field

blank. Use it only if you know that there are multiple Access

Concentrators.

Specify Service Name.

Cyberoam will initiate only those sessions with Access

Concentrator, which can provide the specified service. In most of

the cases, you can leave this field blank. Use it only if you need

a specific service.

LCP Interval Specify LCP interval in seconds. Default is 20 seconds. Every 20

seconds LCP echo request is send to check whether the link is

alive or not.

LCP Failure Specify Failure. Default is 3 attempts. Cyberoam will wait for the

LCP echo request response for the LCP interval defined after

every attempt. Cyberoam declares PPPoE link as closed if it

does not receive response after defined attempts.

Update button Click Update to save the configuration

Table – PPPoE configuration screen elements

153

Cyberoam User Guide

Establish PPPoE session

1. Select System Configure Network View Interface Details and click PPPoE

Interface through which you want to establish connection

2. Click Reconnect. It establishes 128bit tunnel with Access Concentrator. Cyberoam will

automatically detect the presence of PPPoE server on the WAN interface.

Remove PPPoE Interface configuration

1. Run Wizard from Web Admin Console

2. In the Network Configuration, for the WAN port:

3. Enable option ‘Use Static IP’

4. Click Finish to exit from Wizard

5. To confirm log on to Web Admin Console, go to System Configure Network View

Interface Details and check under WAN zone

154

Cyberoam User Guide

Manage Gateway

Gateway routes traffic between the networks and if gateway fails, communication with outside Network is

not possible. In this case, organization and its customers are left with the significant downtime and

financial loss.

By default, Cyberoam supports only one gateway. However, since organizations opt for multiple

gateways to cope with gateway failure problems, Cyberoam also provides an option for supporting

multiple gateways. However, simply adding one more gateway is not an end to the problem. Optimal

utilization of all the gateways is also necessary.

Cyberoam not only supports multiple gateways but also provides a way to utilize total bandwidth of all the

gateways optimally.

At the time of installation, you configured the IP address for a default gateway. You can change this

configuration any time and configure for additional gateways.

Refer to Multi link Configuration Guide for source based static routing. Policy based routing can be done

from firewall rule.

To view the Gateway details, select System Gateway Manage Gateway(s)

Screen – Gateway Configuration

Screen Elements

Gateway Details

Gateway Name

Gateway IP

address and port

Save button

Cancel button

Description

Displays Gateway name

Displays IP address and port of the Gateway configured

IP address of a device Cyberoam uses to reach devices on different

Network, typically a router


Click to save

Cancels the current operation and returns to Manage Gateway page

Click to cancel

Table - Gateway Configuration screen elements

155

Cyberoam User Guide

DoS Settings

Cyberoam provides several security options that cannot be defined by the firewall rules. This includes

protection from several kinds of “Denial of Service attacks”. These attacks disable computers and

circumvent security.

Denial of Service (DoS) attack is a method hackers use to prevent or deny legitimate users access to a

service.

DoS attacks are typically executed by sending many request packets to a targeted server (usually Web,

FTP, or Mail server), which floods the server's resources, making the system unusable. Their goal is not

to steal the information but disable or deprive a device or network so that users no longer have access to

the network services/resources.

All servers can handle traffic volume up to a maximum, beyond which they become disabled. Hence,

attackers send a very high volume of redundant traffic to a system so it cannot examine and allow

permitted network traffic. Best way to protect against the DoS attack is to identify and block such

redundant traffic.

SYN Flood In this attack, huge amount of connections are send so that the backlog queue overflows.

The connection is created when the victim host receives a connection request and allocates for it some

memory resources. A SYN flood attack creates so many half-open connections that the system becomes

overwhelmed and cannot handle incoming requests any more.

Click Apply Flag to apply the SYN flood definition and control the allowed number of packets.

To generate log, enable DoS Attack logging from Network Logging Management (Telnet Console). By

default, the DoS attack logging is Off.

To enable logging:

1. Log on to Telnet Console

1. Go to Cyberoam Management>Logging Management>Network Logging Management

2. Enable/On DoS Attack Logging

Refer to Cyberoam Console Guide, Logging Management for more details.

User Datagram Protocol (UDP) Flood This attack links two systems. It hooks up one system's UDP

character-generating service, with another system's UDP echo service. Once the link is made, the two

systems are tied up exchanging a flood of meaningless data.

Click Apply Flag to apply the UDP flood definition and control the allowed number of packets.



To enable logging:





TCP attack This attack sends huge amount of TCP packet than the host/victim computer can handle.

156

Click Apply Flag to apply the TCP flood definition and control the allowed number of packets.

Cyberoam User Guide



To enable logging:





ICMP attack This attack sends huge amount of packet/traffic than the protocol implementation can

handle to the host/victim computer.

Click Apply Flag to apply the ICMP flood definition and control the allowed number of packets.



To enable logging:





Drop Source Routed Packet This will block any source routed connections or any packets with internal

address from entering your network.

Click Apply Flag to enable blocking.

To generate log, enable Dropped Source Routed Packet Logging from Network Logging Management

(Telnet Console). By default, the DoS attack logging is Off.

To enable logging:





Disable ICMP redirect packet An ICMP redirect packet is used by routers to inform the hosts what the

correct route should be. If an attacker is able to forge ICMP redirect packets, he or she can alter the

routing tables on the host and possibly weaken the security of the host by causing traffic to flow via

another path.

Set the flag to disable the ICMP redirection.

To generate log, enable Dropped ICMP Redirected Packet Logging from Network Logging Management

(Telnet Console). By default, the DoS attack logging is Off.

To enable logging:

157




Cyberoam User Guide


ARP Flooding This attack sends ARP requests to the server at a very high. Because of this server is

overloaded with requests and will not be able to respond to the valid requests. Cyberoam protects by

dropping such invalid ARP requests.

Threshold values

Cyberoam uses threshold value to detect DoS attack.

Threshold value depends on various factors like:

• Network bandwidth

• Nature of traffic

• Capacity of servers in the network

Threshold = Total number of connections/packet rate allowed to a particular user at a given time

When threshold value exceeds, Cyberoam detects it as an attack and the traffic from the said

source/destination is blocked till the lockdown period.

Threshold is applicable to the individual source/destination i.e. requests per user/IP address and

not globally to the complete network traffic. For example, if source threshold is 2500

packets/minute and the network is of 100 users then each source is allowed packet rate of 2500

packets/minute.

You can define different threshold values for source and destination.

Configuring high values will degrade the performance and too low values will block the regular requests.

Hence, it is very important to configure appropriate values for both source and destination IP address.

Source threshold

Source threshold is the total number of connections/packet rate allowed to a particular user at a given

time.

Destination threshold

Destination threshold is the total number of connections/packet rate allowed from a particular user at a

given time.

How it works

When threshold is crossed, Cyberoam detects it as an attack. Cyberoam provides DoS attack protection

by dropping all the excess packets from the particular source/destination. Cyberoam will continue to drop

the packets till the attack subsides. Because Cyberoam applies threshold value per IP address, traffic

from the particular source/destination will only be dropped while the rest of the network traffic will not be

dropped at all i.e. traffic from the remaining IP addresses will not be affected at all.

Time taken to re-allow traffic from the blocked source/destination = time taken to subside the attack + 30

seconds

158

Cyberoam User Guide

Configure DoS Settings

Select Firewall → DoS Setting

Screen – DoS Settings

Screen Elements

Attack type

Source Packets Rate

(packets/minute)

Apply flag

Source Packets

dropped

Destination Packets

Rate (packets/minute)

Description

Type of Attack

Click to view the real time updates on flooding. It displays the source IP

address - which was used for flooding and IP address which was

targeted.

Allowed Packets per minute (Packet rate)

If the packet rate exceeds, it is considered as an attack and the rest of

the packets are dropped.

The specified packet rate is applicable to individual IP address i.e.

requests per user and not globally to the complete traffic.

Set flag to control allowed number of packets

Displays number of packets dropped from the said source

Allowed Packets per minute (Packet rate)

When the packet rate exceeds, all the excess packets are dropped for

the next 30 seconds. You can call this the lockdown period which

means the traffic from the destination IP address will be blocked for

next 30 seconds. Because Cyberoam applies threshold value per IP

address, the traffic from rest of the IP addresses is not blocked.

Apply flag

Destination

dropped

Update button

Packets

The specified packet rate is applicable to individual IP address i.e.

requests per user and not globally to the complete traffic.

Set flag to control allowed number of packets

Displays number of packets dropped at destination

Updates Packet rate

Updated details will be applied only after restarting the Management

services from Console

Table – DoS Settings screen elements

159

Cyberoam User Guide

Bypass DoS Settings

Cyberoam allows bypassing the DoS rule in case you are sure that the specified source/destination will

never be used for flooding or want to ignore if flooding occurs from the specified source.

Create DoS bypass rule

Select Firewall → Bypass DoS

Screen – Create DoS bypass rule

Screen Elements

Description

Source and Destination Information

Source Domain Source Domain name, IP address or Network on which the DoS rule is not

name/IP Address to be applied

Source Port

Specify source information

Specify * if you want to bypass the complete network

Specify source port address.

Specify * if you want to bypass all the ports

Destination

Domain name/IP

Address

Destination Port

DoS will not be applied on all the requests from the specified source IP

address and port

Destination Domain name or IP address on which the DoS rule is not to be

applied

Specify destination information

Specify * if you want to bypass the complete network

Specify destination port address.

Cyberoam User Guide

Specify * if you want to bypass all the ports

Network Protocol

Create button

DoS will not be applied on all the requests from the specified destination IP

address and port

Select protocol whose traffic is to be bypassed for specified source to

destination.

For example,

If you select TCP protocol then DoS rules will not be applied on the TCP

traffic from the specified source to destination.

Creates the bypass rule

Table – Create DoS bypass rule screen elements

Delete DoS bypass rule

Select Firewall → Bypass DoS

Screen – Delete DoS bypass rule

Screen Elements

Select

Description

Select rule for deletion

Click Del to select

Select All

Delete button

More than one rule can also be selected

Select all rules

Click Select All to select all rules

Deletes all the selected rules

Click to delete

Table – Delete DoS bypass rule screen elements

160

Cyberoam User Guide

Reset Console Password

You can change Telnet Console password from Web based Console or Telnet Console itself. To change

password from Telnet Console, refer to Cyberoam Console guide.

Select System → Reset Console Password

Screen - Reset Console Password

Screen Elements

Description

Reset Console Password

GUI Admin Password Specify current GUI Admin password i.e. the

password with which Administrator has logged on

to Web Admin Console

New password

Specify new console password

Confirm New password Type again the same password as entered in the

New password field

Submit button

Saves new password

Click Submit

Table - Reset Console Password screen elements

161

162

Cyberoam User Guide

System Module Configuration

Enable/disable services to enhance the network performance and reduce the potential security risk. Do

not enable any local services that are not in use. Any enabled services could present a potential security

risk. A hacker might find a way to misuse the enabled services to access your network.

By default, all the services are enabled.

Cyberoam allows enabling/disabling of following services and VPN and Traffic Discovery modules:

TFTP - Trivial File Transfer Protocol (TFTP) is a simple form of the File Transfer Protocol (FTP). TFTP

uses the User Datagram Protocol (UDP) and provides no security features.

PPTP - PPTP (Point to Point Tunneling Protocol) is a network protocol that enables secure transfer of

data from a remote client to a private server, creating a VPN tunnel using a TCP/IP based network

IRC - IRC (Internet Relay Chat) is a multi-user, multi-channel chatting system based on a client-server

model. Single Server links with many other servers to make up an IRC network, which transport

messages from one user (client) to another. In this manner, people from all over the world can talk to

each other live and simultaneously. DoS attacks are very common as it is an open network and with no

control on file sharing, performance is affected.

H323 - The H.323 standard provides a foundation for audio, video, and data communications across IPbased

networks, including the Internet. H.323 is an umbrella recommendation from the International

Telecommunications Union (ITU) that sets standards for multimedia communications over Local Area

Networks (LANs) that do not provide a guaranteed Quality of Service (QoS). It enables users to

participate in the same conference even though they are using different videoconferencing applications.

P2P Traffic Modules - Identifies peer-to-peer (P2P) data in IP traffic. It works together with connection

tracking and connection marking which helps in identifying the bigger part of all P2P packets and limit the

bandwidth rate.

Select Firewall → System Modules and enable or disable the required service and modules.

Screen – System Modules Configuration

163

Cyberoam User Guide

SNMP

Simple Network Management Protocol (SNMP) is used as the transport protocol for network

management. Network management consists of network management station/manager communicating

with network elements such as hosts, routers, servers, or printers. The agent is the software on the

network element (host, router, printer) that runs the network management software. In other words, agent

is the network element. The agent will store information in a management information base (MIB).

Management software will poll the various network elements/agents and get the information stored in

them. The manager uses UDP port 161 to send requests to the agent and the agent uses UDP port 162

to send replies or messages to the manager. The manager can ask for data from the agent or set

variable values in the agent. Agents can reply and report events.

Cyberoam supports SNMPv1, SNMPv2c and SNMPv3.

If SNMP agent is installed, SNMP will collect information in two ways:

• The SNMP management station/Manager will poll the network devices/agents

• Network devices/agents will send trap/alert to SNMP management station/Manager.

SNMP terms

• Trap - Alert that management station receive from the agents.

• Agent - A program at devices that can be set to watch for some event and send a trap message to

a management station if the event occurs

• SNMP community - Group of SNMP management stations. The community name identifies the

group. A SNMP agent may belong to more than one SNMP community. It will not respond to the

requests from management stations that do not belong to one of its communities.

164

Cyberoam User Guide

Cyberoam SNMP Implementation

Cyberoam has implemented SNMP in the following ways:

• Cyberoam will act as an SNMP Agent

• Cyberoam SNMP agent is to be configured to report system information and send traps (alarms or

event messages) to SNMP managers. SNMP manager can access SNMP traps and data from the

configured port only.

• The Cyberoam SNMP implementation is read-only. SNMP v1, v2c and v3 compliant SNMP

managers have read-only access to Cyberoam system information and can receive Cyberoam

traps.

• To monitor Cyberoam system information and receive Cyberoam traps, Cyberoam proprietary MIB

is to be compiled into SNMP manager.

• SNMP managers are grouped in SNMP Communities. Cyberoam can support maximum ____

members in each community.

• Each community has read-only permission for the MIB data.

• Each Community can support SNMPv1, SNMPv2c or both. You must specify a trap version for

each community member.

• Cyberoam sends traps to all the communities.

Cyberoam User Guide

Cyberoam MIB

The Cyberoam SNMP implementation is read-only. SNMP v1, v2c and v3 compliant SNMP managers

have read-only access to Cyberoam system information and can receive Cyberoam traps. To monitor

Cyberoam system information and receive Cyberoam traps you must compile Cyberoam proprietary

MIBs into your SNMP manager.

SNMP allows network administrators to monitor the status of the Cyberoam appliance and receive

notification of critical events as they occur on the network. The Cyberoam appliance supports SNMPv1,

SNMPv2c, and SNMPv3 and custom Management Information Base (MIB). The Cyberoam appliance

replies to SNMP Get commands for MIB via configured interface and supports a custom Cyberoam MIB

for generating trap messages. The custom Cyberoam MIB is available for download from the Cyberoam

Web site and can be loaded into any third-party SNMP management software.

The Cyberoam MIB contains fields that report current Cyberoam Appliance status information. The tables

below list the names of the MIB fields and describe the status information available for each one. You

can view more details about the information available from all Cyberoam MIB fields by compiling the

cyberoam.mib file into your SNMP manager and browsing the Cyberoam MIB fields.

