User Guide Version 9 Document version /03/2007

Transcription

1 User Guide Version 9 Document version /03/2007

2 2 Cyberoam User Guide IMPORTANT NOTICE Elitecore has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Elitecore assumes no responsibility for any errors that may appear in this document. Elitecore reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice. USER S LICENSE The Appliance described in this document is furnished under the terms of Elitecore s End User license agreement. Please read these terms and conditions carefully before using the Appliance. By using this Appliance, you agree to be bound by the terms and conditions of this license. If you do not agree with the terms of this license, promptly return the unused Appliance and manual (with proof of payment) to the place of purchase for a full refund. LIMITED WARRANTY Software: Elitecore warrants for a period of ninety (90) days from the date of shipment from Elitecore: (1) the media on which the Software is furnished will be free of defects in materials and workmanship under normal use; and (2) the Software substantially conforms to its published specifications except for the foregoing, the software is provided AS IS. This limited warranty extends only to the customer as the original licenses. Customers exclusive remedy and the entire liability of Elitecore and its suppliers under this warranty will be, at Elitecore or its service center s option, repair, replacement, or refund of the software if reported (or, upon, request, returned) to the party supplying the software to the customer. In no event does Elitecore warrant that the Software is error free, or that the customer will be able to operate the software without problems or interruptions. Elitecore hereby declares that the anti virus and anti spam modules are powered by Kaspersky Labs and the performance thereof is under warranty provided by Kaspersky Labs. It is specified that Kaspersky Lab does not warrant that the Software identifies all known viruses, nor that the Software will not occasionally erroneously report a virus in a title not infected by that virus. Hardware: Elitecore warrants that the Hardware portion of the Elitecore Products excluding power supplies, fans and electrical components will be free from material defects in workmanship and materials for a period of One (1) year. Elitecore's sole obligation shall be to repair or replace the defective Hardware at no charge to the original owner. The replacement Hardware need not be new or of an identical make, model or part; Elitecore may, in its discretion, replace the defective Hardware (or any part thereof) with any reconditioned product that Elitecore reasonably determines is substantially equivalent (or superior) in all material respects to the defective Hardware. DISCLAIMER OF WARRANTY Except as specified in this warranty, all expressed or implied conditions, representations, and warranties including, without limitation, any implied warranty or merchantability, fitness for a particular purpose, non-infringement or arising from a course of dealing, usage, or trade practice, and hereby excluded to the extent allowed by applicable law. In no event will Elitecore or its supplier be liable for any lost revenue, profit, or data, or for special, indirect, consequential, incidental, or punitive damages however caused and regardless of the theory of liability arising out of the use of or inability to use the product even if Elitecore or its suppliers have been advised of the possibility of such damages. In the event shall Elitecore s or its supplier s liability to the customer, whether in contract, tort (including negligence) or otherwise, exceed the price paid by the customer. The foregoing limitations shall apply even if the above stated warranty fails of its essential purpose. In no event shall Elitecore or its supplier be liable for any indirect, special, consequential, or incidental damages, including, without limitation, lost profits or loss or damage to data arising out of the use or inability to use this manual, even if Elitecore or its suppliers have been advised of the possibility of such damages. RESTRICTED RIGHTS Copyright 2000 Elitecore Technologies Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of Elitecore Technologies Ltd. Information supplies by Elitecore Technologies Ltd. Is believed to be accurate and reliable at the time of printing, but Elitecore Technologies assumes no responsibility for any errors that may appear in this documents. Elitecore Technologies reserves the right, without notice, to make changes in product design or specifications. Information is subject to change without notice CORPORATE HEADQUARTERS Elitecore Technologies Ltd. 904 Silicon Tower, Off. C.G. Road, Ahmedabad , INDIA Phone: Fax: Web site:

3 3 Cyberoam User Guide Contents Guide Sets 6 Technical Support 7 Typographic Conventions 8 Preface 9 Guide Organization 10 Cyberoam Basics 11 Benefits of Cyberoam 11 Accessing Cyberoam 11 Accessing the Web Admin Console 13 Getting Started 16 Dashboard 18 Management 20 Setting up Zones 20 Create Zone 21 Setting up Users 22 Define Authentication 22 Define User 24 Setting up Groups 33 Firewall 38 Create Firewall rule 40 Manage Firewall 45 Host Management 55 Setting up Logon Pools 60 Traffic Discovery 62 Live Connections report 62 Today s Connection History 69 Policy Management 75 Surfing Quota policy 76 Access Time policy 80 Internet Access policy 84 Bandwidth policy 92 Data Transfer policy 107 SNAT Policy 111 DNAT Policy 115 Zone Management 118 Manage Zone 118 Delete Zone 119 Group Management 120 Manage Group 120 Delete Group 125 User Management 126 Search User 126 Live User 127 Manage User 128 Logon Pool Management 140 Search Node 140 Update Logon Pool 141

4 4 Cyberoam User Guide Delete Logon Pool 144 System Management 145 Configure Network 145 Configure DNS 145 Configure DHCP 147 View Interface details 148 Configuring Dynamic DNS service 149 PPPoE 151 Manage Gateway 154 DoS Settings 155 Bypass DoS Settings 159 Reset Console Password 161 System Module Configuration 162 SNMP 163 Cyberoam SNMP Implementation 164 Cyberoam MIB 165 Cyberoam Traps 168 Manage SNMP 169 Configure SNMP Agent 170 Create SNMP Community 171 Manage SNMP Community 171 Delete SNMP Community 172 Create SNMP V3 User 174 Manage SNMP V3 User 174 Delete SNMP V3 User 175 Manage Data 176 Client Services 182 Customize Access Deny messages 187 Upload Corporate logo 188 Customize Login message 189 HTTP Proxy Management 190 Manage HTTP Proxy 190 Configure HTTP Proxy 191 Set Default Internet Access Policy 192 Manage Servers 193 Monitoring Bandwidth Usage 194 Migrate Users 199 Migration from PDC server 199 Migration from External file 200 Customization 202 Schedule 202 Define Schedule 202 Manage Schedule 205 Delete Schedule 207 Services 208 Define Custom Service 208 Manage Custom Service 209 Delete Custom Service 210 Create Service Group 211 Update Service Group 212 Delete Service Group 213 Categories 214 Web Category 215 File Type Category 224

5 5 Cyberoam User Guide Application Protocol Category 228 Access Control 234 Syslog Configuration 236 Product Licensing & Updates 239 Product Version information 239 Upgrade Cyberoam 240 Licensing 243 Download 248 Clients 248 Documentation 249 Appendix A Audit Log 250 Appendix B Network Traffic Log Fields 256 Appendix C Web Categories 260 Appendix D Services 265 Appendix E Application Protocols 267 Menu wise Screen and Table Index 269

6 Guide Sets Guide User Guide Console Guide Windows Client Guide Linux Client Guide HTTP Client Guide Analytical Tool Guide LDAP Integration Guide ADS Integration Guide PDC Integration Guide RADIUS Integration Guide High Availability Configuration Guide Data transfer Management Guide Multi Link Manager User Guide Cyberoam Anti Virus Implementation Guide Cyberoam Anti Spam Implementation Guide VPN Management Describes Console Management Installation & configuration of Cyberoam Windows Client Installation & configuration of Cyberoam Linux Client Installation & configuration of Cyberoam HTTP Client Using the Analytical tool for diagnosing and troubleshooting common problems Configuration for integrating LDAP with Cyberoam for external authentication Configuration for integrating ADS with Cyberoam for external authentication Configuration for integrating PDC with Cyberoam for authentication Configuration for integrating RADIUS with Cyberoam for external authentication Configuration of High Availability (HA) Configuration and Management of user based data transfer policy Configuration of Multiple Gateways, load balancing and failover Configuring and implementing anti virus solution Configuring and implementing anti spam solution Implementing and managing VPN 6

7 7 Cyberoam User Guide Technical Support You may direct all questions, comments, or requests concerning the software you purchased, your registration status, or similar issues to Customer care/service department at the following address: Corporate Office elitecore Technologies Ltd. 904, Silicon Tower Off C.G. Road Ahmedabad Gujarat, India. Phone: Fax: Web site: Cyberoam contact: Technical support (Corporate Office): Web site: Visit for the regional and latest contact information.

8 Typographic Conventions Material in this manual is presented in text, screen displays, or command-line notation. Item Convention Example Server Client User Username Part titles Bold and shaded font typefaces Machine where Cyberoam Software - Server component is installed Machine where Cyberoam Software - Client component is installed The end user Username uniquely identifies the user of the system Report Topic titles Shaded font typefaces Introduction Subtitles Bold & Black typefaces Notation conventions Navigation link Bold typeface Group Management Groups Create it means, to open the required page click on Group management then on Groups and finally click Create tab Name of a particular parameter / field / command button text Cross references Lowercase italic type Hyperlink in different color Enter policy name, replace policy name with the specific name of a policy Or Click Name to select where Name denotes command button text which is to be clicked refer to Customizing User database Clicking on the link will open the particular topic Notes & points to remember Prerequisites Bold typeface between the black borders Bold typefaces between the black borders Note Prerequisite Prerequisite details 8

9 9 Cyberoam User Guide Preface Welcome to Cyberoam s - User guide. Cyberoam is an Identity-based UTM Appliance. Cyberoam s solution is purpose-built to meet the security needs of corporates, government organizations, and educational institutions. Cyberoam s perfect blend of best-of-breed solutions includes User based Firewall, Content filtering, Anti Virus, Anti Spam, Intrusion Detection and Prevention (IDP), and VPN. Cyberoam provides increased LAN security by providing separate port for connecting to the publicly accessible servers like Web server, Mail server, FTP server etc. hosted in DMZ which are visible the external world and still have firewall protection. This Guide helps you manage and customize Cyberoam to meet your organization s various requirements including creating groups and users and assigning policies to control internet access. Default Web Admin Console username is cyberoam and password is cyber It is recommended that you change the default password immediately after installation to avoid unauthorized access.

10 10 Cyberoam User Guide Guide Organization This Guide provides information regarding the administration, maintenance, and customization of Cyberoam. How do I search for relevant content? For help on how to perform certain task use Contents For help on a specific menu or screen function use Menu wise Screen and Table Index This Guide is organized into three parts: Part I Getting started It describes how to start using Cyberoam after successful installation. Part II Management It describes how to define groups and users to meet the specific requirements of your Organization. It also describes how to manage and customize Cyberoam. 1. Define Authentication process and firewall rule. 2. Manage Groups and Users. Describes how to add, edit and delete Users and User Groups 3. Manage & Customize Policies. Describes how to define and manage Surfing Quota policy, Access Time policy, Internet Access policy, Bandwidth policy and Data transfer policy 4. Manage Logon Pools. Describes how to add, edit and delete Logon Pools 5. Manage Cyberoam server Part III Customization Customize Services, Schedules and Categories. Describes how to create and manage Categories, Schedules and Services and Cyberoam upgrade process.

11 11 Cyberoam User Guide Cyberoam Basics Cyberoam is an Identity-based UTM Appliance. Cyberoam s solution is purpose-built to meet the security needs of corporates, government organizations, and educational institutions. Cyberoam s perfect blend of best-of-breed solutions includes Identity based Firewall, Content filtering, Anti Virus, Anti Spam, Intrusion Detection and Prevention (IDP), and VPN. Cyberoam provides increased LAN security by providing separate port for connecting to the publicly accessible servers like Web server, Mail server, FTP server etc. hosted in DMZ which are visible the external world and still have firewall protection. It also provides assistance in improving Bandwidth management, increasing Employee productivity and reducing legal liability associated with undesirable Internet content access. Benefits of Cyberoam 1. Boost Employee productivity by a. Blocking access to the sites like Gaming, Shopping, news, Pornography 2. Conserve bandwidth by a. Controlling access to non-productive site access during working hours b. Controlling rate of uploading & downloading of data 3. Load balancing over multiple links a. Improved User response time b. Failover solution c. Continuous availability of Internet d. Reduced bandwidth bottlenecks 5. Enforce acceptable Internet usage policies 6. Comprehensive, easy-to-use reporting tool enabling the IT managers to compile reports on Internet and other resources usage and consumption patterns Accessing Cyberoam Two ways to access Cyberoam: 1. Web Admin Console Managing Firewall rules Used for policy configuration Managing users, groups and policies Managing Bandwidth Viewing bandwidth graphs as well as reports 2. Telnet Console Used for Network and System configuration (setting up IP Addresses, setting up gateway) Managing Cyberoam application a) Using Console Interface via remote login utility TELNET b) Direct Console connection - attaching a keyboard and monitor directly to Cyberoam server Accessing Console via remote login utility - TELNET Access Cyberoam Console with the help of TELNET utility. To use TELNET, IP Address of the Cyberoam server is required. To start the TELNET utility: Click Start, and then click Run

12 12 Cyberoam User Guide In Open, type TELNET xxx.xxx.x.xxx Click OK, opens a console login window and prompts to enter Password Default password for Cyberoam TELNET console is admin. Screen - Console access Screen - Console login screen Accessing Console using SSH client Access Cyberoam Console using any of the SSH client. Cyberoam server IP Address is required. Start SSH client and create new Connection with the following parameters: Hostname - <Cyberoam server IP Address> Username admin Password admin

13 13 Cyberoam User Guide Accessing the Web Admin Console Cyberoam Web Admin Console (GUI) access requires Microsoft Internet Explorer 5.5+ or Mozilla Firefox 1.5+ and Display settings as True color (32 bits) Log on & log off from the Cyberoam Web Admin Console The Log on procedure verifies validity of user and creates a session until the user logs off. Log on procedure To get the log in window, open the browser and type IP Address in browser s URL box. A dialog box appears prompting you to enter username and password to log on. Use the default user name cyberoam and password cyber if you are logging in for the first time after installation. Asterisks are the placeholders in the password field. Log on Methods HTTP log in To open unencrypted login page, in the browser s Address box, type address of Cyberoam> Screen - HTTP login screen HTTPS log in Cyberoam provides secured communication method which encrypts the User log on information and which prevents unauthorized users from viewing the user information. For this, Cyberoam uses https protocol. The secure Hypertext Transfer Protocol (HTTPS) is a communication protocol designed to transfer encrypted information between computers over the World Wide Web. HTTPS is http using a Secure Socket Layer (SSL). A secure socket layer is an encryption protocol invoked on a Web server that uses HTTPS.

14 HTTPS protocol opens a secure hypertext transfer session with the specified site address. Cyberoam User Guide To open login over secure HTTP, type address of Cyberoam> Screen - HTTPS login Screen Elements Login User name Password Specify user login name. If you are logging on for the first time after installation, please use default username cyberoam Specify user account Password 14

15 Log on to Login button If you are logging on for the first time after installation, please use default password cyber To administer Cyberoam, select Web Admin Console Logs on to Web Admin Console Click Login Table - Login screen elements Web console Authorization and Access control By default, Cyberoam has four types of user groups: Administrator group Log in as Administrator group User to maintain, control and administer Cyberoam. Administrator group User can create, update and delete system configuration and user information. Administrator can create multiple administrator level users. Manager group Manager group User can only view the reports. User group User group User is the user who accesses the resources through Cyberoam. Clientless group Clientless User group User who can bypass Cyberoam Client login to access resources. Cyberoam itself takes care of login of this level user. For Administrators and Managers, IP address based access restriction/control can be implemented. Refer to Access Configuration to implement. Log out procedure To avoid un-authorized users from accessing Cyberoam, log off after you have finished working. This will end the session and exit from Cyberoam. 15

16 16 Cyberoam User Guide Getting Started Once you have configured network, you can start using Cyberoam. PART 1 1. Start monitoring Once you have installed Cyberoam successfully, you can monitor user activity in your Network. Depending on the Internet Access policy configured at the time of installation, certain categories will be blocked/allowed for LAN to WAN traffic with or without authentication. 2. View Cyberoam Reports Monitor your Network activities using Cyberoam Reports. To view Reports, log on to Reports from Web Admin Console using following URL: IP Address> To log on, use default username cyberoam and password cyber. View your organization s surfing pattern from Web Surfing Organization wise report View your organization s general surfing trends from Trends Web Trends report View your organization s Category wise surfing trends from Trends Category Trends report 3. Discover Network Application Traffic Detect your network traffic i.e. applications and protocols accessed by your users. To view traffic pattern of your network, log on to Cyberoam Web Management Console using following URL: IP Address> To log on, use default username cyberoam and password cyber. View amount of network traffic generated by various applications from Traffic Discovery Live Connections Application wise 4. Configure for User name based monitoring As Cyberoam monitors and logs user activity based on IP address, all the reports generated are also IP address based. To monitor and log user activities based on User names, you have to configure Cyberoam for integrating user information and authentication process. Integration will identify access request based on User names and generate reports based on Usernames. If your Network uses Active Directory Services and users are already created in ADS, configure Cyberoam to communicate your ADS. Refer to Cyberoam ADS Integration guide for more details. If your Network uses Windows Domain Controller, configure for Cyberoam to communicate with Windows Domain Controller. Refer to Cyberoam PDC Integration guide for more details.

