Cyberoam Central Console Administrator Guide Version 2

Transcription

1 Cyberoam Central Console Administrator Guide Version 2 Document version Build /07/2014

2 Important Notice Cyberoam Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Cyberoam Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document. Cyberoam Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice. USER S LICENSE Use of this product and document is subject to acceptance of the terms and conditions of Cyberoam End User License Agreement (EULA) and Warranty Policy for Cyberoam UTM Appliances. You will find the copy of the EULA at and the Warranty Policy for Cyberoam UTM Appliances at RESTRICTED RIGHTS Copyright Cyberoam Technologies Private Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of Cyberoam Technologies Pvt. Ltd. Corporate Headquarters Cyberoam House, Saigulshan Complex, Opp. Sanskruti, Beside White House, Panchwati Cross Road, Ahmedabad , GUJARAT, INDIA. Tel: Fax: Web site:

3 Contents Contents... 3 Preface... 5 About this Guide... 6 Guide Organization... 6 Typographic Conventions... 7 Technical Support... 8 Introduction... 9 CCC Management Interfaces... 9 Web Admin Console... 9 Connecting Web Admin Console... 9 Navigating through Web Admin console Main Menu Content Pane Button bar Common Icons in the Web Admin Console Navigating through Tables Web Admin Console Authorization and Access control Dashboards Log out procedure Getting Started Network Configuration Interface DNS Gateway Notification Time Appliance Management Appliance Appliance Discovery Appliance Discovery Notification Appliance Discovery Appliance Groups Template Change Control Group Level Configuration - Dynamic Objects Host Zone Interface Gateway Individual Appliance Level Configuration System Objects Network Identity Firewall VPN IPS Web Filter Application Filter WAF... 88

4 IM QoS Anti Virus Anti Spam Logs & Reports Scheduled Tasks Appliance Maintenance Backup & Restore Signature Updates Compatibility Management Firmware Appliance Monitoring Graphs Profile Graphs Alerts Profile Alerts Event Viewer Event Viewer Search Archived logs Log Viewer CCC Maintenance Backup & Restore Firmware Appliance Registration Information CCC Monitoring Diagnostics Troubleshoot Report System Graph Event Viewer Advanced CCC Configuration HA HA terminology How Cluster works Configure HA iview API Explorer Signature Distribution Access Profile Users Live Users Authentication Server Authentication Preference CCC Certificate Settings CCC Appliance Access Unicast

5 Preface Welcome to Cyberoam Central Console s - Administrator guide. Cyberoam Central Console (CCC) appliances provide centralized security management across distributed Cyberoam UTM appliances, enabling high levels of security for MSSPs and large enterprises. With Layer 8 Identity-based policies and centralized reports and alerts, CCC appliances provide granular security and visibility into remote and branch offices across the globe. With a single, web-based GUI across all security features, CCC ensures centralized policy implementation, simplifying security management and maintaining high levels of security across all customer locations and remote offices despite the lack of technical resources at these locations. With centralized installation, updates, monitoring, upgrades and visibility into remote networks, Cyberoam Central Console delivers lower cost of ownership, minimizing investment in remote technical resources. Note: Default Web Admin Console username is admin and password is admin Cyberoam recommends that you change the default password immediately after installation to avoid unauthorized access.

6 About this Guide This Guide provides information regarding the administration, maintenance, and customization of Cyberoam Central Console and helps you manage and customize Cyberoam Central Console to meet your organization s security management requirements. Guide Organization The Cyberoam Central Console User Guide organization is structured into the eight parts Part I Introduction This part covers how to start using Cyberoam Central Console after deployment along with the basics of Cyberoam Central Console interface. Part II Getting started This part describes minimum configuration settings of Cyberoam Central Console appliance, which includes gateway, DNS and interfaces configuration along with time, date and notification settings. Part III Appliance Management This part covers various configuration and management operations that can be performed on Cyberoam appliances, which are managed by CCC. It includes addition, modification, deletion and configuration of individual appliance and appliance groups. Part IV Appliance Maintenance This part explains backup restore and firmware options for managed Cyberoam appliance(s). Part V Appliance Monitoring This part covers various custom dashboard options and available logs for the managed appliances. Part VI CCC Maintenance This part covers backup restore and firmware options available for Cyberoam Central Console. Part VII CCC Monitoring This part covers activity logs for Cyberoam Central Console appliance. Part VIII Advanced CCC Configuration This part covers various advanced configuration options available in Cyberoam Central Console like adding administrator user, profile creation and linking of user with profile.

7 Typographic Conventions Material in this manual is presented in text, screen displays, or command-line notation. Item Convention Example User Username Part titles Bold and shaded font typefaces The end user Username uniquely identifies the user of the system Report Topic titles Shaded font typefaces Introduction Subtitles Bold & Black typefaces Notation conventions Navigation link Name of a particular parameter / field / command button text Cross references Notes & points to remember Prerequisites Bold typeface Lowercase italic type Hyperlink in different color Bold typeface between the black borders Bold typefaces between the black borders CCC Management > Administration > Profile it means, to open the required page click CCC Management then Administration and finally click profile Enter policy name, replace policy name with the specific name of a policy Or Click Name to select where Name denotes command button text which is to be clicked Refer to Customizing User database Clicking on the link will open the particular topic Note Prerequisite Prerequisite details

8 Technical Support You may direct all questions, comments, or requests concerning the software you purchased, your registration status, or similar issues to Customer care/service department at the following address: Cyberoam House, Saigulshan Complex, Opp. Sanskruti, Beside White House, Panchwati Cross Road, Ahmedabad , GUJARAT, INDIA. Tel: Fax: Web site: Cyberoam contact: Technical support (Corporate Office): support@cyberoam.com Web site: Visit for the regional and latest contact information.

9 Introduction PART 1 Cyberoam Central Console offers centralized view of distributed customer networks over a webbased dashboard in addition to providing logs, reports and alerts. MSSPs can create customerspecific policies and manage updates and maintenance centrally across Cyberoam security appliances deployed at customer locations, despite differing network topologies. CCC Management Interfaces Access and Manage CCC from: Web Admin Console CLI Console Web Admin Console can be accessed using HTTP from any computer using web browser as: HTTP login: address of the appliance> CLI Console Use CLI console for troubleshooting and diagnose network problems in details. CLI Console can be accessed via remote login utility TELNET as: TELNET login: TELNET <IP address of the appliance> Web Admin Console This section describes the features of Web Admin Console of your CCC. Web Admin Console is a Web 2.0 based easy-to-use graphical interface used for configuring and managing your CCC appliance. You can connect to Web Admin Console using HTTP or a secure HTTPS connection from any management computer using web browser Microsoft Internet Explorer 7+, Mozilla Firefox or Google Chrome. The recommended minimum screen resolution for the management computer is 1024 X 768 and 32-bit true-color. To connect to the Web Admin Console you require an administrator account and password. Group Level Dashboard of all the managed appliances is displayed as soon as you logon to the Web Admin Console. Connecting Web Admin Console The Log on procedure verifies validity of user and creates a session until the user logs off. To get the login window, open the browser and type LAN IP Address of Cyberoam Central Console in browser s URL box. A login page appears prompting you to enter username and password. Use

10 the default user name admin and password admin if you are logging in for the first time after deployment. Select your preferable GUI language. Asterisks are the placeholders in the password field. Screen - Login Screen Elements Login User name Specify user login name. If you are logging on for the first time after deployment, please use default username admin Password Specify user account Password If you are logging on for the first time after deployment, please use default password admin Language Select CCC GUI language. Languages supported: English French Traditional Chinese Simplified Chinese Hindi Login button Click to log on to Web Admin Console Table - Login screen elements Navigating through Web Admin console The three parts of the Web Admin Console: Main Menu tree Content Pane Button bar Use the menus, lists, and configuration pages to configure most settings. Configuration made through Web Admin Console take effect after some time as it takes time to copy the entire

11 configuration on to the appliance. Main Menu On the left hand side of the Web Admin Console there is a tree which allows navigation to the various functionalities. Main menu consists of two menu items: Policy Configuration and Management Console. Policy Configuration menu tree allows you to navigate through pages through which you can manage appliances while Management console menu tree allows you to navigate through pages through which you can manage CCC appliance itself. On clicking menu item, related management functions are displayed as submenu items in the menu tree itself. On clicking submenu item, all the associated tabs are displayed as the horizontal menu bar on the top of the page. To view page associated with the tab, click the required tab. The Main menu tree expands and contracts dynamically when clicked on without navigating to a submenu. When you click a top-level heading, it automatically expands that heading and contracts the heading for the page you are currently on, but it does not navigate away from the current page. To navigate to a new page, first click the heading, and then click the submenu you want to navigate. Breadcrumbs on the top of the Content Pane displays the entire navigation path. Functions are grouped in such a way that the tree does not continue below the bottom of your browser. Policy Configuration CCC Policy Configuration allows sorting of the added appliances on the basis of different criteria for better visibility and permits enforcement of global policies for security features like Firewall, VPN, Intrusion Prevention System, Application filter, WAF, Anti-spam and Anti-virus on them. It also allows the administrator to create and implement multiple QoS policies to stop bandwidth abuse in organization to ensure productivity of the employees. As soon as appliances are added to CCC, CCC connects to the Appliance and starts synchronization process and the status of the appliance changes to. In the synchronization process, CCC updates its local copy as per the information provided by the Appliance. Once the synchronization is successful, status changes to. CCC maintains the mirror or duplicate copy of the Appliance configuration. However, the appliance copy is always considered as the master copy. If due to any reason, synchronization process fails, appliance status changes to. Once the appliances is added and synchronized, appliance sends the information like appliance health, network information, various attacks and threats identified by the appliance to CCC through heartbeat at the regular interval. Policy Configuration has following management tabs: Appliance Group : To view and manage added appliances based on firmware, models etc Template: To create and import various configuration templates on selected appliance(s) or appliance group(s) Policy : To create and enforce various policies on selected appliance(s) or appliance group(s) Appliance Group For managing and monitoring purpose, CCC groups all the managed appliances into various groups. Use Appliance Group drop down to view list of all the groups, 3 level collapsible tree of Appliance Group is displayed as Group > Sub Group > Appliance. Use to expand and

12 to close the tree. By default, CCC is shipped with three Appliance Groups: All Managed Appliances Displays list of all the appliances by name and their status All Firmware Versions CCC automatically groups all the appliances added in CCC as per the appliance firmware version. To view the firmware version wise grouping, under the Appliance Group, click All Firmware Version. Click to expand the tree and view list of appliance(s) that are grouped under each firmware. It displays name and status of the appliance. E.g. Below given image, shows total 3 appliances are added and are grouped as per the firmware version. One appliance of firmware build 158 and two of build 224. Screen All Firmware Versions All Appliance Models To view the appliance model wise grouping, under the Appliance Group, click All Appliance Models Version. Click to expand the tree and view list of appliance(s) that are grouped under each model. It displays name and status of the each appliance. E.g. Below given image, shows total 3 appliances are added and are grouped as per the appliance model number. Screen All Appliance models Tree displays status of the appliances as

13 Connected and synchronized Disconnected and synchronized Connected and unsynchronized. Disconnected and unsynchronized Disconnected If the appliance is unsynchronized, click Sync now hyperlink on Appliance Dashboard, under Connection Information section to start synchronization process. CCC allows you to create custom Appliance Groups based on various criteria like Department, Country etc. One can directly manage an appliance or appliance group from Policy Configuration menu by clicking or from Management Console > Appliance Management > Appliance page. Screen Add and Manage Appliance(s) and Appliance Group(s) CCC allows following types of configuration: group level configuration - configuration to be applied to all the appliances in the group appliance level configuration - configuration to be applied to the individual appliance only Policy Policy tab enables administrator to configure group level as well as appliance level settings. Policy tab provides option to manage and configure Basic Network settings Administrators access privileges Firewall rules and its objects host, virtual host, services User authentication Web and application filter policies VPN policies IPS policies IM and QoS policies

14 Spam and virus scanning rules Analyze appliance logs Template A template is a set of most commonly used objects, services and configurations. CCC allows administrator to store the most common configuration settings of Cyberoam appliances in the form of template. The administrator can directly import the objects, services and configuration stored in a template to selected appliance(s) or group of appliance(s). Templates can be default or user defined. Configuration within the template can also be default or user defined. Template Dashboard Management Console Management Console menu is meant to manage and configure the basic system options for the CCC appliance. This includes the basic network settings to connect the CCC appliance to the corporate network, the configuration of administrators and their access privileges, managing and updating firmware for the CCC appliance as well as managed Cyberoam appliance. CCC Management Appliance Management Appliance Monitoring CCC Logs Content Pane The centre part of the page is content pane that changes according to the menu item and tab. Information of the menu is displayed in the content pane, which includes list of managed appliances and configuration screens. Button bar The Button bar on the upper rightmost corner of the every page provides access to several commonly used functions like: Appliance Search Specify a search string and click Appliance(s) can be searched on following criteria: o o o o o o o o o o o Appliance Name Model Appliance Key Firmware Company City State Country Anti Virus IPS Web Category to search appliance(s) in CCC. By default, it yields results based on Appliance Name. Results display following information in tabular form: o Appliance Name

15 o Appliance Key o Company Name o Status o Firmware Click Appliance Name to locate appliance in the appliance tree. Dashboard Click to view Dashboard. Appliance Monitor Dashboard Click to view status of following services for managed appliances: o Security Displays list of appliances which have maximum number of security alerts. Available Security Criteria: o HTTP Attacks Ratio of Web viruses to entire Web traffic. Mail Attacks Ratio of viruses to entire traffic. Spam Attacks Ratio of Spam s to entire traffic. Web Usage Health Ratio of Unhealthy and Unproductive Web surfing to entire Internet surfing. Click to view User Surfing pattern pie chart on Appliance Dashboard. IPS Alerts IPS attacks stopped by managed Cyberoam appliances. Resource Displays list of appliances which have maximum number of resource utilization alerts. Available Resources: CPU Click to view line graph for CPU usage for last two hours on Appliance Dashboard. o Available Subscriptions: Memory Click to view line graph for Memory usage for last two hours on Appliance Dashboard. Disk (Report) Disk (Config) License Displays list of appliances which have maximum number of subscription expiry alerts. Anti Spam Anti Virus IPS Web Category 8*5 Support 24*7 Support WAF Outbound Anti Spam By default it displays 15 (Fifteen) appliances with highest number of alerts, but the administrator can load details of maximum 60 (sixty) appliances in batch of 15 each. Wizard Click to run Network Configuration wizard which will guide you step-by-step through configuration of the network parameters like IP address, subnet mask and default gateway for your appliance. Console Click to get immediate access to CLI by initiating a telnet connection with CLI without closing Web Admin console. Alert Click to view list of alerts generated by CCC. Appliance Discovery Notification Click to view list of appliances sending heartbeat

16 packet to the CCC appliance. Click icon to add newly discovered appliances to CCC using Add Appliance Wizard or icon to delete the appliance. Error Notification Displays total number of generated errors. Click icon to view error description. Logout Click Logout icon to log out from the Web Admin Console. Click to view more options: Support Click icon to open the customer login page for creating a Technical Support Ticket. It is fast, easy and puts your case right into the Technical Support queue. About Product Click icon to open the appliance registration information page. Help Each CCC includes a Web-based help online help, which can be viewed from any of the page of Web Admin console. Click icon to open the context-sensitive help for the page. Reboot Appliance Click Shutdown Appliance click to reboot the appliance. to shut down the appliance. Common Icons in the Web Admin Console The following describe the functions of common icons used in the Web Admin Console: Add You can add a new entity like user, policy, and host by clicking the Add button. Clicking the button will either open a new page or pop-up window. Edit / All the editable entities are hyperlinked. You can edit any entity either by clicking the hyperlink or Edit icon Delete/ You can delete entity by clicking the Delete Icon. Use checkbox to select entity or multiple entities to be deleted. Synchronize/ You can synchronize configuration of selected entities of managed appliance(s) with the configuration available in CCC. Expand/Collapse icons Navigating through Tables Clicking on the parent record displays its child records. With the new user interface, configuration details and log entries are presented in a tabular format. Table Navigation Bar on the upper right top corner of the table provides navigation buttons for moving through table pages with large number of entries. Table Navigation bar also includes an option to specify the number entries/records displayed per page.

17 Screen Table Navigation Web Admin Console Authorization and Access control By default, appliance is shipped with one administrator user: Administrator Log in as Administrator User to maintain, control and administer CCC. This user can create, update and delete system configuration and user information as well as can create multiple administrator level users. CCC appliances are shipped with one Administrator User as: Username Password Console Access Privileges admin admin Web Admin console CLI console Full privileges for both the consoles i.e. read-write permission for entire configuration performed through either of the consoles. We recommend that you change the password immediately on deployment. Dashboards CCC displays details of all the added appliances as soon as you log on to Web Admin Console in the form of Dashboard. CCC provides three types of dashboards:

18 Appliance Group Dashboard Consolidated dashboard for all the appliances of selected appliance group or appliance subgroup Appliance Dashboard Dashboard for the selected appliance only Template Dashboard Dashboard for the selected configuration template Please note that type of dashboard displayed changes, based on the selected appliance group, subgroup or appliance. Appliance Group Dashboard Appliance Group dashboard provides following information corresponding to the selected appliance group or subgroup: Alert Messages Appliance Information System Information CCC License Information Appliance License Information Model wise Information Gateway Status Screen Appliance Group Dashboard Screen Elements Alert Messages Time Message Appliance Information Total Appliances Registered Appliances Time of sending alert in date and time format. Alert message(s) generated by CCC system to notify the administrator regarding any alarming situation or availability of new CCC version. Total number of appliances in the selected appliance group or subgroup. Total number of registered appliances in the selected appliance group or subgroup.