Cyberoam supports following read-only MIB objects/fields:

Cyberoam Appliance MIB fields

MIB field

(sysInstall)

applianceKey

applianceModel

cyberoamVersion

wabcatVersion

avVersion

asVersion

idpVersion

Description

Appliance key number of the Cyberoam Appliance in use

Appliance model number of the Cyberoam Appliance in

use

The Cyberoam version currently running on the

Cyberoam Appliance.

The Webcat version installed on the Cyberoam

Appliance

The antivirus definition version installed on the

Cyberoam Appliance

The antispam definition version installed on the

Cyberoam Appliance

The IDP signature definition version installed on the

Cyberoam Appliance

System MIB fields

MIB field

Description

(sysStatus)

cyberoamOpMode The Cyberoam appliance operation mode -

Transparent or Bridge

systemDate

Current date

cpuPercentageUsage

diskCapacity

diskUsage

memoryCapacity

memoryPercentageUsage

The current CPU usage (as a percent)

The hard disk capacity (MB)

The current hard disk usage (MB)

The memory capacity (MB)

The current memory utilization (as a percent)

165

Cyberoam User Guide

swapCapacity

swapPercentageUsage

haMode

liveUsers

httpHits

ftpHits

pop3Hits

(mailHits)

imapHits

(mailHits)

smtpHits

(mailHits)

pop3Service

(serviceStats)

imapService

(serviceStats)

smtpService

(serviceStats)

ftpService

(serviceStats)

httpService

(serviceStats)

avService

(serviceStats)

asService

(serviceStats)

dnsService

(serviceStats)

haService

(serviceStats)

IDPService

(serviceStats)

analyzerService

(serviceStats)

snmpService

(serviceStats)

The swap capacity (MB)

The current swap utilization (as a percent).

The current Cyberaom High-Availability (HA)

mode (standalone, A-P)

The current live connected users i.e. logged on

users in Cyberoam

Total HTTP hits

Total TTP hits

Total POP3 hits

Total IMAP hits

Total SMTP hits

The current status of POP3 service

The current status of IMAP service

The current status of SMTP service

The current status of FTP service

The current status of HTTP service

The current status of AntiVirus service

The current status of AntiSpam service

The current status of DNS

The current status of HA

The current status of IDP service

The current status of Analyzer

The current status of SNMP

License MIB fields

MIB field

(sysLicesne)

appRegStatus

(liAppliance)

appExpiryDate

(liAppliance)

supportSubStatus

(lisupport)

supportExpiryDate

(lisupport)

avSubStatus

(liAntiVirus)

supportExpiryDate

Description

Current Registration status of Cyberoam

Appliance

Expiry date of the Cyberoam Appliance, if

Appliance is the Demo Appliance

Current subscription status for Cyberoam Support

Subscription Expiry date for Cyberoam Support, if

subscribed

Current subscription status for AntiVirus module

Subscription Expiry date for AntiVirus module, if

166

Cyberoam User Guide

(liAntiVirus)

asSubStatus

(liAntiSpam)

supportExpiryDate

(liAntiSpam)

asSubStatus

(liIdp)

supportExpiryDate

(liIdp)

asSubStatus

(liWebcat)

supportExpiryDate

(liWebcat)

subscribed

Current subscription status for AntiSpam module

Subscription Expiry date for AntiSpam module, if

subscribed

Current subscription status for IDP module

Subscription Expiry date for IDP module, if

subscribed

Current subscription status for Web and

Application Filter module

Subscription Expiry date for Web and Application

Filter module, if subscribed

Alert MIB field

MIB field

(sysAlerts)

Description

highCpuUsage High CPU usage i.e. CPU usage exceed 90%

highDiskUsage High Disk usage i.e. Disk usage exceed 90%

highMemUsage

httpVirus

(avAlerts)

smtpVirus

(avAlerts)

pop3Virus

(avAlerts)

imap4Virus

(avAlerts)

ftpVirus

(avAlerts)

linkToggle

(dgdAlerts)

idpAlert1

(idpAlerts)

synFlood

(dosAlerts)

tcpFlood

(dosAlerts)

udpFlood

(dosAlerts)

icmpFlood

(dosAlerts)

High Memory usage i.e. memory usage exceed

90%

HTTP virus detected by Cyberoam

SMTP virus detected by Cyberoam

POP3 virus detected by Cyberoam

IMAP virus detected by Cyberoam

FTP virus detected by Cyberoam

Change of link status (up or down)

IDP alert

DoS attack – SYN flood detected by Cyberoam

DoS attack – TCP flood detected by Cyberoam

DoS attack – UDP flood detected by Cyberoam

DoS attack – ICMP flood detected by Cyberoam

167

168

Cyberoam User Guide

Cyberoam Traps

All the SNMP communities added in Cyberoam will receive traps. All traps include the trap message as

well as the Cyberoam unit serial number or Cyberoam WAN IP address.

To receive traps, SNMP Manager must load and compile the Cyberoam MIB.

If SNMP manager has already included standard and private MIBs in a compiled database that is in use

then you must add the Cyberoam proprietary MIB to this database.

Cyberoam generates the following traps, when the specified events or conditions occur:

Trap Message

Description

High Disk Usage Disk usage exceed 90%

169

Cyberoam User Guide

Manage SNMP

You can manage the Cyberoam appliance using SNMP.

SNMP allows network administrators to monitor the status of the Cyberoam appliance and receive

notification of critical events as they occur on the network. The Cyberoam appliance supports SNMPv1,

SNMPv2c and SNMPv3 and custom Management Information Base (MIB). The Cyberoam appliance

replies to SNMP Get commands for MIB via configured interface and supports a custom Cyberoam MIB

for generating trap messages. The custom Cyberoam MIB is available for download from the Cyberoam

Web site and can be loaded into any third-party SNMP management software.

The Cyberoam SNMP implementation is read-only. SNMP v1,v2c and V3 compliant SNMP managers

have read-only access to Cyberoam system information and can receive Cyberoam traps.

By default SNMP server is disabled.

To start the SNMP server, go to System SNMP Manage SNMP

To restart SNMP server automatically on Cyberoam re-start, enable Autostart from System SNMP

Manage SNMP

Screen – Manage SNMP

After enabling SNMP:

1. Configure Agent

2. Create SNMP Community if SNMP manager supports protocols v1 and v2c OR Create V3 user if

SNMP manager supports protocol v3

Cyberoam User Guide

Configure SNMP Agent

Select System SNMP Agent Configuration

Screen – SNMP Agent Configuration

Screen Elements

Agent Configuration

System Name

System Location

System Contact

Agent Port

Description

Specify name to identify the Agent

Specify physical location of the Cyberoam

Appliance

Specify the contact information for the person

responsible for the above specified Cyberoam

appliance

Specify port to be used by Cyberoam to send

traps

Default Port: 161

Manager Port

Specify port that the Remote SNMP Management

station/Manager can use to connect to the

Cyberoam appliance

System Description Specify description

Update button

Click to save the details

Table – SNMP Agent Configuration screen elements

170

Cyberoam User Guide

Create SNMP Community

Select System SNMP Create Community

Screen – Create SNMP Community

Screen Elements

Description

Manager Configuration

Community Name Specify name to identify the Community

IP Address (Source) Specify IP address of the SNMP Manager that

can use the settings in the SNMP community to

monitor Cyberoam

Protocol Version Enable the required SNMP protocol version

support. SNMP v1 and v2c compliant SNMP

managers have read-only access to Cyberoam

system information and can receive Cyberoam

traps

Trap Support

Enable the required version for trap support.

Traps will be sent to the SNMP Managers who

support the specified versions only

Description

Specify description

Create button

Click to save the details

Table – Create SNMP Community screen elements

Manage SNMP Community

Select System SNMP Manage Community and click the Community to updated

171

Cyberoam User Guide

Screen – Manage SNMP Community

Screen Elements

Description

Manager Configuration

Community Name Displays Community name, modify if required

IP Address (Source) Displays IP address of the SNMP Manager that

can use the settings in the SNMP community to

monitor Cyberoam, modify if required

Protocol Version Enable the required SNMP protocol version

support. SNMP v1 and v2c compliant SNMP

managers have read-only access to Cyberoam

system information and can receive Cyberoam

traps

Trap Support

Enable the required version for trap support.

Traps will be sent to the SNMP Managers who

support the specified versions only

Description

Specify description

Update button

Click to update and save the details

Table – Manage SNMP Community screen elements

Delete SNMP Community

Select System SNMP Manage Community to view the list of communities created

Screen – Delete SNMP Community

Screen Elements

Del

Description

Select community for deletion

Click Del to select

172

Cyberoam User Guide

Select All

Delete button

More than one community can also be

selected

Selects all the communities

Click Select All to select all communities

Deletes all the selected communities

Click to delete

Table – Delete SNMP Community screen elements

173

Cyberoam User Guide

Create SNMP V3 User

Select System SNMP Create V3 User

Screen – Create SNMP V3 User

Screen Elements

Description

SNMP V3 User Configuration

Username

Specify username

Password

Specify password

Confirm Password Type again the same password as entered in the

Password field

Create button

Creates user

Table – Create SNMP V3 User screen elements

Manage SNMP V3 User

Select System SNMP Manage V3 User to view list of created users. Click the user whose

details are to be updated

174

Cyberoam User Guide

Screen – Edit V3 User

Screen Elements

Description

SNMP V3 User Configuration

Username

Displays username, modify if required

Password

Displays password, modify if required

Confirm Password Type again the same password as entered in the

Password field, if changed

Update button

Updates and saves the user details

Table – Edit V3 User screen elements

Delete SNMP V3 User

Select System SNMP Manage V3 User to view list of created users

Screen – Delete SNMP V3 User

Screen Elements

Del

Description

Select user to be deleted

Click Del to select

Select All

Delete button


Selects all the users

Click Select All to select all users

Deletes all the selected users

Click to delete

Table – Delete SNMP V3 User screen elements

175

176

Cyberoam User Guide

Manage Data

Backup data

Backup is the essential part of data protection. No matter how well you treat your system, no matter how

much care you take, you cannot guarantee that your data will be safe if it exists in only one place.

Backups are necessary in order to recover data from the loss due to the disk failure, accidental deletion

or file corruption. There are many ways of taking backup and just as many types of media to use as well.

Cyberoam provides facility of taking regular and reliable data backup. Backup consists of all the policies,

logs and all other user related information.

Cyberoam maintains five logs:

Web surfing log This log stores the information of all the websites visited by all the users

User session log Every time the user logs in, session is created. This log stores the session entries of

all the users and specifies the login and logout time.

Audit log This log stores the details of all the actions performed the User administrating Cyberoam.

Refer to Appendix A – Audit Log for more details.

Virus log This log stores the details of malicious traffic requests received.

Set Backup Schedule

Select System → Manage Data → Set Backup Schedule

Screen – Set Backup schedule

Cyberoam User Guide

Screen Elements

Description

Backup of Data only (Does not include Logs)

Backup Frequency Backup schedule. Only data backup will be taken.

Select any one

Daily – backup will be send daily

Weekly – backup will be send weekly

Monthly – backup will be send monthly

Never – backup will never be send

In general, it is best to schedule backup on regular basis.

Depending on how much information you add or change will help

you determine the schedule

Incremental Backup of Log files only (in CSV format)

Backup process only copies what has changed since the last backup. This creates a

much smaller backup file.

Log

Select the logs for backup. Backup of log files will be taken in CSV

format.

Backup Frequency

Set Backup Mode

Backup mode

Available logs for backup:

1. Web surfing

2. Virus

3. Audit

Select any one

Daily – backup will be send daily

Weekly – backup will be send weekly

Never – backup will never be send

Specifies how backup should be taken and send

Select

FTP backup OR

Mail backup

Only for FTP backup

FTP server

Specify IP address of FTP server

User name

Specify User name with which user has to logon to the FTP server

Password

Specify Password

Only for Mail backup

To Mail Id

Specify email address to which the backup is to be mailed

Save button

Saves the configuration

Table – Set Backup Schedule screen elements

177

178

Cyberoam User Guide

Backup Data

Select System → Manage Data → Backup Data

Screen – Backup Data

Screen Elements

Backup System Data

(Does not include logs)

Backup button

Description

Takes the recent backup and allows to download

Download button

Only if backup is taken

previously

Click Backup data to take backup

Download the backup already taken. Also displays date and

time of backup

Click Download to download

To download follow the screen instructions

Backup Log (in CSV format)

Logs

Backup of selected logs will be taken

Backup button

Select the logs for backup

1. Web surfing

2. Virus

3. Audit

Takes the recent backup of logs and allows to download

Download button

Only if backup is taken

previously

Click Backup data to take the recent backup

Download the backup of logs already taken. Also displays date

and time of backup

Click Download to download

To download follow the screen instructions

Table – Backup Data screen elements

Cyberoam User Guide

Restore Data

With the help of restore facility, restore data from the backup taken. Restoring data older than the current

data will lead to the loss of current data.

Select System → Manage Data → Restore Data

Screen – Restore Data screen

Screen Elements

Description

Upload Backup

File to upload Specify name of backup file to be uploaded

Browse button Select the backup file

Upload button Uploads the backup file

Table - Restore Data screen elements

Note

Restore facility is version dependant i.e. it will work only if the backup and restore versions are same e.g. if

backup is taken from Cyberoam version 7.4.0.0 then restore will work only for version 7.4.0.0 and not for any

other version.

179

Cyberoam User Guide

Purge

Purging of data means periodic deletion of the data. Cyberoam provides Auto purge and Manual purge

facility for deleting log records.

Configure Auto purge Utility

Select System → Manage Data → Configure Auto purge utility

Screen – Configure Auto purge Utility screen

Screen Elements

Purge Frequency

Purge Web surfing logs every

Save button

Popup Notification

Enable Alert Popup

Description

Specify number of days after which web surfing

log should be purged automatically

Saves purging schedule configuration

Enabling Popup Notification displays alert popup

before purging the logs

Click to enable

Save button

Saves popup alert configuration

Download Purged Logs

Only if Logs have been Auto purged

Download button

Allows to download the purged log files

Click to download

Delete button

Deletes the purged log files

Table – Configure Auto purge Utility screen elements

Note

System will preserve logs only for the specified number of days and automatically purges the logs generated

there after.

180

181

Cyberoam User Guide

Manual purge

Use manual purge to delete log records manually

Select System → Manage Data → Purge Logs

Screen – Purge Logs screen

Screen Elements

Description

Purge

Select log for purging

Web surfing logs

User session logs

Audit logs

Till Date

Select the date from Calendar till which the

selected log(s) is to be purged

Purge button Purges the selected log till the specified date

Click Purge to purge

Table - Purge Logs screen elements

Note

Auto purge option is always on

182

Cyberoam User Guide

Client Services

Client Messages

Message Management tab allows Administrator to send messages to the various users. Messages help

Administrator to notify users about problems as well as Administrative alerts in areas such as access,

user sessions, incorrect password, and successful log on and log off etc.

Message is send to the User whenever the event occurs.

Message can be up to 256 characters and send to the number of users at a time.

Select System → Configure Client Settings → Customize Client Message

Screen – Customized Client Messages screen

Screen Elements

Message Key

Description

Message code

Click Message link to customize the message which will be

received by user

Click Save to save the changes

Click Cancel to cancel the current operation

Message

Message description

Configure Usage to Alert User before Expiration

Enter Remaining Alert will be displayed to all the users when the specified data

Usage in

transfer is remaining

Remaining usage can be entered in absolute value or in

percentage

Cyberoam User Guide

Data Transfer (MB)

Specify remaining data transfer usage when all the users should

receive alert.