17 17 Cyberoam User Guide 5. Customize Depending on the Internet Access configuration done at the time of installation, default firewall rules will be created. You can create additional firewall rules and other policies to meet your organization s requirement. Cyberoam allows you to: 1. Control user based per zone traffic by creating firewall rule. Refer to Firewall for more details. 2. Control individual user surfing time by defining Surfing quota policy. Refer to Policy Management- Surfing Quota policy for more details. 3. Schedule Internet access for individual users by defining Access time policy. Refer to Policy Management-Access time policy for more details. 4. Control web access by defining Internet Access policy. Refer to Policy Management-Internet Access policy for more details. 5. Allocate and restrict the bandwidth usage by defining Bandwidth policy. Refer to Policy Management-Bandwidth policy for more details. 6. Limit total as well as individual upload and/or download data transfer by defining data transfer policy. Refer Data transfer policy for more details.

18 18 Cyberoam User Guide Dashboard As soon as you logon to the Web Admin Console, Dashboard is displayed. Dashboard provides one solution to many analytical needs. Using the "dashboard" concept of information presentation, Cyberoam makes it easy to view access data from multiple perspectives, allowing management to identify patterns and potential areas of risk and productivity loss. It will empower organizations to plan, understand, integrate and leverage strategy all from a single page report. The goal of dashboard is to provide fast access to monitor and analyze employee Internet usage. As a result, managers gain an unprecedented ability to report on and manage a wide spectrum of the data and applications that employees use during their working hours. Dashboard is the answer to Why can't Cyberoam automatically show me things that will help me with what I'm doing, instead of making me search around for them? Dashboard is divided into following section: 1. HTTP Traffic Analysis 2. User Surfing pattern 3. Usage Summary 4. Recent Mail Viruses detected 5. Recent HTTP Viruses detected 6. Installation Information 7. System Resources 8. System Status 9. Installation Information 10. DoS attack status 11. Recent IDP Alerts 12. License Information 13. Gateway status

19 19

20 20 Cyberoam User Guide Management Setting up Zones PART 2 A Zone is a logical grouping of ports. Zones provide flexible layer of security for the firewall. With the zone-based security, the administrator can group similar ports and apply the same policies to them, instead of having to write the same policy for each interface. Default Zones Types LAN Depending on the appliance in use and on your network design, you can group one to six ports in this zone. Even though each interface will have a different network subnet attached to it, when grouped together they can be managed as a single entity. Group all the LAN networks under this zone. By default the traffic to and from this zone is blocked and hence the highest secured zone. However, traffic between ports belonging to the same zone will be allowed. DMZ (DeMilitarized Zone) - This zone is normally used for publicly accessible servers. Depending on the appliance in use and on your network design, you can group one to five ports in this zone. WAN This zone is used for Internet services. It can also be referred as Internet zone. Depending on the appliance in use and on your network design, you can group one to six ports in this zone. Local - This zone is the grouping of all the available ports of Cyberoam. Cyberoam provides single zone of each type. These are called System Zones. Administrator can add LAN and DMZ zone types. By default, entire traffic will be blocked except LAN to Local zone service likes Administration, Authentication and Network.

21 Create Zone Select System Zone Create to open the create page Screen - Create Zone Screen Elements Create Zone Zone Name Zone Type Specify name of the Zone Select zone type LAN Depending on the appliance in use and on your network design, you can group one to six ports in this zone. By default the traffic to and from this zone is blocked and hence the highest secured zone. DMZ (DeMilitarized Zone) - This zone is normally used for publicly accessible servers. Depending on the appliance in use and on your network design, you can group one to five ports in this zone. WAN This zone type is used for the Internet services. Only one WAN zone is allowed, hence you will not be able to create additional WAN zones. Multiple LAN is not possible if Cyberoam is placed deployed as Bridge Select Port It is not possible to add Zone if Cyberoam is placed deployed as Bridge Allows to bind port to the zone Available Ports list displays the list of ports that can be binded to the selected zone. Create button Use Right arrow button to move the selected ports to Member Port list. Specify zone description Saves the configuration and creates zone Table Create Zone 21

22 22 Cyberoam User Guide Setting up Users Define Authentication Cyberoam provides policy-based filtering that allows defining individual filtering plans for various users of your organization. You can assign individual policies to users (identified by IP address), or a single policy to number of users (Group). Cyberoam detects users as they log on to Windows domains in your network via client machines. Cyberoam can be configured to allow or disallow users based on username and password. In order to use User Authentication, you must select at least one database against which Cyberoam should authenticate users. Cyberoam supports user authentication against: an Active Directory an Windows Domain controller an LDAP server an RADIUS server an internal database defined in Cyberoam To filter Internet requests based on policies assigned, Cyberoam must be able to identify a user making a request. When the user attempts to access, Cyberoam requests a user name and password and authenticates the user's credentials before giving access. User level authentication can be performed using the local user database on the Cyberoam, an External ADS server, RADIUS server, LDAP or Windows Domain Controller. Integrate with ADS, LDAP or Domain Controller if external authentication is required. If your network uses an Active Directory service, configure Cyberoam to communicate with ADS. Refer to Cyberoam - ADS Integration Guide for details. If your network uses a Windows Domain controller, configure Cyberoam to communicate with Domain controller. Refer to Cyberoam - PDC Integration for details. If your Network uses LDAP, configure Cyberoam to communicate with LDAP server. Refer to Cyberoam LDAP Integration for details. If your Network uses RADIUS server, configure Cyberoam to communicate with RADIUS server. Refer to RADIUS Integration Guide for details. Cyberoam can prompt for user identification if your network does not use Windows environment. Refer to Cyberoam Authentication for details. Cyberoam Authentication When Cyberoam is installed in Non PDC environment, it is necessary to create users and groups in Cyberoam. Before users log on to Cyberoam, Administrator has to create all the users in Cyberoam, assign them to a Group and configure for Cyberoam authentication. Refer to Define Group and Define User for details on creating groups and users.

23 When user attempts to log on, Cyberoam server performs authentication i.e. User is authenticated directly by the Cyberoam server. Select User Authentication Settings to open configuration page Screen Cyberoam Authentication Screen Elements Configure Authentication & Integration parameters Integrate with Select Cyberoam as the authentication server Default Group Allows to select default group for users Update button Click Default Group list to select Updates and saves the configuration Table Cyberoam Authentication screen elements 23

24 Define User User Users are identified by an IP address or a user name and assigned to a group. All the users in a group inherit all the group policies. Refer to Policy Management to define new policies. User types Cyberoam supports three types of Users: 1. Normal 2. Clientless 3. Single Sign on Normal User has to logon to Cyberoam. Requires Cyberoam client (client.exe) on the User machine or user can use HTTP Client component and all the policy-based restriction can be applied. Clientless Does not require Cyberoam client component (client.exe) on the User machines. Symbolically represented as User name (C) Single Sign On If User is configured for Single Sign On, whenever User logs on to Windows, he/she is automatically logged to the Cyberoam. Symbolically represented as User name (S) Use the given decision matrix below to decide which type of the user should be created. Decision matrix for creation of User Feature Normal User Clientless User Single Sign on User User Login required Yes No No Type of Group Normal Clientless Yes No No Yes Yes No Apply Login restriction Yes Yes Yes Apply Surfing Quota policy Yes No No Apply Access Time policy Yes No No Apply Bandwidth policy Yes Yes Yes Apply Internet Access policy Yes Yes Yes Apply Data Transfer policy Yes No Yes Table - Create User - Decision matrix 24

25 25 Cyberoam User Guide Add a User Prerequisite Group created for Normal Users only Select User User Add User to open add user page Screen - Add User Screen Elements User Information Name Username Password Confirm Password Windows Domain Controller Only if Authentication is done by Windows Domain Controller Specify name of the User Specify a name that uniquely identifies user & used for logging Specify Password Specify password again for conformation Should be same as typed in the Password field Displays Authentication Server IP Address

26 26 Cyberoam User Guide User Type Specify the user group type. Depending on user group type default web console access control will be applied. Refer to Web console Authorization and Access control for more details. Number simultaneous allowed OR Unlimited of login(s) Available option: Administrator Manager User Click User type list to select Refer to Add Clientless User on how to create clientless user Customize the maximum number of concurrent logins allowed to the user Specify number of concurrent logins allowed to the user OR Allows unlimited concurrent logins to the user The setting specified will override the setting specified in client preference. Group Information Group View details link Login Restriction Select any one option For example, If in Client preferences, the number of concurrent logins allowed is 5 and here you have specified 3, then this particular user will be allowed to login from 3 machines concurrently and not from 5 machines. Specify in Group in which user is to be added. User will inherit all the group policies. Click Group list to select Open a new Window and displays details of the selected Group Refer to View Group details table for more details Allows to apply login restriction Available options 1) All Nodes Allows Users to login from all the nodes in the network 2) Group Nodes only Allows Users to login only from the nodes assigned to the group 3) Selected Nodes only Allows Users to login from the selected nodes only. Refer to Apply Login Node Restriction for details. Nodes from which the User is allowed login can be specified after creating the user also. Click to select Personal details link Allows to enter personal details of the user Personal information Only if Personal details link is clicked Birth date Specify date of birth of user Click Calendar to select date Specify Id of User

27 Add button Review button Adds user Click to add Opens a new page and displays the user details for reviewing. Review details before adding to make sure details entered are correct. Click to review View Group details table Screen Elements Group name Surfing Quota policy Access Time policy Internet Access policy Bandwidth policy Data transfer policy Allotted time (HH:mm) Expiry date Used minutes Close button Click Submit to add user Table - Add User screen elements Displays name of the Group Displays name of the Surfing Quota policy assigned to the group Displays name of the Access Time policy assigned to the group Displays name of the Internet Access policy assigned to the group Displays name of the Bandwidth policy assigned to the group Displays name of the Data Transfer policy assigned to the group Displays total allotted surfing time to User Displays User policy Expiry date Displays total time used by the user in minutes At the time of creation of user, it will be displayed as 0:0 Closes window Table - View Group details screen elements Apply Login Node Restriction 27

28 Screen Elements Select Node(s) button Only if the option Selected Node(s) Only is selected Logon Pool name Select Opens a new page and allows to select the node Click to select the Node for restriction Logon Pool from which the Node/IP address is to be added Click Logon Pool name list to select Selects the Node OK button Cancel button Multiple nodes can also be selected Click to apply restriction Cancels the current operation Table - Apply Login Node Restriction screen elements 28

29 Add Clientless users Clientless Users are the Users who can bypass Cyberoam Client login to access resources. It is possible to add a single clientless user as well as more than one clientless user at a time. When you add multiple clientless users, users are represented by IP addresses and not by the User name. Add multiple clientless users Creates Clientless users with given IP addresses as their username. Change the Username of the clientless users if required. Prerequisite Clientless Group created Select User Clientless Users Add Multiple Clientless Users to open create user page Screen - Add multiple Clientless users Screen Elements Host Group Details Host Group name Is Host Group public Specify name of Logon Pool Public IP address is routable over the Internet and do not need Network Address Translation (NAT) 29

30 Bandwidth policy Click to Select, if IP Addresses assigned to the Users are public IP Addresses By default, group bandwidth policy is applied to the user but you can override this policy. Specify Bandwidth Policy to be applied. Click Bandwidth Policy list to select Machine details From To Machine name Select Group Group Click View details link to view details of the policy Specify full description Specify range of IP Address that will be used by Users to login Specify Machine name Specify Group in which User is to be added Create button Click Group list to select Adds multiple Clientless Users Table - Add multiple Clientless users screen elements 30

31 Add single Clientless user Prerequisite Group created Logon Pool created Select User Clientless Users Add Single Clientless User to open create user page Screen - Add single Clientless user Screen Elements User Information Name Username Activate on Creation Specify name of the User Specify a unique name used for logging Specifies whether user should be logged in automatically after registration Options: Yes Automatically logs in as soon as registered successfully i.e. becomes a live user No User is registered but is in De-active mode. Activate user before first log in. Refer to Activate Clientless User for more details User type Displays User type User Group Information Group Specify Group in which User is to be added 31

32 View details link Click Group list to select Open a new window and displays details of the selected group Login Restriction Allowed Login from IP Address Click to view details Specifies IP address from where User can login Click Select Node, opens a new window and allows to select IP Address Refer to Select Node table for more details Personal details link Allows to enter the personal details of the user Personal information Only if Personal details link is clicked Birth date Specify date of birth of User Register Cancel button Use Popup Calendar to enter date Specify Id of User Registers a clientless user Cancels current operation Table - Create single Clientless user screen elements Select Node table Screen Elements Logon Pool name Select Apply Restriction button Allows to select the Logon Pool Click Logon Pool name list to select Selects the Node User will be allowed to login from the selected node only. Close button Click to apply login restriction Closes window Table - Select Node screen elements NOTE Duplicate Usernames cannot be created Make sure that subnets or individually defined IP addresses do not overlap Create Group before assigning it to a User. Refer to Create Groups to create new groups 32

33 Setting up Groups Group Group is a collection of users having common policies and a mechanism of assigning access of resources to a number of users in one operation/step. Instead of attaching individual policies to the user, create group of policies and simply assign the appropriate Group to the user and user will automatically inherit all the policies added to the group. This simplifies user configuration. A group can contain default as well as custom policies. Various policies that can be grouped are: 1. Surfing Quota policy which specifies the duration of surfing time and the period of subscription 2. Access Time policy which specifies the time period during which the user will be allowed access 3. Internet Access policy which specifies the access strategy for the user and sites 4. Bandwidth policy which specifies the bandwidth usage limit of the user 5. Data Transfer policy which specifies the data transfer quota of the user Refer to Policy Management for more details on various policies. Group types Two types of groups: 1. Normal 2. Clientless Normal A user of this group need to logon to Cyberoam using the Cyberoam Client to access the Internet Clientless A user of this group need not logon to Cyberoam using the Cyberoam Client to access the Internet. Access control is placed on the IP Address. Symbolically represented as Group name (C) Use the below given decision matrix to decide which type of group will best suited for your network configuration. Decision matrix for creation of Group Feature Normal Group Clientless Group Logon into Cyberoam required Yes No Type of User Normal Clientless Yes No No Yes Apply Login restriction Yes No Apply Surfing Quota policy Yes No Apply Access Time policy Yes No Apply Bandwidth policy Yes Yes Apply Internet Access policy Yes Yes Apply Data transfer policy Yes No Table - Group creation - Decision matrix 33

34 Add a New Group Prerequisite All the policies which are to be added to the Group are created Logon Pool created if login is to be restricted from a particular Node/IP Address Select Group Add Group to open add group page Screen - Create Group Screen Elements Create Group Group name Group type Specify Group name. Choose a name that best describes the Group. Specify type of Group Click Group type to select Select Normal if Group members are required to log on using Cyberoam Client Surfing Quota Policy Select Clientless if Group members are not required to log on using Cyberoam Client Specify Surfing Quota Policy for Group 34

35 35 Cyberoam User Guide Only if Group type is Normal Access Time Policy Only if Group type is Normal Click Surfing Quota Policy list to select By default, Unlimited policy is assigned to the Clientless Group type Refer to Surfing Quota Policy for more details Specify Access Time policy for Group Click Access Time Policy list to select By default, Unlimited policy is assigned to Clientless Group type Internet policy Access Refer to Access Time Policy for more details Specify Internet Access policy for Group Click Internet Access policy list to select Bandwidth Policy Refer Internet Access policy for details Specify Bandwidth Policy for Group Click Bandwidth Policy list to select Data Transfer policy Only if Group type is Normal Login Restriction Select any one option Refer Bandwidth Policy for details Specify data transfer policy for Group Click Data Transfer policy list to select Refer Data Transfer Policy for details Apply login restriction if required for the users defined under the Group Available options 1) Allowed login from all nodes Allows Users defined under the Group to login from all the nodes 2) Allowed login from the selected nodes Allow Users defined under the Group to login from the selected nodes only. Specifies IP address from where User can login Click Select Node, opens a new window and allows to select IP Address Refer to Select Node table for more details Refer to Apply Login Node restriction for more details Select Node button Only if Allowed Login from selected node option is selected for Login restriction Create button Click to select Opens a new page and allows to select the node Click to select the Node Creates Group

36 Cancel button Cancels the current operation and returns to the Manage Group page Table - Create Group screen elements Note It is not necessary to add user at the time of the creation of Group. Users can be added even after the creation the group. Apply Login Node Restriction Screen Apply Login Node Restriction Screen Elements Logon Pool name Select Logon Pool from which the Node/IP address is to be added Click Logon Pool name list to select User will be allowed to login from the selected nodes only. Click to select Node OK button Multiple nodes can also be selected Applies login restriction and closes the window Click to apply restriction 36