19 Click Registered Appliances hyperlink to view following details of registered appliances. Appliance Name Appliance Key Company Name Status Connectivity: Possible status: Connected Disconnected Sync: Possible status: Synchronized Unsynchronized Click Sync now hyperlink to start synchronization process Disconnected Compatibility: Possible Status: Compatible Incompatible Unregistered Appliances Synchronized Appliances Unsynchronized Appliances Number of unregistered appliances in selected appliance group or subgroup. Click the given link to view following details of unregistered appliances: Appliance Name Appliance Key Appliance Model Total number of synchronized appliances in selected appliance group or subgroup. Number of unsynchronized appliances in selected appliance group or subgroup. If any of the appliance(s) is unsynchronized then a hyperlink would be displayed. Click the hyperlink to synchronize the appliances. Following appliance attributes will be displayed: Appliance Name Appliance Key Model Status Connectivity: Possible status: Connected Disconnected Sync: Possible status:

20 Synchronized Unsynchronized Click Sync now hyperlink to start synchronization process. Disconnected Compatibility: Possible Status: Compatible Connected Appliances Incompatible Total number of appliances currently connected to CCC in selected appliance group or subgroup. Click hyperlink to view following details of connected appliances: Appliance Name Name of appliance IP Address IP address of appliance Protocol HTTP/HTTPS i.e. protocol used by appliance to communicate with CCC Port CCC Status Port on which appliance communicates with Connectivity: Possible status: Connected Sync: Possible status: Synchronized Unsynchronized Click Sync now hyperlink to start synchronization process. Disconnected Compatibility: Possible Status: Compatible Disconnected Appliances Incompatible Number of appliances in selected appliance group or subgroup, which are currently disconnected. If any of the appliance(s) is disconnected then a hyperlink would be displayed. Click hyperlink to view following details of disconnected appliances: Appliance Name Name of appliance IP Address IP address of appliance

21 Protocol HTTP/HTTPS i.e. protocol used by appliance to communicate with CCC. Port CCC. Status Port on which appliance communicates with Connectivity: Possible status: Disconnected Sync: Possible status: Synchronized Unsynchronized Click Sync now hyperlink to start synchronization process. Disconnected Compatibility: Possible Status: Compatible Model Wise Information Incompatible Name of appliance model along with total number of appliances of that model number. Click hyperlink to view following details of appliance model: Appliance Name Name of appliance Appliance Key Appliance key of the managed appliance Company Name Name of the company where the managed appliance is deployed Model Model number of the managed appliance Status Connectivity: Possible status: Connected Disconnected Sync: Possible status: Synchronized Unsynchronized Click Sync now hyperlink to start synchronization process.

22 Disconnected Compatibility: Possible Status: Compatible System Information System Time Up Time CCC Version Model Appliance Key Peer Appliance Key Compatible Versions Cyberoam Live Connected Users Appliance License Information Gateway Anti Virus Incompatible System (CCC) time in Day Date Mon YYYY HH:MM:SS format. CCC appliance up time duration in day, hours and minutes format. CCC version number along with the link to check the availability of new version. CCC Appliance model number CCC appliance key. If the appliance is deployed in HA (High Availability) node then it displays appliance key of auxiliary appliance. List of Cyberoam appliance versions which are manageable through CCC. Number of connected users. Click to view details of connected users. Number of appliances in which Anti Virus module is subscribed and unsubscribed. Click hyperlink given on number of subscribed and unsubscribed appliances to view following details: Appliance Name Name of appliance Appliance Key Appliance key of the managed appliance Company Name Name of the company where the managed appliance is deployed Model Model number of the managed appliance Status Connectivity: Possible status: Connected Disconnected Sync: Possible status: Synchronized Unsynchronized Click Sync now hyperlink to start synchronization process

23 Disconnected Compatibility: Possible Status: Compatible Incompatible Gateway Anti Spam Number of appliances in which Anti spam module is subscribed and unsubscribed. Click hyperlink given on number of subscribed and unsubscribed appliances to view following details: Appliance Name Name of appliance Appliance Key Appliance key of the managed appliance Company Name Name of the company where the managed appliance is deployed Model Model number of the managed appliance Status Connectivity: Possible status: Connected Disconnected Sync: Possible status: Synchronized Unsynchronized Click Sync now hyperlink to start synchronization process Disconnected Compatibility: Possible Status: Compatible Incompatible Web and Application Filter Number of appliances in which Web and Application Filter module is subscribed and unsubscribed. Click hyperlink given on number of subscribed and unsubscribed appliances to view following details: Appliance Name Name of appliance Appliance Key Appliance key of the managed appliance Company Name Name of the company where the

24 managed appliance is deployed Model Model number of the managed appliance Status Connectivity: Possible status: Connected Disconnected Sync: Possible status: Synchronized Unsynchronized Click Sync now hyperlink to start synchronization process Disconnected Compatibility: Possible Status: Compatible Intrusion System (IPS) Prevention Incompatible Number of appliances in which Intrusion Prevention System (IPS) module is subscribed and unsubscribed. Click hyperlink given on number of subscribed and unsubscribed appliances to view following details: Appliance Name Name of appliance Appliance Key Appliance key of the managed appliance Company Name Name of the company where the managed appliance is deployed Model Model number of the managed appliance Status Connectivity: Possible status: Connected Disconnected Sync: Possible status: Synchronized Unsynchronized Click Sync now hyperlink to start synchronization process

25 Disconnected Compatibility: Possible Status: Compatible Incompatible Web Application Firewall (WAF) Number of appliances in which Web Application Firewall (WAF) module is subscribed and unsubscribed. Click hyperlink given on number of subscribed and unsubscribed appliances to view following details: Appliance Name Name of appliance Appliance Key Appliance key of the managed appliance Company Name Name of the company where the managed appliance is deployed Model Model number of the managed appliance Status Connectivity: Possible status: Connected Disconnected Sync: Possible status: Synchronized Unsynchronized Click Sync now hyperlink to start synchronization process. Disconnected Compatibility: Possible Status: Compatible Incompatible Out Bound Spam Protection Number of appliances in which Outbound Spam Protection module is subscribed and unsubscribed. Click hyperlink given on number of subscribed and unsubscribed appliances to view following details: Appliance Name Name of appliance Appliance Key Appliance key of the managed appliance

26 Company Name Name of the company where the managed appliance is deployed Model Model number of the managed appliance Status Connectivity: Possible status: Connected Disconnected Sync: Possible status: Synchronized Unsynchronized Click Sync now hyperlink to start synchronization process Disconnected Compatibility: Possible Status: Compatible Gateway Status Gateway Name Gateway IP address Gateway Status Incompatible Name of the gateway IP address of the gateway Status of the gateway. Possible status: Active CCC License Information Appliance Information Registration Deactive Registration details. 8 5 Support Subscription status If appliance is not registered, click Register to register your appliance. If appliance is registered, click License Information hyperlink to open Licensing page. Possible status: Unregistered (when appliance is not registered) Subscribed Unsubscribed 24 7 Support Subscription status: Possible status:

27 Unregistered (when appliance is not registered) Subscribed Unsubscribed Table Appliance Group Dashboard screen elements Appliance Dashboard Appliance dashboard displays following information for the selected appliance: Appliance Information License Information Connection Information Signature Information CPU usage for last two hours Memory usage for last two hours User Surfing Pattern Screen Appliance Dashboard Screen Elements

28 Appliance Information Company Name Name of the company under whose name appliance is to be registered. Appliance Name[Edit] Appliance Key For unregistered appliances, this field will be blank. Name of the appliance. Click Edit hyperlink to edit the appliance details. Appliance key Model Location Firmware Version Time Zone Date & Time (Time calculated based on CCC time) Last Good Backup Last Backup Change Detail Model number Name of the place where Cyberoam appliance is deployed. Firmware version running on the appliance Time zone of the appliance Date and time of appliance in Day Mon DD YYYY HH:MM:SS format Date and time in Day Mon DD YYYY HH:MM:SS format when last good backup has been taken. Date and time in Day Mon DD YYYY HH:MM:SS format when last backup has been taken. Status of Change Control Settings. If the change control is enabled it displays hyperlink to view change control for the appliance. Signature Information (This section will be blank if the appliance is not registered) IPS Signature Version Anti Virus Version Webcat Signature version Connection Information Appliance Address Connection Status IP/Domain IPS signature database version on the appliance. Click Synchronize button to update IPS signature database with latest available database version at upgrade server. Anti Virus engine version on the appliance. Click Synchronize button to update AV signature database with latest available database version at upgrade version. Web category database version on the appliance IP address of the appliance Current connectivity status Possible status: Connected Synchronization Status Disconnected Synchronization status Possible status: Synchronized Unsynchronized Click Sync now hyperlink to start synchronization process

29 Communication Mode Disconnected Communication mode to manage Cyberoam appliance from CCC: Communicate with Cyberoam using Port Test Connection License Information Appliance Registration Status Subscriptions Web and Application Filter Available Modes: Central Management will push updates to this Appliance This Appliance will fetch updates from Central Management Communication protocol HTTP, HTTPS Communication port Click Test Now to establish the connection between Cyberoam and CCC Registration Status Possible status: Registered address [License Information] will be displayed if the appliance is registered. Click License Information hyperlink to open Customer My Account page. Unregistered Subscription status Intrusion Prevention System (IPS) Gateway Anti Virus Possible status: Unregistered (when appliance is not registered) Subscribed Unsubscribed Expired Trial Subscription status Possible status: Unregistered (when appliance is not registered) Subscribed Unsubscribed Expired Trial Subscription status Possible status: Unregistered (when appliance is not registered) Subscribed

30 Gateway Anti Spam Unsubscribed Expired Trial Subscription status Possible status: Unregistered (when appliance is not registered) Subscribed Unsubscribed Expired Trial 8 5 Support Subscription status Possible status: Unregistered (when appliance is not registered) Subscribed Unsubscribed Trial Expired 24 7 Support Subscription status: Synchronize Appliance Licenses with Customer My Account Appliance Monitoring Diagnostics Packet Capture Connection Capture Possible status: Unregistered (when appliance is not registered) Subscribed Unsubscribed Expired Click to synchronize appliance licenses with Customer My Account. Displays time in Day, DD Mon YYYY at HH:MM:SS format when packet capture information is fetched from managed appliances through CCC. Displays time in Day, DD Mon YYYY at HH:MM:SS format when connection list information is fetched from managed appliances through CCC. Tools CTR Live Informations DHCP Lease Connection list provides current or live connection snapshot of managed appliance in the list form. Click to open Tools page of managed appliance. Displays time in Day, DD Mon YYYY at HH:MM:SS format when CTR is generated for managed appliances through CCC. Displays time in Day, DD Mon YYYY at HH:MM:SS format

31 when DHCP Lease information is fetched from managed appliances through CCC. Live Users IPSec Connections SSL VPN Users Live Connection IPv4 Live Connection IPv6 Displays time in Day, DD Mon YYYY at HH:MM:SS format when Live Users information is fetched from managed appliances through CCC. Displays time in Day, DD Mon YYYY at HH:MM:SS format when IPSec Connections information is fetched from managed appliances through CCC. Displays time in Day, DD Mon YYYY at HH:MM:SS format when SSL VPN Users information is fetched from managed appliances through CCC. Displays time in Day, DD Mon YYYY at HH:MM:SS format when IPv4 Live Connections information is fetched from managed appliances through CCC. Displays time in Day, DD Mon YYYY at HH:MM:SS format when IPv6 Live Connections information is fetched from managed appliances through CCC. CPU Usage for last two hours Displays line graph for CPU usage for last two hours. Memory Usage for last two hours Displays line graph for Memory usage for last two hours. User Surfing Pattern Displays Internet surfing pattern of the users in a pie chart. Template Dashboard Table Appliance Dashboard screen elements A template dashboard displays summary of the selected template along with the recent activity log. To view the details of individual template, go to Policy Configuration > Template, and select a template. This page displays following information for selected template: Template Summary Recent Activities

32 Screen Template Dashboard Screen Elements Template Summary System Objects Network Displays name of System configurations along with number of entries: Administration > Profile SNMP > Community SNMP > v3 User Certificate > Certificate Certificate > Certificate Authority Certificate > CRL CLI Configuration > Thin Client CLI Configuration > CTA Collector CLI Configuration > VPN Zone Network Displays name of the Objects configurations along with number of entries: Host > IP Host Host > IP Host Group Host > MAC Host Host > FQDN Host Host > FQDN Host Group Host > Country Host Host > Country Host Group Services > Services Services > Service Groups Schedule > Schedule File Type > File Type Displays name of the Network configurations along with number of entries: Static Route > Unicast

33 Identity Firewall VPN IPS Web Filter Application Filter WAF IM DNS > DNS Host Entry DHCP > Relay Displays name of the Identity configurations along with number of entries: Authentication > Authentication Server Groups > Group Users > Users Users > Clientless User Guest Users > SMS Gateway Policy > Access Time Policy Policy > Surfing Quota Policy Policy > Data Transfer Policy Displays name of the Firewall configurations along with number of entries: Rule > Rule Virtual Host > Virtual Host NAT Policy > NAT Policy DoS > Bypass Rules Displays name of the VPN configurations along with number of entries: Policy > VPN Policy IPSec > IPSec Connection L2TP > L2TP Connection Displays name of the IPS configurations along with number of entries: Policy > IPS Policy Policy > Custom Signature Displays name of the Web Filter configuration along with number of entries: Category > Web Filter Category Category > URL Group Policy > Web Filter Policy Displays name of the Application Filter configuration along with number of entries: Category > Application Filter Category Policy > Application Filter Policy Displays name of the WAF configurations along with number of entries: Web Servers > Web Servers Web Servers > Exceptions Displays name of the IM configurations along with number of entries: IM Contact > IM Contact IM Contact > IM Contact Group IM Rules > Login IM Rules > Conversation

34 QoS Anti Virus Anti Spam Logs and Reports Apply Recent Activities Time Message IM Rules > File Transfer IM Rules > Webcam Displays name of the QoS configuration along with number of entries: Policy > Policy Displays name of the Anti Virus configurations along with number of entries: Mail > SMTP Scanning Rules Mail > Address Group HTTP/S > HTTP Scanning Rules HTTP/S > HTTP Scanning Exceptions Displays name of the Anti Spam configurations along with number of entries: Spam Rules > Spam Rules Configuration > Address Group Configuration > Archiver Trusted Domain > Trusted Domain Displays name of the Logs and Reports configurations along with number of entries: Configuration > Syslog Servers Click to apply the template configuration on selected appliance(s) Displays time of the event in YYYY-MM-DD HH:MM format. The administrator can view following details for an activity: User, IP, Entity, Sub Entity, Action, Status Details of change. Table Template Dashboard screen elements Appliance Monitor Graph Appliance Monitoring Graphs provide visibility of security alerts, resources and license status of managed Cyberoam appliances at a single glance. Click given on the button bar. These graphs display top 20 (twenty) appliances with highest number of security, resource and license alerts. These graphs are refreshed in interval of 5 minutes.

35 Log out procedure To avoid un-authorized users from accessing Cyberoam Central Console, log off after you have finished working. This will end the session and exit from Cyberoam Central Console.

36 Getting Started PART 2 This section describes basic configuration of Cyberoam Central Console including network configuration like gateway, interface, unicast and DNS, mail server notification and setting of time and date zones. Once you have deployed and registered the copy of your appliance, you can start using appliance. Go to Management Console menu and follow the below given order of operations: Mail Server settings Add Appliance Check and Upgrade Appliance AV, IPS subscriptions Monitor Appliance from Live Dashboard Network Configuration This menu covers how to configure CCC appliance to operate in your network. Basic network settings include configuring your appliance interfaces, DNS and gateway settings. You can change the Interface and Gateway IP addresses that you have already configured at the time of deployment. Interface Use Interface page to view port wise network (physical interface) details. Alias details is nested and displayed beneath the respective physical interface, if configured. To manage interfaces, go to Management Console > CCC Management > Network > Interface. You can: Update Physical Interface/Port details Click the Interface Name or Edit icon column against the IP address and netmask of physical interface to be modified. View Add Alias in the Manage Edit Alias Click the Edit icon in the Manage column against the Alias to be modified. Edit Alias page is displayed which has the same parameters as the Add Alias window. Delete Click the Delete icon in the Manage column against the alias to be deleted. A dialog box is displayed asking you to confirm the deletion. Click OK to delete the alias. To delete multiple aliases, select them and click the Delete button. Manage Interfaces Physical & Aliases To manage interfaces, go to Management Console > CCC Management > Network > Interface.

37 Screen Manage Interface Screen Elements Add Alias Button Interface Name IP/ Netmask MTU Interface Speed Edit Icon Delete Button Add a new Alias. Interface Name. Ports in case of Physical Interfaces. IP Address and the Netmask Configured Maximum Transmission Unit Configured Interface Speed Edit the Interface or Alias Delete the Alias. Alternately, click the Delete icon against the alias you want to delete. Table Manage Interface screen elements Edit Physical Interface To change IP address, subnet mask of the Interface and gateway (if defined), go to Management Console > CCC Management > Network > Interface and click Edit icon in the Manage column against the Interface to be modified.

38 Screen Edit Physical Interface Screen Elements General Settings Physical Interface Physical Interface e.g. Port A, Port B It cannot be modified IPv4 Configuration (Select to configure IPv4 interface) IPv4/Netmask Specify IPv4 Address and Network Subnet mask. IPv6 Configuration (Select to configure IPv6 interface) IPv6/Prefix Specify IPv6 Address and prefix. Gateway Configuration Gateway Name IP Address (in case of IPv4 configuration) IPv6 Address (in case of IPv6 configuration) Specify name of the gateway ( It is available only when the gateway is defined on the interface) Specify IP address of the gateway. Specify IPv6 address of the gateway. Advanced Settings Interface Speed Select Interface speed for synchronization. Speed mismatch between Cyberoam and 3rd party routers and switches can result into errors or collisions on interface, no connection or traffic latency, slow performance. Available options: Auto Negotiate 10 Mbps - Full duplex 10 Mbps - Half duplex

39 100 Mbps - Full duplex 100 Mbps - Half duplex 1000 Mbps - Full duplex 1000 Mbps - Half duplex Default - Auto Negotiate MTU Specify MTU value (Maximum Transmission Unit) MTU is the largest physical packet size, in bytes, that a network can transmit. This parameter becomes an issue when networks are interconnected and the networks have different MTU sizes. Any packets larger than the MTU value are divided (fragmented) into smaller packets before being sent. Default Input range to 1500 Table Edit Physical Interface screen elements Alias Parameters Alias allows binding multiple IP addresses onto a single physical interface. It is another name of the interface that will easily distinguish this interface from another. To update the details, click on the alias name or Edit icon in the Manage column against the alias you want to modify. Go to Management Console > CCC Management > Network > Interface and click Add Alias. Screen Add Alias Screen Elements Physical Interface IP Family Select Physical Interface for which Alias is to be added. Displays type of IP family for the selected Physical interface.