Eg. Absolute Remaining data transfer usage: 20 MB

User1: Total Data transfer limit (as defined in Data transfer policy):

150 MB


640 MB

User1 will receive alert when he is left with 20 MB of data transfer

i.e has done total data transfer of 130 MB


i.e has done total data transfer of 620 MB

Percentage Remaining data transfer usage: 20%


150 MB


640 MB

User1 will receive alert when he is left with 30 MB (20% of 150 MB)

of data transfer i.e. has done data transfer of 120 MB

Cycle Data Transfer

(MB)

User2 will receive alert when he is left with 128 MB (20% of 640

MB) of data transfer i.e. has done data transfer of 512 MB

Specify remaining cycle data transfer usage when all the users

should receive alert.

Cycle data transfer is the upper limit of total data transfer allowed

to the user per cycle. User will be disconnected if the limit is

reached. It is applicable the users to whom the cyclic data transfer

policies are applied.

E.g. Absolute Remaining cycle data transfer usage: 20 MB

User1: Cycle Total Data transfer limit (as defined in Data transfer

policy): 150 MB


policy): 640 MB


per cycle i.e. has done data transfer of 130 MB


per cycle i.e. has done data transfer of 620 MB

Percentage Remaining cycle data transfer usage: 20%


policy): 150 MB


policy): 640 MB

Save details button

User1 will receive alert when he is left with 30 MB (20% of 150 MB)

of data transfer per cycle i.e. has done data transfer of 120 MB

User2 will receive alert when he is left with 128 MB (20% of 640

MB) of data transfer per cycle i.e. has done data transfer of 512 MB

Saves the data transfer alert configuration

Table - Customized Client Message screen elements

183

Cyberoam User Guide

List of Predefined messages

Messages

AlertMessageWithCycleData

AlertMessageWithData

Description/Reason

Message is sent to the user when the remaining cycle data

transfer is equal to the configured value.

Value can be configured from Customize Client Messages page.

Refer to Client Messages for more details

Message is sent to the user when the remaining data transfer is

equal to the configured value.

Value can be configured from Customize Client Messages page.

Refer to Client Messages for more details

DeactiveUser

Administrator has deactivated the User and the User will not be

able to log on

DisconnectbyAdmin

When the administrator disconnects the user from the live users

page

InvalidMachine

Message is sent if User tries to login from the IP address not

assigned to him/her

LoggedoffsuccessfulMsg Message is sent when User logs off successfully

LoggedonsuccessfulMsg Message is sent when User logs on successfully

Loggedinfromsomewhereelse Message is sent if User has already logged in from other

machine

MaxLoginLimit

Message is sent if User has reached the maximum login limit

MultipleLoginnotallowed Message is sent if User is not allowed multiple login

NotAuthenticate

Message is sent if User name or password are incorrect

NotCurrentlyAllowed

Message is sent if User is not permitted to access at this time

Someoneloggedin

SurfingtimeExhausted

SurfingtimeExpired

LiveIPinuse

Nmpoolexceedlimit

Access Time policy applied to the User account defines the

allowed access time and not allowed access at any other time.

Message is sent if someone has already logged in on that

particular machine

Message is sent when User is disconnected because his/her

allotted surfing time is exhausted

The surfing time duration is the time in hours the User is allowed

Internet access that is defined in Surfing time policy. If hours are

exhausted, User is not allowed to access

Administrator has temporarily deactivated the User and will not

be able to log in because User surfing time policy has expired

Message is sent if connection is requesting a public IP Address

from the server that is already in use

Message is sent if the maximum number of IP Addresses in the

public Logon Pool at any given time has exceeded the limit

Table - List of predefined messages

184

Cyberoam User Guide

Client preferences

Use Client preference to specify

• which page to open every time user logs on to Cyberoam

• whether HTTP client log on page should pop up if user tries to surf without logging in

• port from which Web Administration Console can be accessed

• number of concurrent log on allowed

Select System → Configure Client Settings → Customize Client preferences

Screen – Customized Client Preferences screen

Screen Elements

Description

Open following site after client logs on to the server

URL

Specify URL which is to be opened every time user logs

on

Update button

HTTP Client

Pop up HTTP client

Leave this field blank, if you do not want to open any

specific page every time user logs in

Updates configuration

Whenever User tries to surf without logging, page with a

message ‘Cyberoam Access Denied‘ displayed

If HTTP client pop up option is selected, User will get a

HTTP Client pop up along with the ‘Cyberoam Access

Denied' page.

Update button

Once User logs on successfully using the HTTP client,

user will be able to surf the requested site.


185

Cyberoam User Guide

Web Admin Console

Web Admin Console

Port

Update button

Number of Logins

Number of Logins

Allowed

OR

Unlimited Login

Specify Port number on which Web Admin Console is

running


Specify number of concurrent logins allowed to all the

users

OR

Allows unlimited concurrent logins


Update button

Table – Customized Client Preferences screen elements

Note

The preferences set are applicable to all the users by default i.e. by default, all the preferences set will be

applicable when the user is created. Refer to Create User, for customizing number of concurrent logins allowed

to the particular user.

186

187

Cyberoam User Guide

Customize Access Deny messages

Use to customize Access deny message for:

• all web categories

• individual web category

• all file type categories

This customized message will be displayed when user tries to access the site, which is not allowed.

1. Select System → Configure → Customize Denied Message

2. Select category for which you want to customize access deny message

Select ‘All Web categories’ to display the same access deny message for all the web categories.

The message specified for ‘All Web Categories’ becomes the default message.

Select a particular category for which you want to display a different message

By default, the message specified for ‘All Web Categories’ is displayed.

Disable Use Default Message, if you want to display a different message for a particular category

and modify the message

Select ‘All File type category’ to customize the access deny message for all the file type

categories

3. In Denied Message, modify the message contents

4. Click Update to save if any changes are made

188

Cyberoam User Guide

Upload Corporate logo

Use to display your company’s logo in all the messages displayed to the user.

1. Select System → Configure → Customize Denied Message

2. In Top Bar, specify the image to be displayed at the top of the message page.

3. In the Bottom Bar, specify the image to be displayed at the bottom of the message page

4. Click Upload

Note

Dimension of Image should be 700 * 80 and jpg file only

189

Cyberoam User Guide

Customize Login message

Use to customize login page messages and client login links provided on login page.

1. Select System → Configure → Customize Login Message

2. Under Client Login Links, select Login Clients that you want to be displayed on Login page.

In the login page, download links are provided so that user can download the required login

client. If you do not want user to download a particular login client, deselect the link

In the Login message box, specify the message to be displayed. You can further customize the

message by using clientip address, category and URL

3. Enable Blink Message to display blinking message

4. Before saving the configuration, click Preview and see how message will be displayed to the user

5. Click Save to save the configuration

Cyberoam User Guide

HTTP Proxy Management

Proxy server is a kind of buffer between your computer and the internet resources you are accessing.

Proxy server accumulates and saves all those files that are most often requested by other Internet users

in a ‘Cache’. The cache of a proxy server may already contain information you need by the time of your

request, making it possible for the proxy to deliver it immediately. Therefore, proxy servers are able to

improve the network performance by reducing the access time.

Cyberoam can also act as a HTTP proxy server. All visited static sites are cached on the Cyberoam

server hard drive. The advantage of a cache server is that it will cache the static web pages once

requested and serve them locally when requested next time.

Manage HTTP Proxy

Select System → HTTP Proxy → Manage HTTP Proxy

Screen - Manage HTTP Proxy

Screen Elements

Description

Server Status

Start button

Only if Current Status is ‘Stopped’

Stop button

Only if Current Status is ‘Running’

Restart button

Displays current status of Cache server

Click to start Cache server

Click to stop Cache server

Click to restart Cache server

Table - Manage HTTP Proxy screen elements

190

191

Cyberoam User Guide

Configure HTTP Proxy

Use to

• configure http proxy port

• configure trusted ports

Select System → HTTP Proxy → Configure HTTP Proxy

Screen - Configure HTTP Proxy

Screen Elements

Description

HTTP Proxy Port Setting

HTTP Proxy port Specify proxy port to be used

Save button

Click to save the port setting

HTTP Proxy Trusted Ports Setting

Cyberoam allows the access to those sites which are hosted on

standard port only if deployed as HTTP proxy.

To allow access to the sites hosted on the non-standard ports,

you have to define non-standard ports as trusted ports.

You can define individual port or range of ports for http and https

protocols.

192

Cyberoam User Guide

Click Add to define non-standard ports

Pharming Protection Configuration

Enable Pharming Pharming attacks require no additional action from the user from

Protection

their regular web surfing activities. Pharming attack succeeds by

redirecting the users from legitimate web sites instead of similar

fraudulent web sites that has been created to look like the

legitimate site.

Enable to protect against pharming attacks and direct users to

the legitimate web sites instead of fraudulent web sites.

Save button

Click to enable/disable

Click to save the port setting

Table - Configure HTTP Proxy screen elements

Set Default Internet Access Policy

Go to System → HTTP Proxy → Default Policy to specify default internet access policy when

Cyberoam is being used as HTTP Proxy

Cyberoam User Guide

Manage Servers

Use Services tab to Start/Stop and Enable/Disable Autostart various configured servers. According to the

requirement, one can Start, Stop, Enable or Disable the services.

Types of the servers available:

1. DHCP

2. Domain Name Server

3. Antivirus server

4. Antispam server

5. Cyberoam server

6. Proxy servers – HTTP, SMTP, POP3, IMAP, FTP

Select System → Manage Services

Screen - Manage Services

Screen Elements

Service name

Status

Commands

Description

Name of the server

Status of the respective server

Running – if server is on

Stopped – if server is off

Starts or stops the respective servers

Enables or disables Autostart

Action table

Button

Start

Stop

Enable Autostart

Disable Autostart

Restart

Shutdown

Refer to Action table for details

Table - Manage Control Service screen elements

Usage

Starts the Server whose status is ‘Stopped’

Stops the server whose status is ‘Started’

Automatically starts the configured server with the startup of Cyberoam

Disables the Autostart process

Restarts Cyberoam

All the servers with ‘Enable Autostart’ will restart

Shuts down Cyberoam server and all the servers will be stopped

Table - Manage Control Service – Action

193

Cyberoam User Guide

Monitoring Bandwidth Usage

Bandwidth is the amount of data passing through a media over a period. In other words, it is the amount

of data accessed by the Users. Each time the data is accessed – uploaded or downloaded, the amount is

added to the total bandwidth. Because of the limited resource, it needs periodic monitoring.

Bandwidth usage graphical report allows Administrator to monitor the amount of data uploaded or

downloaded by the Users. Administrator can use this information to help determine:

• Whether to increase or decrease the bandwidth limit?

• Whether all the gateways are utilized optimally?

• Which gateway is underutilized?

• What type of traffic is consuming the majority of the Bandwidth?

• Which inbound/ outbound traffic has consumed the most Bandwidth in the last week/month?

Select System → View Bandwidth usage

Screen – View Bandwidth Usage

Screen Elements

Bandwidth report

Graph type

Description

Generates graph

Select any one

Gateway wise – Displays list of Gateways defined, click the Gateway

whose data transfer report is to be generated

Logon Pool wise – Displays list of Logon Pools defined, click the Logon

Pool whose data transfer report is to be generated

Total – Generates total (all gateways and Logon Pools) data transfer

report. Also generates Live user report

Graph period

Gatewaywise breakup - Generates total (all gateways) data transfer report.

Generates graph based on time interval selected

Click Graph period to select

Table - Bandwidth usage screen elements

194

195

Cyberoam User Guide

It generates eight types of graphical reports:

1. Live users - Graph shows time and live users connected to Internet. In addition, shows minimum,

maximum and average no. of users connected during the selected graph period. This will help in

knowing the peak hour of the day.

X axis – Hours

Y axis – No. of users

Peak hour – Maximum no. of live users

Screen - Bandwidth usage - Live Users graph

2. Total data transfer – Graph shows total data transfer (upload + download) during the day. In

addition, shows minimum, maximum and average data transfer.

X axis – Hours

Y-axis – Total data transfer (upload + download) in KB/Second

Maximum

data transfer

Minimum

data

Screen - Bandwidth usage - Total Data transfer graph

196

Cyberoam User Guide

3. Composite data transfer – Combined graph of Upload & Download data transfer. Colors

differentiate upload & download data traffic. In addition, shows the minimum, maximum and

average data transfer for upload & download individually

X axis – Hours

Y-axis – Upload + Download in Bits/Second

Orange Color - Upload traffic

Blue Color – Download traffic

Screen - Bandwidth usage - Composite Data transfer graph

4. Download data transfer – Graph shows only download traffic during the day. In addition, shows

the minimum, maximum and average download data transfer.

X axis – Hours

Y-axis – Download data transfer in Bits/Second

Screen - Bandwidth usage - Download Data transfer graph

197

Cyberoam User Guide

5. Upload data transfer - Graph shows only upload traffic during the day. In addition, shows

minimum, maximum and average upload data transfer.

X axis – Hours

Y-axis – Upload data transfer in Bits/Second

Screen - Bandwidth usage - Upload Data transfer graph

6. Integrated total data transfer for all Gateways – Combined graph of total (Upload + Download)

data transfer for all the gateways. Colors differentiate gateways. In addition, shows the minimum,

maximum and average data transfer of individual gateway

X axis – Hours

Y-axis – Total (Upload + Download) data transfer in Bits/Second

Orange Color – Gateway1

Blue Color – Gateway2

198

Cyberoam User Guide

7. Integrated Download data transfer of all Gateways – Graph shows only the download traffic of all

the gateways during the day. In addition, shows the minimum, maximum and average download

data transfer.

X axis – Hours

Y-axis – Download data transfer in Bits/Second



8. Integrated Upload data transfer for all the Gateways - Graph shows only the upload traffic of all

the gateways during the day. In addition, shows minimum, maximum and average upload data

transfer.

X axis – Hours

Y-axis – Upload data transfer in Bits/Second



199

Cyberoam User Guide

Migrate Users

Cyberoam provides a facility to migrate the existing users from PDC or LDAP server. Alternately, you can

also import user definition from an external file (CSV format file).

If you do not want to migrate users, configure for Automatic User creation. This reduces Administrator’s

burden of creating the same users again in Cyberoam.

Migration from PDC server

All the migrated users will be created under Group type – ‘Normal’ and default policies will be applied.

Administrator can change the assigned group or status at the time of migration or later.

After migration, Username will be set as password in Cyberoam.

Select User Migrate Users to open migration page

Step 1: Click Download User Migration Utility link

Screen - Download User Migration Utility

Step 2: Opens the File Download window and prompts to run or save the utility. Select the appropriate

option and click OK button

Screen - Save User Migration Utility

Step 3: Opens a new browser window and prompts for the login. Provide the administrator username and

200

Cyberoam User Guide

password. E.g. Username: “cyberoam” and password: “cyber”

Step 4: On successful authentication, following screen will be shown. Upload the specified file.

Screen – Upload downloaded User Migration Utility

Step 5: Change the group or status of the user at this stage, if required. To migrate all the users, click

Select All or select the individual users and click Migrate Users.

Note

After migration, for Cyberoam login password will be same as the username

Once the users are migrated, configure for single sign on login utility.The configuration is required to be

done on the Cyberoam server.

Migration from External file

Instead of creating user again in Cyberoam, if you already have User details in a CSV file then you can

upload CSV file.

CSV file should be in the following format:

1. Header (first) row should contain field names. Format of header row:

Compulsory first field: username

Optional fields in any order: password, name, groupname

2. Subsequent rows should contain values corresponding to the each field in header row

3. Number of fields in each row should be same as in the header row

4. Error will be displayed if data is not provided for any field specified in the header

5. Blank rows will be ignored

6. If password field is not included in the header row then it will set same as username

7. If name field is not included in the header row then it will set same as username

8. If groupname is not included in the header row, administrator will be able to configure group at the

time of migration

Step 1 Upload CSV file

Select System Migrate User to open migration page

201

Cyberoam User Guide

Screen – Upload CVS file

Step 2 Change Group or Active status of user at this stage, if required. To migrate all the users, click

Select All or select the individual users and click Migrate Users.