37 37 Cyberoam User Guide Cancel button Cancels the current operation Table - Apply Login Node Restriction screen elements

38 38 Cyberoam User Guide Firewall A firewall protects the network from unauthorized access and typically guards the LAN and DMZ networks against malicious access; however, firewalls may also be configured to limit the access to harmful sites for LAN users. The responsibility of firewall is to grant access from Internet to DMZ or Service Network according to the Rules and Policies configured. It also keeps watch on state of connection and denies any traffic that is out of connection state. Firewall rules control traffic passing through the Cyberoam. Depending on the instruction in the rule, Cyberoam decides on how to process the access request. When Cyberoam receives the request, it checks for the source address, destination address and the services and tries to match with the firewall rule. If Identity match is also specified then firewall will search in the Live Users Connections for the Identity check. If Identity (User) found in the Live User Connections and all other matching criteria fulfills then action specified in the rule will be applied. Action can be allow or deny. If Action is Allow then each rule can be further configured to apply source or destination NATting (Network Address Translation). You can also apply different protection settings to the traffic controlled by firewall: Enable load balancing between multiple links Configure antivirus protection and spam filtering for SMTP, IMAP, POP3, and HTTP traffic. To apply antivirus protection and spam filtering, you need to subscribe for Gateway Anti Virus and Gateway Anti Spam modules individually. Refer to Licensing section for details. Implement Intrusion detection and prevention. To apply IDP policy you need to subscribe for Intrusion Detection and Prevention module. Refer to Licensing section for details. Configure content filtering policies. To apply content filtering you need to subscribe for Web and Application Filter module. Refer to Licensing section for details. Apply bandwidth policy restriction By default, Cyberoam blocks any traffic to LAN. Default Firewall rules At the time of deployment, Cyberoam allows to define one of the following Internet Access policies using Network Configuration Wizard: Monitor only General Internet policy Strict Internet policy Depending on the Internet Access policy set through Network Configuration Wizard, Cyberoam defines the two default firewall rules as follows: Monitor only Cyberoam applies the firewall rules in the order as specified below. 1. Masquerade and Allow entire LAN to WAN traffic for all the authenticated users after applying following policies: Internet Access policy User specific Bandwidth policy User specific Anti Virus & Anti Spam policy Allows SMTP, POP3, IMAP and HTTP traffic without scanning 2. Masquerade and Allow entire LAN to WAN traffic for all the users without scanning SMTP, POP3,

39 39 Cyberoam User Guide IMAP and HTTP traffic General Internet policy Cyberoam applies the firewall rules in the order as specified below. 1. Masquerade and Allow entire LAN to WAN traffic for all the authenticated users after applying following policies: Internet Access policy User specific Bandwidth policy User specific Anti Virus & Anti Spam policy - Scan SMTP, POP3, IMAP and HTTP traffic 2. Masquerade and Allow entire LAN to WAN traffic for all the users after applying following policies: Internet Access policy Applies General Corporate Policy to block Porn, Nudity, AdultContent, URL TranslationSites, Drugs, CrimeandSuicide, Gambling, MilitancyandExtremist, PhishingandFraud, Violence, Weapons categories IDP General policy Anti Virus & Anti Spam policy - Scan SMTP, POP3, IMAP and HTTP traffic Strict Internet policy Cyberoam applies the firewall rules in the order as specified below. 1. Masquerade and Allow entire LAN to WAN traffic for all the authenticated users after applying following policies: Internet Access policy User specific Bandwidth policy User specific IDP policy General policy Anti Virus & Anti Spam policy - Scan SMTP, POP3, IMAP and HTTP traffic 2. Drop entire LAN to WAN traffic for all the users Note Default Firewall rules can be modified as per the requirement but cannot be deleted IDP policy will not be effective until the Intrusion Detection and Prevention (IDP) module is subscribed. Virus and Spam policy will not be effective until the Gateway Anti Virus and Gateway Anti-spam modules are subscribed respectively. If Internet Access Policy is not set through Network Configuration Wizard at the time of deployment, the entire traffic is dropped. Additional firewall rules can be defined to extend or override the default rules. For example, rules can be created that block certain types of traffic such as FTP from the LAN to the WAN, or allow certain types of traffic from specific WAN hosts to specific LAN hosts, or restrict use of certain protocols such as Telnet to authorized users on the LAN. Custom rules evaluate network traffic source IP addresses, destination IP addresses, User, IP protocol types, and compare the information to access rules created on the Cyberoam appliance. Custom rules take precedence, and override the default Cyberoam firewall rules.

40 40 Cyberoam User Guide Create Firewall rule Previous versions allowed creating firewall rules based on source and destination IP addresses and services but now Cyberoam s Identity based firewall allows to create firewall rules embedding user identity into the firewall rule matching criteria. Firewall rule matching criteria now includes: Source and Destination Zone and Host User Service Prior to this version, all the Unified Threat Control policies were to be enabled individually from their respective pages. Now one can attach the following policies to the firewall rule as per the defined matching criteria: Intrusion Detection and Prevention (IDP) Anti Virus Anti Spam Internet Access Bandwidth Management Routing policy i.e. define user and application based routing To create a firewall rule, you should: Define matching criteria Associate action to the matching criteria Attach the threat management policies For example, now you can: Restrict the bandwidth usage to 256kb for the user John every time he logs on from the IP Restrict the bandwidth usage to 1024kb for the user Mac if he logs on in working hours from the IP Processing of firewall rules is top downwards and the first suitable rule found is applied. Hence, while adding multiple rules, it is necessary to put specific rules before general rules. Otherwise, a general rule might allow a packet that you specifically have a rule written to deny later in the list. When a packet matches the rule, the packet is immediately dropped or forwarded without being tested by the rest of the rules in the list. Select Firewall Create Rule

41 41 Cyberoam User Guide Screen - Create Firewall rule Screen Elements Matching Criteria Source Specify source zone and host IP address/network address to which the rule applies. To define host group based firewall rule you need to define host group. Under Select Address, click Create Host Group to define host group from firewall rule itself or from Firewall Host Group Create Under Select Address, click Add Host to define host group from firewall rule itself rule itself or from Firewall Host Add Host

42 42 Cyberoam User Guide Check Identity (Only if source zone is LAN/DMZ) Destination Check identity allows you to check whether the specified user/user group from the selected zone is allowed the access of the selected service or not. Click Enable to check the user identity. Enable check identity to apply following policies per user: Internet Access policy for Content Filtering (User s Internet access policy will be applied automatically but will not be effective till the Web and Content Filtering module is subscribed) Schedule Access IDP (User s IDP policy will be applied automatically but will not be effective till the IDP module is subscribed) Anti Virus scanning (User s anti virus scanning policy will be applied automatically but it will not be effective till the Gateway Anti Virus module is subscribed) Anti Spam scanning (User s anti spam scanning policy will be applied automatically but it will not be effective till the Gateway Anti Spam module is subscribed) Bandwidth policy - User s bandwidth policy will be applied automatically The policy selected in Route through Gateway is the static routing policy that is applicable only if more then one gateway is defined and used for load balancing. and limit access to available services. Specify destination zone and host IP address /network address to which the rule applies. Under Select Address, click Create Host Group to define host group from firewall rule itself or from Firewall Host Group Create Service/Service group Under Select Address, click Add Host to define host group from firewall rule itself rule itself or from Firewall Host Add Host Services represent types of Internet data transmitted via particular protocols or applications. Select service/service group to which the rule applies. Under Select Here, click Create Service Group to define service group from firewall rule itself rule itself or from Firewall Service Create Service Cyberoam provides several standard services and allows creating the custom services also. Under Select Here, click Create Service to define service from firewall rule itself rule itself or from Firewall Service Create Service

43 43 Cyberoam User Guide Protect by configuring rules to block services at specific zone limit some or all users from accessing certain services allow only specific user to communicate using specific service Apply Schedule Select Schedule for the rule Firewall Action When Criteria Match Action Select rule action Accept Allow access Drop Silently discards Reject Denies access and ICMP port unreachable message will be sent to the source When sending response it might be possible that response is sent using a different interface than the one on which request was received. This may happen depending on the Routing configuration done on Cyberoam. Apply Source NAT (Only if Action is ACCEPT ) For example, If the request is received on the LAN port using a spoofed IP address (public IP address or the IP address not in the LAN zone network) and specific route is not defined, Cyberoam will send a response to these hosts using default route. Hence, response will be sent through the WAN port. Select the SNAT policy to be applied It allows access but after changing source IP address i.e. source IP address is substituted by the IP address specified in the SNAT policy. You can create SNAT policy from firewall rule itself or from Firewall SNAT Policy Create

44 44 Cyberoam User Guide This option is not available if Cyberoam is deployed as Bridge Advanced Settings Click to apply different protection settings to the traffic controlled by firewall. You can: Enable load balancing and failover when multiple links are configured. Applicable only if Destination Zone is WAN Configure antivirus protection and spam filtering for SMTP, IMAP, POP3, and HTTP policies. To apply antivirus protection and spam filtering, you need to subscribe for Gateway Anti Virus and Gateway Anti Spam modules individually. Refer to Licensing section for details. Implement Intrusion detection and prevention. To apply IDP policy you need to subscribe for Intrusion Detection and Prevention module. Refer to Licensing section for details. Configure content filtering policies. To apply content filtering you need to subscribe for Web and Application Filter module. Refer to Licensing section for details. Apply bandwidth policy Destination NAT Settings Destination NAT Select DNAT policy to be applied policy DNAT rule tells the firewall to forward the requests from the specified machine and port to the specified machine and port. Under Select Here, click Create DNAT Policy to define dnat policy from firewall rule itself rule itself or from Firewall DNAT Policy Create This option is not available if Cyberoam is deployed as Bridge Policy Settings IDP Policy Select IDP policy for the rule. Internet Policy Access To use IDP, you have to subscribe for the module. Refer to Licensing for more details. Refer to IDP, Policy for details on creating IDP policy Select Internet access policy for the rule. It can be applied only to LAN to WAN rule. Internet Access policy controls web access. Refer to Policies, Internet Access Policy for details on creating Internet Access policy.

45 45 Cyberoam User Guide Bandwidth Policy Select Bandwidth policy for the rule. Only the Firewall Rule based Bandwidth policy can be applied. Route Gateway Through Bandwidth policy allocates & limits the maximum bandwidth usage of the user. Refer to Policies, Bandwidth Policy for details on creating Bandwidth policy. Select routing policy Can be applied only if more than one gateway is defined. This option is not available if Cyberoam is deployed as Bridge Refer to Multiple Gateway Implementation Guide for more details. Virus & Spam Settings Scan Protocol(s) Click the protocol for which the virus and spam scanning is to be enabled By default, HTTP scanning is enabled. To implement Anti Virus and Anti Spam scanning, you have to subscribe for the Gateway Anti Virus and Anti Spam modules individually. Refer to Licensing for more details. Log Traffic Refer to Anti Virus Implementation Guide and Anti Spam Implementation Guide for details. Click to enable traffic logging for the rule i.e. traffic permitted and denied by the firewall rule. Make sure, firewall rule logging in ON/Enable from the Logging Management. Refer to Cyberoam Console Guide, Cyberoam Management for more details. To log the traffic permitted and denied by the firewall rule, you need to ON/Enable the firewall rule logging from the Web Admin Console Firewall rule and from the Telnet Console Cyberoam Management. Refer to Cyberoam Console Guide for more details. Save button Refer to Appendix B - Network Traffic Logging Entry for more details. Specify full description of the rule Saves the rule Table - Create Firewall rule screen elements Manage Firewall Use to: Enable/disable SMTP, POP3, IMAP and HTTP scanning Deactivate rule Delete rule Change rule order Append rule (zone to zone) Insert rule Select display columns Select Firewall Manage Firewall to display the list of rules

46 46 Cyberoam User Guide Screen components Append Rule button - Click to add zone to zone rule Select Column button Click to customize the number of columns to be displayed on the page Subscription icon - Indicates subscription module. To implement the functionality of the subscription module you need to subscribe the respective module. Click to open the licensing page. Enable/Disable rule icon - Click to activate/deactive the rule. If you do not want to apply the firewall rule temporarily, disable rule instead of deleting. Green Active Rule Red Deactive Rule Edit icon Insert icon details. Move icon details. Delete icon - Click to edit the rule. Refer to Edit Firewall rule for more details. - Click to insert a new rule before the existing rule. Refer to Define Firewall Rule for more - Click to change the order of the selected rule. Refer to Change the firewall rule order for - Click to delete the rule. Refer to Delete Firewall Rule for more details. Update Rule Select Firewall Manage Firewall to view the list of rules. Click the rule to be modified.

47 47 Cyberoam User Guide Screen- Edit Firewall Rule Screen Elements Matching Criteria Source Displays source zone and host IP address /network address to which the rule applies. Zone Type cannot be modified Modify host/network address if required To define host group based firewall rule you need to define host group. Under Select Address, click Create Host Group to define host group from firewall rule itself or from Firewall Host Group Create Under Select Address, click Add Host to define host group from firewall rule itself rule itself or from Firewall Host Add Host

48 48 Cyberoam User Guide Check Identity (Only if source zone is LAN or DMZ) Destination Check identity allows you to check whether the specified user/user group from the selected zone is allowed the access of the selected service or not. Click Enable to check the user identity Displays destination zone and host IP address /network address to which the rule applies. Zone Type cannot be modified Modify host/network address if required. To define host group based firewall rule you need to define host group. Under Select Address, click Create Host Group to define host group from firewall rule itself or from Firewall Host Group Create Service/Service group Under Select Address, click Add Host to define host group from firewall rule itself rule itself or from Firewall Host Add Host Services represent types of Internet data transmitted via particular protocols or applications. Displays service/service group to which the rule applies, modify if required Under Select Here, click Create Service Group to define service group from firewall rule itself rule itself or from Firewall Service Create Service Cyberoam provides several standard services and allows creating the custom services also. Under Select Here, click Create Service to define service from firewall rule itself rule itself or from Firewall Service Create Service Protect by configuring rules to block services at specific zone limit some or all users from accessing certain services allow only specific user to communicate using specific service

49 49 Cyberoam User Guide Apply Schedule Displays rule s schedule, modify if required Firewall Action When Criteria Match Action Displays rule action, modify if required Apply Source NAT (Only if Action is ACCEPT ) Accept Allow access Drop Silently discards i.e. without sending ICMP port unreachable message to the source Reject Denies access and sends ICMP port unreachable message to the source Displays the SNAT policy applied to the rule, modify if required It allows access but after changing source IP address i.e. source IP address is substituted by the specified IP address in the SNAT policy. You can create SNAT policy from firewall rule itself or from Firewall SNAT Policy Create This option is not available if Cyberoam is deployed as Bridge Advanced Settings Click to apply different protection settings to the traffic controlled by firewall. You can: Enable load balancing between multiple links Configure antivirus protection and spam filtering for SMTP, IMAP, POP3, and HTTP policies Apply bandwidth policy Configure content filtering policies Destination NAT Settings Destination NAT Displays DNAT policy applied, modify if required policy DNAT rule tells the firewall to forward the requests from the specified machine and port to the specified machine and port. Under Select Here, click Create DNAT Policy to define DNAT policy from firewall rule itself rule itself or from Firewall DNAT Policy Create

50 50 Cyberoam User Guide This option is not available if Cyberoam is deployed as Bridge Policy Settings IDP Policy Displays IDP policy for the rule, modify if required To use IDP, you have to subscribe for the module. Refer to Licensing for more details. Internet Access Policy (Only if source zone is LAN) Bandwidth Policy Refer to IDP, Policy for details on creating IDP policy Displays Internet access policy for the rule, modify if required Internet Access policy controls web access. Refer to Policies, Internet Access Policy for details on creating Internet Access policy. Displays Bandwidth policy for the rule, modify if required. Only the Firewall Rule based Bandwidth policy can be applied. Route Gateway Through Bandwidth policy allocates & limits the maximum bandwidth usage of the user. Refer to Policies, Bandwidth Policy for details on creating Bandwidth policy. Displays routing policy, modify if required Can be applied only if more than one gateway is defined. This option is not available if Cyberoam is deployed as Bridge Refer to Multiple Gateway Implementation Guide for more details. Virus & Spam Settings Scan Protocol(s) Displays protocols for which the virus and spam scanning is to be enabled, modify if required By default, HTTP scanning is enabled. To implement Anti Virus and Anti Spam scanning, you have to subscribe for the Gateway Anti Virus and Anti Spam modules individually. Refer to Licensing for more details. Log Traffic Refer to Anti Virus Implementation Guide and Anti Spam Implementation Guide for details. Click to enable traffic logging for the rule

51 Make sure, firewall rule logging in ON/Enable from the Logging Management. Refer to Cyberoam Console Guide, Cyberoam Management for more details. To log the traffic permitted and denied by the firewall rule, you need to ON/Enable the firewall rule logging from the Web Admin Console Firewall rule and from the Telnet Console Cyberoam Management. Refer to Cyberoam Console Guide for more details. Save button Refer to Appendix B - Network Traffic Logging Entry for more details. Displays full description of the rule, modify if required Saves the rule Table Edit Firewall Rule 51

52 52 Cyberoam User Guide Change Firewall Rule order Rules are ordered by their priority. When the rules are applied, they are processed from the top down and the first suitable rule found is applied. Hence, while adding multiple rules, it is necessary to put specific rules before general rules. Otherwise, a general rule might allow a packet that you specifically have a rule written to deny later in the list. When a packet matches the rule, the packet is immediately dropped or forwarded without being tested by the rest of the rules in the list. Select Firewall Manage Firewall Click the move button against the rule whose order is to be changed Select Before or After as per the need Click the rule to be moved and then click where it is to be moved. Click Done to save the order Append rule Append Rule adds the new rule above the default rules if zone-to-zone rule set exists else append new rule as new zone-to-zone rule set in the end. For example, consider the screen given below. If the new rule is for DMZ to LAN then a new rule set DMZ LAN is created at the end and rule is added to it. If the new rule is for LAN to WAN then rule will be added above Rule ID 4 as Rule ID 3 and ID 4 are default rules. Select Firewall Manage Firewall Rules and click Append Rule Refer to Define Firewall Rule for more details.