40 Alias IP address Netmask Select type of IP address to be assigned to Alias Available options: Single Range Specify IP address Select the network subnet mask Table Add Alias screen elements DNS The Domain Name System (DNS) is a system that provides a method for identifying hosts on the Internet using alphanumeric names called fully qualified domain names (FQDNs) instead of using difficult to remember numeric IP addresses. In other words, it translates domain names to IP addresses and vice versa. DNS server is configured at the time of deployment. You can add additional IP addresses of the DNS servers to which appliance can connect for name resolution. When multiple DNS are configured, they are queried in the order as they are entered. To configure DNS, go to Management Console > CCC Management > Network > DNS. Manage DNS To manage DNS, go to Management Console > CCC Management Network > DNS. Screen Manage DNS Screen Elements DNS List IPv4 DNS 1 DNS 2 DNS 3 Specify IPv4 address of primary DNS. Specify IPv4 address of secondary DNS. Specify IPv4 address of tertiary DNS Table DNS screen elements

41 Gateway Gateway routes traffic between the networks. You must have configured the IP address for a default gateway at the time of deployment. You can change this configuration any time if required. Go to Management Console > CCC Management > Network > Gateway to: View Edit Click the gateway name hyperlink to modify the gateway. Manage Gateway To manage gateway, go to Management Console > CCC Management > Network > Gateway. Screen Manage Gateway Screen Elements Name Gateway Name IPv4 Address Status IP address of IPv4 gateway. Displays status of the gateway. Possible status: :Connected :Disconnected IPv6 Address Status IP address of IPv6 gateway. Displays status of the gateway. Possible status: :Connected :Disconnected Interface Displays name of the gateway interface. Table Manage Gateway screen elements Edit Gateway To edit gateway details, go to Management Console > CCC Management > Network > Gateway. Click the gateway name hyperlink to modify the details of the gateway.

42 Screen Edit Gateway Screen Elements IPv4 Address IPv6 Address Interface Specify IPv4 Address of the Gateway Specify IPv6 Address of the Gateway (if the interface is configured with IPv6 address). Specify Ethernet Port number selected that is to act as Gateway. Table Manage Gateway screen elements Notification Configure mail server IP address, port and address where the CCC has to send and receive alert s. To configure mail server settings, go to Management Console > CCC Management > System > Notification. Screen Mail Server Notification

43 Screen Elements Mail Server Setting Mail Server IP Address/FQDN - Port Authentication Required Specify Mail server IP address or FQDN name and port number. If enabled, specify authentication parameters i.e. username and password. Setting From Address Specify the addresses from which the notification is to be sent. Time Send Notification to Address Specify the address to which the notification is to be sent. Table Mail Server Notification screen elements CCC appliance current date and time can be set according to the appliance s internal clock or synchronized with an NTP server. Appliance clock can be tuned to show the right time using global time servers so that logs show the precise time and the appliance internal activities can also happen at a precise time. To configure time settings, go to Management Console > CCC Management > System > Time. Screen Time Settings

44 Screen Elements Current Time Time Zone Current system time Select time zone according to the geographical region in which Cyberoam is deployed. Set Date & Time Enable to set date and time. Use Calendar to set date and configure time in 24 hour format (HH:MM:SS). Sync with NTP server Enable if you want CCC to get time from an NTP server. Use the pre-defined NTP servers - asia.pool.ntp.org & in.pool.ntp.org or specify NTP server IP address or domain name to synchronize time with a specific NTP server. If custom NTP server is defined, time will be synchronized with custom server and not pre-defined servers. CCC appliances use NTP Version 3 (RFC 1305). One can configure up to 10 NTP servers. At the time of synchronization, it queries each configured NTP server sequentially. When the query to the first server is not successful, CCC queries second server and so on until it gets a valid reply from one of the NTP servers configured. Sync Now Click Sync Now button to synchronize CCC clock with the NTP Server. Table Time Settings screen elements

45 Appliance Management PART 3 Appliance management enables administrator to add appliances. Once the appliances are added, they can be organized into groups as per the requirement. Once the appliance is added, administrator can select the appliance from the Appliance tree and configure appliance. As CCC acts as backup repository, administrator can take appliance/ appliance group backup and restore it later on. Apart from backup, administrator can also download and upgrade to the latest firmware. This menu also enables the administrator to view and manage changes in configuration of managed appliances. Appliance Use the Appliance menu to add Cyberoam appliances to the CCC. Once you have added the appliances and organized them into groups, you can configure single appliance or group of appliances. To add or edit appliance details, go to Management Console > Appliance Management > Appliance(s) > Appliances. You can Add Wizard Click to add an appliance using wizard. View Edit Click the Edit icon in the Manage column against the appliance to be modified. Edit Appliance page is displayed which has the same parameters as the Add Appliance window. Search Click the Search icon in the Appliance Name column to search for specific appliance. Appliance can be searched on the following criteria: is, is not and contains. A pop-up window is displayed that has filter conditions for search. Click OK to get the search results and Clear button to clear the results. Search Criteria is Search Results All the appliance names that exactly match with the string specified in the criteria. For example, if the search string is CRAppliance, only that appliance will be displayed whose name exactly matches with the search string - CRAppliance. is not All the appliances that do not match with the string specified in the criteria. For example, if the search string is CRAppliance, all the appliances except with the appliance whose name exactly matches with the search string - CRAppliance.

46 contains All the appliances that contain the string specified in the criteria. For example, if the search string is CRAppliance, all the appliances containing the string CRAppliance are displayed. Table Search Criteria Delete Click the Delete icon in the Manage column against the appliance to be deleted. A dialog box is displayed asking you to confirm the deletion. Click OK to delete the appliance. To delete multiple appliances, select them and click the Delete button. Reboot Click to reboot the selected appliance(s) immediately or set schedule to reboot the appliance(s). Manage Appliances added to CCC To manage added appliances, go to Management Console > Appliance Management > Appliances > Appliances. Screen Appliance Management Screen Elements Add Button Appliance Name Appliance Key IP/Domain Add a new Appliance Name for the Appliance Appliance Key of the appliance. This field displays appliance keys of both the appliances if the appliance is deployed in High Availability Mode. IP address assigned to the WAN port of the Appliance Status

47 Conn Current Connectivity status i.e. whether appliance is currently connected to the CCC or not Possible status: Connected Disconnected Sync Status Synchronization status Possible status: Synchronized Unsynchronized Click Sync now hyperlink to start synchronization process Disconnected Comp Compatibility status Possible status: Compatible Incompatible Firmware License Information Appliance firmware License information for various subscriptions: Available subscriptions: AV, AS, IPS, WAF, Outbound Anti Spam, Web & Application Filter, 24 7, 8 5 support Possible status: : Trial : Registered : Expired Access Protocol Appliance Status Protocol and Port number used to communicate with the appliance Appliance Registration status Possible status: Registered Unregistered Model User Name Edit Icon Reboot Button/ Icon Appliance model number Name of the administrator user Edit the appliance details. Click to reboot the appliance immediately or set Schedule to reboot the appliance. The administrator can choose to schedule the reboot process as per the appliance time.

48 Dashboard Icon Click to visit appliance dashboard. Please note that the appliance should be compatible with CCC to view dashboard from Appliance Management page. Delete Button Delete the Appliance Table Appliance Management screen elements Appliance Parameters To add or edit appliance details, go to Management Console > Appliance Management > Appliances > Appliances. Click Add Button to add a new appliance or Edit Icon to modify the details. Screen Add Appliance Screen Elements Appliance Name Appliance Key IP/Domain Admin Username Specify appliance name, which uniquely identifies the appliance. Specify appliance key. Specify IP address of the appliance. Specify Administrator Username of the Appliance.

49 Password and Confirm Password Communication Mode Password for the above mentioned Administrator Username of the Appliance. Specify communication mode to manage Cyberoam appliance from CCC. Central Management will push updates to this Appliance: Select if the managed Cyberoam appliance is directly accessible from CCC i.e. there is no intermediate NAT box. Specify access protocol and port number to communicate with managed Cyberoam appliance. This Appliance will fetch updates from Central Management Select if the managed Cyberoam appliance is behind NAT box e.g. ADSL. In that case 1. Managed Cyberoam appliance will first poll CCC appliance in interval of 1 (one) minute for any configuration updates available. 2. If the updates are available the managed Cyberoam appliance will pull those updated configuration settings. Please refer to for details. Enable Change Control (CCL) Enabling Change Control allows the administrator to maintain list of configuration revisions. Configuration Revisions are the configuration changes synchronized by CCC. The administrator can update the CCL settings from Management Console > CCC Management > System > Settings > Change Control Settings page. To view details of change control go to Management Console > Appliance Management > Change Control. Template Access to User Administrator Information Administrator Name Contact Number ID Test Connection OK Cancel Select configuration template, which has to be applied on the appliance. Specify CCC Administrator who can manage the Appliance Specify description of the CCC appliance Click hyperlink to add additional information of CCC Administrator Specify name of the CCC Administrator Specify contact number of the CCC Administrator Specify ID of the CCC Administrator Click to test the connectivity between CCC and appliance. Click to add appliance. Click to return on Appliance Management page Table Add Appliance screen elements

50 As soon as the appliance is added successfully, CCC will synchronize with the appliance. Add Appliance Wizard The Add Appliance Wizard takes you step-by-step through process of appliance addition and configuration of certain core features of appliance management like firmware backup & restore and template configuration. Wizard is divided into six sections: Appliance Communication Firmwares Backup Template Summary Go to Management Console > CCC Management> Appliance Management > Appliances. Click Wizard and follow the below given steps. You can also run Add Appliance Wizard from Appliance Discovery notification. Add Appliance Details using Wizard Screen Appliance Information

51 Screen Elements Appliance Name Appliance Key IP/Domain Admin Username Password and Confirm Password Enable Change Control (CCL) Specify appliance name, which uniquely identifies the appliance. Specify Appliance Key. If you are running the wizard from Appliance Discovery notification then this field will reflect appliance key automatically. Specify IP address assigned to the WAN Interface of the appliance. Specify Administrator Username of the Appliance. Password for the above mentioned Administrator Username of the Appliance. Enabling Change Control allows the administrator to maintain list of configuration revisions. Configuration Revisions are the configuration changes synchronized by CCC. The administrator can update the CCL settings from Management Console > CCC Management > System > Settings > Change Control Settings page. To view details of change control go to Management Console > Appliance Management > Change Control. Administrator Information Administrator Name Contact Number ID Test Connection OK Cancel Next Done Specify description of the CCC appliance. Click hyperlink to add additional information of CCC Administrator. Specify name of the CCC Administrator. Specify contact number of the CCC Administrator. Specify ID of the CCC Administrator. Click to test the connectivity between CCC and appliance. Click to add appliance. Click to return on Appliance Management page. Click Next to go to Communication Mode details. Click to complete the wizard. Table Appliance Information

52 Configure Communication Mode Details using Wizard Screen Define Communication Mode Screen Elements Communication Mode Specify Appliance communication mode to manage Cyberoam appliance from CCC. Central Management will push updates to this Appliance: Select if the managed Cyberoam appliance is directly accessible from CCC i.e. there is no intermediate NAT box. Specify access protocol and port number to communicate with managed Cyberoam appliance. This Appliance will fetch updates from Central Management Select if the managed Cyberoam appliance is behind NAT box e.g. ADSL. In that case Managed Cyberoam appliance will first poll CCC appliance in interval of 1 (one) minute for any configuration updates available. If the updates are available the managed Cyberoam appliance will pull those updated configuration settings. Please refer to for details. Access Protocol Access Port Specify Protocol that is to be used to access the Appliance for pushing configuration and synchronizing i.e. Protocol used to communicate with the appliance. Specify Port through which Appliance and CCC should

53 communicate. Users Back Next Done Specify CCC Administrator who can manage the Appliance. Click Back to go to Add Appliance Details. Click Next to go to Firmware Management. Click to complete the wizard. Table Define Communication Mode Firmware Management using Wizard Screen Upgrade Appliance Firmware Screen Elements Current Firmware in Appliance Latest Applicable Firmware for Appliance Do you want to upgrade the appliance Back Next Displays current firmware version of managed Cyberoam appliance and availability of latest Cyberoam firmware version. If the appliance model is already added in CCC the latest version will be displayed automatically else click Check for Upgrades to check availability of latest firmware version. To upgrade the appliance with latest available firmware click Yes. By default, it is disabled. Click Back to go to Communication Details. Click Next to go to Backup Management. Done Click to complete the wizard. Table Upgrade Appliance Firmware

54 Backup Management using Wizard Screen Restrore Existing Configuration Backup Screen Elements Do you want to restore any existing configuration backup in new appliance? Use backup of other appliance Upload Backup Choose File Back Next Click Yes to restore backup of any existing appliance in appliance to be added. By default, it is disabled. Select an existing appliance and backup to restore it in appliance to be added. Enable to upload backup available at your local machine. Browse to locate backup file in your machine. Click Back to go to Firmware Management. Click Next to go to Template Management. Done Click to complete the wizard. Table Restrore Existing Configuration Backup

55 Template Management using Wizard Screen Select Template to Configure Appliance Screen Elements Do you want to apply any configured template to the appliance? Template Back Next Click Yes to add an appliance with existing configuration template. By default, it is disabled. Select template to be applied. Click Back to go to Backup Management. Click Next to view Summary. Done Click to complete the wizard. Table Select Template to Configure Appliance

56 Summary Screen Summary Screen Elements Appliance Name Appliance Key IP/Domain Admin Username CCL Communication Mode Access Protocol Access Port Upgrade Firmware Restore Backup Name of the appliance. Appliance key. IP Address or domain name for the appliance. Name of the administrator user. Status of CCL. Mode of communication between CCC and Cyberoam. Name of access protocol for communication between CCC and Cyberoam. Port number for communication between CCC and Cyberoam. Status of firmware upgrade. Status of backup restore. Apply Tempate Back Finish Configuration Status of template configuration. Click Back to go to Template Management. Click to complete the wizard. Table Summary

57 Appliance Discovery Cyberoam appliance(s) sends heartbeat packet to CCC over Syslog or HTTP. Appliance discovery page allows you to view and add these Cyberoam appliance(s) to CCC. Appliance Discovery Notification On successful login, CCC administrator can view appliance discovery notification(s) on top most button bar. Click to view list of appliance(s) sending heartbeat packet to CCC along with appliance IP address, appliance key, company name and registered address. Screen Appliance Discovery Notification Screen Elements IP Address Appliance Key Company Registered IP address of the appliance Appliance key. If the discovered appliance is deployed in High Availability (HA) mode then the appliance key will be a combination of primary and auxiliary appliance keys. Name of the Company where the Cyberoam appliance is deployed. address used to register the appliance. Manage Click to add the discovered appliance to CCC and to remove appliance from the list. See More Appliances Discovery Appliance Discovery Click See More Appliances link to view list of all discovered appliance(s). Table Appliance Discovery Notification screen elements To view and add discovered appliance(s) to CCC, go to Management Console > Appliance Management > Appliances > Appliance Discovery. You can: View Add Manage Discovered appliances To manage discovered appliance(s) to CCC, go to Management Console > Appliance Management > Appliances > Appliance Discovery.

58 Screen Appliance Discovery Screen Elements Appliance Key IP Country Company Manage Appliance key IP address of WAN interface of the appliance. Name of the Country where the Cyberoam appliance is deployed. Name of the Company where the Cyberoam appliance is deployed. address used to register the appliance. Click to add the discovered appliance to CCC and to remove appliance from list of discovered appliance(s). Table Appliance Discovery Appliance Groups Administrator may wants to divide the managed appliances into groups for the following reasons: to configure group-shared settings and then push the configurations on the appliances at once. For example group all the appliances that need to upgrade subscription and push the upgrades to all the appliances to manage a great number of appliances more efficiently to group the appliances according to their locations (country/state/city) to group the appliances according to ownership/company and departments to group the appliances according to their firmware to group the appliances according to the appliance models to group the appliances according to subscription - AV, IPS, Web category to group the appliances according to the appliance names Single appliance can be part of multiple groups. To manage appliance groups, go to Management Console > Appliance Management > Appliances > Appliance Group. You can: Add View Search Click the Search icon in the Appliance Group Name column to search for group with the following criteria: is, is not, and contains. A pop-up window is displayed that has filter conditions for search. Click OK to get the search results and Clear button to clear the results. Search Criteria is Search Results All the Usernames that exactly match with the string specified in the criteria. For example, if the search string is Branch, only groups with the name exactly matching Branch are

59 displayed. is not All the groups that do not match with the string specified in the criteria. For example, if the search string is Branch, all groups except the name exactly matching Branch are displayed. contains All the groups that contain the string specified in the criteria. For example, if the search string is Branch, all the groups containing the string Branch are displayed. Table Search Criteria Delete Click the Delete icon in the Manage column against a group to be deleted. A dialog box is displayed asking you to confirm the deletion. Click OK to delete the group. To delete multiple Users, select them Manage Appliance Groups and click the Delete button. To manage appliance groups, go to Management Console > Appliance Management > Appliances > Appliance Group. Screen Manage Appliance Group Screen Elements Add Button Appliance Group Name Add a new Appliance Group Name for the Appliance Group Delete Button Delete the Appliance Group Table Manage Appliance Group Screen elements Appliance Group Parameters To add or edit appliance group details, go to Management Console > Appliance Management > Appliances > Appliance Group. Click Add Button to create a new group or Edit Icon to modify the details of the group.

60 Screen Add Appliance Group Screen Elements Appliance Group Name Specify group name, which uniquely identifies the group Appliance Condition Group Specify appliances to be grouped. Available options: Model Firmware Anti Virus IPS Web Category Company Country Department State City Appliance Name: Specify comma separated group condition criteria. Available options: o o o o Starts with Contains Substring Ends with Specify string to be matched with selected criterion. You can select Appliance Name as a criterion for multiple times. All the appliances starting with specified name prefix will be grouped dynamically Table Add Appliance Group Screen elements Template A template is a set of most commonly used objects, services and configurations. CCC allows administrator to store the most common configuration settings of Cyberoam appliances in the form of template. The administrator can directly export the objects, services and configuration stored in a template to selected appliance(s). You can Add View

61 Edit Click the Edit icon in the Manage column against the template to be modified. Edit template pop-up is displayed where you can edit description of the template. Export Click the Export icon Clone Click the Clone icon in the Manage column against the template to be exported. in the Manage column against the template to be cloned. Delete Click the Delete icon in the Manage column against the template to be deleted. A dialog box is displayed asking you to confirm the deletion. Click OK to delete the template. Please note that delete process takes some time based on size of configuration stored in the template. Hence you can not delete another template before the completion of earlier delete process. You also can not delete multiple templates in a single click. Manage Templates To manage templates, go Management Console > Appliance Management > Appliances > Template. Screen Manage Template Screen Elements Add Button Template Name Export Icon Clone Icon Edit Icon Delete Icon Add a new Template Name for the Template of the Template Export the Template Clone the template Edit the Template Delete the Template Table Manage Template Screen elements Template Parameters You can add a new template from Management Console > Appliance Management > Template or Policy Configuration > Template > Add Template. Click Add Button to create a template or Edit Icon to modify the description of the template.