Screen - Register migrated users from External file

If migration is successful, Manage Active User page will be displayed with all the migrated users as

Active users.

202

Cyberoam User Guide

Customization

Schedule

PART

3

Schedule defines a time schedule for applying firewall rule or Internet Access policy i.e. used to control

when firewall rules or Internet Access policies are active or inactive.

Types of Schedules:

• Recurring – use to create policies that are effective only at specified times of the day or on

specified days of the week.

• One-time - use to create firewall rules/policies that are effective once for the period of time specified

in the schedule.

Define Schedule

Select Firewall Schedule Define Schedule to open define schedule page

Screen - Define One Time Schedule

Cyberoam User Guide

Screen Elements

Schedule details

Name

Schedule Type

Start time & Stop

time (only if

Schedule Type is

‘One Time’)

Description

Create button

Description

Specify schedule name. Choose a name that best describes schedule

Specify type of schedule

Recurring – applied at specified times of the day or on specified days

of the week

One time – applied only once for the period of time specified in the

schedule

Defines start and stop time for the schedule

Start & stop time cannot be same

Specify full description of schedule

Creates schedule

Add Schedule Entry details

Refer to Add Schedule Entry details to add time details

Table - Define Schedule screen elements

Select Firewall Schedule Manage Schedule to view the list of schedule and click the

Schedule name in which the schedule entry details is to be added.

203

Cyberoam User Guide

Screen – Add Schedule Entry details

Screen Elements

Schedule Entry

Weekday

Start time & Stop time

Description

Select weekday

Defines the access hours/duration

Start & stop time cannot be same

Add Schedule detail Attaches the schedule details for the selected

button

weekday to the schedule

Cancel button


Table – Add Schedule Entry details screen elements

204

Cyberoam User Guide

Manage Schedule

Use to modify:

1. Schedule Name

2. Description

3. Add Schedule Entry details

4. Delete Schedule Entry details

Select Firewall Schedule Manage Schedule and click Schedule name to be updated

Screen - Manage Schedule

Screen Elements

Schedule details

Schedule name

Schedule description

Schedule Entry

Add button

Delete button

Description

Displays schedule name, modify if required

Displays schedule description, modify if required

Allows to add the schedule entry details

Refer to ‘Add Schedule Entry details’ for more details

Allows to delete the schedule entry details

Save button

Cancel button

Refer to ‘Delete Schedule Entry details’ for more details

Saves schedule

Cancels the current operation and returns to Manage

Schedule page

Table - Manage Schedule screen elements

205

Cyberoam User Guide

Delete Schedule Entry details

Screen – Delete Schedule Entry details

Screen Elements

Del

Description

Select Schedule Entry detail to be deleted

Click Del to select Schedule Entry details

Select All

More than one Schedule Entry details can also be

selected

Selects all the Schedule Entry details

Click Select All to select all the Schedule Entry details

Delete button Deletes the selected Schedule Entry detail(s)

Table - Delete Schedule Entry details screen elements

206

Cyberoam User Guide

Delete Schedule

Select Firewall Schedule Manage Schedule to view the list of Schedules

Screen - Delete Schedule

Screen Elements

Del

Description

Select schedule to be deleted

Click Del to select schedule

Select All

Delete button

More than one schedule can also be selected

Selects all the schedules

Click Select All to select all the schedules

Deletes the selected schedule(s)

Table - Delete Schedule screen elements

207

Cyberoam User Guide

Services

Services represent types of Internet data transmitted via particular protocols or applications.

Protect your network by configuring firewall rules to

• block services for specific zone



Cyberoam provides several standard services and allows creating:

• Customized service definitions

• Firewall rule for customized service definitions

Define Custom Service

Select Firewall Services Create to open the create page

Screen - Define Custom Service

Screen Elements

Create Service

Service Name

Select Protocol

Description

Specify service name

Select the type of protocol

Description

Create button

Cancel button

For IP - Select Protocol No.

For TCP - Specify Source and Destination port

For UDP - Specify Source and Destination port

For ICMP – Select ICMP Type and Code

Specify service description

Creates a new service

Cancels the current operation and returns Manage Service

Table – Define Custom Service screen elements

208

Cyberoam User Guide

Manage Custom Service

Use to modify:

1. Description

2. Add Protocol details

3. Delete Protocol details

Select Firewall Services Manage to view the list of custom services. Click service to be

modified

Screen - Update Custom Service

Screen Elements

Custom Service

Service Name

Description

Protocol Details

Add button

Description

Displays service name


Allows to add protocol details

Click to add

Delete button

Save button

Cancel button

Select protocol

For IP - Select Protocol No.

For TCP - Specify Source and Destination port

For UDP - Specify Source and Destination port

For ICMP – Select ICMP Type and Code

Click Add

Allows to delete protocol details

Click to delete against the protocol details to be deleted

Click Delete

Updates the modified details


Table - Update Custom Service screen elements

209

Cyberoam User Guide

Delete Custom Service

Select Firewall services Manage to view the list of services.

Screen - Delete Custom Service

Screen Elements

Del

Description

Select the Service for deletion

More than one services can be selected

Select All

Delete button

Click to select

Allows to select all the services for deletion

Click to select

Deletes all the selected service(s)

Click to delete

Table - Delete Custom Service screen elements

Note

Default Services cannot be deleted

210

Cyberoam User Guide

Create Service Group

Service Group is the grouping of services. Custom and default services can be grouped in a single group.

Use to configure firewall rules to

• block group of services for specific zone

• limit some or all users from accessing group of services

• allow only specific user to communicate using group of service

Select Firewall Service Group Create to open the create page

Screen – Create Service Group screen

Screen Elements

Create Service Group

Service Group Name

Select Service

Description

Specify service group name

Select the services to be grouped.

‘Available Services’ column displays the services that can

be grouped

Using right arrow button move all the services that are to

be grouped in the ‘Member Services’ list

Description

Create button

Cancel button

‘Member Services’ column displays the services that will

be grouped

Specify group description

Creates a new service group

Cancels the current operation and returns Manage

Service Group page

Table – Create Service Group screen elements

211

Cyberoam User Guide

Update Service Group

Select Firewall Service Group Manage to view the list of groups created. Click the group to

be modified

Screen – Edit Service Group

Screen Elements

Edit Service Group

Service Group Name

Select Service

Description

Displays service group name

Displays grouped services

‘Available Services’ column displays the services that can

be grouped

Using right arrow button move all the services that are to

be grouped in the ‘Member Services’ list

Description

Save button

Cancel button

‘Member Services’ column displays the services that will

be grouped

Displays group description, modify if required


Cancels the current operation and returns Manage

Service Group page

Table – Edit Service Group screen elements

212

Cyberoam User Guide

Delete Service Group

Select Firewall Service Group Manage to view the list of groups created.

Screen – Delete Service Group

Screen Elements

Del

Description

Select the group for deletion

More than one groups can be selected

Select All

Delete button

Click to select

Allows to select all the groups for deletion

Click to select

Deletes all the selected group(s)

Click to delete

Table – Delete Service Group

213

214

Cyberoam User Guide

Categories

Cyberoam’s content filtering capabilities prevent Internet users from accessing non-productive or

objectionable websites that take valuable system resources from your network at the same time prevents

hackers and viruses that can gain access to your network through their Internet connections.

Cyberoam lets you prevent Internet users from accessing URLs that contain content the company finds

objectionable. Cyberoam’s Categories Database contains categories covering Web page subject matter

as diverse as adult material, astrology, games, job search, and weapons. It is organized into general

categories, many of which contain collections of related Internet sites with specific content focus. In other

words, database is a collection of site/host names that are assigned a category based on the major

theme or content of the site.

Categories Database consists of three types:

Web category – Grouping of Domains and Keywords. Default web categories are available for use only if

‘Web and Application Filter’ subscription module is registered.

File Type category – Grouping of File extensions

Application protocol – Grouping of protocols. Standard protocol definitions are available for use only if

‘Web and Application Filter’ subscription module is registered.

Apart from the default categories provided by Cyberoam, custom category can also be created if

required. Creating custom category gives increased flexibility in managing Internet access for your

organization. After creating a new category, it must be added to a policy so that Cyberoam knows when

to enforce it and for which groups/users.

215

Cyberoam User Guide

Web Category

Web category is the grouping of Domains and Keywords used for Internet site filtering. Domains and any

URL containing the keywords defined in the Web category will be blocked.

Each category is grouped according to the type of sites. Categories are grouped into four types and

specifies whether accessing sited specified those categories is considered as productive or not:

• Neutral

• Productive

• Non-working

• Un-healthy

For your convenience, Cyberoam provides a database of default Web categories. You can use these or

even create new web categories to suit your needs. To use the default web categories, the subscription

module Web and Application Filter should be registered.

Depending on the organization requirement, allow or deny access to the categories with the help of

policies by groups, individual user, time of day, and many other criteria.

Custom web category is given priority over default category while allowing/restricting the access.

Search URL

Use Search URL to search whether the URL is categorized or not. It searches the specified URL and

displays Category name under which the URL is categorized and category description.

When a custom category is created with a domain/URL which is already categorized in default category

then the custom category overrides the default category and the search result displays custom category

name and not the default category name.

Select Categories Web Category Search URL

Screen – Search URL

216

Cyberoam User Guide

Manage Default Web Category

Default Web categories are available for use only if ‘Web and Application Filter’ subscription module is

registered. Database of web categories is constantly updated by Cyberoam.

If the module is not registered, page is displayed with the message ‘Web and Application Filter module is

not registered’. See Register Add on Modules for registering Web and Application Filter module. Module

can also be registered as ‘Demo’ version if you have yet not purchased but will expire after 15 days of

registration.

Once the module is registered, the default categories can be used in Internet Access for filtering.

Select Categories Web Category Manage Default to view list of default Web Categories

Screen - Manage Default Web Category

Note

Default Web categories cannot be modified or deleted.

Custom web category is given the priority over the default category while allowing/restricting access.

Cyberoam User Guide

Create Custom Web category

Select Categories Web Category Create Custom to open create page

Screen - Create Custom Web Category

Screen Elements

Description

Create Custom Web Category

Name

Specify Web category name

Description Specify full description

Category type Categories are grouped into four types and specifies whether

accessing sites specified in those categories is considered as Neutral,

Productive, Non-working or Un-healthy

Select category type

217

Cyberoam User Guide

Create button Creates a new custom Web Category. Web Category configuration is

incomplete until domain names or keywords are attached

Domain Management

Add button Use to define domains for the web category. Depending on the user’s

Internet access policy, accessing specified domain(s) will be allowed

or denied.

Click to add

Refer to Add Domain(s) for more details

Keywords Management

Add button Use to define keywords for the web category. Depending on the user’s

Internet access policy, accessing sites with the specified keyword(s)

will be allowed or denied.

Click to add

Update button

Cancel button

Refer to Add Keyword(s) for details

Saves the web category

Cancels the current operation and returns to View Web Category page

Table - Create Web Category screen elements

Note

Custom category name cannot be same as default category name.

Add Domain

Screen - Add Domain

Screen Elements

Description

Domains Management

Domains

Specify domains for the category. Depending upon the Internet

access policy and schedule strategy any site falling under the

specified domain will be allowed or blocked access.

Add Domain button Assigns domains to the web category


Table - Add Domain screen elements

218

Cyberoam User Guide

Note

Domains can be added at the time of creation of web category or whenever required.

Add Keyword

Screen - Add keyword

Screen Elements

Description

Keywords Management

Keywords

Specify domains for the category. Depending on the Internet

access policy and schedule strategy any site falling under the

specified domain will be allowed or blocked access

Add button

Assigns keywords to the Web Category


Table - Add keyword screen elements

Note

Keywords can be added at the time of creation of web category or whenever required.

219

Cyberoam User Guide

Manage Custom Web Category

Use to modify:

1. Description

2. Add Domains

3. Delete Domains

4. Add Keywords

5. Delete Keywords

Select Categories Web Category Manage Custom to view the list of Web categories and

click Web Category to be modified

Screen - Manage Custom Web category

Screen Elements

Description

Update Custom Web Category

Name

Displays name of the web category, modify if required

Description

Displays description of the Category

Category type Categories are grouped into four types and specifies whether accessing

sites specified in those categories is considered as Neutral, Productive,

Non-working or Un-healthy

Select category type

Domain Management

Add button

Allows to add domain name(s) to the web category

Click to add

Delete button

Refer to Add Domains for details

Allows to remove domain name(s) from the web category

Click to remove

Refer to Delete Domains for details

220

Cyberoam User Guide

Keywords Management

Add button

Allows to add keyword(s) to the web category

Click to add

Delete button

Refer to Add Keywords for details

Allows to remove keywords from the web category

Click to remove

Update button

Cancel button

Refer to Delete Keywords for details

Modifies and saves the updated details

Click to Update

Cancels the current operation and returns to the Manage Custom Web

Category page

Table - Update Custom Web category screen elements

Delete Domain

Screen – Delete Domain

Screen Elements

Select

Select All button

Delete button

Description

Click all the domains required to be removed

Allows to select all the domains for deletion

Click Select All to select all domains

Remove(s) domains from the web category

Click to remove

Table – Delete Domain screen elements

221

Cyberoam User Guide

Delete Keyword

Screen - Delete keyword

Screen Elements

Select

Select All button

Delete button

Description

Click all the keywords required to be removed

Allows to select all the keywords for deletion

Click Select All to select all keywords

Remove(s) keywords from the web category

Click to remove

Table - Delete keywords screen elements

222

Cyberoam User Guide

Delete Web Category

Prerequisite

• Not attached to any Policy

Select Categories Web Category Manage Custom to view the list of Web Categories.

Screen - Delete Custom Web Category

Screen Elements

Del

Description

Select web category to be deleted

More than one web category can be selected

Select All

Delete button

Click to select

Allows to select all the web categories for deletion

Click to select

Deletes all the selected web categories

Click to delete

Table - Delete Custom Web Category screen elements

223

224

Cyberoam User Guide

File Type Category

File type is a grouping of file extensions. Cyberoam allows filtering Internet content based on file

extension. For example, you can restrict access to particular types of files from sites within an otherwisepermitted

category.

For your convenience, Cyberoam provides several default File Types categories. You can use these or

even create new categories to suit your needs.

Depending on the organization requirement, allow or deny access to the categories with the help of

policies by groups, individual user, time of day, and many other criteria.

Manage Default File Type Category

Cyberoam provides five default File Type categories that cannot be modified or deleted.

Select Categories File Type Category Manage Default to view the list of default File

Type Categories. Click the Category to view extensions included in the Category.

Screen – Manage Custom File Type Category

Cyberoam User Guide

Create Custom File Type Category

Select Categories File Type Category Create Custom to open the create page

Screen - Create Custom File Type Category

Screen Elements

Description

Custom File Type details

Name

Assign name to File Type Category

File Extensions Specify file extensions to be included in the File Type

Category

Extensions defined here will be blocked or filtered


Create button Creates a new File Type Category

Cancel button Cancels the current operation and returns to Manage

Custom File Type Category page

Table - Create Custom File Type screen elements

225

Cyberoam User Guide

Manage Custom File Type Category

Use to modify:

1. File Extensions

2. Description

Select Categories File Type Category Manage Custom to view the list of File Type

Categories and click File Type Category to be modified.