53 53 Cyberoam User Guide Change Display Columns By default, Manage Firewall Rules page displays details of the rule in the following eight columns: ID, Enable, Source, Identity, Destination, Service, Action and Manage. You can customize the number of columns to be displayed as per your requirement. Screen Default Screen Display of Manage Firewall Rules page Select Firewall Manage Firewall to open the manage page. Click Select Columns It opens the new window. Available Columns list displays the columns that can be displayed on the page. Click the required column and use Right arrow button to move the selected column to the Selected Columns list Click Done Screen Customized Screen Display of Manage Firewall Rules page Delete Firewall Rule Select Firewall Manage Firewall Rules and click the delete icon against the rule to deleted

54 54 Cyberoam User Guide Screen - Delete Firewall rule Note Default rules cannot be deleted or deactivated.

55 Host Management Firewall rule can be created for the individual host or host groups. By default, the numbers of hosts equal to the ports in the appliance are already created. Create Host Group Host group is the grouping on hosts. Select Firewall Host Group Create to open the create page Screen Create Host Group Screen Elements Create Host Group Host Group Name Create button Specify host group name Specify full description Add a new host. If host group is created successfully, click Add to add hosts to the host group. Refer to Manage Host Groups for details. Table Create Host Group screen elements Manage Host Group Use to: Add host to Group 55

56 56 Cyberoam User Guide Remove host from the Group Delete Host Group Add Host to Host Group Select Firewall Host Group Manage to view the list of groups created. Click host group to which host is to be added. Host Group details are displayed. Click Add. List of hosts that can be added to the group is displayed. Click against the host to be added Click Add Remove Host from Host Group Select Firewall Host Group Manage and click host group from which the host is to be removed Screen Remove Host from Host Group

57 Screen Elements Del Select host to be removed from the group Click Del to select Select All More than one host can also be selected Select all the hosts for deletion Click Select All to select all the hosts Delete button Deletes all the selected hosts Table Remove Host from Host Group screen elements Delete Host Group Select Firewall Host Group Manage Screen Delete Host Group Screen Elements Del Select host group for deletion Click Del to select Select All More than one group can also be selected Select all the groups for deletion Click Select All to select all the groups Delete button Deletes all the selected groups Table Delete host Group screen elements 57

58 Add Host Select Firewall Host Add to open the add page Screen Add Host Screen Elements Add Host Host Name Host Type Network Select Host Group Create button Specify host name Select host type i.e. single IP address with subnet or range of IP address Specify network address or range of IP address Select host group Add a new host Table Add Host screen elements Manage Host Select Firewall Host Manage to view the list of hosts Screen Delete Host Screen Elements Del Select host to be deleted 58

59 Click Del to select Select All Delete button More than one host can also be selected Select all the hosts for deletion Click Select All to select all the hosts Deletes all the selected hosts Table Delete Host screen elements 59

60 Setting up Logon Pools Logon Pool is a collection of a single IP addresses or range of IP addresses. Add IP addresses/nodes at the time of creation of Logon Pool or after the creation. Create a new Logon Pool Prerequisite Bandwidth policy created Select Group Logon Pool Add Logon Pool Screen - Create Logon Pool Screen Elements Logon Pool Details Logon Pool name Is Logon Pool public Specify name of Logon Pool Public IP address is routable over the Internet and do not need Network Address Translation (NAT) Bandwidth policy Click to Select, if the IP Addresses assigned to Users are Public IP addresses Specify Bandwidth Policy for Logon Pool Click Bandwidth Policy list to select Machine details From To Click View details link to view details of the policy Specify full description Specify range of IP Address that will be used by Users to login 60

61 Machine name Create button Specify machine name Add a new Logon Pool Table - Add Logon Pool screen elements 61

62 62 Cyberoam User Guide Traffic Discovery "Network security" is controlling who can do what on your network. Control is all about detecting and resolving any activity that does not align with your organization's policies. Traffic discovery provides a comprehensive, integrated tool to tackle all your Network issues. It performs network traffic monitoring by aggregating the traffic passing through Cyberoam. It helps in determining the amount of network traffic generated by an application, IP address or user. View your network's traffic statistics, including protocol mix, top senders, top broadcasters, and error sources. Identify and locate bandwidth hogs and isolate them from the network if necessary. Analyze performance trends with baseline data reports. The discovered traffic pattern is presented in terms of Application User LAN IP Address Apart from details of live connection s traffic pattern, Cyberoam also provides current date s connection history. Live Connections report Application wise Application wise Live Connections displays list of Applications running on the network currently. It also displays which user is using the application currently and total data transferred using the application. Select Traffic Discovery Live Connections Application wise Screen Application wise Live connections

63 63 Cyberoam User Guide Screen Elements Application Name Applications running on network Click Total Connections to view the connection details for selected Application. Refer to Connection details for selected Application Click to view list of Users using respective Applications Click Total Connections to view the connection details for selected Application. Refer to Connection details for selected Application Click to view WAN IP Address wise Connection details for selected Application Click to view Destination Port wise Connection details for selected Application Data Transfer details Upload Transfer Displays data uploaded using the Application Download Transfer Displays data downloaded using the Application Upstream Bandwidth Displays upstream bandwidth used by Application (Kbit/sec) Downstream Bandwidth Displays downstream bandwidth used by Application (Kbits/sec) Connection Details Total Connections Displays number of connections initiating/requesting the Application Click to view the connection details for the respective Application for each connection LAN Initiated Displays number of connections initiated by LAN IP Address for the Application WAN Initiated Displays number of connections initiated by WAN IP Address for the Application Table Application wise Live connections screen elements

64 Connection details for selected Application Report columns Established Time LAN IP Address LAN PORT WAN IP Address WAN PORT Direction Upload Transfer Download Transfer Upstream Bandwidth Downstream Bandwidth Time when connection was established LAN IP Address from which the connection for the application was established LAN port through which connection was established for the application WAN IP Address to which connection was established WAN port to which connection was established for the application Traffic direction Data uploaded using the Application Data downloaded using the Application Upstream bandwidth used by Application Downstream bandwidth used by Application Connection details for selected LAN IP Address and Application Report columns Established Time LAN IP Address LAN Port WAN IP Address WAN Port Direction Upload Transfer Download Transfer Upstream Bandwidth Downstream Bandwidth Time when connection was established LAN IP Address from which the connection for the application was established LAN port through which connection was established for the application WAN IP Address to which connection was established WAN port to which connection was established for the application Traffic direction Data uploaded using the Application Data downloaded using the Application Upstream bandwidth used by Application Downstream bandwidth used by Application 64

65 WAN IP Address wise Connection details for selected Application Report columns WAN IP Address Total Connections LAN Initiated WAN Initiated Upload Transfer Download Transfer Upstream Bandwidth Downstream Bandwidth WAN IP Addresses to which Connection was established by the selected Application Number of connections established to the WAN IP Address Number of connections initiated from LAN Number of connections initiated from WAN Data uploaded during the connection Data downloaded during the connection Upstream bandwidth used by Application Downstream bandwidth used by Application Destination Port wise Connection details for selected Application Report columns Destination Port Total Connections LAN Initiated WAN Initiated Upload Transfer Download Transfer Upstream Bandwidth Downstream Bandwidth Destination ports to which Connection was established by the selected Application Number of connections established through the destination port Number of connections initiated from LAN Number of connections initiated from WAN Data uploaded during the connection Data downloaded using the connection Upstream bandwidth used by Application Downstream bandwidth used by Application 65

66 66 Cyberoam User Guide User wise User wise Live Connections displays which user is using which Application and is consuming how much bandwidth currently. Select Traffic Discovery Live Connections User wise Screen User wise Live connections Screen Elements User Name Network Users requesting various Applications Click Total Connections to view the connection details for selected User. Click to view list of Applications used by the respective users Click Total Connections to view the connection details for selected User and Application Click to view WAN IP Addresses wise Connection details for selected User Data Transfer details Upload Transfer Download Transfer Upstream Bandwidth (Kbit/sec) Downstream Bandwidth (Kbits/sec) Connection Details Total Connections Click to view Destination ports wise Connection details for selected User Displays data uploaded by the User Displays data downloaded by the User Displays upstream bandwidth used by User Displays downstream bandwidth used by User Displays number of connections initiated by the User LAN Initiated WAN Initiated Click to view connection details initiated by the User for each connection Displays number of connections initiated from LAN IP Address by the User Displays number of connections initiated from WAN IP Address by the User Table User wise Live connections screen elements

67 67 Cyberoam User Guide LAN IP Address wise LAN IP Address wise Live Connections displays list of Applications currently accessed by LAN IP Address. Select Traffic Discovery Live Connections LAN IP Address wise Screen LAN IP Address wise Live connections Screen Elements LAN IP Address LAN IP Address requesting various Applications Click Total Connections to view the connection details for selected LAN IP Address. Click to view list of Applications requested by the respective LAN IP Address Click Total Connections to view the connection details for selected LAN IP Address and Application Click to view WAN IP Addresses wise Connection details for selected LAN IP Address Data Transfer details Upload Transfer Download Transfer Upstream Bandwidth (Kbit/sec) Downstream Bandwidth (Kbits/sec) Connection Details Click to view Destination ports wise Connection details for selected LAN IP Address Displays data uploaded from the LAN IP Address Displays data downloaded from the LAN IP Address Displays upstream bandwidth used by LAN IP Address Displays downstream bandwidth used by the LAN IP Address

68 Total Connections Displays number of connections initiated by the LAN IP Address Click to view connection details initiated by the LAN IP Address for each connection LAN Initiated Displays number of connections initiated from LAN IP Address WAN Initiated Displays total number of connections initiated from WAN IP Address Table LAN IP Address wise Live connection screen elements Apart from the live connection details, details of the connections that are closed can be also be viewed. The details for all the connections that are closed during last 24 hours are shown. You can also select the history duration. 68

69 69 Cyberoam User Guide Today s Connection History Application wise It displays list of Applications accessed during the selected duration and by user and/or LAN IP Address. Select Traffic Discovery Today s Connection History Application wise Screen Today s Connection History Application wise Screen Elements Select Start time and Stop time Start time & Stop time Select the history duration Refresh Data button Click to refresh the data after the start time or stop time is changed to get the latest data Application Name Applications running on network Click Total Connections to view the connection details for selected Application. Refer to Connection details for selected Application Click to view list of users using respective Applications Click Total Connections to view the connection details for selected LAN IP Address and Application. Refer to Connection details for selected LAN IP Address and Application Click to view WAN IP Address wise Connection details for selected Application Data Transfer details Upload Transfer Download Transfer Upstream Bandwidth (Kbit/sec) Click to view Destination Port wise Connection details for selected Application Displays data uploaded using the Application Displays data downloaded using the Application Displays upstream bandwidth used by Application

70 Downstream Bandwidth Displays downstream bandwidth used by Application (Kbits/sec) Connection Details Total Connections Displays number of connections initiating/requesting the Application Click to view the connection details for the respective Application for each connection LAN Initiated Displays number of connections initiated by LAN IP Address for the Application WAN Initiated Displays number of connections initiated by WAN IP Address for the Application Table Today s Connection History Application screen elements 70

71 71 Cyberoam User Guide User wise It displays list of Users who has logged on to network during the selected duration and accessed which applications. Select Traffic Discovery Today s Connection History User wise Screen Today s Connection History User wise Screen Elements Select Start time and Stop time Start time & Stop time Select the history duration Refresh Data button Click to refresh the data after the start time or stop time is changed to get the latest data User Name Network Users requesting various Applications Click Total Connections to view the connection details for selected User. Click to view list of Applications used by the respective users Click Total Connections to view the connection details for selected User and Application Click to view WAN IP Addresses wise Connection details for selected User Data Transfer details Upload Transfer Click to view Destination ports wise Connection details for selected User Displays data uploaded by the User

72 72 Cyberoam User Guide Download Transfer Upstream Bandwidth (Kbit/sec) Downstream Bandwidth (Kbits/sec) Connection Details Total Connections Displays data downloaded by the User Displays upstream bandwidth used by User Displays downstream bandwidth used by User Displays number of connections initiated by the User Click to view connection details initiated by the User for each connection LAN Initiated Displays number of connections initiated from LAN IP Address by the User WAN Initiated Displays number of connections initiated from WAN IP Address by the User Table Today s Connection History User wise screen elements

73 73 Cyberoam User Guide LAN IP Address wise It displays list of Applications accessed during the selected duration by each LAN IP Address. Select Traffic Discovery Today s Connection History LAN IP Address wise Screen Today s Connection History LAN IP Address wise Screen Elements Select Start time and Stop time Start time & Stop time Select the history duration Refresh Data button Click to refresh the data after the start time or stop time is changed to get the latest data LAN IP Address LAN IP Address requesting various Applications Click Total Connections to view the connection details for selected LAN IP Address. Click to view list of Applications requested by the respective LAN IP Address Click Total Connections to view the connection details for selected LAN IP Address and Application Click to view WAN IP Addresses wise Connection details for selected LAN IP Address Data Transfer details Upload Transfer Download Transfer Upstream Bandwidth (Kbit/sec) Downstream Bandwidth (Kbits/sec) Connection Details Click to view Destination ports wise Connection details for selected LAN IP Address Displays data uploaded from the LAN IP Address Displays data downloaded from the LAN IP Address Displays upstream bandwidth used by LAN IP Address Displays downstream bandwidth used by the LAN IP Address

74 Total Connections Displays number of connections initiated by the LAN IP Address Click to view connection details initiated by the LAN IP Address for each connection LAN Initiated Displays number of connections initiated from LAN IP Address WAN Initiated Displays total number of connections initiated from WAN IP Address Table Today s Connection History LAN IP Address wise screen elements 74

75 75 Cyberoam User Guide Policy Management Cyberoam allows controlling access to various resources with the help of Policy. Cyberoam allows defining following types of policies: 1. Control individual user surfing time by defining Surfing quota policy. See Surfing Quota policy for more details. 2. Schedule Internet access for individual users by defining Access time policy. See Access time policy for more details. 3. Control web access by defining Internet Access policy. See Internet Access policy for more details. 4. Allocate and restrict the bandwidth usage by defining Bandwidth policy. See Bandwidth policy for more details. 5. Limit total as well as individual upload and/or download data transfer by defining data transfer policy. See Data Transfer policy for more details. Cyberoam comes with several predefined policies. These predefined policies are immediately available for use until configured otherwise. Cyberoam also lets you define customized policies to define different levels of access for different users to meet your organization s requirements.