62 Screen Add Template Screen Elements Template Name Template Type Specify template name, which uniquely identifies the template Select the type of template to be added New Template Select to store global configuration available at CCC in the form of template. Import Appliance Configuration Select to store configuration available at selected Cyberoam appliance in the form of template. Clone Template Select to add a new template with configuration stored in existingtemplate. Appliance Clone From Select a Cyberoam appliance from the list of managed appliances to store configuration available at that Cyberoam appliance in the form of template. Select the template to be cloned. (This option is disabled if there is no existing template to be cloned). Specify description of the appliance Table Add Template Screen elements Export Template To export a template, go to Management Console > Appliance Management > Template. Click the Export icon in the Manage column against the template to be exported. You can also export a template from Policy Configuration > Template Dashboard. Click Apply button to export the selected template.

63 Screen Export Template Screen Elements System Displays name of System configurations along with number of entries: Administration > Settings Administration > Appliance Access Administration > Profile Configuration > Time Configuration > Notification Configuration > Messages Configuration > Web Proxy Configuration > Parent Proxy Configuration > Captive Portal Maintenance > Updates SNMP > Agent Configuration SNMP > Community SNMP > v3 User

64 Objects Network Identity Firewall Certificate > Certificate Certificate > Certificate Authority Certificate > CRL CLI Configuration > CLI Configuration CLI Configuration > CTA Displays name of the Objects configurations along with number of entries: Host > IP Host Host > IP Host Group Host > MAC Host Host > FQDN Host Host > FQDN Host Group Host > Country Host Host > Country Host Group Services > Services Services > Service Groups Schedule > Schedule File Type > File Type Displays name of the Network configurations along with number of entries: Static Route > Unicast DNS > DNS DNS > DNS Host Entry DHCP > Relay Displays name of the Identity configurations along with number of entries: Authentication > Authentication Server Authentication > Firewall Authentication > VPN Authentication > Admin Groups > Group Users > Users Users > Clientless User Guest Users > General Settings Guest Users > SMS Gateway Policy > Access Time Policy Policy > Surfing Quota Policy Policy > Data Transfer Policy Displays name of the Firewall configurations along with number of entries: Rule > Rule Virtual Host > Virtual Host NAT Policy > NAT Policy DoS > Settings DoS > Bypass Rules

65 VPN IPS Web Filter Application Filter WAF IM QoS Anti Virus Displays name of the VPN configurations along with number of entries: Policy > VPN Policy IPSec > IPSec Connection L2TP > L2TP Configuration L2TP > L2TP Connection PPTP > PPTP Configuration Displays name of the IPS configurations along with number of entries: Policy > IPS Policy Custom Signature > Custom Signature Displays name of the Web Filter configuration along with number of entries: Settings > Settings Category > Web Filter Category Category > URL Group Policy > Web Filter Policy Displays name of the Application Filter configuration along with number of entries: Category > Application Filter Category Policy > Application Filter Policy Displays name of the WAF configurations along with number of entries: Web Servers > Web Servers Web Servers > Exceptions Global Settings > Global Settings Displays name of the IM configurations along with number of entries: IM Contact > IM Contact IM Contact > IM Contact Group IM Rules > Login IM Rules > Conversation IM Rules > File Transfer IM Rules > Webcam Content Filter > Content Filter Displays name of the QoS configuration along with number of entries: Policy > Policy Displays name of the Anti Virus configurations along with number of entries: Mail > Configuration Mail > SMTP Scanning Rules Mail > Address Group Mail > Configuration HTTP/S > HTTP Scanning Rules HTTP/S > HTTP Scanning Exceptions

66 FTP > FTP Anti Spam Logs and Reports Confirm Button Cancel Button Displays name of the Anti Spam configurations along with number of entries: Configuration > Configuration Configuration > Address Group Configuration > Archiver Spam Rules > Spam Rules Spam Digest > Spam Digest Settings Trusted Domain > Trusted Domain Displays name of the Logs and Reports configurations along with number of entries: Configuration > Syslog Servers Configuration > Log Settings Confirm the template to be exported Cancel export Table Export Template Screen elements Edit Template To edit the details of individual template, go to Policy Configuration > Template> Templates and click the template to be edited. Click Policy tab to edit following configuration settings for the selected template: System o o o o o o o o o o o o o o o o o Administration > Settings Administration > Appliance Access Administration > Profile Configuration > Time Configuration > Notification Configuration > Messages Configuration > Web Proxy Configuration > Parent Proxy Configuration > Captive Portal Maintenance > Updates SNMP > Agent Configuration SNMP > Community SNMP > v3 User Certificate > Certificate Certificate > Certificate Authority Certificate > CRL CLI Configuration > CLI Configuration Go to System for detailed steps. Objects o Host > IP Host o Host > IP Host Group o Host > MAC Host

67 o o o o o o o o Host > FQDN Host Host > FQDN Host Group Host > Country Host Host > Country Host Group Services > Services Services > Service Groups Schedule > Schedule File Type > File Type Go to Objects for detailed steps. Network o Static Route > Unicast o DNS > DNS o DNS > DNS Host Entry o DHCP > Relay Go to Network for detailed steps. Identity o Authentication > Authentication Server o Authentication > Firewall o Authentication > VPN o Authentication > Admin o Groups > Group o Users > Users o Users > Clientless User o Guest Users > General Settings o Guest Users > SMS Gateway o Policy > Access Time Policy o Policy > Surfing Quota Policy o Policy > Data Transfer Policy Go to Identity for detailed steps. Firewall o Rule > Rule o Virtual Host > Virtual Host o NAT Policy > NAT Policy o DoS > Settings o DoS > Bypass Rules Go to Firewall for detailed steps. VPN o Policy > VPN Policy o IPSec > IPSec Connection o L2TP > L2TP Configuration

68 o o L2TP > L2TP Connection PPTP > PPTP Configuration Go to VPN for detailed steps. IPS o Policy > IPS Policy o Custom Signature > Custom Signature Go to IPS for detailed steps. Web Filter o Settings > Settings o o o Category > Web Filter Category Category > URL Group Policy > Web Filter Policy Go to Web Filter for detailed steps. Application Filter o Category > Application Filter Category o Policy > Application Filter Policy Go to Application Filter for detailed steps. WAF o Web Servers > Web Servers o Web Servers > Exceptions o Global Settings > Global Settings Go to WAF for detailed steps. IM o o o o o o o IM Contact > IM Contact IM Contact > IM Contact Group IM Rules > Login IM Rules > Conversation IM Rules > File Transfer IM Rules > Webcam Content Filter > Content Filter Go to IM for detailed steps. QoS o Policy > Policy Go to QoS for detailed steps.

69 Anti Virus o Mail > Configuration o o o o o o Mail > SMTP Scanning Rules Mail > Address Group Mail > Configuration HTTP/S > HTTP Scanning Rules HTTP/S > HTTP Scanning Exceptions FTP > FTP Go to Anti Virus for detailed steps. Anti Spam o Configuration > Configuration o o o o o Configuration > Address Group Configuration > Archiver Spam Rules > Spam Rules Spam Digest > Spam Digest Settings Trusted Domain > Trusted Domain Go to Anti Spam for detailed steps. Logs & Reports o Configuration > Syslog Servers o Configuration > Log Settings Go to Logs & Reports for detailed steps. Change Control Change Control page allows the administrator to view and manage list of revisions for the managed appliances. Revisions are the configuration changes synchronized by CCC and stored in CCC repository. Each revision has a unique Changed List ID. This page also allows the administrator to view list of affected configuration settings, compare different versions of configurations and roll back to previous configurations. Given below is the description of Policy Version Control terminology for your understanding: Revision Number of changes made to an entity (an entity can be an object, policy, rule etc.) Change List Operation ID which results into revision of one or more entities. For example, Change List results into Revision 6 of Entity A and Revision 2 of Entity B. System Snapshot Entire configuration which is considered as base version. Please note that System Snapshots are automatically generated in following cases: o If the managed appliance is in unsynchronized state and any configuration change is pending, CCC tries to synchronize the appliance and generates System Snapshot o o After a factory reset After a firmware upgrade

70 Alternatively, the administrator can take system snapshot(s) manually. There can be maximum three snapshots for an appliance. Configuration roll back is possible up to the last snapshot only. If an appliance is no longer managed by CCC, the revision history for the appliance will remain in CCC until not purged manually. This page in CCC is named as Change Control and allows the administrator to view change list of affected configuration settings view details of configuration changes compare different versions of configurations take configuration snapshot restore system configuration snapshot roll back to previous configuration Go to Management Console > Appliance Management > Change Control to View Revision History Change List Details Revision Details Revert View the list of Change Control Screen List of Change Control Screen Elements Appliances Refresh Button View Revision Create Snapshot Purge Time Change List User Name Select the appliance to view configuration revisions. Click to refresh configuration revision list. Click to view appliance revision history. Click to take snapshot of the current system configuration manually. In general, CCC takes snapshot of the system on set frequency. System Snapshot can be identified by * displayed against the entity name System Snapshot. Click to purge revision history. This option is available only for those appliances which are no longer managed by CCC. Revision time in YYYY-MM-DD HH:MM format Unique Change List ID Name of the user who has done configuration changes

71 IP Address Entity Entity Name Component Action Reverted Change List IP address of the User Type of Entity Name of the Entity Name of the component used for configuration change. Possible components: Central Management GUI API Action performed on the configuration. Possible Actions: Update Insert Delete Reorder Enable/Disable Custom Displays list of Change List IDs on mouse over. Changes associated with the listed IDs have been reverted. Details Icon Click to view details of the revision. Details include listing of all dependent entities. For example if there is a change in firewall rule, details will display list of dependent Web Filter policy, Application Filter policy etc. Revert up to this change list Icon Click to revert the changes done in the revision. Restore Icon Click to restore the configuration revision. Purge Icon Click to purge the configuration revision. Table List of Change Control

72 View the Revision History Screen Revision History Screen Elements Entity Entity Name Time Change List Username IP Address Component Action Revision Type of Entity Name of the Entity Revision time in YYYY-MM-DD HH:MM format. Change List ID Name of the user IP address of the User. Name of the component used for configuration change. Possible components: Central Management GUI API Action performed on the configuration. Possible Actions: Update Insert Delete Reorder Enable/Disable Custom Revision number. Click to view revision details.

73 Details Icon Click to view details of the revision in XML format. Difference with Previous Version Icon Click to compare revision versions. Table Revision History View the Change List Details Screen Change List Details Screen Elements Time User Name IP Address Entity Entity Name Component Action Revision Revision time in YYYY-MM-DD HH:MM format. Name of the user who has done configuration changes. IP address of the User Type of Entity Name of the Entity Name of the component used for configuration change. Possible components: Central Management GUI API Action performed on the configuration. Possible Actions: Update Insert Delete Reorder Enable/Disable Custom Revision number. Click to view revision details. Details Icon Click to view details of the revision in XML format. Difference with Previous Version Icon Click to compare revision versions. Table Change List Details

74 View the Revision Details Screen Revision Details Screen Elements Entity Sub Entity Entity Name Time Change List Username IP Address Component Action Revision Type of entity Name of the sub entity Name of the entity Revision time in YYYY-MM-DD HH:MM format Unique Change List ID Name of the user who has done configuration changes. IP address of the User Name of the component used for configuration change. Possible components: Central Management GUI API Action performed on the configuration. Possible Actions: Update Insert Delete Reorder Enable/Disable Custom Revision number Details of change Icon Click to view details of the revision in XML format. Difference with Previous Version Icon Click to compare revision versions. Table Revision Details

75 Revert the Revision Screen Revert the Revision Screen Elements Revert Change List Entity Entity Name Last Revision Action Type of entity to be reverted Name of entity to be reverted Number of revisions. Click to view revision details. Action to be performed on the entity. Possible Actions: Add Insert Update Details Click to compare the revisions. It displays XML for current version and previous version configurations. The changes are highlighted by different color codes. Table Revert the Revision Group Level Configuration - Dynamic Objects Dynamic objects Host, Zone, Interface and Gateway are the network objects whose configurations vary from one Cyberoam appliance to another. Administrator can configure these objects in CCC and map them to individual appliances. Administrator can use these objects while creating Firewall rule and various policies. All of the dynamic objects are created using a similar method - create object and then specify the dynamic object-appliance mappings. With dynamic objects, configuration of common objects like mail server, radius servers becomes easy as they need to be configured only once and then can be mapped. Host Zone Interface Gateway Host Host is a logical building block used in defining firewall rules, virtual host and NAT policy. By default, the number of hosts equal to the ports in the Cyberoam appliance are already created.

76 Host represents various types of addresses, including IP addresses, networks and Ethernet MAC addresses. Hosts allow entities to be defined once and then be re-used in multiple referential instances throughout the configuration. For example, an internal Mail Server with an IP address as Rather than repeated use of the IP address while constructing firewall rules or NAT Policies, it allows creating a single entity called Internal Mail Server as a Host name with an IP address as This host, Internal Mail Server can then be easily selected in any configuration screen that uses Hosts as a defining criterion. By using hosts instead of numerical addresses, you only need to make changes in a single location, rather than in each configuration where the IP address appears. Using Hosts reduces the error of entering incorrect IP addresses, makes it easier to change addresses and increases readability. Go to Management Console > Appliance Management > Dynamic Objects > Host to: Add View Edit Click the Edit icon in the Manage column against the Host to be modified. Edit Host pop-up window is displayed which has the same parameters as the Add Host window. Search Click the Search icon in the Address Detail column to search for specific IP address. IP address can be searched on the following criteria: is equal to, starts with and contains. Click OK to get the search results and Clear button to clear the results. Search Criteria is Search Results All the appliance names that exactly match with the string specified in the criteria. For example, if the search string is CRmailserver, only that host will be displayed whose name exactly matches with the search string - CRmailserver. is not All the appliances that do not match with the string specified in the criteria. For example, if the search string is CRmailserver, all the hosts except with the appliance whose name exactly matches with the search string - CRmailserver. contains All the appliances that contain the string specified in the criteria. For example, if the search string is CRmailserver, all the hosts containing the string CRmailserver are displayed. Table Search Criteria Delete Click the Delete icon in the Manage column against a Host to be deleted. A dialog box is displayed asking you to confirm the deletion. Click OK to delete the Host. To delete multiple Hosts, select them and click the Delete button.

77 Manage IP Hosts To manage IP host, go to Management Console > Appliance Management > Dynamic Objects > Host. Screen Manage IP host Screen Elements Add Button Name Type IP Family Edit Icon Delete Button Add a new Host Name of the Host Type of Hosts Single or range of IP, Network, list of assorted IP addresses, MAC address, MAC address list Type of IP Family IPv4 and IPv6 Edit the IP Host Delete the IP Host Table Manage IP host screen elements Host Parameters To add or edit hosts, go to Management Console > Appliance Management > Dynamic Objects > Host. Screen Add IP host Screen Elements Add Dynamic Host Name Name to identify the Host

78 IP Family Type Type of IP family. Available options: IPv4 IPv6 Select the type of host. Available options: Single IP address Network IP address with subnet IP Range IP list to add assorted IP addresses. Use comma to specify assorted multiple IP addresses. Create IP list when you want to create single firewall rule for multiple IP address which are not in a range. Please note only Class B IP addresses can be added in IP list. IP addresses can be added or removed from IP list. MAC Address MAC list Appliance-Host Mapping Default Appliance IP Select the host that is to be mapped with the particular appliance host. Select the appliance whose host is to be mapped with the above selected host. Select the host which is to be mapped. Table Add IP host screen elements Zone A Zone is a logical grouping of ports/physical interfaces and/or virtual subinterfaces if defined. Zones provide a flexible layer of security for the firewall. With the zone-based security, the administrator can group similar ports and apply the same policies to them, instead of having to write the same policy for each interface. Default Zone Types LAN Depending on the appliance in use and network design, one can group one to six physical ports in this zone. Group multiple interfaces with different network subnets to manage them as a single entity. Group all the LAN networks under this zone. By default the traffic to and from this zone is blocked and hence the highest secured zone. However, traffic between ports belonging to the same zone will be allowed.. WAN - This zone is used for Internet services. It can also be referred as Internet zone. To manage zones, go to Management Console > Appliance Management > Dynamic Objects > Zone. You can: Add View

79 Edit Click the Edit icon in the Manage column against the Zone to be modified. Edit zone page is displayed which has the same parameters as the Add Zone window. Delete Click the Delete icon in the Manage column against the Zone to be deleted. A dialog box is displayed asking you to confirm the deletion. Click OK to delete the zone. To delete multiple zones, select them Manage Zones and click the Delete button. To manage IP host, go to Management Console > Appliance Management > Dynamic Objects > Zone. Screen Manage Zones Screen Elements Add Button Name Type Edit Icon Delete Button Add a new Zone Name of the Zone Type of Zone selected LAN or DMZ Edit the Zone Delete the Zone Table Manage Zones screen elements Zone Parameters To add or edit zones, go to go to Management Console > Appliance Management > Dynamic Objects > Zone. Click Add Button to add a new zone or Edit Icon to modify the details of the zone.