Screen - Manage Custom File Type Category

Screen Elements

Description

Update Custom File Type Category

Name

Displays name of the File Type Category, modify if necessary

File Extensions Displays file extension(s) added to the Category, modify if

required

Description

Displays description of Category

Update button Modifies and saves the updated details

Cancel button

Click to Update

Cancels the current operation and returns to the Manage Custom

File Type Category page

Screen - Manage Custom File Type Category

226

Cyberoam User Guide

Delete Custom File Type Category

Prerequisite


Select Categories File Type Category Manage Custom to view the list of File Type

Categories created

Screen - Delete Custom File Type Category

Screen Elements

Del

Select All button

Delete button

Description

Click all the File Types required to be deleted

Allows to select all the File Types for deletion

Click Select All to select all File Types

Delete(s) the File Type Category

Click to delete

Table - Delete Custom File Type screen elements

227

228

Cyberoam User Guide

Application Protocol Category

Application Protocol Category is the grouping of Application Protocols used for filtering Internet content.

You can also filter Internet requests based on protocols or applications other than HTTP, HTTPS or FTP,

for example those used for instant messaging, file sharing, file transfer, mail, and various other network

operations.

For your convenience, Cyberoam provides a database of default Application Protocol categories. To use

the default Application Protocol categories, the subscription module ‘Web and Application Filter’ should

be registered.

You can also create:

• Customized Application protocol category, if required

• Firewall rule based on customized Application protocol category

Manage Default Application Protocol Category

Default Application protocol categories are available for use only if ‘Web and Application Filter’

subscription module is registered. Database of protocol category is constantly updated by Cyberoam.

If the module is not registered, page is displayed with the message ‘Web and Application Filter’ module is

not registered.

See Register Add on Modules for registering Web and Application Filter module. Module can also be

registered as ‘Demo’ version if you have yet not purchased but will expire after 15 days of registeration.

Once the module is registered, the default protocol categories can be used in Internet Access for filtering.

Default Application protocol category cannot be modified or deleted.

Select Categories Application Protocol Category Manage Default to view the list of

default Application protocols Categories

Screen - Manage Default Application Protocol Category

Cyberoam User Guide

Create Custom Application Protocol Category

Select Categories Application Protocol Category Create Custom to open the create

page

Screen - Create Custom Application Protocol Category

Screen Elements

Description

Custom Application Protocol Category

Name

Specify name to Application Protocol Category


Create button Creates a new custom Application Protocol Category

Application Protocol details

Add button

Use to assign application protocols to Category for blocking.

Select application protocol you want to include in a Category.

Cyberoam gives access to the Category based on the

Schedule.

229

230

Cyberoam User Guide

Allows to add application protocol(s) to Category

Click to add

Refer to Add Custom Application Protocol details for more

details

Update button Saves Application Protocol Category

Cancel button Cancels the current operation and returns to View Custom

Application Protocol Category page

Table – Create Custom Application Category screen elements

Note

Custom category name cannot be same as default category name.

Add Custom Application Protocol Details

Screen – Add Custom Application Protocol Category details

Screen Elements

Description

Custom Application Protocol details

Application

Select Application Protocols that are to be grouped in the

Category.

Destination

Address

Add button

Cancel button

IP

Custom and Default both can be grouped in a single

Application Protocol Category

Specify destination IP Address

Groups the application protocols in the Category


Table – Add Custom Application Protocol Category details

Cyberoam User Guide

Manage Custom Application Protocol Category

Use to modify:

1. Description

2. Add Application Protocol details

3. Delete Application Protocol details

Select Categories Application Protocol Category Manage Custom to view the list of

custom Application Protocol Categories. Click Application Protocol Category to be modified.

Screen – Manage Custom Application Protocol Category

Screen Elements

Description

Update Custom Application Protocol Category

Name

Displays name of Application Protocol Category, modify if necessary

Description

Displays description of the Category

Application Protocol Details

Add button

Allows to add Application Protocol(s) to Category

Click to add

Delete button

Refer to Add Custom Application Protocols for details

Allows to remove Application Protocol(s) from Category

Click to remove

Update button

Refer to Delete Custom Application Protocol for details

Modifies and saves the updated details

Click to Update

Cancel button Cancels the current operation and returns to the Manage Custom

Application Protocol Category page

Table – Manage Custom Application Protocol Category screen elements

231

Cyberoam User Guide

Delete Custom Application Protocol Category details

Screen – Delete Application Protocol Category details

Screen Elements

Del

Select All button

Delete button

Description

Click Application Protocol(s) required to be

deleted

Allows to select all Application Protocol(s) for

deletion

Click Select All to select all Application

Protocol(s)

Delete(s) Application Protocol(s)

Click to delete

Table – Delete Application Protocol Category screen elements

232

Cyberoam User Guide

Delete Custom Application Protocol Category

Prerequisite


Select Categories Application Protocol Category Manage Custom to view the list of

Application Protocol Categories created

Screen - Delete Custom Application Protocol Category

Screen Elements

Del

Description

Select Category to be deleted

More than one Category can be selected

Select All

Delete button

Click to select

Allows to select all the Categories for deletion

Click to select

Deletes all the selected Categories

Click to delete

Table - Delete Custom Application Protocol Category screen elements

233

234

Cyberoam User Guide

Access Control

Use Local ACLs to limit the Administrative access to the following Cyberoam services from

LAN/WAN/DMZ:

• Admin Services

• Authentication Services

• Proxy Services

• Network Services

Default Access Control configuration

When Cyberoam is connected and powered up for the first time, it will have a default Access

configuration as specified below:

Admin Services

HTTPS (TCP port 443) and SSH (TCP port 22) services will be open for administrative functions

for LAN zone

Authentication Services

Cyberoam (UDP port 6060) and HTTP Authentication (TCP port 8090) will be open for User

Authentication Services for LAN zone. User Authentication Services are not required for any of

the Administrative functions but required to apply user based internet surfing, bandwidth and

data transfer restrictions.

Customize Access Control configuration

Use access control to limit the access to Cyberoam for administrative purposes from the specific

authenticated/trusted networks only. You can also limit access to administrative services within the

specific authenticated/trusted network.

Select Firewall Local ACL

Screen – Access Configuration

Screen Elements

Description

Cyberoam User Guide

Admin Services

Enable/disable access to Cyberoam using following service from the specified zone and

network:

• HTTP

• HTTPS

• Telnet

Authentication Services

Enable/disable following service from the specified zone and network:

• Cyberoam

• HTTP

Proxy Services

Enable/disable HTTP service from the specified zone and network

Network Services

Enable/disable following service from the specified zone and network:

• DNS

• ICMP

Update button

Add button

Saves configuration

Allows to add the trusted networks from which the above

specified services will be allowed/disallowed

Click Add to add network details

Specify Network IP address and Zone

Click Add

Table – Access Configuration screen elements

235

236

Cyberoam User Guide

Product Licensing & Updates

Product Version information

Check which version of the Cyberoam is installed on your computer, and determine the appliance key.

Click Cyberoam icon (on the rightmost corner of the screen) to get the information.

Screen – About Cyberoam

237

Cyberoam User Guide

Upgrade Cyberoam

Cyberoam provides two types of upgrades:

• Automatic – Correction to any critical software errors, performance improvement or changes in

system behavior leads to automatic upgrade of Cyberoam without manual intervention or

notification.

• Manual – Manual upgrades requires human intervention.

Automatic Upgrade

By default, AutoUpgrade mode is ON. It is possible to disable the automatic upgrades. Follow the

procedure to disable the AutoUpgrade mode:


2. Go to option 4 Cyberoam Console

3. At the prompt, type the command, cyberoam autoupgrade off

Manual Upgrade

Step 1. Check for Upgrades

Press F10 to go to Dashboard from any of the screens.

Under the Installation Information section, click Check for Upgrades

238

Cyberoam User Guide

Page displays the list of available upgrades and the upgrade details like release date and size. Order

specifies the sequence in which Cyberoam should be upgraded.

Step 2. Download Upgrade

Click Download against the version to be downloaded and follow the on screen instructions to save the

upgrade file.

Step 3. Upload downloaded version to Cyberoam

Select Help Upload Upgrade

Type the file name with full path or select using ‘Browse’ and click Upload

239

Cyberoam User Guide

Screen - Upload Upgrade version

Step 4. Upgrade

Once the upgrade file is uploaded successfully, log on to Console to upgrade the version.

Log on to Cyberoam Telnet Console.

Type ‘6’ to upgrade from the Main menu and follow the on-screen instructions.

Successful message will displayed if upgraded successfully.

Repeat above steps if more than one upgrade is available. If more than one upgrade is available, please

upgrade in the same sequence as displayed on the Available Upgrades page.

240

Cyberoam User Guide

Licensing

You need a customer account to

• register your Cyberoam appliance

• avail 8 X 5 support

• register subscription modules

• subscribe for free 30-days Trial subscription

Select Help Licensing to view the list of subscription modules. Screen shows licensing status of

Appliances and subscription modules along with the subscription expiry date if subscribed.

Screen – Licensing

Status - ‘Registered’ – Appliance registered

Status - ‘Unregistered’ – Appliance not registered

Status - ‘Subscribed’ - Module subscribed

Status - ‘Unsubscribed’ - Module not subscribed

Status - ‘Trial’ - Trial subscription

Status - ‘Expired’ - Subscription expired

241

Cyberoam User Guide

Create Customer account and register appliance

Select Help Licensing and click Register against your appliance name.

You need to create a customer account to register appliance. If you have already created an account,

type your username and password to register appliance and click register

Cyberoam User Guide

If you have not created account, fill in the form to create your customer account and register appliance.

Screen – Registration

Screen Elements

Description

Appliance Registration form

Appliance key

Displays Appliance key

Appliance Model No. Displays Appliance model number

Email ID

Specify email ID

Password

Company name

Contact person

Address, City, State,

Country, Zip, Phone,

Fax

Account will be created with this id and will be username for

customer my account.

Specify password for your account and retype to confirm.

Remember to choose a password that is easy for you to remember

but hard for others to guess.

Specify company name under whose name appliance is to be

registered

Cannot be modified

Specify name of the contact person in the company

Specify complete address of the company

242

243

Cyberoam User Guide

Secret Question and Question and answer related to your password

Answer

This question will be mailed to the customer in case he forgets his

password.

If customer’s reply to the question matches the answer, new

password will be mailed at his email id.

External Proxy Server Information

Configure for proxy server if HTTP Proxy Server is used to connect to Web

Proxy Server

Specify HTTP proxy server setting (name or IP address) to

connect to Cyberoam registration server

Proxy Port

Specify port number if proxy server is running on the port than

other than the default port (80)

Username and Specify username and password to be used to log on to proxy

Password

server (if configured)

Register button

This process will create user account and register the appliance

Table - Registration screen elements

Subscribe Modules

Cyberoam includes following Subscription modules, which are not included in basic package:

• Intrusion Detection and Prevention

• Gateway Anti Virus

• Gateway Anti Spam

• Web and Application Filter

Customer has to procure a different license and subscribe for using any of the Subscription modules. You

can also subscribe for the 30-days free Trial subscription of any of the modules.

Prerequisite

• Account created

• Appliance registered

Select Help Licensing and click Subscribe against the module to be subscribed.

244

Cyberoam User Guide

Screen – Subscribe Module

Screen – Subscribe Trial Module

Screen Elements

Description

Subscribe

Appliance key

Displays Appliance key

Appliance Model No. Displays Appliance model number

Module

Displays module name to be subscribed

Registered Email ID and Specify email ID and password of your registered account

Password

Subscription Key Specify subscription key of the module obtained from Sales person

(Only if you have

purchased the module)

External Proxy Server Information

Configure for proxy server if HTTP Proxy Server is used to connect to Web

Proxy Server

Specify HTTP proxy server setting (name or IP address) to

connect to Cyberoam registration server

Proxy Port

Specify port number if proxy server is running on the port than

other than the default port (80)

Username and Specify username and password to be used to log on to proxy

Password

server (if configured)

Subscribe/Trial button Registers the specified module

Table – Subscribe Module

245

Cyberoam User Guide

Download

Clients

Cyberoam Client supports Users using following platforms:

Windows Enables Users using Windows Operating System to log-on to Cyberoam Server

Linux Enables Users using Linux Operating System to log-on to Cyberoam server

HTTP Enables Users using any other Operating System than Windows & Linux to log-on to Cyberoam

Server

Single Sign on Client Enables Windows-migrated Users to log on to Cyberoam using Windows

Username and password.

Single Sign on Client Auto Setup Download the setup.

Depending on the requirement, download the Cyberoam Client.

Select Help Downloads to download Cyberoam Client

Screen – Download Clients

246

Cyberoam User Guide

Documentation

Select Help Guides to download various guides

Screen – Download Cyberoam Guides

247

Cyberoam User Guide

Appendix A – Audit Log

Audit logs are an important part of any secure system that provides an invaluable view into the current

and past state of almost any type of complex system, and they need to be carefully designed in order to

give a faithful representation of system activity.

Cyberoam Audit log can identify what action was taken by whom and when. The existence of such logs

can be used to enforce correct user behavior, by holding users accountable for their actions as recorded

in the audit log.

An audit log is the simplest, yet also one of the most effective forms of tracking temporal information. The

idea is that any time something significant happens you write some record indicating what happened and

when it happened.

Audit logs can be accessed in two ways:

1. Log on to Cyberoam Web Admin Console and click Reports to open the reports page in a new

window

Screen - Reports

2. Log on to Reports, click on the Reports link to open the reports login page in a new window

Screen – Reports Login

248

Cyberoam User Guide

Viewing Log details

Tailor the report by setting filters on data by arbitrary date range. Use the Calendar to select the date

range of the report.

Screen – Audit Log report

Screen – Sample Audit Log Report

249

Cyberoam User Guide

Audit Log Components

Entity – Cyberoam Component through which the event was generated/Audit Resource Type

Entity Name – Unique Identifier of Entity

Action – Operation requested by entity/Audit Action

Action By – User who initiated the action/Accessor name

Action Status – Action result/Audit Outcome

Entity Entity Name Action Action By

Action

Status

Message

IP

Address

Report GUI Login <username> Successful - <IP

address>

Report GUI Login <username> Failed Wrong

username

password

Management

GUI

Management

GUI

Management

GUI

Configuration

Wizard

Configuration

Wizard

or

<IP

address>

Login <username> Successful - <IP

address>

Login <username> Failed User not found <IP

address>

Login <username> Failed User has no

previllege of

Administration

<IP

address>

Started <username> Successful - <IP

address>

Finished <username> Successful - <IP

address>

System Started <username> Successful Cyberoam-

System

Started

SSh authentication <username> Successful User admin,

coming from

192.168.1.241,

authenticated.