76 Surfing Quota policy Surfing quota policy defines the duration of Internet surfing time. Surfing time duration is the allowed time in hours for a Group or an Individual User to access Internet. Surfing quota policy: Allocates Internet access time on cyclic or non-cyclic basis Single policy can be applied to number of Groups or Users Cyberoam comes with several predefined policies. These predefined policies are immediately available for use until configured otherwise. Cyberoam also lets you define customized policies to define different levels of access for different users to meet your organization s requirements. Create Surfing Quota policy Select Policies Surfing Quota Policy Create policy to open the create page Screen - Create Surfing Quota policy Screen Elements Create Surfing Quota policy Name Specify policy name. Choose a name that best describes the policy Cycle type Specify cycle type Cycle hours Only if cycle type is not Non cyclic Allotted Days Available options Daily restricts surfing hours up to cycle hours defined on daily basis Weekly restricts surfing hours up to cycle hours defined on weekly basis Monthly restricts surfing hours up to cycle hours defined on monthly basis Yearly restricts surfing hours up to cycle hours defined on yearly basis Non-cyclic no restriction Specify upper limit of surfing hours for cyclic type policies At the end of each Cycle, cycle hours are reset to zero i.e. for Weekly Cycle type, cycle hours will to reset to zero every week even if cycle hours are unused Restricts surfing days 76

77 77 Cyberoam User Guide Unlimited Days Allotted Time Unlimited Time Specify total surfing days allowed to limit surfing hours Does not restrict surfing days and creates Unlimited Surfing Quota policy. Click to select Allotted time defined the upper limit of the total surfing time allowed i.e. restricts total surfing time to allotted time Specify surfing time in Hours & minutes Select if you do not want to restrict the total surfing time Shared allotted time with group members Policy Create button Click to select Specify whether the allotted time will be shared among all the group members or not Click to share Specify full description of the policy Creates policy Table - Create Surfing Quota policy screen elements Note Policies with the same name cannot be created

78 Update Surfing Quota policy Select Policies Surfing Quota policy Manage policy and click Policy name to be modified Screen - Update Surfing Quota policy Screen Elements Edit Surfing Quota policy Name Displays policy name, modify if required Cycle Type Displays Cycle type, modify if required Cycle Hours Displays allotted Cycle hours Allotted Days Displays allotted days, modify if required Or Unlimited Days 78

79 Allotted time Or Unlimited time Shared allotted time with group members Policy Update button Cancel button Displays allotted time in hours, minutes, modify if required Cyberoam User Guide Displays whether the total allotted time is shared among the group members or not, modify if required Displays description of the policy, modify if required Updates and saves the policy Cancels the current operation and returns to Manage Surfing Quota policy page Table - Update Surfing Quota policy screen elements Note The changes made in the policy become effective immediately on updating the changes. Delete Surfing Quota policy Prerequisite Not assigned to any User or Group Select Policies Surfing Quota policy Manage policy to view list of policies Screen - Delete Surfing Quota policy Screen Elements Del Select policy for deletion Click Del to select Select All More than one policy can also be selected Select all the policies for deletion Click Select All to select all the policies Delete button Deletes all the selected policies Table - Delete Surfing Quota policy screen elements 79

80 Access Time policy Access time is the time period during which user can be allowed/denied the Internet access. An example would be only office hours access for a certain set of users. Access time policy enables to set time interval - days and time - for the Internet access with the help of schedules. See Schedules for more details. A time interval defines days of the week and times of each day of the week when the user will be allowed/denied the Internet access. Two strategies based on which Access time policy can be defined: Allow strategy By default, allows access during the schedule Deny strategy By default, disallows access during the schedule Create Access Time policy Prerequisite Schedule created Select Policies Access Time Policy Create policy to open create policy page Screen - Create Access Time policy Screen Elements Access Time policy details Name Specify policy name. Choose a name that best describes the policy to be created Schedule Specify policy schedule Users will be allowed/disallowed access during the time specified in the schedule. Click Schedule list to select Click View details link to view the details of selected schedule 80

81 Strategy for selected Schedule Refer to Define Schedule on how to create a new schedule Specify strategy to policy Allow Allows the Internet access during the scheduled time interval Disallow - Does not allow the Internet access during the scheduled time interval Create button Click to select Specify full description of policy Creates policy Table - Create Access Time policy screen elements Note Policies with the same name cannot be created 81

82 82 Cyberoam User Guide Update Access Time policy Select Policies Access Time policy Manage policy and Click Policy name to be modified Screen - Update Access Time policy Screen Elements Access Time policy details Name Displays policy name, modify if required Schedule Displays selected policy schedule To modify, Click Schedule list and select new schedule

83 Strategy for selected Schedule Click View details link to view details of the selected schedule Displays Schedule strategy Save button Cancel button Cannot be modified Displays description of the policy, modify if required Saves the modified details Cancels current operation and returns to Manage Access Time policy Table - Update Access Time policy screen elements Note The changes made in the policy become effective immediately on saving the changes. Delete Access Time policy Prerequisite Not assigned to any User or Group Select Policies Access Time policy Manage policy to view the list of policies Screen - Delete Access Time policy Screen Elements Del Select policy for deletion Click Del to select Select All More than one policy can also be selected Select all the policies for deletion Click Select All to select all the policies Delete button Deletes all the selected policies Table - Delete Access Time policy screen elements 83

84 84 Cyberoam User Guide Internet Access policy Internet Access policy controls user s web access. It helps to manage web access specific to the organization s need. It specifies which user has access to which sites or applications and allows defining policy based on almost limitless parameters like: 1. Individual users 2. Groups of users 3. Time of day 4. Location/Port/Protocol type 5. Content type 6. Bandwidth usage (for audio, video and streaming content) When defining a policy, you can deny or allow access to an entire application category, or to individual file extensions within a category. For example, you can define a policy that blocks access to all audio files with.mp3 extensions. Two basic types of Internet Access policy: 1. Default Allow 2. Default Disallow Default Allow By default, allows user to view everything except the sites and files specified in the web categories E.g. To allow access to all sites except Mail sites Default Disallow By default, prevents user from viewing everything except the sites and files specified in the web categories E.g. To disallow access to all sites except certain sites

85 85 Cyberoam User Guide Create a new Internet Access policy Select Policies Internet Access Policy Create Policy to open the create policy page Screen - Create Internet Access policy

86 86 Cyberoam User Guide Screen Elements Internet Access policy details Name Specify policy name. Choose a name that best describes the policy to be created Using Template Select a template if you want to create a new policy based on an existing policy and want to inherit all the categories restrictions from the existing policy Policy Type Only for Blank option in Using Template field Reporting Select Blank template, if you want to create a fresh policy without any restrictions. After creation you can always customize the category restrictions according to the requirement. Select default policy type Available options Allow Allows access to all the Internet sites except the sites and files specified in the Categories Deny Allows access to only those sites and files that are specified in the Categories Specify full description of policy By default, Internet usage report is generated for all the users. But Cyberoam allows to bypass reporting of certain users. Click Off to create Bypass reporting Internet access policy. Internet usage reports will not include access details of all the users to whom this policy will be applied. Create button Click On to create policy which will include access details of all the users in Internet usage reports to whom this policy is applied. Creates policy and allows to add Category restriction Refer to Add Category for more details Internet Access policy Rules Add button Allows to define Internet Access policy rules and assign Web, File Type and Application Protocol Categories to Internet Access policy Save button Show Policy Members button Cancel button Click to add Refer to Add Internet Access policy rule for more details Saves policy Opens a new page and displays list of policy members Cancels the current operation and return to Manage Internet Access policy page Table - Create Internet Access policy screen elements Note Policies with the same name cannot be created Add Internet Access policy rule

87 Screen Add Internet Access policy rule Screen Elements Rule details Select Category Displays list of custom Web, File Type and Application Protocol Categories Displays list of Categories assigned to policy In Category Name column, W represents Web Category F represents File Type Category A represents Application Protocol Category D represents Default Category C represents Customized i.e. User defined Category Select Categories to be assigned to policy. In Web Category list, click to select In File Type list, click to select In Application Protocol list, click to select Use Ctrl/Shift and click to select multiple Categories Strategy During Schedule If Web and Application Filter subscription module is registered, all the default categories will also be listed and can be for restriction. Allows/Disallows access to the selected Categories during the period defined in the schedule Click Strategy box to see options and select Allows/Disallows access to the selected Categories according to the strategy defined during the period defined in the schedule Allow/Disallow will depend on the strategy selected View details link Click Schedule box to see options and select Opens a new window and displays details of the selected schedule Add button Click to view Click Close to close the window Add rule to Internet Access policy 87

88 Cancel button Click to add rule Cancels the current operation Table Add Internet Access policy rule screen elements Update Internet Access policy Select Policy Internet Access policy Manage Policy and click policy name to be modified Screen - Update Internet Access policy Screen Elements Internet Access policy details Name Displays policy name Policy Type Reporting Cannot be modified Displays policy type Cannot be modified Displays policy description, modify if required By default, Internet usage report is generated for all the users. But Cyberoam allows to bypass reporting of certain users. Click Off to create Bypass reporting Internet access policy. Internet usage reports will not include access details of all the users to whom this policy will be applied. Click On to create policy which will include access details of all the users in Internet usage reports to whom this policy is applied. Internet Access policy Rules 88

89 Displays list of Categories assigned to policy In Category Name column, W represents Web Category F represents File Type Category A represents Application Protocol Category Add button D represents Default Category C represents Customized i.e. User defined Category Allows to define a new rule Click to add Delete button MoveUp button Only when more than one rule is defined Refer to Add Internet Access policy rule for more details Allows to delete the selected rule(s) Refer to Delete Internet Access policy rule for more details Moves the selected rule one step up Click rule that is to be moved one-step up. This will highlight selected rule. Click MoveUp to move the selected rule one step upwards MoveDown button Only when more than one rule is defined Update button Only when more than one rule is defined Save button Show Policy members button Cancel button Moves the selected rule one step down Click rule, which is to be moved one-step down. This will highlight selected rule. Click Move Down to move the selected rule one step downwards Saves the modified sequence of the rules Saves the modifications Opens a new page and displays list of policy members Cancels the current operation and returns to Manage Internet Access policy page Delete Internet Access policy rule Table - Update Internet Access policy screen elements Screen - Delete Internet Access policy rule 89

90 Screen Elements Del Select rule to be deleted Click Del to select Select All More than one rule can also be selected Selects all rules for deletion Click Select All to select all rules for deletion Delete button Delete(s) selected rules Table - Delete Internet Access policy rule screen elements Note Do not forget to update after changing the order Delete Internet Access policy Prerequisite Not assigned to any User or Group Select Policies Internet Access policy Manage Policy Screen - Delete Internet Access policy 90

91 Screen Elements Del Select policy for deletion Click Del to select Select All More than one policy can also be selected Selects all policies for deletion Click Select All to select all policies for deletion Delete button Delete(s) selected policies Table - Delete Internet Access policy screen elements 91

92 92 Cyberoam User Guide Bandwidth policy Bandwidth is the amount of data passing through a media over a period of time and is measured in terms of kilobytes per second (kbps) or kilobits per second (kbits) (1 Byte = 8 bits). The primary objective of bandwidth policy is to manage and distribute total bandwidth on certain parameters and user attributes. Bandwidth policy allocates & limits the maximum bandwidth usage of the user and controls web and network traffic. Policy can be defined/created for: 1. Logon Pool It restricts the bandwidth of a Logon Pool i.e. all the users defined under the Logon Pool share the allocated bandwidth. 2. User It restricts the bandwidth of a particular user. 3. Firewall Rule It restricts the bandwidth of any entity to which the firewall rule is applied. Logon Pool based bandwidth policy Policy restricts the bandwidth for a Logon Pool i.e. all the users defined under the Logon Pool will share the allocated bandwidth. User based bandwidth policy Strict Policy restricts the bandwidth for a particular user. There are two types of bandwidth restriction Strict Committed In this type of bandwidth restriction, user cannot exceed the defined bandwidth limit. Two ways to implement strict policy: Total (Upstream + Downstream) Individual Upstream and Individual Downstream Implementation on Bandwidth specified Example Total (Upstream + Downstream) Total bandwidth Total bandwidth is 20 kbps and upstream and downstream combined cannot cross 20 kbps Individual Upstream Individual bandwidth i.e. Upstream and Downstream and Individual separate for both bandwidth is 20 kbps then either Downstream cannot cross 20 kbps Table - Implementation types for Strict - Bandwidth policy Strict policy Bandwidth usage Bandwidth usage Bandwidth specified Individual Shared For a particular user Shared among all the users who have been assigned this policy Table - Bandwidth usage for Strict - Bandwidth policy

93 93 Cyberoam User Guide Committed In this type of bandwidth restriction, user is allocated the guaranteed amount of bandwidth and user can draw bandwidth up to the defined burstable limit, if available. It enables to assign fixed minimum and maximum amounts of bandwidth to users. By borrowing excess bandwidth when it is available, users are able to burst above guaranteed minimum limits, up to the burstable rate. Guaranteed rates also assure minimum bandwidth to critical users to receive constant levels of bandwidth during peak and non-peak traffic periods. Guaranteed represents the minimum guaranteed bandwidth and burstable represents the maximum bandwidth that a user can use, if available. Two ways to implement committed policy: Total (Upstream + Downstream) Individual Upstream and Individual Downstream Implementation on Bandwidth specified Example Total (Upstream + Downstream) Individual Upstream and Individual Downstream Guaranteed bandwidth Burstable bandwidth Individual Guaranteed and Brustable bandwidth i.e. separate for both Guaranteed bandwidth is 20 kbps then upstream and downstream combined will get 20 kbps guaranteed (minimum) bandwidth Burstable bandwidth is 50 kbps then upstream and downstream combined can get up to 50 kbps of bandwidth (maximum), if available Individual guaranteed bandwidth is 20 kbps then upstream and downstream get 20 kbps guaranteed (minimum) bandwidth individually Individual brustable bandwidth is 50 kbps then upstream and downstream get maximum bandwidth up to 50 kbps, if available individually Table - Implementation types for Committed - Bandwidth policy Committed policy Bandwidth usage Bandwidth usage Bandwidth specified Individual Shared For a particular user Shared among all the users who have been assigned this policy Table - Bandwidth usage for Committed - Bandwidth policy Firewall Rule based bandwidth policy Policy restricts the bandwidth for a particular IP address. It is similar to the User based policy with the same type of restrictions on Implementation type & Bandwidth usage.

94 Create Bandwidth policy Select Policies Bandwidth Policy Create policy to open the create policy pane Screen - Create Bandwidth policy Common Screen Elements Screen Elements Bandwidth Policy Details Name Specify policy name. Choose a name that best describes the policy to be created Specify full description of policy Priority Set the bandwidth priority Create button Cancel button Priority can be set from 0 (highest) to 7 (lowest) Set the priority for SSH/Voice/Telnet traffic to be highest as this traffic is more of the interaction Creates policy Cancels the current operation Table - Create Bandwidth policy - Common screen elements Note Policies with the same name cannot be created 94

95 Create Logon Pool based bandwidth policy Select Policies Bandwidth Policy Create policy to open the create policy page Screen - Create Logon Pool based Bandwidth policy Screen Elements Bandwidth Policy Details Policy based on Total Bandwidth (in KB) Click Logon Pool to create Logon Pool based policy Specify maximum amount of total bandwidth, expressed in terms of kbps. Specified bandwidth will be shared by all the users of the Logon Pool Maximum bandwidth limit is 4096 kbps Table - Create Logon Pool based Bandwidth policy screen elements 95

96 Create User/Firewall Rule based Strict bandwidth policy Screen - Create User/IP based Strict Bandwidth policy Screen Elements Bandwidth Policy Details Policy based on Based on the selection creates policy for User or IP address Policy Type Click User to create User based policy Click IP Address to create IP Address based policy Based on the selection bandwidth restriction will be applied In Strict type of bandwidth restriction, user cannot exceed the defined bandwidth limit Implementation on In Committed type of bandwidth restriction, user is allocated the guaranteed amount of bandwidth and can draw bandwidth up to the defined burst-able limit, if available. Specify implementation type of Bandwidth restriction Click Total to implement bandwidth restriction on the Total usage Total bandwidth (Only for TOTAL implementation type) Upload Bandwidth (Only for INDIVIDUAL implementation type) Download Bandwidth (Only for INDIVIDUAL implementation type) Click Individual to implement bandwidth restriction on the Individual Upstream and Individual Downstream bandwidth usage Specify maximum amount of Total bandwidth, expressed in terms of kbps Minimum bandwidth allowed is 2 kbps and maximum is 4096 kbps Specify maximum amount of Upstream Bandwidth, expressed in terms of kbps Minimum bandwidth allowed is 2 kbps and maximum is 4096 kbps Specify maximum amount of Downstream Bandwidth, expressed in terms of kbps 96

97 Minimum bandwidth allowed is 2 kbps and maximum is 4096 kbps Bandwidth usage Specify whether the Bandwidth allocated is for particular user or shared among all the policy users Table - Create User/IP based Strict Bandwidth policy screen elements 97