80 Screen Add Zone Screen Elements Name Type Name to identify the zone Select Zone Type LAN, DMZ Available Options: LAN Depending on the appliance in use and network design, one can group one to six physical ports in this zone. Group multiple interfaces with different network subnets to manage them as a single entity. Group all the LAN networks under this zone. By default the traffic to and from this zone is blocked and hence the highest secured zone. However, traffic between ports belonging to the same zone will be allowed. DMZ (DeMilitarized Zone) - This zone is normally used for publicly accessible servers. Depending on the appliance in use and network design, one can group one to five physical ports in this zone. By default, entire traffic will be blocked except LAN to Local zone service likes Administration, Authentication, and Network. Appliance-Zone Mapping Default Appliance IP Select the zone that is to be mapped with the particular appliance zone Select the appliance whose zone is to be mapped with the above selected zone. Select the zone which is to be mapped. Table Add Zone screen elements Interface Interface - Physical interfaces/ports available on your appliance. If virtual subinterface is configured

81 for the physical interface, it is also displayed beneath the physical interface. Virtual subinterface configuration can be updated or deleted. Zone and Zone Type - Displays port to zone relationship i.e. zone-port membership. To manage Interfaces, go to Management Console > Appliance Management > Dynamic Objects > Interface. You can: Add View Edit Click the Edit icon in the Manage column against the Interface to be modified. Edit Interface page is displayed which has the same parameters as the Add Interface window. Delete Click the Delete icon in the Manage column against the Interface to be deleted. A dialog box is displayed asking you to confirm the deletion. Click OK to delete the zone. To delete multiple Interfaces, select them Manage Interface and click the Delete button. To manage Interfaces, go to Management Console > Appliance Management > Dynamic Objects > Interface. Screen Manage Interface Screen Elements Add Button Name Type IP Family Add a new Interface Name of the Interface Zone Type to which the Interface is bound Type of IP family. Available options:

82 IPv4 IPv6 Edit Icon Delete Button Edit the Interface Delete the Interface Table Manage Interface screen elements Interface Parameters To add or edit zones, go to go to Management Console > Appliance Management > Dynamic Objects > Interface. Click Add Button to add a new Interface or Edit Icon to modify the details. Screen Add Interface Screen Elements Add Dynamic Interface Name IP Family Type Zone Name of the Interface Type of IP family. Available options: IPv4 IPv6 Type of the Interface. Available Options: Route Bridge Select Zone to which the Route Interface is bound LAN, WAN, DMZ Available Options: LAN Depending on the appliance in use and network design, one can group one to six physical ports in this zone. Group multiple interfaces with different network subnets to manage them as a single entity. Group all the LAN networks under this zone. By default the traffic to and from this zone is blocked and hence the highest secured zone. However, traffic

83 between ports belonging to the same zone will be allowed. WAN - This zone is used for Internet services. It can also be referred as Internet zone. DMZ (DeMilitarized Zone) - This zone is normally used for publicly accessible servers. Depending on the appliance in use and network design, one can group one to five physical ports in this zone. By default, entire traffic will be blocked except LAN to Local zone service likes Administration, Authentication, and Network. Appliance-Interface Mapping Appliance Interface Select the appliance. Select the Interface that is to be mapped. Table Add Interface screen elements Gateway Cyberoam supports multiple gateways to cope with gateway failure problems. However, simply adding one more gateway is not an end to the problem. Optimal utilization of all the gateways is also necessary. Cyberoam Multi Link Manger provides link failure protection by detecting the dead gateway and switching over to the active link and provides a mechanism to balance traffic between various links. To manage Gateway, go to Management Console > Appliance Management > Dynamic Objects > Gateway. You can: Add View Edit Click the Edit icon in the Manage column against the Gateway to be modified. Edit Gateway page is displayed which has the same parameters as the Add Gateway window. Delete Click the Delete icon in the Manage column against the Gateway to be deleted. A dialog box is displayed asking you to confirm the deletion. Click OK to delete the zone. To delete multiple Gateway, select them Manage Gateway and click the Delete button. To manage Gateway, go to Management Console > Appliance Management > Dynamic Objects > Gateway. Screen Manage Gateway

84 Screen Elements Add Button Name IP Family Edit Icon Delete Button Add a new Gateway Name of the Gateway Type of IP family. Available options: IPv4 IPv6 Edit the Gateway Delete the Gateway Table Manage Gateway screen elements Gateway Parameters To add or edit gateway, go to go to Management Console > Appliance Management > Dynamic Objects > Gateway. Click Add Button to add a new gateway or Edit Icon to modify the details. Screen Add Gateway Screen Elements Add Dynamic Gateway Name IP Family Name to identify the Gateway Type of IP family. Available options: IPv4 IPv6 Appliance-Gateway Mapping Appliance Gateway Select the appliance Select the gateway Table Add Gateway screen elements

85 Individual Appliance Level Configuration This section describes configuration of individual Cyberoam appliance from CCC. You can configure: System Objects Network Identity Firewall VPN IPS Web Filter Application Filter WAF IM QoS Anti Virus Anti Spam Logs and Reports System System allows configuration and administration of Cyberoam appliance for secure and remote management as well as administrative privilege that you can assign to admin users. It also provides the basic system settings and language settings of the Web Admin console. Configure several nonnetwork features, such as SNMP, custom messages and portal setting through System. Please refer to Cyberoam User Guide for further details. Objects Objects are the logical building blocks of various policies and rules, which include: host IP, network and MAC addresses. They are used in defining firewall rules, virtual host, NAT policy, IPSec, L2TP and VPN policies services which represent specific protocol and port combination for example, DNS service for TCP protocol on 53 port. Access to services are allowed or denied through firewall rules. schedule to control when the firewall rule, Access time policy, Web filter policy, Application filter policy, or QoS policy will be in effect for example, All Days, Work Hours file types defining web filter policy, SMTP scanning rules Please refer to Cyberoam User Guide for further details. Network Network establishes how Cyberoam connects and interacts with your network and allows configuring network specific settings. Basic network settings include configuring Cyberoam interfaces and DNS settings. It also describes how to use DHCP to provide convenient automatic network configuration for your clients. This menu covers how to configure your Cyberoam to operate in your network. Basic network

86 settings include configuring Cyberoam interfaces and DNS settings. More advanced configuration includes adding VLAN subinterfaces and custom zones to the Cyberoam network configuration. It also describes how to use DHCP to provide convenient automatic network configuration for your clients. Please refer to Cyberoam User Guide for further details. Identity Once you have deployed Cyberoam, default access policy is automatically applied which will allow complete network traffic to pass through Cyberoam. This will allow you to monitor user activity in your Network based on default policy. As Cyberoam monitors and logs user activity based on IP address, all the reports are also generated based on IP address. To monitor and log user activities based on User names or logon names, you have to configure Cyberoam for integrating user information and authentication process. Integration will identify access request based on User names and generate reports based on Usernames. When the user attempts to access Cyberoam, Cyberoam requests a user name and password and authenticates the user s credentials before giving access. User level authentication can be performed using the local user database on the Cyberoam, an External ADS server, LDAP or RADIUS server. Please refer to Cyberoam User Guide for further details. Firewall A firewall protects the network from unauthorized access and typically guards the LAN and DMZ networks against malicious access; however, firewalls may also be configured to limit the access to harmful sites for LAN users. The responsibility of firewall is to grant access from Internet to DMZ or Service Network according to the Rules and Policies configured. It also keeps watch on state of connection and denies any traffic that is out of connection state. Firewall rule provides centralized management of security policies. From a single firewall rule, you can define and manage entire set of Cyberoam security policies. From the firewall rule, you can: Monitor and scan VPN traffic Define inbound and outbound access based on source and destination hosts/network Enable scanning for HTTP, HTTPS, FTP, SMTP, POP3 or IMAP traffic - for spam filtering and virus security and also get spyware, malware and phishing protection. To apply antivirus protection and spam filtering, you need to subscribe for Gateway Anti Virus and Gateway Anti Spam modules individually. Define IPS policy - for protection against threats and attacks originating from external world and internal network. To apply IPS policy you need to subscribe for Intrusion Prevention System module.. Attach Gateway routing policy - for loading balancing and gateway failover protection incase of multiple gateways Define Web filtering policy - for web access control and block access to inappropriate web sites. To control access based on custom web categories, you need to subscribe for Web and Application Filter module..

87 Define Applications filtering policy for controlling access to application like IM and P2P, VOIP. To control access based on custom web categories, you need to subscribe for Web and Application Filter module. Schedule access Attach QoS policy - to control and schedule bandwidth usage per user, group or prioritize bandwidth usage for particular application. Please refer to Cyberoam User Guide for further details. VPN Cyberoam VPN automatically encrypts the data and sends it to the remote site over the Internet, where it is automatically decrypted and forwarded to the intended destination. By encrypting, the integrity and confidentiality of data is protected even when transmitted over the untrusted public network. Cyberoam uses IPSec standard i.e. IPSec protocol to protect traffic. In IPSec, the identity of communicating users is checked with the user authentication based on digital certificates, public keys or preshared keys. Cyberoam ensures that all the VPN traffic passing through the VPN tunnels is threat free. All the firewall rules and policies are applicable to the traffic going into the VPN tunnels and coming out of the VPN tunnels. Cyberoam inspects all the traffic going into the VPN tunnels and coming out of the tunnels and makes sure that there are no viruses, worms, spam, and inappropriate content or intrusion attempts in the VPN traffic. As VPN traffic is, by default subjected to the DoS inspection,cyberoam provides a facility by which one can bypass scanning of traffic coming from certain hosts from VPN zone. The above functionality is achieved by adding one additional zone called VPN zone. VPN traffic passes through VPN zone and firewall rule can be applied to VPN zone. Cyberoam can be used to establish VPN connection between sites, LAN-to-LAN and Client-to-LAN connection. VPN is the bridge between Local & Remote networks/subnets. Cyberoam supports following protocols to authenticate and encrypt traffic: Internet Protocol Security (IPSec) Layer Two Tunneling Protocol (L2TP) Point-to-Point Tunneling Protocol (PPTP) IPS Please refer to Cyberoam VPN Management Guide for further details. Cyberoam IPS uses Signatures to identify the malicious activity on the network but instead of providing only one policy (global) for managing multiple networks/hosts, allows to tailor the policy per network/host i.e. allows to defining multiple policies for managing multiple networks/hosts. Cyberoam IPS consists of a signature engine with a predefined database of signatures. Predefined signatures are not editable. As per your network requirements, Cyberoam allows you to define multiple policies instead of one global policy, to decrease packet latency and reduce false positives. Policy allows you to view Cyberoam predefined signatures and customize the intrusion prevention configuration at the category as well as individual signature level. Categories are signatures grouped together based on the application and protocol vulnerabilities. Each IPS policy contains a set of signatures that the Cyberoam searches for, and log and block and allows to:

88 Enable or disable category from IPS protection Enable or disable individual signature in a category to tailor IPS protection based on your network environment Define the action to be taken when the matching traffic pattern is found. Cyberoam can either detect or drop the connection. In either of the case, Cyberoam generates the log and alerts the Network Administrator. To enable the Intrusion Prevention System functionality, apply the policy using firewall rule. You can create rule to apply single policy for all the user/networks different policies for different users/networks or hosts As firewall rules control all traffic passing through the Cyberoam and decides whether to allow or drop the connection, IPS policy will be applied to only that traffic/packet which firewall passes. Please refer to Cyberoam IPS Implementation Guide for further details. Web Filter Web Filter menu allows to configure and manage Web Filtering in Cyberoam. The traffic coming from the web is filtered by various policies and categories. Please refer to Cyberoam User Guide for further details. Application Filter Application Filter menu in Cyberoam allows to configure and manage filtering on various applications. The traffic coming from the web is filtered by various policies and categories. Please refer to Cyberoam User Guide for further details. WAF A WAF (Web Application Firewall) protects applications accessed via HTTP and HTTPS against the attacks on Web server at the application layer. IM Please refer to Cyberoam User Guide for further details. IM (Instant Messaging) allows configuring and managing restrictions on instant messaging services provided by the Yahoo and MSN messengers. The traffic coming from the web in form of files and chat is filtered by various rules and content filtering strategies. You can add an IM contact or IM contact group for configuring rules. Please refer to Cyberoam User Guide for further details. QoS Bandwidth is the amount of data passing through a media over a period of time and is measured in terms of kilobytes per second (kbps) or kilobits per second (kbits) (1 Byte = 8 bits). The primary objective of QoS (Quality of Service) policy is to manage and distribute total bandwidth on certain parameters and user attributes. QoS policy allocates & limits the maximum bandwidth

89 usage of the user and controls web and network traffic. Please refer to Cyberoam User Guide for further details. Anti Virus Cyberoam Gateway Anti Virus provides you with powerful tools for scanning and detecting infection and spam in the incoming traffic. For detecting virus, Cyberoam uses its built-in signature database. Cyberoam Anti Virus scans: HTTP HTTPS FTP SMTP POP3 IMAP traffic as it passes through the Cyberoam. For extra protection, you can configure to block specified file types from passing through the Cyberoam. You can use this feature to stop files that might contain new viruses. Additional filtration of messages from configured IP address and URL decreases the load on the server when scanning traffic for viruses. Cyberoam Anti Virus allows to: Scan messages for viruses Detect infected, suspicious, and password-protected attachments and message Stop users from sending/receiving messages with any type of attachments Perform anti-virus processing of infection revealed in messages by scanning Define policies to take appropriate action based on the protocol i.e. define action policy on how to handle for SMTP, POP3, FTP traffic and HTTP and HTTPS traffic if infection is detected Limit HTTP and FTP download file size Notify senders, recipients, and the administrator about messages containing infected, suspicious, or password-protected attachments Quarantine messages - Quarantine feature allows to isolate and move infected and suspicious mails in a quarantine directory defined by a network administrator. Customize the anti virus protection of incoming and outgoing messages by defining scan policies. Cyberoam Gateway Anti Virus is fully compatible with all the mail systems and therefore can be easily integrated into the existing network. Please refer to Cyberoam Anti Virus Implementation Guide for further details. Anti Spam Cyberoam Gateway Anti Spam provides a powerful tool for scanning and detecting infection. Cyberoam Anti Spam as a part of unified solution along with Anti Virus and IPS (Intrusion Prevention System), provides real time virus scanning that protects all network nodes workstations, files servers, mail system from known and unknown attacks by worms and viruses, Trojans, spyware, adware, spam, hackers and all other cyber threats. Cyberoam detects spam mails based on: RBL (Realtime Blackhole List) Mass distribution pattern using RPD (Recurrent Pattern Detection) technology for which Gateway Anti Spam module subscription is required. RPD technology responsible for

90 proactively probing the Internet to gather information about massive spam outbreaks from the time they are launched. This technology is used to identify recurrent patterns that characterize massive spam outbreaks. Cyberoam Gateway Anti Spam provides powerful tools for scanning and detecting spam in the incoming traffic. Cyberoam Gateway Anti Spam inspects all incoming s - SMTP, POP3 and IMAP traffic - before the messages are delivered to the receiver's mail box. If spam is detected, depending on the policy and rules set, s are processed and delivered to the recipient unaltered, reject and generate a notification on the message rejection, add or change subject or change the receiver. Cyberoam Gateway Anti Spam is fully compatible with all the mail systems and therefore can be easily integrated into the existing network. Cyberoam Anti Spam allows to: Scan messages for spamming by protocols namely SMTP, POP3, IMAP Monitor and proactively detect recurrent patterns in spam mails and combat multi-format text, images, HTML etc. and multi-language threats Monitor mails received from Domain/IP address Detect spam mails using RBLs. If Anti Spam module is not subscribed, Cyberoam will detect spam mails based on RBL only and not on recurrent patterns in mails. Accept/Reject messages based on message size and message header Customize protection of incoming and outgoing messages by defining scan policies Set different actions for SMTP, POP and IMAP spam mails Configure action for individual address Notify receivers about spam messages Please refer to Cyberoam Anti Spam Implementation Guide for further details. Logs & Reports Cyberoam provides extensive logging capabilities for traffic, system and network protection functions. Detailed log information and reports provide historical as well as current analysis of network activity to help identify security issues and reduce network abuse. Cyberoam can either store logs locally or send logs to external syslog servers for storage and archival purposes. Cyberoam can log many different network activities and traffic including: Firewall log Anti-virus infection and blocking Web filtering, URL and HTTP content blocking Signature and anomaly attack and prevention Spam filtering IM logs Administrator logs User Authentication logs Cyberoam supports multiple syslog servers for remote logging. When configuring logging to a Syslog server, one needs to configure the facility, severity and log file format. One can also specify logging location if multiple syslog servers are defined.

91 Maximum five syslog servers can be defined from Logging page of Web Admin Console. Cyberoam can either store logs locally or send to the syslog servers. Traffic Discovery logs can be stored locally only. Please refer to Cyberoam User Guide for further details. Scheduled Tasks Any configuration changes done on CCC for managed appliances can be updated to the appliance or group of appliance(s) immediately or can be scheduled. Screen Set Schedule Screen Elements Set Schedule Synchronize Configuration Choose time to apply configured settings. You can choose to apply them immediately or schedule them for later. You can also choose to schedule them as per the appliance time zone. Override Configuration Appliance Filter Appliance Choose Yes to override existing configuration settings of the managed appliance(s). Specify condition to filter managed appliance(s). Maximum of three conditions can be specified for appliance filter. Select appliance(s) or group of appliance(s) on which the configuration has to be updated on scheduled time. To manage Scheduled Tasks go to Management Console > Appliance Management > Schedule Task > Schedule Task. You can reschedule or delete any scheduled task. Page displays details of the task entity and sub entity name, appliance for which task is scheduled, schedule time and option to delete or reschedule the task.

92 Screen Manage Scheduled Tasks Screen Elements Event Entity Sub Entity Appliance Scheduled Time Delete Button Unique number to identify the event Name of the configured entity Name of the configured sub entity Name of the appliance(s) or group of appliance(s) on which the configuration has to be updated on scheduled time. Time on which the configuration has to be updated on selected appliances. Delete the schedule Reschedule Button Edit the schedule Table Manage Scheduled Tasks screen elements

93 Appliance Maintenance PART 4 This section covers maintenance of added appliances in Cyberoam Central Console. Backup and Restore of Cyberoam configuration and firmware management are the essential parts of Cyberoam appliance maintenance. The Backup and Restore menu enables you to save back up of your Cyberoam Appliance on CCC. It is a good idea to backup the Appliance configuration on a regular basis to ensure that, if the system fails, you can quickly get the system back to its original state with minimal affect to the network. It is also a good idea to back up the configuration after making any configuration changes in the appliance. You can save the backup of the appliance on CCC and restore later if something fails on the Appliance. It is always a good idea to back up the configuration when any changes are made to ensure you have the latest configuration stored. Backup and Restore Cyberoam configuration Signature Updates Firmware Compatibility Management Backup & Restore Use Backup & Restore page to take backup of managed Cyberoam appliances and store on CCC appliance. CCC appliance acts as a Backup repository for Cyberoam backups. Administrator can restore this backup on Cyberoam appliance whenever required..you can also choose to take back up of the selected managed appliance(s) on a pre-configured FTP server or address. CCC automatically takes backup of all the managed Cyberoam appliances at the predefined intervals and if required administrator can also take backup manually. To take the backup manually or restore it, go to Management Console > Appliance Management > Maintenance > Backup & Restore, select the appliance whose backup is to be taken and click Take Backup. This Page displays date on which the backup was taken along with option to save one backup as Last Good Backup. You can store upto 5(five) backups for any appliance. The Last Good Backup will be preserved all the time. You can also download the backup to save and then restore later.