SSh authentication <username> Failed Login Attempt

failed from

192.168.1.241

by user root

SSh authentication <username> Failed Password

authentication

failed. Login to

account hello

not allowed or

account nonexistent

<IP

address>

<IP

address>

<IP

address>

<IP

address>

Explanation

Login attempt to

Report GUI by User

<username> was

successful

Login attempt to

Report GUI by User

<username> was not

successful because of

wrong username and

password

Login attempt to

Management GUI by

User <username> was

successful

Login attempt to

Management GUI by

User <username> was

not successful

because system did

not find the User

<username>

Login attempt to

Management GUI by

User <username> was

not successful as user

does not have

administrative

privileges

User <username>’s

request to start

Configuration Wizard

was successful

User <username>’s

request to close

Configuration Wizard

was successful

Cyberoam was

successfully started by

the User <username>

<username> trying to

log on from <ip

address> using SSH

client was successfully

authenticated

Authentication of


log on from <ip

address> using SSH

client was not

successful

Log on to account

<username> using

SSH client was not

successful

telnet authentication <username> Successful Login <IP Remote Login attempt

250

Cyberoam User Guide

telnet authentication <username> Failed Authentication

Failure

console authentication <username> Successful Login

Successful

console authentication <username> Successful Login

Successful

console authentication <username> Failed Authentication

Failure

Successful address> through Telnet by User

<username> was

successful

<IP

address>

Authentication of


log on remotely

through Telnet was

not successful

ttyS0 Login attempt to

Console using

Console Interface via

remote login utility by

User <username> was

successful

tty1 Login attempt to

Console via direct

Console connection by

User <username> was

successful

<IP

address>

Firewall Started System Successful - <IP

address>

Firewall Rule

Firewall Rule

Firewall Rule

Firewall Rule

<firewall rule

id>

e.g. 7

<firewall rule

id>

e.g. 6

<firewall rule

id>

e.g. 21

<firewall rule

id>

e.g. 10

Create <username> Successful - <IP

address>

Update <username> Successful - <IP

address>

Update System Successful - <IP

address>

Delete System Successful - <IP

address>

Host N/A Delete <username> Failed - <IP

address>

Host

<host name>

e.g.

192.168.1.68,

#Port D

Host

<host name>

e.g.

192.168.1.66,

#Port D

HostGroup <host group

name>

e.g.

mkt group


name>

e.g.

sys group


name>

e.g.

Trainee

Service

<service

name>

e.g.

vypress chat

Delete <username> Successful - <IP

address>

Insert <username> Successful - <IP

address>


address>


address>


address>


address>

Login attempt to

Console by User

<username> was not

successful

Firewall subsystem

started successfully

without any error

Firewall rule <firewall

rule id> was created

successfully by user

<username>


rule id> was updated


<username>


rule id> was updated


<username>


rule id> was deleted


<username>

Request to delete Host

by user <username>

was not successful

Host <host name>

was

deleted


<username>

Host <host name>

was

added


<username>

Host Group <host

group name>

was deleted


<username>

Host Group <host

group name>

was updated


<username>

Host Group <host

group name>

was updated


<username>

Service <service

name>

was deleted


<username>

251

Cyberoam User Guide

Service

Service

ServiceGroup

ServiceGroup

ServiceGroup

SNAT Policy

SNAT Policy

SNAT Policy

DNAT Policy

DNAT Policy

DNAT Policy

Schedule

Schedule

Schedule

Schedule

Detail

<service

name>

e.g.

vypress chat

<service

name >

e.g.

vypress chat

<service

group name

>

e.g.

Intranet chat

<service

group name

>

e.g.

Intranet chat

<service

group name

>

e.g.

Intranet chat

<policy

name>

<policy

name>

<policy

name>

<policy

name>

<policy

name>

<policy

name>

<schedule

name>

<schedule

name>

<schedule

name>

<schedule

name>


address>


address>


address>


address>


address>


address>


address>


address>


address>


address>


address>


address>


address>


address>


address>

Local ACLs Local ACLs Update <username> Successful - <IP

address>

DoS Bypass DoS Bypass Delete <username> Successful - <IP

address>

Service <service

name>

was updated


<username>

Service <service

name>

was inserted


<username>

Service group

<service group name

>

was inserted


<username>

Service group

<service group name

>

was updated


<username>

Service group

<service group name

>

was deleted

successfully by

SNAT policy <policy

name> was inserted


<username>

SNAT policy <policy

name> was updated


<username>

SNAT policy <policy

name> was deleted


<username>

DNAT policy <policy

name> was inserted


<username>

DNAT policy <policy

name> was updated


<username>

DNAT policy <policy

name> was deleted


<username>

Schedule <schedule

name> was inserted


<username>

Schedule <schedule

name> was updated


<username>

Schedule <schedule

name> was deleted


<username>

Schedule details to

Schedule <schedule

name> was inserted


<username>

Local ACL was

updated successfully

by user <username>

DoS Bypass rule

deleted successfully

252

Cyberoam User Guide

DoS Bypass DoS Bypass Insert <username> Successful - <IP

address>

DoS Settings DoS Settings Update <username> Successful - <IP

address>

Online

Registraion

Upload

Version

Register <username> Successful - <IP

address>

Upload

Version

<username> Successful - <IP

address>

Date Update <username> Successful System time

changed from

2006-06-19

23:15:50 IST

to 2006-07-19

23:15:03 IST

<IP

address>

by <username>

DoS Bypass rule

inserted successfully

by

user <username>

DoS settings updated

successfully by

user <username>

User <username>

successfully registered

Appliance/Subscription

module(s) through

Online Registration

User <username>

successfully uploaded

the version

Request to update the

Date from Console by

User <username> was

successful

Apart from the tabular format, Cyberoam allows to view the log details in:

• Printable format Click

to open a new window and display the report in the printer

friendly format. Report can be printed from File -> Print.

• Export as CSV (Comma Separated Value) Click

to export and save the report in CSV

format. Report can be very easily exported to MS Excel and all the Excel functionalities can be

used to analyze the data.

Cyberoam User Guide

Appendix B – Network Traffic Log Fields

Cyberoam provides extensive logging capabilities for traffic, system and network protection functions.

Detailed log information and reports provide historical as well as current analysis of network activity to

help identify security issues and reduce network misuse and abuse.

Cyberoam provides following logs:

• DoS Attack Log

• Invalid Traffic Log

• Firewall Rule Log

• Local ACL Log

• Dropped ICMP Redirected Packet Log

• Dropped Source Routed Packet Log

By default, only the firewall rule logging will be ON i.e. only traffic allowed/denied by the firewall will be

logged. Refer to Cyberoam Console Guide on how to enable/disable logging.

SR.

No.

DATA FIELDS TYPE DESCRIPTION

1. Date date Date (yyyy-mm-dd) when the event occurred

For the allowed traffic - the date on which connection was

started on Cyberoam

For the dropped traffic - the date when the packet was dropped

by Cyberoam

2. Time time Time (hh:mm:ss) when the event occurred

For the allowed traffic - the tome when the connection was

started on Cyberoam

For the dropped traffic - the time when the packet was dropped

by Cyberoam

3. Device Name String Model Number of the Cyberoam Appliance

4. Device Id String Unique Identifier of the Cyberoam Appliance

5. Log Id string Unique 7 characters code (c1c2c3c4c5c6c7) e.g. 0101011,

0102011

c1c2 represents Log Type e.g. 01

c3c4 represents Log Component e.g. Firewall, local ACL

c5c6 represents Log Sub Type e.g. allow, violation

c7 represents Priority e.g. 1

4. Log Type string Section of the system where event occurred e.g. Traffic for

traffic logging.

Possible values:

01 – Traffic - Entire traffic intended for Cyberoam

5. Log Component string Component responsible for logging

Possible values:

01 - Firewall rule

253

254

Cyberoam User Guide

Event due to any traffic allowed or dropped based on the

firewall rule created

02 - Local ACL

Event due to any traffic allowed or dropped based on the local

ACL configuration or all other traffic intended for the firewall

03 - DoS Attack

Event due to any packets dropped based on the dos attack

settings i.e. Dropped tcp, udp and icmp packets.

04 - Invalid traffic

Event due to any traffic dropped which does not follow the

protocol standards, invalid fragmented traffic and traffic whose

packets Cyberoam is not able to relate to any connection.

Refer to Invalid traffic list for more details.

05 - Invalid Fragmented traffic

Event when any invalid fragmented traffic is dropped. Refer to

Invalid Fragmented traffic list for more details.

06 - ICMP redirect

Event due to any ICMP Redirected packets dropped based on

the DoS attack setting

07 - Source routed packet

Event due to any source routed packets dropped based on the

DoS attack setting

08 – Fragmented traffic

Event when any fragmented traffic is dropped due to Advanced

Firewall settings. Refer to Console Guide Page no. 59 for more

details.

6. Log Sub Type string Decision taken on traffic

Possible values:

01 – Allowed

Traffic permitted to and through Cyberoam based on the

firewall rule settings

02 – Violation

Traffic dropped based on the firewall rule settings, local ACL

settings, DOS settings or due to invalid traffic.

7. Status string Ultimate state of traffic (accept/deny)

8. Priority string Severity level of traffic

Possible values:

01 – Notice

9. Duration integer Durability of traffic

10. Firewall Rule ID integer Firewall rule id of traffic

11. User string User Id

12. User Group string Group Id of user

13. IAP integer Internet Access policy Id applied for traffic

14. In Interface string Interface for incoming traffic e.g. eth0

Blank for outgoing traffic

15. Out Interface string Interface for outgoing traffic e.g. eth1

Blank for incoming traffic

Cyberoam User Guide

16. Source IP string Source IP address of traffic

17. Destination IP string Destination IP address of traffic

18. Protocol integer Protocol number of traffic

19. Source Port integer Source Port of TCP and UDP traffic

20. Destination Port integer Destination Port of TCP and UDP traffic

21. ICMP Type integer ICMP type of ICMP traffic

22. ICMP Code integer ICMP code of ICMP traffic

23. Sent Packets integer Total number of packets sent

24. Received integer Total number of packets received

Packets

25. Sent Bytes integer Total number of bytes sent

26. Received Bytes integer Total number of bytes received

27. Translated

Source IP

integer

Translated Source IP address – if Cyberoam is deployed as

Gateway

28. Translated

Source Port

29. Translated

Destination IP

30. Translated

Destination Port

integer

integer

integer

"N/A" - if Cyberoam is deployed as Bridge

Translated Source port – if Cyberoam is deployed as Gateway


Translated Destination IP address – if Cyberoam is deployed

as Gateway


Translated Destination port – if Cyberoam is deployed as

Gateway


Invalid traffic

Cyberoam will define following traffic as Invalid traffic:

• Short IP Packet

• IP Packets with bad IP checksum

• IP Packets with invalid header and/or data length

• Truncated/malformed IP packet

• Packets of Ftp-bounce Attack

• Short ICMP packet

• ICMP packets with bad ICMP checksum

• ICMP packets with wrong ICMP type/code

• Short UDP packet

• Truncated/malformed UDP packet

• UDP Packets with bad UDP checksum

• Short TCP packet

• Truncated/malformed TCP packet

• TCP Packets with bad TCP checksum

• TCP Packets with invalid flag combination

• Cyberoam TCP connection subsystem not able to relate TCP Packets to any connection

If Strict Internet Access Policy is applied then Cyberoam will define following traffic also as Invalid traffic:

• UDP Packets with Destination Port 0

• TCP Packets with Source Port and/or Destination Port 0

255

256

Cyberoam User Guide

• Land Attack

• Winnuke Attack

• TCP Syn Packets contains Data

• IP Packet with Protocol Number 0

• IP Packet with TTL Value 0

Invalid Fragmented traffic

Cyberoam will define following traffic as Invalid Fragmented traffic:

• Fragment Queue out of memory while reassembling IP fragments

• Fragment Queue Timeout while reassembling IP fragments

• Fragment too far ahead while reassembling IP fragments

• Oversized IP Packet while reassembling IP fragments

• Fragmentation failure while creating fragments

Cyberoam User Guide

Appendix C – Web Categories

The list includes all categories with a short description of each category.

Visit www.cyberoam.com for latest updates

Category Name Type Description

ActiveX Non Working Includes all ActiveX applications

AdultContent UnHealthy Adult sites not falling in "Porn, Nudity, Swimwear &

Lingerie, Sex Education, and Sexual Health &

Medicines" will be included in "Adult Content" and which

may contain material not suitable to be viewed for

audience under 18

Advertisements Non Working Sites providing advertising graphics or other pop ad

content files

AlcoholandTobacco Non Working Sites providing information about, promote, or support

the sale of alcoholic beverages or tobacco products or

associated paraphernalia

ALLWebTraffic Neutral Any HTTP Traffic

Applets Non Working All web pages containing Applets

ArtsAndHistory Non Working Sites primarily exhibiting artistic techniques like creative

painting, sculpture, poetry, dance, crafts, Literature, and

Drama. Sites that narrate historical details about

countries/places; events that changed the course of

history forever; sites providing details and events of all

wars i.e. World Wars, Civil Wars, and important persons

of world historical importance

Astrology Non Working Sites showing predictions about Sun signs and into

various subjects like Education & Career, Love

Relationships, etc.

BusinessAndEcono

my

Neutral

Sites sponsored by or devoted to business firms,

business associations, sites providing details for all

types of industrial sector like Chemicals, Machinery,

Factory Automation, Cable and Wire, sites providing

information about couriers and logistics, and Non-

Alcoholic Soft drinks and Beverages

Chat Non Working Sites hosting Web Chat services or providing support or

information about chat via HTTP or IRC

CommercialBanks Neutral Commercial Banks Category includes all Banking Sites

i.e. International / National Public or Private Sector

Banks providing a wide range of services such as all

types of Accounts and Cards, Fixed Deposits, and

Loans

Communication Neutral Sites offering telephone, wireless, long distance, and

paging services. It also includes sites providing details

about Mobile communications / cellular communications

ComputerSecurityA

ndHacking

Productive

Sites providing information about hacking, computer

security, sites providing Anti-Virus solutions, including

sites providing information about or promote illegal or

questionable access to or use of computer or

communication equipment, software, or databases

Cookies Non Working Includes all cookie based web pages

Cricket Non Working Sites providing Live Scores of cricket matches, Debates

on Cricketers, Top 10 Cricketers, Cricket News, and

forthcoming Cricket matches. Cricket Category is

differentiated from Sports Category and solely devoted

257

Cyberoam User Guide

to Cricket activities

CrimeAndSuicide UnHealthy Advocating, instructing, or giving advice on performing

illegal acts such as phone, service theft, evading law

enforcement, lock-picking, burglary techniques and

suicide

CulturalInstitutions Neutral Sites sponsored by museums, galleries, theatres ,

libraries, and similar institutions; also, sites whose

purpose is the display of artworks

DatingAndMatrimon

ials

DownloadFreeware

AndShareware

Non Working

UnHealthy

Sites assisting users in establishing interpersonal

relationships, friendship, excluding those of exclusively

gay, or lesbian or bisexual interest and Matrimonial

Sites providing photos and details of individuals seeking

life partners

Sites whose primary purpose is providing freeware and

shareware downloads of application, software, tools,

screensavers, wallpapers, and drivers

Drugs UnHealthy Sites providing information about the cultivation,

preparation, or use of prohibited drugs

EducationalInstition

s

EducationAndRefer

enceMaterial

Productive

Productive

Sites sponsored by schools, colleges, institutes, online

education and other educational facilities, by nonacademic

research institutions or that relate to

educational events and activities

Sites offering books, reference-shelf content such as

atlases, dictionaries, encyclopedias, formularies, white

and yellow pages, and public statistical data

Electronics Neutral Sites providing information on manufacturing of

electronics and electrical equipments, gadgets,

instruments like air conditioners, Semi conductors,

Television, Storage Devices, LCD Projectors, Home

Appliances, and Power Systems etc.