98 Create User/Firewall Rule based Committed bandwidth policy Screen - Create User/IP based Committed Bandwidth policy Screen Elements Bandwidth Policy Details Policy based on Policy Type Creates policy based on the selection Click User to create User based policy Click IP Address to create IP address based policy Based on the selection bandwidth restriction will be applied In Strict type of bandwidth restriction, user cannot exceed the defined bandwidth limit In Committed type of bandwidth restriction, user is allocated the guaranteed amount of bandwidth and can draw bandwidth up to the defined burst-able limit, if available. Implementation on Click Committed to apply committed policy Specify implementation type for Bandwidth restriction Guaranteed (Min)/ Burstable (Max) (Only for TOTAL implementation type) Guaranteed (Min)/ Burstable (Max) Upload Bandwidth (Only for INDIVIDUAL implementation type) Click Total to implement bandwidth restriction on Total Click Individual to implement bandwidth restriction on Individual Upstream and Individual Downstream bandwidth Specify Guaranteed and Burstable amount of Total bandwidth, expressed in terms of kbps Minimum bandwidth allowed is 2 kbps and maximum is 4096 kbps Specifies Guaranteed and Burstable amount of Upstream Bandwidth, expressed in terms of kbps Minimum bandwidth allowed is 2 kbps and maximum is 4096 kbps Guaranteed (Min)/ Specifies Guaranteed and Burstable amount of Downstream Bandwidth, 98

99 99 Burstable(Max) Download Bandwidth (Only for INDIVIDUAL implementation type) Bandwidth usage expressed in terms of kbps Cyberoam User Guide Minimum bandwidth allowed is 2 kbps and maximum is 4096 kbps Specify whether bandwidth specified is for a particular User or Shared among all the policy users Table - Create User/IP based Committed Bandwidth policy screen elements

100 Update Bandwidth policy Need to update Bandwidth Policy 1. Add/remove schedule based details to User/IP address based policy 2. Update bandwidth values Select Policies Bandwidth policy Manage policy and click Policy name to be updated Screen - Update Bandwidth policy Common Screen Elements Screen Elements Bandwidth Policy details Name Displays Bandwidth policy name, modify if required Priority Displays the bandwidth priority, modify if required Priority can be set from 0 (highest) to 7 (lowest) Set the priority for SSH/Voice/Telnet traffic to be highest as this traffic is more of the interaction Displays policy description, modify if required Update button Updates and saves the policy Cancel button Cancels current operation and returns to the Manage Bandwidth policy page Table - Update Bandwidth policy Common screen elements 100

101 Update Logon Pool based bandwidth policy Screen - Update Logon Pool based Bandwidth policy Screen Elements Bandwidth Policy Details Show Members link Policy Based On Opens a new browser window and displays bandwidth restriction details and the member Logon Pools of the policy Click Close to close the window Displays type of policy Cannot be modified Default values to be applied all the time Implementation on Displays Implementation type of the policy Total Bandwidth (in KB) Cannot be modified Displays total bandwidth for the group, modify if required Maximum bandwidth limit is 4096 kbps Table - Update Logon Pool based Bandwidth policy screen elements 101

102 Update User/Firewall Rule based Bandwidth policy Screen - Update User based Bandwidth policy Screen Elements Bandwidth Policy Details Show members link Policy based on Opens a new browser window and displays bandwidth restriction details, schedule details and the members/users of the policy Click Close to close the window Displays type of policy Cannot be modified Default values to be applied all the time Implementation on Displays implementation type of policy Total Bandwidth (Only for TOTAL implementation type) Upload Bandwidth (in KB) (Only for STRICT policy type and INDIVIDUAL implementation type) Download Bandwidth (in KB) (Only for STRICT policy type and INDIVIDUAL implementation type) Guaranteed Brustable Upload Bandwidth (in KB) (Only for COMMITTED policy Cannot be modified Displays total bandwidth assigned, modify if required Modify Upstream bandwidth value Modify Downstream bandwidth value Modify Upstream bandwidth value 102

103 type and INDIVIDUAL implementation type) Guaranteed Brustable Download Bandwidth (in KB) (Only for COMMITTED policy type and INDIVIDUAL implementation type) Policy type Update button Add details button Modify Downstream bandwidth value Displays policy type i.e. committed or strict Cannot be modified Updates the changes made in Bandwidth restriction details and Default values to be applied all the time Allows to attach schedule to override default bandwidth restriction Click Add details Refer to Attach Schedule details for more details Table - Update User based Bandwidth policy screen elements Attach Schedule details Strict Screen Assign Schedule to User based Strict Bandwidth policy Screen Elements Bandwidth Policy Schedule wise details Name Displays policy name Policy Type Displays Type of bandwidth restriction Implementation on Click Strict to apply strict policy Specify whether bandwidth restriction implementation is on Total or Upstream & downstream individually For Total Total Bandwidth - Specify maximum amount of Total bandwidth, expressed in terms of kbps For Individual Upload Bandwidth - Specify maximum amount of Upstream bandwidth, expressed in terms of kbps Download Bandwidth - Specify maximum amount of Downstream bandwidth, expressed in terms of kbps 103

104 Schedule View details link Specify Schedule Click Schedule list to select Opens the new browser window and displays the details of the schedule selected Click Close to close the window Add button Assigns schedule Cancel button Cancels the current operation Table Assign Schedule to User based Strict Bandwidth policy screen elements Committed Screen - Assign Schedule to User based Committed Bandwidth policy Screen Elements Bandwidth Policy Schedule wise details Name Displays policy name Policy Type Displays Type of bandwidth restriction Implementation on Click Committed to apply committed policy Specify whether bandwidth restriction implementation is on Total or Upstream & downstream individually For Total Guaranteed(Min) Bandwidth - Specify minimum guaranteed amount of Total bandwidth, expressed in terms of kbps Brustable(Max) Bandwidth - Specify maximum amount of Total bandwidth, expressed in terms of kbps For Individual Guaranteed(Min) Upload Bandwidth - Specify minimum guaranteed amount of Upstream bandwidth, expressed in terms of kbps Brustable(Max) Upload Bandwidth - Specify maximum amount of Upstream bandwidth, expressed in terms of kbps 104

105 Guaranteed(Min) Download Bandwidth - Specify minimum guaranteed amount of Downstream bandwidth, expressed in terms of kbps Schedule View details link Brustable(Max) Download Bandwidth - Specify maximum amount of Downstream bandwidth, expressed in terms of kbps Specify Schedule Click Schedule list to select Opens new browser window and displays the details of the schedule selected Click Close to close the window Add button Assigns schedule to the bandwidth policy Cancel button Cancels the current operation Table Assign Schedule to User based Committed Bandwidth policy screen elements Remove Schedule details Screen - Remove Schedule from User based Bandwidth policy Screen Elements Select Select Schedule detail(s) for deletion Click Select to select Select All More than one schedule details can also be selected Select all details for deletion Click Select All to select all details Remove Detail button Removes the selected schedule detail(s) Table - Remove Schedule from User based Bandwidth policy screen elements Note The changes made in the policy become effective immediately on saving the changes. 105

106 Delete Bandwidth policy Prerequisite Bandwidth policy not attached to any Logon Pool, user or IP address Select Policies Bandwidth policy Manage policy to view the list of policies Screen - Delete Bandwidth policy Screen Elements Del Select policy for deletion Click Del to select Select All More than one policy can also be selected Selects all polices for deletion Click Select All to select all policies Delete button Deletes selected policies Table - Delete Bandwidth policy screen elements 106

107 107 Cyberoam User Guide Data Transfer policy Data transfer policy: Limits data transfer on a cyclic or non-cyclic basis. Single policy can be applied to number of Groups or Users. Data transfer restriction can be based on: Total Data transfer (Upload+Download) Individual Upload and/or Download Cyberoam provides several predefined policies, which are available for use until configured otherwise. You can also define customized policies to define different limit for different users to meet your organization s requirements. Create Data transfer policy Select Policies Data Transfer Policy Create Policy to open the create policy page Screen Create Data transfer policy Screen Elements Create Data Transfer policy Name Specify policy name. Choose a name that best describes the policy Cycle type Specify cycle type Available options

108 108 Cyberoam User Guide Restriction based on Daily restricts data transfer up to cycle hours defined on daily basis Weekly restricts data transfer up to cycle hours defined on weekly basis Monthly restricts data transfer up to cycle hours defined on monthly basis Yearly restricts data transfer up to cycle hours defined on yearly basis Non-cyclic data restriction is defined by the Total data transfer limit Specify whether the data transfer restriction is on total data transfer or on individual upload or download Click Total Data Transfer to apply data transfer restriction on the Total (Upload + Download) data transfer Shared allotted data transfer with group members Only if Cycle Type is Non-cyclic Policy Restriction Details Cycle Total Data Transfer Limit (MB) Only if Cycle Type is not Non-cyclic and Restriction is based on Total Data Transfer Cycle Upload Data Transfer Limit (MB) Only if Cycle Type is not Non-cyclic and Restriction is based on Individual Data Transfer Cycle Download Data Transfer Limit (MB) Only if Cycle Type is not Non-cyclic and Restriction is based on Individual Data Transfer Total Data Transfer Limit (MB) Only if Restriction is based on Total Data Transfer Upload Data Transfer Limit (MB) Click Individual Data Transfer to apply data transfer restriction on the Individual Upload and Individual Download data transfer Specify whether the allotted data transfer will be shared among all the group members or not Click to share Specify full description of the policy Specify Cycle Total Data transfer limit It is the upper limit of total data transfer allowed to the user per cycle. User will be disconnected if limit is reached. Specify Cycle Upload Data transfer limit. It is the upper limit of upload data transfer allowed to the user per cycle. User will be disconnected if limit is reached. OR If you do not want to restrict upload data transfer per cycle, click Unlimited Cycle Upload Data transfer Enter Cycle Download Data transfer limit. It is the upper limit of download data transfer allowed to the user per cycle. User will be disconnected if limit is reached. OR If you do not want to restrict download data transfer per cycle, click Unlimited Cycle Download Data transfer Specify Total Data transfer limit. It is the data transfer allowed to the user and if the limit is reached user will not be able to log on until the policy is renewed. OR If you do not want to restrict total data transfer, click Unlimited Total Data Transfer Specify Upload Data transfer limit. It is the total upload data transfer allowed to the user and if the limit is

109 Only if Restriction is based on Individual Data Transfer Download Data Transfer Limit (MB) Only if Restriction is based on Individual Data Transfer reached user will not be able to log on until the policy is renewed. OR If you do not want to restrict total upload data transfer, click Unlimited Upload Data Transfer Specify Download Data transfer limit. It is the upper download data transfer allowed to the user and if the limit is reached user will not be able to log on until the policy is renewed. OR Create button Cancel button If you do not want to restrict total download data transfer, click Unlimited Download Data Transfer Creates policy Cancels the current operation and returns to Manage Data transfer policy page Table Create Data transfer policy screen elements Update Data transfer policy Select Policies Data transfer policy Manage policy and click Policy name to be modified Screen Update Data transfer policy screen Screen Elements Edit Data Transfer policy Name Displays policy name, modify if required. Cycle type Displays cycle type Restriction based on Displays whether the data transfer restriction is on total data transfer or on individual upload or download 109

110 110 Cyberoam User Guide Shared allotted data transfer with group members Policy Restriction Details Cycle Total Data Transfer Limit (MB) Only if Restriction is based on Total Data Transfer Displays whether the allotted data transfer is shared among all the group members or not Displays full description of the policy, modify if required. Displays Cycle Total Data transfer limit It is the upper limit of total data transfer allowed to the user per cycle. User will be disconnected if limit is reached. Cycle Upload Data Transfer Limit (MB) Only if Restriction is based on Individual Data Transfer Cycle Download Data Transfer Limit (MB) Only if Restriction is based on Individual Data Transfer Total Data Transfer Limit (MB) Only if Restriction is based on Total Data Transfer Upload Data Transfer Limit (MB) Only if Restriction is based on Individual Data Transfer Download Data Transfer Limit (MB) Only if Restriction is based on Individual Data Transfer Update button Cancel button Displays Cycle Upload Data transfer limit. It is the upper limit of upload data transfer allowed to the user per cycle. User will be disconnected if limit is reached. Displays Cycle Download Data transfer limit. It is the upper limit of download data transfer allowed to the user per cycle. User will be disconnected if limit is reached. Displays Total Data transfer limit. It is the data transfer allowed to the user and if the limit is reached user will not be able to log on until the policy is renewed. Displays Upload Data transfer limit. It is the total upload data transfer allowed to the user and if the limit is reached user will not be able to log on until the policy is renewed. Displays Download Data transfer limit. It is the upper download data transfer allowed to the user and if the limit is reached user will not be able to log on until the policy is renewed. Updates policy Cancels the current operation and returns to Manage Data transfer policy page Table Update Data transfer policy screen elements Delete Data transfer policy Prerequisite Not assigned to any User or Group Select Policies Data transfer policy Manage policy to view list of policies

111 Screen Delete Data transfer policy screen Screen Elements Del Select policy for deletion Click Del to select Select All More than one policy can also be selected Select all the policies for deletion Click Select All to select all the policies Delete button Deletes all the selected policy/policies Table - Delete Data transfer policy screen element SNAT Policy SNAT policy tells firewall rule to allow access but after changing source IP address i.e. source IP address is substituted by the IP address specified in the SNAT policy. Create SNAT policy Select Firewall SNAT policy Create to open the create page 111

112 Screen Create SNAT policy Screen Elements SNAT policy SNAT Policy Name Source Translation Map Source IP with Specify policy name Specify description Specify IP address MASQUERADE will replace source IP address with Cyberoam s WAN IP address IP will replace source IP address with the specified IP address IP Range will replace source IP address with any of the IP address from the specified range Create button Creates the SNAT policy Table Create SNAT policy screen elements Manage SNAT policy Use to Edit policy Delete policy Update policy Select Firewall SNAT policy Manage to view the list of polices. Click the policy to be modified. 112

113 Screen Update SNAT policy Screen Elements SNAT policy SNAT Policy Name Source Translation Map Source IP with Update button Displays policy name, modify if required Displays description, modify if required Specify IP address MASQUERADE will replace source IP address with Cyberoam s WAN IP address IP will replace source IP address with the specified IP address IP Range will replace source IP address with any of the IP address from the specified range Saves the modifications Table Update SNAT policy screen elements Delete SNAT policy Select Firewall SNAT policy Manage to view the list of polices. 113

114 Screen Delete SNAT policy Screen Elements Del Select policy for deletion Click Del to select Select All More than one policy can also be selected Select all the policies for deletion Click Select All to select all the policies Delete button Deletes all the selected policy/policies Table Delete SNAT policy screen elements 114

115 DNAT Policy DNAT rule tells the firewall to forward the requests from the specified machine/port to the specified machine/port. Create DNAT policy Select Firewall DNAT policy Create to open the create page Screen - Create DNAT policy Screen Elements DNAT policy DNAT Policy Name Destination Translation Map Destination IP with Port Forward Specify policy name Specify description Specify IP address IP will replace destination IP address with the specified IP address IP Range will replace destination IP address with any of the IP address from the specified range Enable port forwarding if you want to replace the port also. Create button Specify TCP Port number Specify UDP Port number Creates DNAT policy Table - Create DNAT policy screen elements 115

116 Manage DNAT policy Use to Edit policy Delete policy Update policy Select Firewall DNAT policy Manage to view the list of polices. Click the policy to be modified. Screen Edit DNAT policy Screen Elements DNAT policy DNAT Policy Name Destination Translation Map Destination IP with Port Forward Displays policy name, modify if required Displays description, modify if required Specify IP address IP will replace destination IP address with the specified IP address IP Range will replace destination IP address with any of the IP address from the specified range Displays whether port forwarding is enabled or not. 116

117 Enable port forwarding if you want to replace the port also. Update button Specify TCP Port number Specify UDP Port number Updates DNAT policy Table Edit DNAT policy screen elements Delete DNAT policy Select Firewall DNAT policy Manage to view the list of polices. Screen Delete DNAT policy Screen Elements Del Select policy for deletion Click Del to select Select All More than one policy can also be selected Select all the policies for deletion Click Select All to select all the policies Delete button Deletes all the selected policy/policies Table Delete DNAT policy screen elements 117

118 Zone Management Use to Update Zone details Delete Zone Manage Zone Select System Zone Manage to open the manage zone page Screen Edit Zone Screen Elements Create Zone Zone Name Zone Type Displays zone name Displays zone type LAN Depending on the appliance in use and on your network design, you can group one to six ports in this zone. By default the traffic to and from this zone is blocked and hence the highest secured zone. DMZ (DeMilitarized Zone) - This zone is normally used for publicly accessible servers. Depending on the appliance in use and on your network design, you can group one to five ports in this zone. Select Port WAN - Depending on the appliance in use and on your network design, you can group one to six ports in this zone. Displays the ports binded to the to the zone, modify if required 118