94 Screen Backup and Restore Screen Elements Scheduled Backup Backup Frequency Select System data backup frequency In general, it is best to schedule backup on regular basis. Depending on how much information you add or change will help you determine the schedule. Available options: Never Select if you do not want to take any backup Daily Configure time at which the backup should be taken. Weekly Configure day and time at which the backup should be taken. Monthly Configure day and time at which the backup should be taken Backup Mode Select how and to whom backup files should be sent. Available Options: Local Select to store appliance backup on CCC machine. FTP If backup is to be stored on FTP server, configure FTP server IP address,path, username and password to be used. Mail If back up is to be mailed, configure id on which backup is to be mailed. Select Appliances Select the appliances whose backup is to be taken at the configured schedule. Manual Backup Select Appliances Take Backup Select the appliance whose backup is to be taken Click to take backup of selected appliance manually

95 Backup Date Backup Type Last Good Backup Restore Download Time and Date of the backup in DD/MM/YYYY HH:MM:SS format Type of the backup. Possible options: Scheduled Backup/ Manual Backup System Snapshot (CCL) Select a backup to be stored as last good backup. This backup will not be purged. You can take maximum five backups including last good backup. Click to restore the downloaded backup Click to download the backup Signature Updates Table Backup and Restore Screen Elements Use Signature Updates page to manually update Web categorization, IPS and Anti Virus signatures over single or multiple appliances. To push the signature updates manually go to Management Console > Appliance Management > Maintenance > Signature Updates. Browse the signature file available on your machine and click Apply to set signature update schedule for the selected appliance(s) or appliance group(s). Compatibility Management Screen Signature Updates CCC allows the administrator to add and manage those Cyberoam appliances which are running on newer or upcoming CyberoamOS versions. As soon as an appliance with newer version of CyberoamOS is discovered in CCC, CCC automatically acquires the compatibility for the newer CyberoamOS version(s) from root server and displays it in the list of compatible CyberoamOS versions. Go to Management Console > Appliance Management > Maintenance > Compatibility Management to manage compatible Cyberoam firmware versions.

96 Screen Elements Default Compatibility List Firmware Compatibility Status Click to view the list of compatible CyberoamOS versions. Each CCC firmware is shipped with a set of compatible CyberoamOS versions. Additionally, CCC can acquire and manage compatibility of future CyberoamOS releases without upgrading CCC firmware. Displays list of compatible CyberoamOS versions Displays the Compatibility status of CyberoamOS version. Possible options: Compatible Acquire Compatibility Remove Compatibility Refresh List Incompatible Firmware Click or Add button to acquire compatibility for the selected CyberoamOS versions. Firmware Click to Delete button to remove compatibility of the selected CyberoamOS versions. Click to refresh the list of available CyberoamOS versions. Table Compatibility Management Screen Elements Firmware Instead of upgrading each managed appliance manually, administrator can upgrade appliance firmware through CCC. CCC can store and apply firmware images. CCC can download local copies of firmware images from the Upgrade server. After firmware images have been downloaded, you can upgrade an appliance or group of appliances. Use Firmware page to check for the latest available firmware for managed Cyberoam appliances. To check for the availability of the latest firmware, go to Management Console > Appliance Management > Firmware > Firmware. Screen Elements Check for Latest Firmware Model Applicable Appliances Applicable Version Click to check availability of latest firmwares Cyberoam Model number Click List Appliance to view list of Cyberoam appliances which can be upgraded with available firmware. Applicable Cyberoam firmware version

97 Release Date Size Status Download Apply Date of firmware release Size of downloadable firmware image in MB Status of the firmware as Downloaded or N/A Click to download the firmware image. Click to apply downloaded firmware on the selected appliance(s). Table Firmware Management Screen Elements Administrator can download and save the firmware for later use or apply firmware directly. Apply Firmware Screen Elements Schedule Click to schedule firmware upgrade. You can upgrade the selected appliance(s) with downloaded firmware immediately or you can choose to upgrade it later. Apply Firmware From Appliance Firmware upgrade can be scheduled as per appliance time zone. Firmware can be applied from following options: Management Console Cyberoam Central Console Live Server Cyberoam Update Destribution Server Private URL Privately hosted URL Select the appliance to be upgraded. Table Apply Firmware Screen Elements

98 Appliance Monitoring PART 5 CCC helps administrator to monitor all the managed appliances for surfing trends, attacks and outages. Graphs can be used to monitor single appliance or group of appliances. It normally requires Administrator to log on to individual appliance to view system resources and information but with CCC the administrator can view that same information for all the appliances from CCC itself. Graphs Graphs are graphical presentation of user surfing pattern, disk, memory and CPU usage and various attacks on the appliance. Administrator can add multiple profiles. Administrator can add profile for group of appliances or single appliance. Tab for each profile is added on Graphs page. Profile To add or edit profile, go to Management Console > Appliance Monitoring > Graphs > Profile. You can Add View Edit - Click the Edit icon in the Manage column against the profile to be modified. Edit Profile page is displayed which has the same parameters as the Add Profile window. Delete Click the Delete icon in the Manage column against the profile to be deleted. A dialog box is displayed asking you to confirm the deletion. Click OK to delete the dashboard. To delete multiple profiles, select them Manage Profile and click the Delete button. To manage added profiles, go to Management Console > Appliance Monitoring > Graphs > Profile. Screen Manage Profiles Screen Elements Add Button Title Edit Icon Delete Button Add a new profile Name of the profile Edit profile details Delete the profile Table Manage Profile screen Elements

99 Profile Parameters To add or edit profiles, go to Management Console > Appliance Monitoring > Graphs > Profile. Click Add Button to add a new profile or Edit Icon to modify the details. Screen Add Profile Screen Elements Title Appliances Category Name of the Profile Select appliance(s) whose details are to be displayed on the profile graph. Select the components to be displayed on the dashboard for the appliance(s) selected in the above field. Available options: CPU Usage (%) Memory Usage (%) Disk Usage (%) Total Virus Attacks (Hits) Web Virus Attacks (Hits) Mail Virus Attacks (Hits) IPS Threats (Hits) Spam Mails (Hits) User Surfing Pattern (Hits) Table Add Profile screen elements Graphs To view graphs, go to Management Console > Appliance Monitoring > Graphs > Graphs. If multiple graphs are added, Tab for each graph is displayed Depending on the components selected at the time of adding graph, graph displays line graphs for the usage status of the CPU, memory and hard disk, user surfing patter grouped into Neutral, Productive, Non Working and Unhealthy categories, virus, HTTP and mail attacks, IPS threats and spam mails.

100 If multiple appliances are grouped under single graph, line graph of each appliance is plotted in each component. Alerts Screen Graphs CCC allows administrator to create and send alerts to the specified address(s) based on predefined criteria. CCC alert notification ensures the concerned person receive an alert in situations like excess CPU, disk and memory usage or alarming count of viruses or IPS attacks. Profile To add or edit alerts, go to Management Console > Appliance Monitoring > Alerts > Profile. You can Add View Edit Click the Edit icon in the Manage column against the profile to be modified. Edit Profile page is displayed which has the same parameters as the Add Profile window. Delete Click the Delete icon in the Manage column against the profile to be deleted. A dialog box is displayed asking you to confirm the deletion. Click OK to delete the dashboard. To delete multiple profiles, select them Manage Alert Profile and click the Delete button. To manage added profiles, go to Management Console > Appliance Monitoring > Alerts > Profile. Screen Manage Alert Profiles Screen Elements Add Button Add a new profile

101 Profile Name Appliance(s) Status Name of the profile. DefaultAlertProfile is the default alert profile and it can be not be deleted. Appliance(s) for which alert profile is created. Status of the Alert profile. Possible status: - Click to disable the alert notification. - Click to enable the alert notification. Edit Icon Delete Button Change Status of the alert profile Edit profile details Delete the profile Click to change the status of selected profile. Table Manage Alert Profile screen Elements Alert Profile Parameters To add or edit profiles, go to Management Console > Appliance Monitoring > Alerts > Profile. Click Add Button to add a new profile or Edit Icon to modify the details. Screen Add Alert Profile Screen Elements Profile Name Name to identify the Profile

102 Send (s) alerts to Specify comma separated recipient address (es) to send alert notification through . You need to configure server from Management Console > CCC Management > System > Notification to send alerts on specified address(s) If any mail server is not configured, then also the created alert will be displayed under Alerts tab Appliance(s) Alert Criteria Select appliance(s) or group of appliance(s) to be displayed on the alert profile. Configure alert criteria. Select checkbox against criterion to be configured and specify value for the criterion. Available criteria: Any subscription module expires CPU usage exceeds Memory usage exceeds Disk usage exceeds IPS Threats count Web virus count exceeds Mail Virus count exceeds Total virus count exceeds Spam Mail count exceeds Unhealthy Surfing hits Appliance Connection Status Gateway status change VPN connection status change HA Status change Specify duration of sending notifications in Notify me field. The duration can be in hours or minutes. of the alert profile. Table Add Alert Profile screen elements Alerts To view alerts, go to Management Console > Appliance Monitoring > Alerts > Alerts.

103 Screen Manage Alerts Screen Elements Time Profile Name Appliance Name Alert Message Time of alert in YYYY-MM-DD HH:MM format. Name of the profile Appliance(s) for which alert profile is created of the alert i.e. on which event the alert has been sent Table Manage Alert screen elements Event Viewer Audit and System logs are an important part of any secure system that provides an invaluable view into the current and past state of almost any type of complex system, and they need to be carefully designed in order to give a faithful representation of system activity. They can identify what action was taken by whom and when. The existence of such logs can be used to enforce correct user behavior, by holding users accountable for their actions as recorded in the audit log. They are the simplest, yet also one of the most effective forms of tracking temporal information. The idea is that any time something significant happens you write some record indicating what happened and when it happened. Event Viewer To view logs of any of the managed appliance, go to Management Console > Appliance Monitoring > Event Viewer > Event Viewer, select log date and time, appliance and log type and click Go. Page will display list of all archived logs for the selected appliance.

104 Screen Event Viewer Screen Elements Start Date and End Date Appliance Select start date and end date to view log files Select appliance whose logs are to be displayed File type Select Log file type. Available file types are : Archived Files System Logs Anti Virus IPS Authentication Audit Logs Click to view reports for managed appliance(s) through Cyberoam iview. Please note that this option is available if and only if Cyberoam iview is integrated with CCC. The integration can be done from CCC Management > System > iview. Date File Details Total Size Action Date of archived logs File details which includes time interval for which the file is created, file size and status of the file (Loaded, partially loaded) Total size of archive data for the specified day Action that can be performed on archived data: View: Load archived file to view and search. Click checkbox against the file and click View Data link, which opens a new page from where you can search the log. This process may take some time depending on the size of data. Unload: Unload archived file. Click against the file to be unloaded. Search: Perform a refined search based on multiple criteria Table Appliance Logs screen elements Search Archived logs To search the archived log, go to Management Console > Appliance Monitoring > Event Viewer > Event Viewer, and click the View Data link. In Advanced Search section:

105 Screen Search Logs Screen Elements Advanced Search 1. Select Match all of the following to get search result based on all criteria or Match any of the following to get search result based on any of the criterion 2. Add searching criterion. Available options: Upload Time Log Component Status Username IP address Message The search can be performed using multiple search criteria. Click to add a new search criterion and to remove a search criterion. Search Clear All View Click to perform search. Click to clear search criteria. Select the view for search result display. Possible options: Graphs Displays logs in graphical format. This option is available for following File Types: o o Anti Virus IPS Formatted Logs: Displays logs in comprehensive format. Raw Logs: Displays logs in syslog format View Graphical Search Results Anti Virus Screen Elements Top Viruses Graph Top Web Viruses Top FTP Viruses Top Mail Viruses Graph displays number of counts per protocol. Graph displays number of counts per web virus. Graph displays number of counts per FTP virus. Graph displays number of counts per mail virus.

106 View Graphical Search Results IPS Screen Elements Top Attacks Graph Top Attackers Graph Top Victims Graph Top Users Graph Graph displays number of counts per attack. Graph displays number of counts per attacker IP address. Graph displays number of counts per victim IP address. Graph displays number of counts per User. View Formatted Search Results Screen Elements Upload Time Log Component Status Username IP address Message Time of managed appliance in YYYY-MM-DD HH:MM:SS format. Name of the log component Status Status of the log component. Possible status: Successful Failed Allow Deny Allow Session Deny Session Established Terminated Renew Release Expire Would deny Username associated with the selection criteria. IP address associated with the selection criteria. Message associated with the log component. Log Viewer Log Viewer page allows to view the logs for modules like Application Filter, Web Filter, Anti Spam, and Firewall. This page gives consolidated information about all the events that have occurred. To view logs of any of the managed appliance, go to Management Console > Appliance Monitoring > Event Viewer > Log Viewer, select module and appliance or alternatively these logs can be viewed from Policy Configuration > Policy > Logs & Reports > Log Viewer. View Log Modules View Log Modules Web Filter Web Filter logs provide information about the users that were detected accessing

107 restricted URLs and the action taken by the managed appliance. Application Filter Application Filter logs provide information about applications to which access was denied by the managed appliance. Anti Spam Anti Spam logs provide information about the spam mails identified by managed appliance. Firewall Firewall logs provide information about how much traffic passes through a particular Firewall rule and through which interfaces. Authentication Authentication logs provide information about all the authentication logs including Firewall, VPN and My Account authentication. WAF WAF logs provide information about HTTP/S requests and action taken on the same. View list of Web Filter events Screen Element Time Action User Name Source IP Destination IP Category URL Bytes Transfer Message ID Time when the event occurred. Allowed or Denied. Username of the user that accessed the URL. Source IP Address (IPv4 / IPv6). Destination IP Address (IPv4 / IPv6). URL Category URL accessed Number of bytes transferred. Message ID of the message. View list of Application Filter events Screen Element Time Action User Name Source IP Destination IP Application Category Application Firewall Rule Message ID Time when the event occurred. Denied Username of the user that accessed the application. Source IP Address (IPv4 / IPv6). Destination IP Address (IPv4 / IPv6). Application Category. Name of the application. Firewall rule ID applied to the traffic. Message ID of the message. View list of Anti Spam events Screen Element Time Time when the event occurred.

108 Log Comp Displays the Log Components of the Anti Spam events. Action Types of Log Components: SMTP, POP and IMAP. Displays action taken against any Spam events. User Name Source IP Destination IP Sender Receiver Subject Message Message ID Actions: Reject, Drop, Accept, Change Recipient and Prefix Subject. Username of the spam recipient. Source IP Address (IPv4 / IPv6). Destination IP Address (IPv4 / IPv6). Address of the Spam sender. Address of the Spam receiver. Subject of the . Message for the Spam detected. Message ID of the message. View list of Firewall events Screen Element Time Log Comp Time when the event occurred. Displays the Log Components of the Firewall events. Action User Name Firewall Rule In Interface Out Interface Source IP Destination IP Message ID Types of Log Components: Firewall Rule, Invalid Traffic, Local ACL, DoS Attack, ICMP Redirection, Source Routed, Fragmented Traffic, Foreign Host, IPMAC Filter, IP Spoof and Virtual Host. Allowed or Denied. Username of user associated with Firewall rule. Firewall Rule ID. Interface through which the traffic is coming in. Interface through which the traffic is going out. Source IP Address (IPv4 / IPv6). Destination IP Address (IPv4 / IPv6). Message ID for the message View list of Authentication events Screen Element Time Date and Time when the event occurred.

109 Log Comp Displays the Log Components of Authentication events. Status User Name IP Address Auth Client Auth Mechanism Message Message ID Type of Log Components: Firewall Authentication, VPN Authentication, SSL VPN Authentication, My Account Authentication, Dial-In Authentication and NTLM Authentication. Successful or failed. Username of the user. IP Address of the user. Authentication client that is used for authentication: Web Client, Corporate Client or CTA. Type of Authentication Mechanism: Local or External Server (AD, LDAP or RADIUS). Message for the type of authentication event. Message ID of the message. View list of WAF events Screen Element Time Action Web Server Name Source IP/Name Message URL Reason Status Code Bytes Transferred Message ID Time when the event occurred. Displays action taken against any Web Application events. Displays a name for the Web Server. Source IP Address or Name. Message for the WAF event. URL accessed. Reason for the action taken on any Web Application. Status code of the action taken on the Web Application. Displays the bytes of information transferred. Message ID of the message.