Entertainment Non Working Sites providing entertainment sources for Movies,

Celebrities, Theatres, about or promote motion pictures,

non-news radio and television, humor, Comics, Kids and

Teen amusement, Jokes, and magazines

Finance Non Working Sites providing information on Money matters,

investment, a wide range of financial services,

economics and accounting related sites and sites of

National & International Insurance companies providing

details for all types of Insurances & Policies

Gambling UnHealthy Sites providing information about or promote gambling

or support online gambling, involving a risk of losing

money

Games Non Working Sites providing information about or promote electronic

games, video games, computer games, role-playing

games, or online games

Government Neutral Sites sponsored by countries, government, branches,

bureaus, or agencies of any level of government

including defence. Government associated Sites

providing comprehensive details on Tax related issues

excluding Government sites providing Visa and

Immigration services

HealthAndMedicine

s

HobbiesAndRecrea

tion

Productive

Non Working

Sites providing information or advice on personal health

and fitness. Sites of pharmaceutical companies and

sites providing information about Medicines

Sites providing information about or promote private and

largely sedentary pastimes, but not electronic, video, or

online games. Homelife and family-related topics,

including parenting tips, gay/lesbian/bisexual (non-

258

Cyberoam User Guide

pornographic sites), weddings, births, and funerals

Foreign cultures, socio-cultural information

HTTPUpload Non Working HTTP Upload Restriction

HumanRightsandLi

berty

Neutral

ImageBanks Non Working Image Banks

InformationTechnol

ogy

Sites advocating sand protecting Human Rights and

Liberty to prevent discrimination and protect people from

inhumane

Productive Sites sponsoring or providing information about

computers, software applications, database, operating

system. Including sites providing information of

hardware, peripherals, and services. Sites offering

design, flash, graphics, multimedia, and web site

designing tutorials, tools, advice and services

InstantMessages Non Working Sites enabling instant messaging

IPAddress

Neutral

ISPWebHosting Neutral Sites enabling users to make telephone, lease line,

ISDN, Cable, V-SAT connections via Internet or

obtaining information for that purpose. Sites providing

hosting services, or top-level domain pages of Web

communities

JobsSearch UnHealthy Sites offering information about or support the seeking

of employment or employees

Kids Neutral Sites designed specifically for kids

MilitancyAndExtrem

ist

UnHealthy

Sites offering information about groups advocating

antigovernment beliefs or action

Music Non Working Sites providing songs and music and supporting

downloads of MP3 or other sound files or that serve as

directories of such sites

NatureAndWildLife Non Working Sites providing information about Nature, explorations,

discoveries, wild life, animals, birds, protecting

endangered species, habitats, Animal sanctuaries, etc.

NewsAndMedia Neutral Sites offering current news and opinions, including

those sponsored by newspapers, general-circulation

magazines or other media. It also includes sites of

advertising agencies and sites providing details of

weather forecast

None Neutral Uncategorized Traffic

Nudity UnHealthy Sites depicting nude or seminude human forms, singly

or in groups, not overtly sexual in intent or effect. It

includes Nude images of film stars, models, nude art

and photography

PersonalAndBisogr

aphySites

Non Working

Includes personal sites of individuals and biographical

sites of ordinary or famous personalities

PhishingAndFraud UnHealthy Sites gathering personal information (such as name,

address, credit card number, school, or personal

schedules) that may be used for malicious intent

PhotGallaries Non Working Sites providing photos of celebrities, models, and wellknown

personalities Such sites may also contain profiles

or additional elements as long as the primary focus is on

multi-celebrity photographs

PoliticalOrganizatio

ns

Neutral

Sites sponsored by or providing information about

political parties and interest groups focused on elections

or legislation

Porn UnHealthy Sites depicting or graphically describing sexual acts or

activity, including exhibitionism and sites offering direct

links to such sites. Sites providing information or

catering Gay, Lesbian, or Bisexual images and lifestyles

259

Cyberoam User Guide

are also included in this category

Portals Non Working Portals include web sites or online services providing a

broad array of resources and services such as search

engines, free email, shopping, news, and other features

PropertyAndRealEs

tate

Neutral

Sites providing information about renting, buying,

selling, or financing residential, real estate, plots, etc.

Science Productive Sites providing news, research projects, ideas,

information of topics pertaining to physics, chemistry,

biology, cosmology, archeology, geography, and

astronomy

SearchEngines Neutral Sites supporting searching the Web, groups, or indices

or directories thereof

SeXHealthAndEduc

ation

SharesAndStockMa

rket

Neutral

Non Working

Sites providing information regarding Sexual Education

and Sexual Health and sites providing Medicines to cure

and overcome Sex related problems and difficulties,

with no pornographic intent

Sites providing charting, market commentary, forums,

prices, and discussion of Shares and Stock Market. It

also includes sites dealing in online share trading and

sites of stockbrokers

Shopping Non Working Sites supporting Online purchases of consumer goods

and services except: sexual materials, lingerie,

swimwear, investments, medications, educational

materials, computer software or hardware. Also Sites of

Showrooms, Stores providing shopping of consumer

products

Spirituality Non Working Sites featuring articles on healing solutions in wellness,

personal growth, relationship, workplace, prayer, articles

on God, Society, Religion, and ethics

Sports Non Working Sites providing any information about or promoting

sports, active games, and recreation. All types of Sites

providing information about Sports except Cricket

SpywareAndP2P UnHealthy Sites or pages that download software that, without the

user's knowledge, generates http traffic (other than

simple user identification and validation) and Sites

providing client software to enable peer-to-peer file

sharing and transfer

SwimwareAndLinge

rie

TravelFoodAndImm

igration

URLTranslationSite

s

Non Working

Non Working

UnHealthy

Sites showing images of models and magazines offering

lingerie/swimwear but not Nude or sexual images. It

also includes Arts pertaining Adult images and shopping

of lingerie

Sites providing information about traveling i.e. Airlines

and Railway sites. Sites providing details about Hotels,

Restaurants, Resorts, and information about worth

seeing places. Sites that list, review, advertise, or

promote food, dining, or catering services. Sites

providing Visa, Immigration, Work Permit and Holiday &

Work Visa details, procedures and services

Sites offering Online translation of URLs. These sites

access the URL to be translated in a way that bypasses

the proxy server, potentially allowing unauthorized

access

Vehicles Non Working Sites providing information regarding manufacturing and

shopping of vehicles and their parts

Violence UnHealthy Sites featuring or promoting violence or bodily harm,

including self-inflicted harm; or that gratuitously

displaying images of death, gore, or injury; or featuring

images or descriptions that are grotesque or frightening

260

261

Cyberoam User Guide

and of no redeeming value. These do not include news,

historical, or press incidents that may include the above

criteria

Weapons UnHealthy Sites providing information about, promote, or support

the sale of weapons and related items

WebBasedEmail Non Working Sites providing Web based E-mail

information regarding email services

services or

Cyberoam User Guide

Appendix D – Services

Service Name Details

All Services

All Services

Cyberoam UDP (1024:65535) / (6060)

AH

IP Protocol No 51 (IPv6-Auth)

AOL TCP (1:65535) / (5190:5194)

BGP TCP (1:65535) / (179)

DHCP UDP (1:65535) / (67:68)

DNS TCP (1:65535) / (53), UDP (1:65535) / (53)

ESP

IP Protocol No 50 (IPv6-Crypt)

FINGER TCP (1:65535) / (79)

FTP TCP (1:65535) / (21)

FTP_GET TCP (1:65535) / (21)

FTP_PUT TCP (1:65535) / (21)

GOPHER TCP (1:65535) / (70)

GRE IP Protocol No 47

H323 TCP (1:65535) / (1720), TCP (1:65535) / (1503), UDP (1:65535) /

(1719)

HTTP TCP (1:65535) / (80)

HTTPS TCP (1:65535) / (443)

ICMP_ANY

ICMP any / any

IKE UDP (1:65535) / (500), UDP (1:65535) / (4500)

IMAP TCP (1:65535) / (143)

INFO_ADDRESS ICMP 17 / any

INFO_REQUEST ICMP 15 / any

IRC TCP (1:65535) / (6660:6669)

Internet-Locator- TCP (1:65535) / (389)

Service

L2TP TCP (1:65535) / (1701), UDP (1:65535) / (1701)

LDAP TCP (1:65535) / (389)

NFS TCP (1:65535) / (111), TCP (1:65535) / (2049), UDP (1:65535) /

(111), UDP (1:65535) / (2049)

NNTP TCP (1:65535) / (119)

NTP TCP (1:65535) / (123), UDP (1:65535) / (123)

NetMeeting TCP (1:65535) / (1720)

OSPF

IP Protocol No 89 (OSPFIGP)

PC-Anywhere TCP (1:65535) / (5631), UDP (1:65535) / (5632)

PING

ICMP 8 / any

POP3 TCP (1:65535) / (110)

PPTP IP Protocol No 47, TCP (1:65535) / (1723)

QUAKE UDP (1:65535) / (26000), UDP (1:65535) / (27000), UDP (1:65535)

/ (27910), UDP (1:65535) / (27960)

RAUDIO UDP (1:65535) / (7070)

RIP UDP (1:65535) / (520)

RLOGIN TCP (1:65535) / (513)

SAMBA TCP (1:65535) / (139)

SIP UDP (1:65535) / (5060)

SIP-MSNmessenger TCP (1:65535) / (1863)

262

263

Cyberoam User Guide

SMTP TCP (1:65535) / (25)

SNMP TCP (1:65535) / (161:162), UDP (1:65535) / (161:162)

SSH TCP (1:65535) / (22), UDP (1:65535) / (22)

SYSLOG UDP (1:65535) / (514)

TALK TCP (1:65535) / (517:518)

TCP TCP (1:65535) / (1:65535)

TELNET TCP (1:65535) / (23)

TFTP UDP (1:65535) / (69)

TIMESTAMP ICMP 13 / any

UDP UDP (1:65535) / (1:65535)

UUCP TCP (1:65535) / (540)

VDOLIVE TCP (1:65535) / (7000:7010)

WAIS TCP (1:65535) / (210)

WINFRAME TCP (1:65535) / (1494)

X-WINDOWS TCP (1:65535) / (6000:6063)

Cyberoam User Guide

Appendix E – Application Protocols

Group

Application

Name

Definition

Any

All Services

File Transfer FTP File Transfer Protocol is a method to transfer files from one location to

another, either on local disks or via the Internet

yahoofilexfer Yahoo Messenger file transfer

File Transfer gnucleuslan Gnucleuslan P2P client

client

imesh

IMESH P2P client

File sharing Gnutella Gnutella is a system in which individuals can exchange files over the

Internet directly without going through a Web site. Gnutella is often

used as a way to download music files from or share them with other

Internet users

Kazaa

A decentralized Internet peer-to-peer (P2P) file-sharing program

directconnect peer-to-peer (P2P) file-sharing program

Mail Protocol POP3 Transport protocol used for receiving emails.

SMTP

A protocol for transferring email messages from one server to

another.

IMAP

A protocol for retrieving e-mail messages

Chat ymsgr Yahoo Messenger

msnmessenger MSN Messenger

AOL

Chat client

indiatimes Chat client

Media Player wmplayer Windows Media Player

quickplayer Quick Time Player

Voice over IP SIP (Session Initiation Protocol) Protocol for initiating an interactive user

session that involves multimedia elements such as video, voice, chat,

gaming, and virtual reality.

SIP works in the Application layer of the OSI communications model.

H323

A standard approved by the International Telecommunication Union

(ITU) that defines how audiovisual conferencing data is transmitted

across networks. It enables users to participate in the same

conference even though they are using different videoconferencing

applications.

RTSP

(Real Time Streaming Protocol) A standard for controlling streaming

data over the World Wide Web

Printing IPP (Internet Printing Protocol) Protocol used for printing documents over

the web. IPP defines basic handshaking and communication

methods, but does not enforce the format of the print data stream.

Network DHCP Protocol for assigning dynamic IP addresses to devices on a network

SNMP

DNS

RDP

(Simple Network Management Protocol) Protocol for network

management software. Defines methods for remotely managing

active network components such as hubs, routers, and bridges

An Internet service that translates domain names to or from IP

addresses, which are the actual basis of addresses on the Internet.

(Remote Desktop Protocol) Protocol that allows a Windows-based

terminal (WBT) or other Windows-based client to communicate with a

264

Cyberoam User Guide

Remote

logging

nbns

Telnet

SSH

HTTP

SSL

ICMP

Windows XP Professional–based computer. RDP works across any

TCP/IP connection

NetBIOS Naming Service

Protocol for remote computing on the Internet.

It allows a computer to act as a remote terminal on another machine,

anywhere on the Internet

(Secure Socket Shell) Protocol used for secure access to a remote

computer

Protocol for moving hypertext files across the Internet.

(Secure Socket Layer) Protocol used for secure Internet

communications.

(Internet Control Message Protocol) A message control and errorreporting

protocol

265

266

Cyberoam User Guide

Menu wise Screen and Table Index

Screen - Console access...........................................................................................................................................12

Screen - Console login screen.................................................................................................................................12

Screen - HTTP login screen ......................................................................................................................................13

Screen - HTTPS login .................................................................................................................................................14

Table - Login screen elements.................................................................................................................................15

Screen - Create Zone..................................................................................................................................................21

Table – Create Zone....................................................................................................................................................21

Screen – Cyberoam Authentication........................................................................................................................23

Table – Cyberoam Authentication screen elements ..........................................................................................23

Table - Create User - Decision matrix ....................................................................................................................24

Screen - Add User .......................................................................................................................................................25

Table - Add User screen elements..........................................................................................................................27

Table - View Group details screen elements........................................................................................................27

Table - Apply Login Node Restriction screen elements....................................................................................28

Screen - Add multiple Clientless users .................................................................................................................29

Table - Add multiple Clientless users screen elements....................................................................................30

Screen - Add single Clientless user .......................................................................................................................31

Table - Create single Clientless user screen elements .....................................................................................32

Table - Select Node screen elements.....................................................................................................................32

Table - Group creation - Decision matrix ..............................................................................................................33

Screen - Create Group................................................................................................................................................34

Table - Create Group screen elements ..................................................................................................................36

Screen – Apply Login Node Restriction ................................................................................................................36

Table - Apply Login Node Restriction screen elements....................................................................................37

Screen - Create Firewall rule ....................................................................................................................................41

Table - Create Firewall rule screen elements.......................................................................................................45

Screen- Edit Firewall Rule.........................................................................................................................................47

Table – Edit Firewall Rule..........................................................................................................................................51

Screen – Default Screen Display of Manage Firewall Rules page ..................................................................53

Screen – Customized Screen Display of Manage Firewall Rules page .........................................................53

Screen - Delete Firewall rule.....................................................................................................................................54

Screen – Create Host Group.....................................................................................................................................55

Table – Create Host Group screen elements .......................................................................................................55

Screen – Remove Host from Host Group..............................................................................................................56

Table – Remove Host from Host Group screen elements ................................................................................57

267

Cyberoam User Guide

Screen – Delete Host Group .....................................................................................................................................57

Table – Delete host Group screen elements ........................................................................................................57

Screen – Add Host ......................................................................................................................................................58

Table – Add Host screen elements .........................................................................................................................58

Screen – Delete Host ..................................................................................................................................................58

Table – Delete Host screen elements.....................................................................................................................59

Screen - Create Logon Pool......................................................................................................................................60

Table - Add Logon Pool screen elements.............................................................................................................61

Screen – Application wise Live connections .......................................................................................................62

Table – Application wise Live connections screen elements..........................................................................63

Screen – User wise Live connections....................................................................................................................66

Table – User wise Live connections screen elements.......................................................................................66

Screen –LAN IP Address wise Live connections................................................................................................67

Table –LAN IP Address wise Live connection screen elements.....................................................................68

Screen – Today’s Connection History – Application wise................................................................................69

Table – Today’s Connection History – Application screen elements............................................................70

Screen – Today’s Connection History – User wise ............................................................................................71

Table – Today’s Connection History – User wise screen elements ...............................................................72

Screen – Today’s Connection History – LAN IP Address wise .......................................................................73

Table – Today’s Connection History – LAN IP Address wise screen elements..........................................74

Screen - Create Surfing Quota policy ....................................................................................................................76

Table - Create Surfing Quota policy screen elements .......................................................................................77

Screen - Update Surfing Quota policy ...................................................................................................................78