119 Available Ports list displays the list of ports that can be binded to the selected zone. Member Port list displays the list of ports binded to the zone Use Right arrow button to move the selected ports to Member Port list. Save button Use Left arrow button to move the selected ports to Available Port list. Displays zone description, modify if required Saves the zone configuration Table Edit Zone Delete Zone Prerequisite No hosts attached to the zone Select System Zone Manage to open the manage zone page Screen Delete Zone Screen Elements Del Select Zone(s) for deletion Click Del to select Select All Delete Group button More than one zone can also be selected Selects all the zones Click Select All to select all the zones for deletion Delete the selected zone(s) Table Delete Zone Note Default Zones cannot be deleted 119

120 120 Cyberoam User Guide Group Management Manage Group Update Group to: Change Surfing time policy applied Change Access time policy applied Change Internet Access policy applied Change Bandwidth policy applied Change Data transfer policy applied Change the login restriction for the users of the group Add new users to the group Select Group Manage Group and click the Group to be modified Screen - Manage Group Screen Elements Group Information Group Name Show Group Members button Surfing Quota policy Change policy button Displays Group name, modify if required Opens a new window and displays list of group members Displays currently attached Surfing Quota policy to the Group Click to change the attached Surfing Quota policy

121 121 Cyberoam User Guide Only for Normal Group type Opens a new window and allows to select a new Surfing Quota policy Time (HH:mm) Expiry date allotted Click Change policy Click Select to select from available policy Click Done to confirm the selection Click Cancel to cancel the operation Surfing quota policy, Time allotted & Expiry date changes accordingly Displays total surfing time allotted by Surfing Quota policy to the Group Cannot be modified Displays Expiry date of the Surfing Quota policy Period Time (HH:mm) Only if Surfing Quota policy is Non-Cyclic Period Cycle Only if Surfing Quota policy is Non-Cyclic Used Surfing Time Access Time policy Only for Normal Group type Cannot be modified Displays cycle hours Cannot be modified Displays type of cycle Cannot be modified Displays total time used by the Group members Cannot be modified Displays currently attached Access Time policy to the Group To change Click Access Time policy list to select Internet policy Access Click View details to view the details of the policy Displays currently attached Internet Access policy to the Group To change Click Internet Access policy list to select Bandwidth policy Click View details to view the details of the policy Displays currently attached Bandwidth policy to the Group To change Click Bandwidth policy list to select Data Transfer policy Click View details to view the details of the policy Displays currently attached Data Transfer policy to the Group To change Click Data Transfer policy list to select Login Restriction Change Login Restriction button Save button Add Members Click View details to view the details of the policy Display login restriction applied to the Group members Click to change login restriction Refer to Change Login Restriction for more details Saves the modified details Allows to add members to the group Click to add

122 122 Cyberoam User Guide Renew Data Transfer (Only if Data transfer policy is Non-cyclic and shared) Cancel button Note Refer to Add Group Members for details Renews data transfer policy of all the group memebers Cancels the current operation Table - Manage Group screen elements Any changes made are applicable to all the group members Add Group Member(s) Screen Add Group Member Screen Elements Select Group Username/Name starting with (* for All) Search button Members from the selected group will be transferred to the current group Click to select the Group Search user Specify username or * to display all the users Search user from the selected Group Displays list of users in the selected Group Add button Close button Click Add to select the user to be added More than one user can also be selected Adds selected user(s) to the group Closes the window and returns to Edit Group page Table Add Group Member screen elements

123 Update Group Need may arise to change the Group setting after the creation of Group. To Show Group Members Change Surfing Quota Policy Only for Normal Group type Change Access Time Policy Change Internet Access policy Change Bandwidth Policy Change Data transfer policy Change Login Restriction Click Show Group Members button Refer to View Group members for details Change Policy button Access Time Policy list Internet Access policy list Bandwidth Policy list Data transfer policy list Change Login Restriction button Table - Need to Update group Show Group Members Screen - Show Group Members Screen Elements Group name Total members User Name Employee Name Allotted Time Expiry Date Displays Group name Displays Total Group members/users User name Name with which the Employee logs in Employee name Total Allotted time to the user Refer to Access Time policy for details Expiry date of the policy attached to the User Refer to Surfing time policy for details Used Time Total time used by the User Close button Closes the window Table - Show Group Members screen elements 123

124 Change Login Restriction Screen - Change Login Restriction Screen Elements Login Restriction Displays the current login restriction Click to change the current restriction Save button Saves if the restriction is changed Cancel button Cancels the current operation Select Node(s) button Click to select the Node for restriction Only if the option Allowed login from selected nodes is selected IP address Displays IP address Machine name Displays Machine name if given Allowed from Click to select Multiple nodes can be selected Apply Restriction button Applies the login restriction for the group members i.e. Group members will be able to login from the above selected nodes only Cancel button Cancels the current operation Table - Change Login Restriction screen elements 124

125 Delete Group Prerequisite No Group members defined Select Group Manage Group and view the list of Groups Screen - Delete Group Screen Elements Del Select Group(s) for deletion Click Del to select Select All More than one Group can also be selected Selects all the Groups Click Select All to select all the Groups for deletion Delete Group button Delete the selected Group(s) Table - Delete Group screen elements 125

126 User Management Search User Use to search the User Select User Search User Screen - Search User Screen Elements Search User Enter Username Search User button Specify Search criteria Searches all types of users based on the entered criteria Click to search Table - Search User screen elements Search criteria Result Mark Details of the user Mark A Details of all the users whose User name or Name contains a Details of the user Details of all the users whose User name or Name contains 8 Table - Search User Result 126

127 Live User Use Live users page to view list of all the currently logged on Users modify user details send message to any live user disconnect any live user Select User Manage Live Users Screen Manage Live Users Report Columns Concurrent Sessions Current System time User name Click to change the display order Name Connected from Click to change the display order Public IP Start time Click to change the display order Time (HH:mm) Upload Data transfer Click to change the display order Download Data transfer Click to change the display order Bandwidth (bits/sec) Select Displays currently connected total users (Normal, Clientless, and Single sign on client Users) Displays current system time in the format - Day, Month Date,HH:MM Displays name with which user has logged in Click User name link to View/Update user details Displays User name Click Name link to view Group and policies details attached to the User Displays IP address of the machine from which user has logged in Displays Public IP address if User has logged in using public IP address Displays login time Displays total time used in hours and minutes Displays Data uploaded Displays Data downloaded Displays Bandwidth used Select User for sending message or disconnecting Send Message button Disconnect button More than one User can be selected Sends message to the selected User(s) Disconnects the selected User(s) Table Manage Live User screen elements 127

128 Manage User Update User Manage Normal & Single Sign on Client Users Select User User Manage Active to view the list of Users and click User name to be modified OR Select User User Manage Deactive to view the list of Users and click User name to be modified Manage Clientless Users Select User Clientless Users Manage Clientless Users to view list of Users and click User name to be modified Need may arise to change the User setting after the creation of User. To Change the personal details or password of the User View User Accounts details Change the User Group Change Access Time Policy assigned to the User Change Internet Access Policy assigned to the User Change Bandwidth Policy assigned to the User Change Data Transfer policy assigned to the User Change Login Restriction of the User Click Edit personal details/change Password Refer to Change Personal details for more details User My Account Refer to User My Account for more details Change Group Refer to Change Group for more details Access Time policy list Refer to Change Individual Policy for more details Internet Access policy list Refer to Change Individual Policy for more details Bandwidth policy list Refer to Change Individual Policy for more details Data Transfer policy list Refer to Change Individual Policy for more details Change Login restriction button Refer to Change Login Restriction for more details Table - Need to Update User 128

129 Screen - Manage User Screen Elements Personal Information Username Edit Personal details/change Password button Displays username with which the user logs on Cannot be modified Allows to change the User s personal details and login password Click Edit Personal details to change Name Birth date User My Account button Windows Domain Controller Only if Authentication is done by Windows Domain Controller User type Refer to Personal details table for more details Displays User/Employee name Cannot be modified Displays Birth date of User Displays ID of User Click to view/update the my account details Refer to User My Account Displays Authentication server address, modify if required Displays User type 129

130 Number of simultaneous login(s) allowed Policy Information Group Change Group button Cannot be modified Displays whether simultaneous login is allowed or not, modify if required Displays Group in which User is defined Allows to change Group of the User Time Allotted to User (HH:mm) User Policy Expiry Date Time used (HH:mm) Opens a new window and allows to select a new Group Displays total time allotted to User in the format Hours: Minutes Cannot be modified Displays Expiry date Cannot be modified Displays total time used by the User in the format Hours: Minutes Period time Period Cycle Cycle Time used Access Time Policy Cannot be modified Displays allowed total cycle hours Displays cycle type Displays cycle time used Displays currently assigned Access Time policy to the User, modify if required To view the details of the policy Click View details Internet Access policy Refer to Change Individual Policy on how to change the assigned policy Displays currently assigned Internet Access policy to the User To view the details of the policy Click View details Bandwidth policy Refer to Change Individual Policy on how to change the assigned policy Displays currently assigned Bandwidth policy to the User To view the details of the policy Click View details Data Transfer policy Refer to Change Individual Policy on how to change the assigned policy Displays currently assigned Data Transfer policy to the User To view the details of the policy Click View details Login Restriction Refer to Change Individual Policy on how to change the assigned policy Display currently applied login restriction to the User 130

131 Change login restriction button Click to change user login restriction applied Refer to Change User Login restriction for details Save button Saves the modified details Re-apply Current policy button Reapplies all the current policies at the time of renewal Cancel button Cancels the current operation Table - Manage User screen elements Change Personal details Screen - Change User Personal details Screen Elements Personal Information Username Name New password Re-enter New password Birth date Displays the name with which user has logged in User name, modify if required Type the new password Re-enter new password Should be same as typed in new password Displays birth date, modify if required User My Account Use Popup Calendar to change Displays ID of the user, modify if required User type Displays User type, modify if required Update button Updates the changes made Cancel button Cancels the current operation and returns to Edit User page Table - Change User personal details screen elements User My Account gives details like Personal details and Internet usage of a particular user. User can change his/her password using this tab. Administrator and User both can view these details. 1. Administrator can view details of various users from User User Manage Active and click Username whose detail is to be checked. Click User My Account, it opens a new browser window. 131

132 132 Cyberoam User Guide Screen - User My Account 2. Normal Users can view their MyAccount details from task bar. In the task bar, double click the Cyberoam client icon and click My Account. It opens a new window and prompts for MyAccount login Username and Password. Screen - User My Account Opens a new window with following sub modules: Personal, Client, Account status, Logout

133 Personal Allows viewing and updating password and personal details of the user Change Password Select Personal Change Password Screen - Change Password Screen Elements Change Password Username Current Password New password Re-enter New password Displays the name with which user has logged in Type the current password Type the new password Re-enter new password Update Should be same as new password Update the changes made Table - Change password screen elements Change Personal details Select Personal Personal Detail Screen - Change Personal details Screen Elements Personal Information Username Displays the name with which user logs in Name Birth Date Update Cannot be modified Displays User name, modify if required Displays birth date Use Popup Calendar to change Displays ID of the user Cannot be modified Update the changes made Table - Change Personal details screen elements 133

134 Account status Allows viewing Internet & Printer usage of the user Internet Usage Screen - Internet Usage Status Screen Elements Policy Information Username Group Time allotted to User (HH:mm) Expiry date Time used by User (HH:mm) Usage Information Upload Data transfer Download Data transfer Total Data transfer Displays the name with which user has logged in Displays the name of the User Group Displays total surfing time allotted to the user in the Surfing time policy Displays Expiry date Displays total time used by the User Displays allotted, used and remaining upload data transfer Allotted upload data transfer is configured from Data transfer policy Displays allotted, used and remaining download data transfer Allotted download data transfer is configured from Data transfer policy Displays allotted, used and remaining total data transfer Get Internet Usage information for month Submit button Allotted total data transfer is configured from Data transfer policy Select Month Select Year Click to view the Internet usage report for the selected period Table - Internet Usage screen elements Report displays IP address from where user had logged in, session start and stop time, total used time, data uploaded and downloaded during the session and total data transferred during the session. 134

135 Change Group Screen - Change Group Screen Elements Policy Information Change Group button Opens a new window and displays list of Groups Select Done button Cancel button Click to change the User group Click to select Adds User to the Group Cancels the current operation Table - Change Group screen elements Change Individual Policy Screen Elements Policy Information Access Time policy Internet Access policy Bandwidth policy Data Transfer policy Save Specify Access Time policy. It overrides the assigned Group Access time policy. Click Access policy list to select Specify Internet Access policy. It overrides the assigned Group Internet Access policy. Click Internet Access policy list to select Specify Bandwidth policy. It overrides the assigned Group Bandwidth policy Click Bandwidth policy list to select Specify Data Transfer policy. It overrides the assigned Group Data Transfer policy Click Data Transfer policy list to select Saves the changes Table - Change Individual policy 135

136 Change User Login Restriction Screen - Change User Login Restriction Screen Elements Login restriction Change login restriction button Allowed login from all the nodes Allowed login from Group node(s) Allowed login from selected node(s) Save button Cancel button Click to change the login restriction Allows user to login from all the nodes of the Network Allows Users to login only from the nodes assigned to the group Allows user to login from the selected nodes only To select node Click Select node Select a Logon Pool from the Logon Pool name list Click Select to select the IP addresses to be added to the policy Click Select All to select all IP addresses Click OK to assign policy to the selected IP Addresses Click Close to cancel the operation Saves the above selection Cancel the current operation Table - Change User Login Restriction screen elements 136

137 Delete User User can be deleted from Active list as well as from Deactive list To delete active user, click User User Manage Active Screen - Delete Active User To delete de-active user, click User User Manage Deactive Screen - Delete Deactive User To delete Clientless user, click User Clientless User Manage Clientless User Screen - Delete Clientless User Screen Elements Select Select User to be deleted Click Select to select Select All Delete button More than one user can also be selected Selects all the users for deletion Click Select All to select all Deletes all the selected User(s) Table - Delete User screen elements 137

138 Deactivate User User is de-activated automatically in case he has overused one of the resources defined by policies assigned. In case, need arises to de-activate user manually, select User User Manage Active Screen - Deactivate User Screen Elements Select Select User to be deactivated Click Select to select More than one user can be selected Select All Select all the users Deactivate button Deactivates all the selected User(s) Table - Deactivate User screen elements View the list of deactivated users by User User Manage Deactive 138

139 Activate User To activate normal and Single sign on Client user, click User User Manage Deactive To activate Clientless user, click User Clientless Users Manage Clientless Users Screen - Activate Normal User Screen - Activate Clientless User Screen Elements Select Select User to be activated Click Activate to select Select All Activate button More than one user can be selected Selects all the users Click Select All to select Activates all the selected User(s) Table - Activate User screen elements 139

140 140 Cyberoam User Guide Logon Pool Management Search Node Use Search Node Tab to search the Node/IP address based on: IP address OR MAC address Select Group Logon Pool Search Node Screen - Search Node Example Search criteria Result 1 list of nodes whose address contains list of nodes whose address contains node whose address is b list of nodes whose address contains B 4C list of nodes whose address contains 4C B7 list of nodes whose address contains B7 Table - Search Node results

141 Update Logon Pool Select Group Logon Pool Manage Logon Pool and click Logon Pool name to be modified Screen - Update Logon Pool Screen Elements Logon Pool Details Logon Pool name Is Logon Pool Public Bandwidth policy Show Nodes link Displays Logon Pool name, modify if required Displays whether Logon Pool is of public IP addresses or not Displays bandwidth policy attached, modify if required Click View details link to view bandwidth restriction details and policy members Displays description of the Logon Pool, modify if required Displays IP addresses defined under the Logon Pool. Allows to Add or Delete node Click Show nodes Click Add Node Refer to Add node for more details Update button Cancel button Click Delete Node Refer to Delete node for more details Updates and saves the details Cancels the current Table - Update Logon Pool screen elements 141

142 Add Node Screen - Add Node Screen Elements Machine details IP address Range link Machine name Create button Cancel button IP address of the Node to be added to the Logon Pool Click to add range of IP Address From To - IP addresses to be included in the Logon Pool Specify machine name Adds the nodes to the Logon Pool Cancels the current operation Table - Add Node screen elements 142

143 Delete Node Prerequisite Not assigned to any User Screen - Delete Node Screen Elements Select Select the IP address of the node for deletion Click Select to select Select All More than one node can also be selected Selects all the nodes for deletion Click Select All to select all the nodes Delete button Deletes the selected Node(s) Table - Delete Node screen elements 143

144 Delete Logon Pool Prerequisite IP address from Group not assigned to any User Select Group Logon Pool Manage Logon Pool Screen - Delete Logon Pool Screen Elements Del Select the Logon Pool(s) for deletion Click Del to select Select All More than one Logon Pool can also be selected Select all the Logon Pools for deletion Delete Logon Pool button Click Select All to select all the Logon Pools for deletion Delete the selected Logon Pool(s) Table - Delete Logon Pool screen elements 144

145 145 Cyberoam User Guide System Management Configure Network Network setting consists of Interface Configuration, DHCP Configuration and DNS Configuration. Configure DNS A Domain Name Server translates domain names to IP addresses. You can configure domain name server for your network as follows. At the time of installation, you configured the IP address of a single primary DNS server. You can change this primary DNS server any time and also define additional DNS servers. Select System Configure Network Configure DNS Screen Configure DNS

146 146 Cyberoam User Guide Screen Elements DNS List Displays list of Domain name servers Add button List order indicates preference of DNS. If more than one Domain name server exists, query will be resolved according to the order specified. Allows to add IP address of Domain Name Server Multiple DNS server can be defined Click Add Remove button Move Up button Type IP address Click OK Allows to remove IP address of Domain Name Server Click IP address to select Click Remove Changes the order of server when more than one DNS server defined Moves the selected Server one step up Move Down button Click IP address which is to be moved up Click MoveUp Changes the order of server when more than one DNS server is defined Moves the selected Server one step down Save button Click IP address which is to be moved down Click Move Down Updates the DNS details and order, if modified Click Save Redirect DNS traffic to local DNS Server DNS traffic Redirects all the DNS traffic to Cyberoam redirection Click Enable to redirect Table - Configure DNS To add multiple DNS repeat the above-described procedure. Use Move Up & Move Down buttons to change the order of DNS. If more than one Domain name server exists, query will be resolved according to the order specified.