110 CCC Maintenance PART 6 This section covers maintenance options available of Cyberoam Central Console appliance, which includes Backup and Restore of CCC configuration and Firmware management of Cyberoam Central Console. Maintenance menu enables Administrator to backup and restore CCC data. Administrator can upgrade CCC by uploading new firmware image. Maximum of two firmware images can be made available simultaneously. Backup and Restore CCC configuration Firmware Licensing Backup & Restore Backup is the essential part of data protection. Backups are necessary in order to recover data from the loss due to the disk failure, accidental deletion or file corruption. There are many ways of taking backup and just as many types of media to use as well. The Backup and Restore menu enables you to back up and restore your CCC. It is a good idea to backup the CCC configuration on a regular basis to ensure that, should the system fail, you can quickly get the system back to its original state with minimal effect to the network. It is a good idea to back up the configuration after making any changes to the configuration of the CCC or settings that affect the managed appliances. Once the backup is taken, you need to upload the file for restoring the backup. Restoring data older than the current data will lead to the loss of current data. Administrator can schedule CCC backup or manually take the backup from Management Console > CCC Management > Maintenance > Backup & Restore. Screen CCC Backup & Restore

111 Screen Elements Backup Restore Backup Now Upload and Restore Click to take backup immediately. Select the backup is to be restored and click Upload and Restore. Alternately, use Browse button to select the complete path. Schedule Backup Backup Frequency Select backup frequency. In general, it is best to schedule backup on regular basis. Depending on how much information you add or change will help you determine the schedule. Available options: Never Select this option if you do not want to take backup. Daily Configure time at which the backup should be taken. Weekly Configure day and time at which the backup should be taken. Monthly Configure day and time at which the backup should be taken. Backup Mode Select how and to whom backup files should be sent. Available Options: FTP If backup is to be stored on FTP server, configure FTP server IP address, username and password to be used. Mail If back up is to be mailed, configure id on which backup is to be mailed. Manage Backup Backup Time Size (KB) Restore Download Time and Date of the backup in DD/MM/YYYY HH:MM:SS format. Size of backup file in KB Click to restore the backup Click to download the backup Table CCC Backup & Restore screen elements

112 Firmware Page displays the list of all the available firmware versions. Maximum two firmware versions are available simultaneously and one of the two firmware versions is active i.e. the firmware is deployed. Go to Management Console > CCC Management > Maintenance > Firmware to upload new firmware, boot appliance with the active firmware or boot appliance with factory default settings. Upload firmware Administrator can upload a new firmware. Click to specify the location of the firmware image or browse to locate the file. You can simply upload the image or upload and boot from the image. The uploaded firmware can only be active after next reboot. The existing firmware will be removed and the new firmware will be available. Incase of Upload & Boot, firmware image is uploaded and upgraded to the new version, closes all sessions, restarts, and displays the login page. This process may take few minutes as this process also migrates the entire configuration. Boot from firmware firmware. Option to boot from the downloaded image and activate the respective Boot with factory default configuration Appliance will be rebooted and will load default configuration. Entire configuration will be lost if you choose this option. Active - Active icon against a firmware suggests that the appliance is using that firmware. Screen Manage Firmware Appliance Registration Information Page displays CCC registration and license details. Screen CCC Licensing Screen Elements Appliance Registration Details Model Version Displays CCC appliance model number Displays CCC appliance firmware version

113 Company Name Contact Person Registered ID Displays name of the company Displays name of the contact person Displays registered ID Manage Module Subscription Online Synchronize Licenses with Customer My Account Click Synchronize to synchronize module subscriptions with Customer My Account. Module Subscription Details Module Status Expiration Date Displays name of the subscription module. Available subscriptions: 8 X 5 Support 24 X 7 Support Appliance License ( For Virtual appliance only) Status of the module. Possible status: Trial Subscribed Unsubscribed Expiry date of the subscription. ( If subscribed) Table CCC Licensing

114 CCC Monitoring PART 7 The administrator can monitor CCC appliance for policy configuration changes, management console changes and system events using CCC logs. In addition, the administrator can view status of the various signature distribution servers and update them as and when required. CCC includes a system to view the events and activities occurring through CCC from Event Viewer. Events for various modules Policy Configuration, Management Console, and System are logged and can be viewed for required date and time. Diagnostics Event Viewer Diagnostics Diagnostic page allows checking the health of your CCC appliance in a single shot. This information can be used for troubleshooting and diagnosing problems found in your CCC appliance. It is like a periodic health check up that helps to identify the impending appliance related problems. After identifying the problem, appropriate actions can be taken to solve the problems and keep the appliance running smoothly and efficiently. View the statistics to diagnose the connectivity issues, network problem and test network communication. It assists in troubleshooting issues such as hangs, packet loss, connectivity, discrepancies in the Cyberoam network. Go to Management Console > CCC Management > Diagnostics > Diagnostics to view the various statistics. Ping Trace route Name lookup Route lookup Ping Ping is the most common network administration utility used to test the reachability of a host on an Internet Protocol (IP) network and to measure the round-trip time for messages sent from the originating host to a destination computer. Ping sends ICMP echo request/replies to test connectivity to other hosts. Use standard ICMP ping to confirm that the server is responding. Ping confirms that the server can respond to an ICMP ping request. Use Ping diagnostically to Ensure that a host computer you are trying to reach is actually operating or address is reachable or not

115 Check how long it takes to get a response back Get the IP address from the domain name Check for the packet loss Screen Ping Screen Elements IP address/host Name IP Address or fully qualified domain name to be pinged. It determines network connection between CCC and host on the network. The output shows if the response was received, packets transmitted and received, packet loss if any and the round-trip time. If a host is not responding, ping displays 100% packet loss. IP Family Interface Size Type of IP family Interface through which the ICMP echo requests are to be sent. Ping packet size Range 1 to Table Ping screen elements Traceroute Traceroute is a useful tool to determine if a packet or communications stream is being stopped at the CCC, or is lost on the Internet by tracing the path taken by a packet from the source system to the destination system, over the Internet. Use traceroute to find any discrepancies in the CCC network or the ISP network within milliseconds trace the path taken by a packet from the source system to the destination system, over the Internet Screen Trace Route

116 Screen Elements IP address/host Name IP Address or fully qualified domain name. It determines network connection between CCC and host on the network. The output shows all the routers through which data packets pass on way to the destination system from the source system, maximum hops and Total time taken by the packet to return measured in milliseconds. IP Family Interface Type of IP family Interface through which the requests are to be sent. Table Trace Route screen elements Name lookup Name lookup is used to query the Domain Name Service for information about domain names and IP addresses. It sends a domain name query packet to a configured domain name system (DNS) server. If you enter a domain name, you get back the IP address to which it corresponds, and if you enter an IP address, then you get back the domain name to which it corresponds. In other words, it reaches out over the Internet to do a DNS lookup from an authorized name server, and displays the information in the user understandable format. Screen Name Lookup Screen Elements IP address/host Name DNS Server IP IP address or fully qualified domain name that needs to be resolved. DNS server to which the query is to be sent. Table Name Lookup screen elements Route lookup If you have routable networks and wish to search through which Interface CCC routes the traffic then lookup the route for the IP address. Screen Route Lookup Screen Elements

117 IP address IP address that needs to be resolved. Table Route Lookup screen elements Troubleshoot Report To help Support team to debug the system problems, troubleshooting report can be generated which consists of the system s current status file and log files. File contains details like list of all the processes currently running on system, resource usage etc. in the encrypted form. Customer has to generate and mail the saved file at support@cyberoam.com for diagnosing and troubleshooting the issue. File will be generated with the name: TSR_<APPKEY> <MM_DD_YY > where APPKEY is the appliance key of the appliance for which the report is generated MM_DD_YY is the date (month date year) on which the report is generated Go to Management Console > CCC Management > Diagnostics >Troubleshoot Report. System Graph Screen Troubleshoot Report System graph displays memory and CPU usage by CCC in last two hours. Screen System Graph

118 Event Viewer CCC displays events in expandable three level tree format. By default the event tree is displayed in collapsed format. Click to expand the tree to view event details. First level shows CCC Group/Global/Appliance Level Event Message. Second Level shows response for each appliance (on which entity is pushed) Third level shows response of dependant entities Event Viewer page allows to view the logs for various modules Policy Configuration, Management Console, System Events. This page gives consolidated information about all the events that occurred for the respective modules and information can be filtered based on event id, username or IP address. To view logs, go to Management Console > Event Viewer > Event Viewer. Select date for the log and one of the following modules: Policy Configuration log Log provides information of the administrative events and task occurred at global and appliance level. Management Console log Log provides information of the administrative events and task occurred at CCC System Events Log provides information of the system events Screen Event Viewer Screen Elements Policy Configuration Events Time Event User Name IP address Time when the event occurred. Event ID Name of the admin user IP address of the admin user

119 Entity Entity Name Action Status Entity type through which the event occurred Name of the entity on which the event occurred Operation requested by entity. Possible operations: Insert/Update Delete Apply Custom Displays status of the operation on selected appliance(s). The status field consists of three numbers in Green, Red and Yellow color code. Number in Green displays number of appliances where the configuration update has been done successfully. Number in Red displays number of appliances where the configuration update has not been applied successfully. Option to Retry failed configuration settings has been given next to number of fialed events. This option allows administrator to re-apply those policy configuration changes which are not successfully pushed on managed appliances. Currently CCC supports Auto-Retry functionality for disconnected appliances only, which means if a disconnected appliance gets connectivity in next 8 (eight) hours CCC tries to push the configuration changes again on that appliance. With Retry option the CCC administrator can push failed configuration events manually on connected appliance(s) as well. Number in Yellow displays number of appliances where the configuration update is pending. Fail When configuration changes are failed at global level. Retry Click to re-apply configuration update in case of failed events. CCL Click to view event details in Change Control in case of successful events. Appliance Message Name of the appliance(s) on which the action has been performed. Details of the event. Management Console Events Time Event Time when the event occurred. Event ID

120 Username IP address Entity Sub Entity Action Status Message Username of the admin user IP address of the admin user Name of the Component through which the event occurred Name of the Sub Component through which the event occurred. Operation requested by entity. Possible operations: Appliance Backup Update Appliance latest firmware check Insert Authentication Version Upgrade Delete Successful or failed Details of the event System Events Time IP address Entity Sub Entity Action Status Appliance Message Time when the event occurred. IP address of the admin user Name of the Component through which the event occurred. Name of the Sub Component through which the event occurred. Operation requested by entity. Possible operations: Synchronization Information collection Update Insert Successful or failed Appliance on which the event has occurred Message for the event Table Event Viewer screen elements

121 Advanced CCC Configuration PART 8 This section covers general configuration of CCC including adding administrators. Role-based administration capabilities are provided to offer greater granular access control and flexibility. This section also covers the advanced CCC configurations like High Availability deployment of CCC, API and integration of CCC with Cyberoam iview a web based logging and reporting solution. HA HA iview Signature Distribution API Explorer Access Profile User CCC Certificate Settings CCC Appliance Access Unicast Hardware failure such as a failure of the power supply, hard disk, or processor is the main reason behind the failure of Internet security system and/or a firewall. To provide reliable and continuous connection to the Internet and to provide central management, two appliances can be configured to function as a single appliance and provide High Availability. Clustering Technology is used to ensure High Availability. In a cluster, two appliances are grouped together and instructed to work as a single entity. HA terminology 1. HA Cluster Group of two appliances instructed to work as a single entity. Every HA Cluster has one Primary Appliance and one Auxiliary Appliance. The Primary Appliance controls how the cluster operates. The roles that the Primary and Auxiliary Appliances play in the cluster depend on the configuration mode. 2. HA Configuration Modes Active-Active A configuration of HA cluster consists of a Primary Appliance and one Auxiliary Appliance. In this mode, both Primary Appliance and Auxiliary Appliance process traffic while primary unit is in charge of balancing the traffic. Decision of load balancing is taken by the Primary Appliance. Auxiliary Appliance can take over only in case of a primary unit failure. (Currently CCC can not be deployed in Active-Active HA mode).

122 Active-Passive A configuration of HA cluster which consists of a Primary Appliance and an Auxiliary Appliance. In this mode, only the Primary Appliance processes traffic while Auxiliary Appliance remains in standby mode, ready to take over if a Primary Appliance failure occurs. 3. Primary Appliance The Primary Appliance also tracks the status of all cluster appliances. In an Active-Active cluster, the Primary Appliance receives entire network traffic and acts as the load balancer to redirect traffic to Auxiliary Appliance. In an Active-Passive cluster, the Primary Appliance processes the network traffic while Auxiliary Appliance does not process any traffic but remains ready to take over if Primary Appliance fails. 4. Auxiliary Appliance Auxiliary Appliance is always waits to become the Primary Appliance. In an active-active cluster, Auxiliary Appliance processes the network traffic assigned to it by the Primary Appliance. In case Primary Appliance fails, Auxiliary Appliance becomes the Primary Appliance. In an active-passive cluster, Auxiliary Appliance does not process network traffic and is in stand-by. It becomes active only when Primary Appliance is not available to process the traffic. 5. Dedicated HA Link Port Dedicated HA link is a direct physical link between the appliances participating in HA cluster. 6. Load Balancing An ability of HA cluster of balancing the traffic between nodes in the HA cluster. 7. Monitored Interface Set of interfaces that are selected to be monitored. Each appliance monitors its own such interfaces and if any of them goes down, appliance will remove itself from the cluster and failover occurs. 8. Virtual MAC It is a MAC Address associated with the HA cluster. This address is sent in response when any of the machines make an ARP request to HA cluster. It is not the actual MAC Address and is not assigned to any interface of any unit in the cluster. A Primary Appliance owns the MAC Address and is used for routing network traffic. All external clients use this address to communicate with the HA cluster. In case of failover, new Primary Appliance will have the same MAC Address as the failed Primary Appliance. The cluster appliance which has a Virtual MAC Address acts as a Primary Appliance. 9. Primary state In Active-Active mode, the appliance that is in charge of receiving all the traffic and load balancing

123 is said to be in "Primary" state. An appliance can be in "Primary" state only when the other appliance is in "Auxiliary" state. In Active-Passive mode, the appliance in charge of processing all the traffic is said to be in the "Primary" state. An appliance can be in "Primary" state only when the other appliance is in "Auxiliary" state. 10. Auxiliary state In Active-Active mode, the appliance that receives the traffic to be processed by it from the Primary Appliance is called to be in "Auxiliary" state. An appliance can be in "Auxiliary" state only when the other appliance is in "Primary" state. In Active-Passive mode, the appliance which is not processing the traffic is called to be in "Auxiliary" state. An appliance can be in "Auxiliary" state only when the other appliance is in "Primary" state. 11. Standalone state An appliance is called to be in Standalone state when it can still process network traffic and when the other appliance is not in position to process network traffic (i.e. in "Fault" state or shut down). 12. Fault state An appliance is in fault state when it cannot process network traffic if a device or link fails. 13. Peer Once the HA cluster is configured, cluster appliances are termed as Peers i.e. for Primary Appliance, Auxiliary Appliance is its peer appliance and vice versa. 14. Synchronization The process of sharing the various cluster configuration, between Cluster appliances (HA peers). Reports generated are not synchronized. 15. Device failover If an appliance does not receive any communication within the predetermined period of time from the HA peer, the peer appliance is considered to have failed. This process is termed as Device Failover as when this occurs, the peer appliance is taken over. 16. Link Failover Both the appliance in an HA cluster continuously monitor the dedicated HA link and the interfaces configured to be monitored. If any of them fails it is called link failure. 17. Session failover Whether it is a device or link failover, session failover occurs for forwarded TCP traffic.

124 Appliance normally maintains session information for TCP traffic which is not passing through proxy service. Hence, in case of failover, the appliance which takes over will take care of all the sessions (TCP session not passing through proxy application). The entire process is transparent for the end users. How Cluster works Appliance offers high availability by using Virtual MAC Address shared between a Primary Appliance and an Auxiliary Appliance linked together as a cluster. Appliances - Primary and Auxiliary Appliance, are physically connected over a dedicated HA link port. Typically, traffic enters your network by passing through a network switch. In an HA solution, one of the appliance in the cluster has a Virtual MAC Address and traffic is forwarded to the cluster appliance which has the virtual MAC Address. The appliance which has virtual MAC Address is the Primary Appliance and other peer is Auxiliary Appliance. Primary Appliance acts as a load balancer and forwards the traffic to the Auxiliary Appliance for processing. Auxiliary Appliance can process traffic only if cluster is operating in the Active-Active mode. If configured in Active-Passive mode, Primary Appliance processes the entire traffic and Auxiliary Appliance waits in a ready mode to operate as the Primary Appliance, in case Primary Appliance or any of the monitored links fail. Auxiliary Appliance monitors the Primary Appliance through the dedicated HA link and if it does not receive any communication within the pre-configured time, the Primary Appliance is considered to have failed. In this case, Auxiliary appliance takes ownership of the virtual MAC Address from Primary Appliance, and becomes Primary Appliance temporarily. Primary Appliance automatically takes over from the Auxiliary Appliance once it starts functioning. In CCC when the administrator enables High Availability, the appliance which is used for enabling High Availability goes in Standalone state while the other CCC appliance is rebooted. Once the other appliance comes up, synchronization process starts which includes synchronization of time zone, signatures (Anti Virus, Web Categorization, IPS and Application), database configurations (CCC and Managed appliances), backups (CCC and Managed appliances) and logs (Managed appliances) After a successful synchronization, the two CCC appliances come into Primary Auxiliary state. In this state, every event which takes place on Primary appliance gets reflected in Auxiliary appliance immediately. When the Primary appliance goes down an automatic Failover takes place and the Auxiliary appliance goes into Standalone state. This process may take 10 to 15 seconds based on size of data. During this transition period, the administrator may lose access to CCC HA cluster for a while. Configure HA Use to Configure Primary Appliance for HA Disable HA

125 Points to be noted Behavior HA can be disabled from Primary Appliance only which results into disabling HA on both the appliances. After disabling HA, Primary Appliance IP schema will not change. After disabling HA, Auxillary appliance will reboot with Factory Default settings ( if connected). All administrators can login to auxillary appliance but the appliance will be accessible as readonly. Make sure that the IP Address of HA link port of Primary and Auxiliary Appliances are in same subnet. Disabling HA is required to restore backup. Before configuring HA Before attempting to configure two appliances as an HA pair for Hardware Failover, check the following requirements: Both appliances in the HA cluster i.e. Primary and Auxiliary Appliance must be registered and should be of the same model. Both appliances in the HA cluster must have the same version installed on it. Two separate licenses are required, one for the Primary Appliance and other for the Auxiliary Appliance. Cables to all the monitored ports on both the appliances must be connected. Connect dedicated HA link port of both the appliances with crossover cable. Dedicated HA link port should have a unique IP Address on both the appliances. SSH should be enabled for both the appliances on DMZ Zone. Configure Primary Appliance No changes in the firewall configuration. Only need to enable SSH on the dedicated interface. Allow SSH traffic for dedicated HA link port on both the appliances through Appliance Access. Go to Management Console > CCC Management > System > HA.

126 Screen High Availability Configuration Screen Element High Availability Details Appliance Key Peer Appliance Key Displays Appliance key only after HA is configured. Displays peer s Appliance Key. In case of Primary Appliance, it displays the Auxiliary Appliance Key. Dedicated HA Link Port In case of Auxiliary Appliance, it displays the Primary Appliance Key. Specify HA link port. HA peers are physically connected using a crossover cable through this port. The same port must be used as an HA link port on peer appliance also. Peer HA link IP Peer Administration Port For example, if port E is configured as HA link port on Primary Appliance then use port E only as HA link port on Auxiliary appliance. Make sure that the IP Address of HA link port for both, the Primary Appliance and Auxiliary Appliances are in same subnet. Cluster appliances use this link to communicate cluster information and to synchronize with each other. Specify IP Address configured on the HA link port of the peer appliance. Specify Administration Port for Auxiliary Appliance. This port can be used for administration purpose. Peer Administration IP Specify Administration IP Address for Auxiliary Appliance. With this IP Address, the Admin Console of Auxiliary Appliance can be accessed. Any user accessing Web Admin Console of Auxiliary Appliance will be logged -in

127 Select Ports to be Monitored Enable/Disable HA with HA Profile and have read-only rights. Select the ports to be monitored. Both the appliances will monitor their own ports and if any of the monitored port goes down, appliance will leave the cluster and failover will occur. Click to enable /disable HA. Table High Availability Configuration The appliance from which HA is enabled, acts as a primary appliance while the peer appliance acts as auxiliary appliance. If everything is cabled and configured properly and HA is enabled successfully: Both appliances will have the same configuration except the HA link port IP Address. By default, as soon as HA is enabled successfully, both the appliances will synchronize automatically. Disable HA HA can be disabled from HA configuration page Management Console > CCC Management > System > HA of Primary Appliance. iview This page allows administrator to configure Cyberoam iview as centralized reporting server for all managed appliances. This configuration enables trasparent logon to Cyberoam iview from CCC Web Admin Console. Screen iview Settings Screen Elements iview Settings Enable iview Integration Click to enable configuration settings of Cyberoam iview as centralized reporting server.