Table - Update Surfing Quota policy screen elements......................................................................................79

Screen - Delete Surfing Quota policy.....................................................................................................................79

Table - Delete Surfing Quota policy screen elements........................................................................................79

Screen - Create Access Time policy.......................................................................................................................80

Table - Create Access Time policy screen elements .........................................................................................81

Screen - Update Access Time policy......................................................................................................................82

Table - Update Access Time policy screen elements ........................................................................................83

Screen - Delete Access Time policy .......................................................................................................................83

Table - Delete Access Time policy screen elements..........................................................................................83

Screen - Create Internet Access policy .................................................................................................................85

Table - Create Internet Access policy screen elements....................................................................................86

Screen – Add Internet Access policy rule.............................................................................................................87

Table – Add Internet Access policy rule screen elements ...............................................................................88

Screen - Update Internet Access policy ................................................................................................................88

Table - Update Internet Access policy screen elements...................................................................................89

Screen - Delete Internet Access policy rule .........................................................................................................89

Table - Delete Internet Access policy rule screen elements ............................................................................90

268

Cyberoam User Guide

Screen - Delete Internet Access policy..................................................................................................................90

Table - Delete Internet Access policy screen elements ....................................................................................91

Table - Implementation types for Strict - Bandwidth policy.............................................................................92

Table - Bandwidth usage for Strict - Bandwidth policy.....................................................................................92

Table - Implementation types for Committed - Bandwidth policy ..................................................................93

Table - Bandwidth usage for Committed - Bandwidth policy ..........................................................................93

Screen - Create Bandwidth policy...........................................................................................................................94

Table - Create Bandwidth policy - Common screen elements.........................................................................94

Screen - Create Logon Pool based Bandwidth policy .......................................................................................95

Table - Create Logon Pool based Bandwidth policy screen elements..........................................................95

Screen - Create User/IP based Strict Bandwidth policy ....................................................................................96

Table - Create User/IP based Strict Bandwidth policy screen elements.......................................................97

Screen - Create User/IP based Committed Bandwidth policy .........................................................................98

Table - Create User/IP based Committed Bandwidth policy screen elements ............................................99

Screen - Update Bandwidth policy .......................................................................................................................100

Table - Update Bandwidth policy Common screen elements........................................................................100

Screen - Update Logon Pool based Bandwidth policy ....................................................................................101

Table - Update Logon Pool based Bandwidth policy screen elements.......................................................101

Screen - Update User based Bandwidth policy .................................................................................................102

Table - Update User based Bandwidth policy screen elements....................................................................103

Screen – Assign Schedule to User based Strict Bandwidth policy..............................................................103

Table – Assign Schedule to User based Strict Bandwidth policy screen elements ................................104

Screen - Assign Schedule to User based Committed Bandwidth policy....................................................104

Table – Assign Schedule to User based Committed Bandwidth policy screen elements......................105

Screen - Remove Schedule from User based Bandwidth policy ..................................................................105

Table - Remove Schedule from User based Bandwidth policy screen elements.....................................105

Screen - Delete Bandwidth policy .........................................................................................................................106

Table - Delete Bandwidth policy screen elements............................................................................................106

Screen – Create Data transfer policy ...................................................................................................................107

Table – Create Data transfer policy screen elements ......................................................................................109

Screen – Update Data transfer policy screen.....................................................................................................109

Table – Update Data transfer policy screen elements .....................................................................................110

Screen – Delete Data transfer policy screen ......................................................................................................111

Table - Delete Data transfer policy screen element..........................................................................................111

Screen – Create SNAT policy .................................................................................................................................112

Table – Create SNAT policy screen elements....................................................................................................112

Screen – Update SNAT policy ................................................................................................................................113

Table – Update SNAT policy screen elements...................................................................................................113

Screen – Delete SNAT policy..................................................................................................................................114

Table – Delete SNAT policy screen elements ....................................................................................................114

269

Cyberoam User Guide

Screen - Create DNAT policy..................................................................................................................................115

Table - Create DNAT policy screen elements.....................................................................................................115

Screen – Edit DNAT policy......................................................................................................................................116

Table – Edit DNAT policy screen elements ........................................................................................................117

Screen – Delete DNAT policy .................................................................................................................................117

Table – Delete DNAT policy screen elements ....................................................................................................117

Screen – Edit Zone....................................................................................................................................................118

Table – Edit Zone.......................................................................................................................................................119

Screen – Delete Zone................................................................................................................................................119

Table – Delete Zone ..................................................................................................................................................119

Screen - Manage Group ...........................................................................................................................................120

Table - Manage Group screen elements..............................................................................................................122

Screen – Add Group Member.................................................................................................................................122

Table – Add Group Member screen elements....................................................................................................122

Table - Need to Update group ................................................................................................................................123

Screen - Show Group Members.............................................................................................................................123

Table - Show Group Members screen elements ...............................................................................................123

Screen - Change Login Restriction.......................................................................................................................124

Table - Change Login Restriction screen elements .........................................................................................124

Screen - Delete Group..............................................................................................................................................125

Table - Delete Group screen elements.................................................................................................................125

Screen - Search User................................................................................................................................................126

Table - Search User screen elements ..................................................................................................................126

Table - Search User – Result ..................................................................................................................................126

Screen – Manage Live Users ..................................................................................................................................127

Table – Manage Live User screen elements.......................................................................................................127

Table - Need to Update User...................................................................................................................................128

Screen - Manage User ..............................................................................................................................................129

Table - Manage User screen elements.................................................................................................................131

Screen - Change User Personal details...............................................................................................................131

Table - Change User personal details screen elements..................................................................................131

Screen - User My Account ......................................................................................................................................132

Screen - User My Account ......................................................................................................................................132

Screen - Change Password ....................................................................................................................................133

Table - Change password screen elements .......................................................................................................133

Screen - Change Personal details.........................................................................................................................133

Table - Change Personal details screen elements ...........................................................................................133

Screen - Internet Usage Status ..............................................................................................................................134

Table - Internet Usage screen elements..............................................................................................................134

Screen - Change Group ...........................................................................................................................................135

270

Cyberoam User Guide

Table - Change Group screen elements..............................................................................................................135

Table - Change Individual policy...........................................................................................................................135

Screen - Change User Login Restriction.............................................................................................................136

Table - Change User Login Restriction screen elements ...............................................................................136

Screen - Delete Active User ....................................................................................................................................137

Screen - Delete Deactive User................................................................................................................................137

Screen - Delete Clientless User .............................................................................................................................137

Table - Delete User screen elements....................................................................................................................137

Screen - Deactivate User .........................................................................................................................................138

Table - Deactivate User screen elements............................................................................................................138

Screen - Activate Normal User...............................................................................................................................139

Screen - Activate Clientless User..........................................................................................................................139

Table - Activate User screen elements ................................................................................................................139

Screen - Search Node...............................................................................................................................................140

Table - Search Node results ...................................................................................................................................140

Screen - Update Logon Pool...................................................................................................................................141

Table - Update Logon Pool screen elements .....................................................................................................141

Screen - Add Node ....................................................................................................................................................142

Table - Add Node screen elements.......................................................................................................................142

Screen - Delete Node................................................................................................................................................143

Table - Delete Node screen elements...................................................................................................................143

Screen - Delete Logon Pool ....................................................................................................................................144

Table - Delete Logon Pool screen elements.......................................................................................................144

Screen – Configure DNS..........................................................................................................................................145

Table - Configure DNS..............................................................................................................................................146

Screen - Configure DHCP........................................................................................................................................147

Table - Configure DHCP screen elements ..........................................................................................................147

Screen – Cyberoam as Gateway - View Interface details................................................................................148

Table – View Interface details screen elements ................................................................................................148

Screen – Register Hostname with DDNS ............................................................................................................149

Table – Register hostname with DDNS................................................................................................................150

Screen – PPPoE configuration...............................................................................................................................152

Table – PPPoE configuration screen elements .................................................................................................152

Screen – Gateway Configuration...........................................................................................................................154

Table - Gateway Configuration screen elements ..............................................................................................154

Screen – DoS Settings .............................................................................................................................................158

Table – DoS Settings screen elements................................................................................................................158

Screen – Create DoS bypass rule .........................................................................................................................159

Table – Create DoS bypass rule screen elements ............................................................................................160

Screen – Delete DoS bypass rule..........................................................................................................................160

271

Cyberoam User Guide

Table – Delete DoS bypass rule screen elements.............................................................................................160

Screen - Reset Console Password .......................................................................................................................161

Table - Reset Console Password screen elements ..........................................................................................161

Screen – System Modules Configuration............................................................................................................162

Screen – Manage SNMP...........................................................................................................................................169

Screen – SNMP Agent Configuration ...................................................................................................................170

Table – SNMP Agent Configuration screen elements......................................................................................170

Screen – Create SNMP Community ......................................................................................................................171

Table – Create SNMP Community screen elements.........................................................................................171

Screen – Manage SNMP Community....................................................................................................................172

Table – Manage SNMP Community screen elements ......................................................................................172

Screen – Delete SNMP Community.......................................................................................................................172

Table – Delete SNMP Community screen elements .........................................................................................173

Screen – Create SNMP V3 User .............................................................................................................................174

Table – Create SNMP V3 User screen elements................................................................................................174

Screen – Edit V3 User...............................................................................................................................................175

Table – Edit V3 User screen elements .................................................................................................................175

Screen – Delete SNMP V3 User..............................................................................................................................175

Table – Delete SNMP V3 User screen elements ................................................................................................175

Screen – Set Backup schedule ..............................................................................................................................176

Table – Set Backup Schedule screen elements ................................................................................................177

Screen – Backup Data..............................................................................................................................................178

Table – Backup Data screen elements.................................................................................................................178

Screen – Restore Data screen................................................................................................................................179

Table - Restore Data screen elements .................................................................................................................179

Screen – Configure Auto purge Utility screen...................................................................................................180

Table – Configure Auto purge Utility screen elements....................................................................................180

Screen – Purge Logs screen ..................................................................................................................................181

Table - Purge Logs screen elements....................................................................................................................181

Screen – Customized Client Messages screen .................................................................................................182

Table - Customized Client Message screen elements .....................................................................................183

Table - List of predefined messages ....................................................................................................................184

Screen – Customized Client Preferences screen..............................................................................................185

Table – Customized Client Preferences screen elements ..............................................................................186

Screen - Manage HTTP Proxy.................................................................................................................................190

Table - Manage HTTP Proxy screen elements ...................................................................................................190

Screen - Configure HTTP Proxy.............................................................................................................................191

Table - Configure HTTP Proxy screen elements ...............................................................................................192

Screen - Manage Services.......................................................................................................................................193

Table - Manage Control Service screen elements ............................................................................................193

272

Cyberoam User Guide

Table - Manage Control Service – Action............................................................................................................193

Screen – View Bandwidth Usage...........................................................................................................................194

Table - Bandwidth usage screen elements.........................................................................................................194

Screen - Bandwidth usage - Live Users graph ..................................................................................................195

Screen - Bandwidth usage - Total Data transfer graph ...................................................................................195

Screen - Bandwidth usage - Composite Data transfer graph ........................................................................196

Screen - Bandwidth usage - Download Data transfer graph..........................................................................196

Screen - Bandwidth usage - Upload Data transfer graph ...............................................................................197

Screen - Download User Migration Utility...........................................................................................................199

Screen - Save User Migration Utility.....................................................................................................................199

Screen – Upload downloaded User Migration Utility .......................................................................................200

Screen – Upload CVS file ........................................................................................................................................201

Screen - Register migrated users from External file........................................................................................201

Screen - Define One Time Schedule.....................................................................................................................202

Table - Define Schedule screen elements...........................................................................................................203

Screen – Add Schedule Entry details...................................................................................................................204

Table – Add Schedule Entry details screen elements .....................................................................................204

Screen - Manage Schedule .....................................................................................................................................205

Table - Manage Schedule screen elements ........................................................................................................205

Screen – Delete Schedule Entry details ..............................................................................................................206

Table - Delete Schedule Entry details screen elements..................................................................................206

Screen - Delete Schedule ........................................................................................................................................207

Table - Delete Schedule screen elements...........................................................................................................207

Screen - Define Custom Service............................................................................................................................208

Table – Define Custom Service screen elements .............................................................................................208

Screen - Update Custom Service ..........................................................................................................................209

Table - Update Custom Service screen elements.............................................................................................209

Table - Delete Custom Service screen elements...............................................................................................210

Screen – Create Service Group screen................................................................................................................211

Table – Create Service Group screen elements ................................................................................................211

Screen – Edit Service Group ..................................................................................................................................212

Table – Edit Service Group screen elements.....................................................................................................212

Screen – Delete Service Group..............................................................................................................................213

Table – Delete Service Group.................................................................................................................................213

Screen – Search URL................................................................................................................................................215

Screen - Manage Default Web Category..............................................................................................................216

Screen - Create Custom Web Category...............................................................................................................217

Table - Create Web Category screen elements .................................................................................................218

Screen - Add Domain................................................................................................................................................218

Table - Add Domain screen elements ..................................................................................................................218

273

Cyberoam User Guide

Screen - Add keyword..............................................................................................................................................219

Table - Add keyword screen elements.................................................................................................................219

Screen - Manage Custom Web category .............................................................................................................220

Table - Update Custom Web category screen elements .................................................................................221

Screen – Delete Domain ..........................................................................................................................................221

Table – Delete Domain screen elements .............................................................................................................221

Screen - Delete keyword..........................................................................................................................................222

Table - Delete keywords screen elements ..........................................................................................................222

Screen - Delete Custom Web Category ...............................................................................................................223

Table - Delete Custom Web Category screen elements..................................................................................223

............224

Screen – Manage Custom File Type Category...................................................................................................224

Screen - Create Custom File Type Category ......................................................................................................225

Table - Create Custom File Type screen elements ...........................................................................................225

Screen - Manage Custom File Type Category....................................................................................................226

Screen - Manage Custom File Type Category....................................................................................................226

Screen - Delete Custom File Type Category.......................................................................................................227

Table - Delete Custom File Type screen elements ...........................................................................................227

Screen - Manage Default Application Protocol Category ...............................................................................228

Screen - Create Custom Application Protocol Category ................................................................................229

Table – Create Custom Application Category screen elements ...................................................................230

Screen – Add Custom Application Protocol Category details.......................................................................230

274

Cyberoam User Guide

Table – Add Custom Application Protocol Category details .........................................................................230

Screen – Manage Custom Application Protocol Category .............................................................................231

Table – Manage Custom Application Protocol Category screen elements................................................231

Screen – Delete Application Protocol Category details ..................................................................................232

Table – Delete Application Protocol Category screen elements...................................................................232

Screen - Delete Custom Application Protocol Category.................................................................................233

Table - Delete Custom Application Protocol Category screen elements....................................................233

Screen – Access Configuration.............................................................................................................................234

Table – Access Configuration screen elements................................................................................................235

Screen – About Cyberoam ......................................................................................................................................236

Screen - Upload Upgrade version .........................................................................................................................239

Screen – Licensing ...................................................................................................................................................240

Screen – Registration...............................................................................................................................................242

Table - Registration screen elements ..................................................................................................................243

Screen – Subscribe Module....................................................................................................................................244

Screen – Subscribe Trial Module ..........................................................................................................................244

Table – Subscribe Module.......................................................................................................................................244

Screen – Download Clients.....................................................................................................................................245

Screen – Download Cyberoam Guides ................................................................................................................246

Screen - Reports........................................................................................................................................................247

Screen – Reports Login ...........................................................................................................................................247

Screen – Audit Log report.......................................................................................................................................248

Screen – Sample Audit Log Report ......................................................................................................................248

User Guide Cyberoam

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?