128 Username Password Confirm Password iview internal IP address Web Admin Port iview external IP address Web Admin Port Select Syslog Server Apply Displays Username of Cyberoam iview administrator user i.e. admin. Specify password of Cyberoam iview administrator user. Re-enter the password to confirm. Specify LAN IP address of Cyberoam iview Web Admin Console. Specify port number to access Cyberoam iview Web Admin Console over LAN. Specify WAN IP address of Cyberoam iview Web Admin Console. Specify port number to access Cyberoam iview Web Admin Console over Internet. Select Syslog Server to send log data of all managed appliances. The syslog server can be configured from Policy Configuration > Policy > Logs & Reports > Configuration > Syslog Servers. Click to apply Cyberoam iview configuration in CCC. Table iview Settings Please wait for some time to get CCC administrator(s) and managed appliance(s) reflected in Cyberoam iview. Please refer to CCC and Cyberoam iview Integration guide for detailed configuration. API Explorer CCC can be integrated with any Professional Services Automation solution (PSA) by using Application Programming Interface (API) of CCC. API Explorer page enables the administrator to access CCC s XML based API to retrieve a certain set of information from CCC. CCC API supports get API request type to retrieve the information. To access CCC API, go to Management Console > CCC Management > System > API Explorer.

129 Screen API Explorer Screen Elements API Request Write XML query for API request. Submit API Response Displays response of submitted XML query. Signature Distribution Based on the written XML query, API response will be displayed in the response box. Click to submit XML query Table API Explorer To view status of Anti Virus, IPS and Web and Application category signature distribution server, go to Management Console > CCC Management > Signature Distribution > Signature Distribution. CCC automatically synchronizes signature database with Cyberoam Global Update Distribution server in every six hours but administrator can also manually synchronize it if required. The administrator can also configure CCC to distribute security updates to those Cyberoam appliances which have configured CCC as distribution server but are not managed by CCC.

130 Screen Signature Distribution Screen Elements Settings

131 Signature Distribution for All Managed Appliances By default, CCC distributes security signature updates to all managed Cyberoam appliances. This option can not be edited. Any Appliance that has this Central Console configured as an Update Server Select to configure CCC as distribution server for those Cyberoam appliances which have configured CCC as distribution server but are not managed by CCC. Status of Anti Virus Signature Distribution Server Please note that this feature is applicable up to Cyberoam Version build 029. Current Version Last Update Mode Last Update Status Check for Update Manual Update Version of anti virus signature database Manual or Automatic Possible values Successful with Date and Time Failed with Date and Time Click Update Now to update the signature database immediately. Browse to the signature file placed on your machine and click Apply to update the signature database with that file. Status of IPS Signature Distribution Server Current Version Last Update Mode Last Update Status Check for Update Manual Update Version of IPS signature database Manual or Automatic Possible values Successful with Date and Time Failed with Date and Time Click Update Now to update the signature database immediately. Browse to the signature file placed on your machine and click Apply to update the signature database with that file. Status of Web Categorization Update Service Current Version Last Update Mode Last Update Status Check for Update Version of Web Category database Manual or Automatic Possible values Successful with Date and Time Failed with Date and Time Click Update Now to update the signature database immediately. Table Signature Distribution screen elements

132 Access Profile Use Profile page to create profiles for Administrators. Role-based administration capabilities are provided to offer greater granular access control and flexibility. Profile sets up access levels for the administrative users. Profile determines the privileges of the administrator and the administrator s access to Cyberoam appliance features. The profile separates features into access control categories for which you can enable None, Readonly, or Read-Write access. For ease of use by default, CCC appliance is shipped with profile Administrator with full privileges. To manage default and custom profiles, go to Management Console > CCC Management > Administration > Access Profile. You can: Add View Edit Click the Edit icon in the Manage column against the profile to be modified. Edit Profile is displayed which has the same parameters as the Add Profile page. Delete Click the Delete icon in the Manage column against a profile to be deleted. A dialog box is displayed asking you to confirm the deletion. Click OK to delete the profile. To delete multiple profiles, select them and click the Delete button. You cannot delete the default profiles. You cannot delete profile assigned to any user. Manage Profile To manage default and custom profiles, go to Management Console > CCC Management > Administration > Access Profile. Screen Manage Access Profile Screen Elements Add Button Profile Edit Icon Delete Button Add a new profile Name of the profile Edit the profile Delete the profile Table Manage Access Profile screen elements

133 Profile Parameters To add or edit profiles, go to Management Console > CCC Management > Administration > Access Profile. Click Add Button to add a new profile or Edit Icon to modify the details of the profile. Screen Add Access Profile Screen Elements Add Profile Profile Name Name to identify the profile. By default, CCC is shipped with two profiles. Administrator super administrator with full privileges Appliance Administrator read-write privileges for selected appliance(s) Policy Configuration Profile Configuration access covers access to following menu items of CCC: Dashboard Objects Network Firewall Console Access from GUI Web Filter Application Filter IM QoS Traffic Discovery

134 System Identity VPN IPS AV AS Logs & Reports WAF Management Console Management Console access covers access to following menu items of CCC: Central Management Appliance Management Appliance Monitoring Event Viewer Click the access level you want to provide to a profile. Available Options: None No access to any page Read-Only View the pages Read-Write Add or Modify the details Access levels can be set for individual menus as well. You can either set a common access level for all the menus or individually select the access level for each of the menu. Click on that menu. icon against a menu to view the items under For example, if you set access level as Read-Only against VPN, the profile user would only be able to view the VPN menu but would not be able to make any modifications. Read-Write access is required to make any modifications. Table Add Access Profile screen elements Users Use User page to add administrator users. It allows configuring administrator access to the Cyberoam appliance, including the level of access and which Cyberoam appliances administrator have access to. All administrator settings can be configured only when you are logged in as the admin administrator. The admin administrator is the only user with complete access to the entire CCC appliance options. To manage users, go to Management Console > CCC Management > Administration > User. You can: Add View Edit Click the Edit icon in the Manage column against the User Name to be modified. Edit User page is displayed which has the same parameters as the Add User window.

135 Search Click the Search icon in the User Name column to search for users with the following criteria: is, is not, and contains. A pop-up window is displayed that has filter conditions for search. Click OK to get the search results and Clear button to clear the results. Search Criteria is Search Results All the Usernames that exactly match with the string specified in the criteria. For example, if the search string is John, only Usernames with the name exactly matching John are displayed. is not All the Usernames that do not match with the string specified in the criteria. For example, if the search string is John, all Usernames except the name exactly matching John are displayed. contains All the Usernames that contain the string specified in the criteria. For example, if the search string is John, all the Usernames containing the string John are displayed. Table Search Criteria Delete Click the Delete icon in the Manage column against a Username to be deleted. A dialog box is displayed asking you to confirm the deletion. Click OK to delete the User. To delete multiple Users, select them Manage Users and click the Delete button. To manage users, go to Management Console > CCC Management > Administration > User. Screen Manage User Screen Elements Add Button User Name ID Profile Status Add a new User Name for the User address of the user Profile associated with the user Status of the user.

136 Active Inactive Edit Icon Delete Button Change Status Button Edit the User Delete the User Change the status of the selected user(s). Table Manage User screen elements User Parameters To add or edit user details, go to Management Console > CCC Management > Administration > User. Click Add Button to register a new user or Edit Icon to modify the details of the user. Screen Add User Screen Elements User Name Authentication Type Status Password Confirm Password Access Profile Specify username, which uniquely identifies user and will be used for login. Specify authentication type: Local External Status of the user: Active Inactive Specify Password (in case of Local User). Specify Password again for confirmation. Password is case sensitive. Select the Profile. Administrator will get access of various Web Admin console menus as per the configured profile. You can create a new profile directly from this page itself

137 and attach to the user. Accessible Appliance Select Cyberoam appliances. Administrator will be able to manage only the selected appliances. Table Add User screen elements Live Users Live Users page displays list of currently logged on users and their important parameters. Use Live User page to manage live users of CCC appliances. To manage live users, go to Management Console > CCC Management > Administration > Live Users. You can: View Edit Click the Edit icon in the Manage column against the Live user to be modified. Edit User pop-up window is displayed. Live user details can be updated from this page itself.. Manage Live Users To manage live users, go to Management Console > CCC Management > Administration > Live Users. Screen Manage Live Users Screen Elements Username Profile Host IP Username, which uniquely identifies user and used for login. Profile of the live user. IP address of the host from where the user is logged in. Table Manage Live User screen elements Live User Parameters To edit live user details, go to Management Console > CCC Management > Administration > Live Users. Click Edit Icon to modify the details of the user.

138 Screen Edit Live User Screen Elements User Name Authentication Type Status Password Confirm Password Access Profile Accessible Appliance Displays username, which uniquely identifies user. Displays Authentication type: Local External RADIUS or LDAP Displays status of the user: Active Inactive Modify password, if required Specify Password again for confirmation. Password is case sensitive. Profile of the live user. Cyberoam appliances accessible to the live user. Table Edit Live User screen elements Authentication Server External Authentication Servers can be integrated with CCC for providing secure access to the users of those servers. To manage external authentication servers, go to Management Console > CCC Management >Administration > Authentication Server. Add View View the details of LDAP/RADIUS Servers. Edit Click the Edit icon in the Manage column against the Server to be modified. Edit Server window is displayed which has the same parameters as the Add Server window. Delete Click the Delete icon in the Manage column against Server to be deleted. A dialog box is displayed asking you to confirm the deletion. Click OK to delete the Server. To delete multiple Servers, select them and click the Delete button.

139 Manage Authentication Servers To manage external authentication servers, go to Management Console > CCC Management >Administration > Authentication Server. Screen Manage External Authentication Server Screen Elements Add Button Server Name Type IP Port Version Edit Icon Delete Button Add an external server Name of the Server Type of Server LDAP or RADIUS IP Address of the server Port through which server communicates Version of the external server Edit the Server details Delete the Authentication Server Alternately, click the Delete icon against the server you want to delete. Table Manage Authentication Server screen elements Authentication Server Parameters Screen Elements Server Type Select the service with which you want to use your network. Available Options: LDAP Server RADIUS Server Table Add Authentication Server screen elements LDAP Authentication CCC sends the user authentication request to LDAP and LDAP server authenticates user as per supplied tokens. User can log on using their Windows authentication tokens. (login/user name and password). To configure LDAP, go to Management Console > CCC Management

140 >Administration > Authentication Server. Click Add Button and select the server type as LDAP to add a server. To update the details, click on the Server or Edit icon in the Manage column against the LDAP server you want to modify. Screen Add LDAP Server Screen Elements Server Type Server Name Authentication Server IP Port Select LDAP Server. Name to identify the server Specify LDAP Server IP address. Specify Port number through which Server communicates. Default port is 389 Version Select LDAP version. For example, 2 Base DN Specify the base distinguished name (Base DN) of the directory service, indicating the starting point for searching user in the directory service. If you are not aware about Base DN, click Get Base DN to retrieve base DN. The top level of the LDAP directory tree is the base, referred to as the "Base DN". A base DN usually takes one of the three forms: Organization name, Company s Internet Domain name or DNS domain name. For example dc=cyberoam, dc=com Administrator Password Authentication Attribute Specify administrator user name Specify password Set authentication attribute. It is the attribute used to perform user search.

141 By default, LDAP uses uid attribute to identify user entries. If you want to use a different attribute (such as given name), specify the attribute name in this field. Test Connection Click Test connection button to check the LDAP- Cyberoam connectivity. Table Add LDAP Server screen elements RADIUS Authentication RADIUS stands for Remote Authentication Dial In User Service and is a protocol for allowing network devices to authenticate users against a central database. In addition to user information, RADIUS can store technical information used by network devices such as protocols supported, IP addresses, telephone numbers, routing information, and so on. Together this information constitutes a user profile that is stored in a file or database on the RADIUS server. RADIUS servers provide authentication, authorization, and accounting functions but Cyberoam uses only the authentication function of the RADIUS server. Before you can use RADIUS authentication, you must have a functioning RADIUS server on the network. To configure RADIUS, go to Management Console > CCC Management >Administration > Authentication Server. Click Add Button and select the server type as RADIUS to add a server. To update the details, click on the Server or Edit icon Manage column against the RADIUS server you want to modify. in the Screen Add RADIUS Server Screen Elements Server Type Server Name Server IP Authentication Port Select RADIUS Server. Name to identify the RADIUS Server. Specify RADIUS Server IP address. Specify Port number through which Server communicates. Default port

142 Shared Secret Specify share secret, which is to be used to encrypt information passed to Cyberoam Test Connection Button Authentication Preference Click Test connection button to check the RADIUS- Cyberoam connectivity. Table Add RADIUS Server screen elements You can set preference for authentication server(s) to decide the order in which they will use for authenticating users. Set preferences for added external servers from Management Console > CCC Management > Administration > Authentication Preference. CCC Certificate Screen Authentication Preference A digital certificate is a document that guarantees the identity of a person or entity and is issued by the Certificate Authority (CA). Certificates are generated by the third party trusted CA. They create certificates by signing public keys and identify the information of the communicating parties with their own private keys. This way it is possible to verify that a public key really belongs to the communicating party only and not been forged by someone with malicious intentions. CCC Certificate page allows you to generate and upload third party certificate. To manage Certificates, go to Management Console > CCC Management > System > Certificate. You can: Add You can add Third Party Certificate. To use third party CA, you have to submit the request to CA, CA will verify the details and then send the signed certificate. View Edit Click the Edit icon in the Manage column against the Certificate to be modified. Edit Certificate window is displayed which has the same parameters as the Add Certificate window. Delete Click the Delete icon in the Manage column against a Certificate. A dialog box is displayed asking you to confirm the deletion. Click OK to delete the Certificate. To delete multiple certificates, select them and click the Delete button.

143 Manage Certificates To manage Certificates, go to Management Console > CCC Management > System > Certificate. Screen Manage Certificate Screen Elements Add Button Name Valid From Valid Up To Edit Icon Delete Button Add a new Certificate Name of the Certificate Valid activation date for the certificate Certificate expiry date Edit the certificate details Delete the Certificate Certificate Parameters To add or edit certificates, go to Management Console > CCC Management> System > Certificate. Click Add Button to add a new certificate or Edit Icon to modify the details of the certificate. Screen Upload Certificate Screen Elements Name Password Confirm Password Certificate Name to identify the Certificate. Password for a Certificate used for authentication. Re-enter password for confirmation. Specify certificate to be uploaded. Use Browse to select the complete path.

144 Private Key Specify private key for the certificate. Use Browse to select the complete path. Table Upload Certificate screen elements Settings Use Settings page to make modifications in the general port settings and Web Admin Login parameters. To manage the administration settings, go to Management Console > CCC Management > System > Settings. Screen Settings Screen Elements Web Admin Settings HTTP Port Configure HTTP Port number Default port: 80 HTTPS Port Configure HTTPS Port number (Secured Web Admin Console access). Default port: 443 Syslog Port Configure Syslog Port number Default port: 514

145 Syslog(Secure) Configure Secure Syslog Port number Default port: 6514 Certificate Certificate that will be used by administrator of CCC Web Admin Console Language Settings Default language for configuration Specify default language for CCC configurations. Available options: English Hindi Chinese Traditional Chinese Simplified French Signature Distribution Port Settings Signature Port Distribution Administrator Password Complexity Settings Specify port number for Anti Virus, IPS and Web and Application Category signature distribution. By default, signature distribution takes place on port 80. Password Complexity can be configured to ensure that administrators are using secure passwords. Enable Password Complexity Settings to enforce following constraints: Minimum Password length. Configure minimum characters required in the password. By default, the Minimum Password length is eight (8) characters. Require minimum one Upper and lower case alphabet Require minimum one number i.e. 0-9 Require at least one special character $, % Password cannot be same as username. All the enabled constraints are applied to administrator user password. Change Control Settings Enable Change Control (will be applicable to all new appliances) Click to enable Change Control in future appliances. Cascade on all managed appliances Click to enable Change Control in all existing managed appliances. Specify the day of month when the snapshot of system has to be taken. CCC Appliance Access Table Settings screen elements CCC appliance access allows limiting the Administrative access of the following CCC services from various ports HTTP HTTPS Telnet

146 SSH Ping Syslog Syslog (Secure) Default Access Control Configuration Screen CCC Appliance Access To manage the access to CCC appliance, go to Management Console > CCC Management > System > Appliance Access. When CCC is connected and powered up for the first time, it will have a default access configuration. HTTP, HTTPS, Telnet, SSH, Ping, Syslog services will be enabled for administrative functions from Port A and B. Custom Access Control Configuration Use access control to limit the access to CCC for administrative purposes. Enable/disable access to CCC using following services from the specified port: HTTP, HTTPS, Telnet, SSH, Ping, Syslog, Syslog(Secure) Unicast This page allows you to manage unicast routes in Cyberoam. To configure unicast static routes, define the destination IP address and netmask of packets that the Cyberoam is intended to intercept, and provide a (gateway or next hop) IP address for those packets. The gateway address specifies the next-hop router to which traffic will be routed. Also, provide the interface and the approximate distance for routing. To manage unicast routes, go to Management Console > CCC Management > Network > Unicast Route. You can: Add View Edit Click the Edit icon in the Manage column against the Unicast Route to be modified. Edit Unicast Route pop-up window is displayed which has the same parameters as the Add Unicast Route window. Delete Click the Delete icon in the Manage column against a Unicast Route to be deleted. A dialog box is displayed asking you to confirm the deletion. Click OK to delete the Unicast route. To delete multiple routes, select them and click the Delete button.

147 Manage Unicast To manage unicast routes, go to Management Console > CCC Management > Network > Unicast Route. Screen Manage Unicast Screen Elements Add Button Edit Icon Delete Button Add a new Unicast route. Edit the Unicast route. Delete the Unicast route. IPv4 Unicast Route Destination IP Gateway Interface Distance Destination Network IP Address. Destination Gateway IP Address. Interface selected. Distance between the source and the destination. IPv6 Unicast Route Destination IP Gateway Interface Distance Destination Network IP Address. Destination Gateway IP Address. Interface selected. Distance between the source and the destination. Table Manage Unicast screen elements Unicast Parameters To update the details, click on the unicast name or Edit icon unicast you want to modify. in the Manage column against the Go to Management Console > CCC Management > Network > Unicast Route and click Add Unicast.