147 Configure DHCP Dynamic Host Configuration Protocol (DHCP) is a protocol that assigns a unique IP address to a device, releases and renews the address as device leaves and re-joins the network. The device can have different IP address every time it connects to the network. In other words, it provides a mechanism for allocating IP address dynamically so that addresses can be re-used. Select System Configure Network Configure DHCP Screen - Configure DHCP Screen Elements DHCP Details Network Interface Interface IP Netmask IP address From To Domain name Subnet Mask Gateway Domain name server Update DHCP button Displays Network Interface i.e. Internal or External Displays IP address assigned to Interface Displays Netmask Displays IP address range for clients, modify if required The DHCP server assigns an available IP address in the range to the client upon request Displays domain name for the specified subnet, modify if required Displays subnet mask for the client/network, modify if required Displays IP address of Gateway, modify if required Displays IP address of Domain name server, modify if required Updates the modified details Table - Configure DHCP screen elements 147

148 View Interface details Use to view the Interface configuration Select System Configure Network View Interface details Screen Cyberoam as Gateway - View Interface details Screen Elements Network Zone/Zone Type Displays port wise configuration details Displays IP address and Net mask Displays port to zone relationship i.e. port is binded to which zone LAN Depending on the appliance in use and on your network design, you can group one to six ports in this zone. By default the traffic to and from this zone is blocked and hence the highest secured zone. DMZ (DeMilitarized Zone) - This zone is normally used for publicly accessible servers. Depending on the appliance in use and on your network design, you can group one to five ports in this zone. WAN - Depending on the appliance in use and on your network design, you can group one to six ports in this zone. If PPPoE is configured, WAN port will be displayed as the PPPoE Interface. Table View Interface details screen elements 148

149 Configuring Dynamic DNS service Dynamic DNS (Domain Name Service) is a method of keeping a static domain/host name linked to a dynamically assigned IP address allowing your server to be more easily accessible from various locations on the Internet. Powered by Dynamic Domain Name System (DDNS), you can now access your Cyberoam server by the domain name, not the dynamic IP address. DDNS will tie a domain name (e.g. mycyberoam.com, or elitecore.cyberoam.com) to your dynamic IP address. Register hostname with DDNS service provider Select System Dynamic DNS Configuration Create Account to open configuration page Screen Register Hostname with DDNS Screen Elements Host Name Detail Hostname Service Provider s details Service name Login Name and Password IP detail Specify hostname you want to use on DDNS server i.e. domain name that you registered with your DDNS service provider Specify description Specify description Select Service provider with whom you have registered your hostname. Specify your DDNS account s login name and password 149

150 150 Cyberoam User Guide IP address IP Update Checking Interval Create button Select WAN Interface if Cyberoam WAN interface is assigned Public IP address. IP address of the selected interface will be binded with the specified host name. Select NATed Public IP if Cyberoam WAN interface is assigned private IP address and is behind NAT box. Enter the time interval after which DDNS server should check and update the IP address of your server if changed. For example if time interval is set to 10 minutes, after every 10 minutes, DDNS server will check for any changes in your server IP address Click Create to save the configuration Table Register hostname with DDNS Testing your Dynamic DNS configuration You can test your Dynamic DNS by: Access your Cyberoam server using the host name you have registered with DDNS service provider - If you are able to access Cyberoam then your configuration is correct and DDNS is working properly. Ping your host - If you get the IP address of your external interface then your configuration is correct and DDNS is working properly. Manage Account Check the IP address updation status from the Manage Account page. It also displays the reason incase updation was not successful. Select System Dynamic DNS Configuration Manage Account to open configuration page and click the hostname to be

151 151 Cyberoam User Guide PPPoE PPPoE Client is a network protocol that uses Point to Point Protocol over Ethernet to connect with a remote site using various Remote Access Service products. This protocol is typically founding broadband network of service provider. The ISP may then allow you to obtain an IP address automatically or give you a specific IP address. PPPoE Access Concentrator is a router that acts as a server in a Point-to-Point Protocol over Ethernet (PPPoE) session and is used to: For Ethernet LANs, to assign IP addresses to workstations, e.g. Multi-apartment buildings, Offices, to provide user authentication and accounting Schools and universities, computer classes Connections to Wireless ISPs Connections to xdsl providers Access Concentrators (AC) also known as PPPoE Termination units, answer the PPPoE request coming from a client site PPPoE application for PPP negotiation and authentication. When using Cyberoam as a PPPoE client, computers on LAN are transparent to WAN side PPPoE link. This alleviates Administrator from having to manage the PPPoE clients on the individual computers. To configure PPPoE Interface Before configuring the Interface for PPPoE: 1. Run Wizard from Web Admin Console 2. In the Network Configuration, for the WAN port: Enable option Obtain an IP from PPPoE Under PPPoE Details, specify PPPoE username and password 3. Click Finish to exit from Wizard 4. To confirm log on to Web Admin Console, go to System Configure Network View Interface Details. PPPoE Interface will be defined under WAN zone. Note: A new dynamic IP address will be leased to the PPPoE Interface, each time a new PPP session is establish with Access Concentrator IP address in Firewall rules will automatically change when the new IP address is leased If multiple gateways are defined then IP address in the failover condition will automatically change when the new IP address is leased As IP address to PPPoE interface is assigned dynamically: a) Network Configuration from Telnet Console will not display the PPPoE interface configuration b) You will not be able to change the IP address of the PPPoE interface from Telnet Console using Network Configuration Select System Configure Network View Interface Details and click PPPoE Interface

152 152 Cyberoam User Guide Screen PPPoE configuration Screen Elements PPPoE Configuration Interface Displays the Port which configured as PPPoE Interface from Wizard User and Specify username and password. Username and password Password should be same as specified in the Network Configuration using Wizard Access Concentrator Name Service name Specify Access Concentrator name (PPPoE server). Cyberoam will initiate sessions with the specified Access Concentrator only. In most of the cases, you can leave this field blank. Use it only if you know that there are multiple Access Concentrators. Specify Service Name. Cyberoam will initiate only those sessions with Access Concentrator, which can provide the specified service. In most of the cases, you can leave this field blank. Use it only if you need a specific service. LCP Interval Specify LCP interval in seconds. Default is 20 seconds. Every 20 seconds LCP echo request is send to check whether the link is alive or not. LCP Failure Specify Failure. Default is 3 attempts. Cyberoam will wait for the LCP echo request response for the LCP interval defined after every attempt. Cyberoam declares PPPoE link as closed if it does not receive response after defined attempts. Update button Click Update to save the configuration Table PPPoE configuration screen elements

153 153 Cyberoam User Guide Establish PPPoE session 1. Select System Configure Network View Interface Details and click PPPoE Interface through which you want to establish connection 2. Click Reconnect. It establishes 128bit tunnel with Access Concentrator. Cyberoam will automatically detect the presence of PPPoE server on the WAN interface. Remove PPPoE Interface configuration 1. Run Wizard from Web Admin Console 2. In the Network Configuration, for the WAN port: 3. Enable option Use Static IP 4. Click Finish to exit from Wizard 5. To confirm log on to Web Admin Console, go to System Configure Network View Interface Details and check under WAN zone

154 154 Cyberoam User Guide Manage Gateway Gateway routes traffic between the networks and if gateway fails, communication with outside Network is not possible. In this case, organization and its customers are left with the significant downtime and financial loss. By default, Cyberoam supports only one gateway. However, since organizations opt for multiple gateways to cope with gateway failure problems, Cyberoam also provides an option for supporting multiple gateways. However, simply adding one more gateway is not an end to the problem. Optimal utilization of all the gateways is also necessary. Cyberoam not only supports multiple gateways but also provides a way to utilize total bandwidth of all the gateways optimally. At the time of installation, you configured the IP address for a default gateway. You can change this configuration any time and configure for additional gateways. Refer to Multi link Configuration Guide for source based static routing. Policy based routing can be done from firewall rule. To view the Gateway details, select System Gateway Manage Gateway(s) Screen Gateway Configuration Screen Elements Gateway Details Gateway Name Gateway IP address and port Save button Cancel button Displays Gateway name Displays IP address and port of the Gateway configured IP address of a device Cyberoam uses to reach devices on different Network, typically a router Saves the modified details Click to save Cancels the current operation and returns to Manage Gateway page Click to cancel Table - Gateway Configuration screen elements

155 155 Cyberoam User Guide DoS Settings Cyberoam provides several security options that cannot be defined by the firewall rules. This includes protection from several kinds of Denial of Service attacks. These attacks disable computers and circumvent security. Denial of Service (DoS) attack is a method hackers use to prevent or deny legitimate users access to a service. DoS attacks are typically executed by sending many request packets to a targeted server (usually Web, FTP, or Mail server), which floods the server's resources, making the system unusable. Their goal is not to steal the information but disable or deprive a device or network so that users no longer have access to the network services/resources. All servers can handle traffic volume up to a maximum, beyond which they become disabled. Hence, attackers send a very high volume of redundant traffic to a system so it cannot examine and allow permitted network traffic. Best way to protect against the DoS attack is to identify and block such redundant traffic. SYN Flood In this attack, huge amount of connections are send so that the backlog queue overflows. The connection is created when the victim host receives a connection request and allocates for it some memory resources. A SYN flood attack creates so many half-open connections that the system becomes overwhelmed and cannot handle incoming requests any more. Click Apply Flag to apply the SYN flood definition and control the allowed number of packets. To generate log, enable DoS Attack logging from Network Logging Management (Telnet Console). By default, the DoS attack logging is Off. To enable logging: 1. Log on to Telnet Console 1. Go to Cyberoam Management>Logging Management>Network Logging Management 2. Enable/On DoS Attack Logging Refer to Cyberoam Console Guide, Logging Management for more details. User Datagram Protocol (UDP) Flood This attack links two systems. It hooks up one system's UDP character-generating service, with another system's UDP echo service. Once the link is made, the two systems are tied up exchanging a flood of meaningless data. Click Apply Flag to apply the UDP flood definition and control the allowed number of packets. To generate log, enable DoS Attack logging from Network Logging Management (Telnet Console). By default, the DoS attack logging is Off. To enable logging: 1. Log on to Telnet Console 2. Go to Cyberoam Management>Logging Management>Network Logging Management 3. Enable/On DoS Attack Logging Refer to Cyberoam Console Guide, Logging Management for more details. TCP attack This attack sends huge amount of TCP packet than the host/victim computer can handle.

156 156 Click Apply Flag to apply the TCP flood definition and control the allowed number of packets. Cyberoam User Guide To generate log, enable DoS Attack logging from Network Logging Management (Telnet Console). By default, the DoS attack logging is Off. To enable logging: 1. Log on to Telnet Console 2. Go to Cyberoam Management>Logging Management>Network Logging Management 3. Enable/On DoS Attack Logging Refer to Cyberoam Console Guide, Logging Management for more details. ICMP attack This attack sends huge amount of packet/traffic than the protocol implementation can handle to the host/victim computer. Click Apply Flag to apply the ICMP flood definition and control the allowed number of packets. To generate log, enable DoS Attack logging from Network Logging Management (Telnet Console). By default, the DoS attack logging is Off. To enable logging: 1. Log on to Telnet Console 2. Go to Cyberoam Management>Logging Management>Network Logging Management 3. Enable/On DoS Attack Logging Refer to Cyberoam Console Guide, Logging Management for more details. Drop Source Routed Packet This will block any source routed connections or any packets with internal address from entering your network. Click Apply Flag to enable blocking. To generate log, enable Dropped Source Routed Packet Logging from Network Logging Management (Telnet Console). By default, the DoS attack logging is Off. To enable logging: 1. Log on to Telnet Console 2. Go to Cyberoam Management>Logging Management>Network Logging Management 3. Enable/On DoS Attack Logging Refer to Cyberoam Console Guide, Logging Management for more details. Disable ICMP redirect packet An ICMP redirect packet is used by routers to inform the hosts what the correct route should be. If an attacker is able to forge ICMP redirect packets, he or she can alter the routing tables on the host and possibly weaken the security of the host by causing traffic to flow via another path. Set the flag to disable the ICMP redirection. To generate log, enable Dropped ICMP Redirected Packet Logging from Network Logging Management (Telnet Console). By default, the DoS attack logging is Off. To enable logging:

157 Log on to Telnet Console 2. Go to Cyberoam Management>Logging Management>Network Logging Management 3. Enable/On DoS Attack Logging Cyberoam User Guide Refer to Cyberoam Console Guide, Logging Management for more details. ARP Flooding This attack sends ARP requests to the server at a very high. Because of this server is overloaded with requests and will not be able to respond to the valid requests. Cyberoam protects by dropping such invalid ARP requests. Threshold values Cyberoam uses threshold value to detect DoS attack. Threshold value depends on various factors like: Network bandwidth Nature of traffic Capacity of servers in the network Threshold = Total number of connections/packet rate allowed to a particular user at a given time When threshold value exceeds, Cyberoam detects it as an attack and the traffic from the said source/destination is blocked till the lockdown period. Threshold is applicable to the individual source/destination i.e. requests per user/ip address and not globally to the complete network traffic. For example, if source threshold is 2500 packets/minute and the network is of 100 users then each source is allowed packet rate of 2500 packets/minute. You can define different threshold values for source and destination. Configuring high values will degrade the performance and too low values will block the regular requests. Hence, it is very important to configure appropriate values for both source and destination IP address. Source threshold Source threshold is the total number of connections/packet rate allowed to a particular user at a given time. Destination threshold Destination threshold is the total number of connections/packet rate allowed from a particular user at a given time. How it works When threshold is crossed, Cyberoam detects it as an attack. Cyberoam provides DoS attack protection by dropping all the excess packets from the particular source/destination. Cyberoam will continue to drop the packets till the attack subsides. Because Cyberoam applies threshold value per IP address, traffic from the particular source/destination will only be dropped while the rest of the network traffic will not be dropped at all i.e. traffic from the remaining IP addresses will not be affected at all. Time taken to re-allow traffic from the blocked source/destination = time taken to subside the attack + 30 seconds

158 158 Cyberoam User Guide Configure DoS Settings Select Firewall DoS Setting Screen DoS Settings Screen Elements Attack type Source Packets Rate (packets/minute) Apply flag Source Packets dropped Destination Packets Rate (packets/minute) Type of Attack Click to view the real time updates on flooding. It displays the source IP address - which was used for flooding and IP address which was targeted. Allowed Packets per minute (Packet rate) If the packet rate exceeds, it is considered as an attack and the rest of the packets are dropped. The specified packet rate is applicable to individual IP address i.e. requests per user and not globally to the complete traffic. Set flag to control allowed number of packets Displays number of packets dropped from the said source Allowed Packets per minute (Packet rate) When the packet rate exceeds, all the excess packets are dropped for the next 30 seconds. You can call this the lockdown period which means the traffic from the destination IP address will be blocked for next 30 seconds. Because Cyberoam applies threshold value per IP address, the traffic from rest of the IP addresses is not blocked. Apply flag Destination dropped Update button Packets The specified packet rate is applicable to individual IP address i.e. requests per user and not globally to the complete traffic. Set flag to control allowed number of packets Displays number of packets dropped at destination Updates Packet rate Updated details will be applied only after restarting the Management services from Console Table DoS Settings screen elements

159 159 Cyberoam User Guide Bypass DoS Settings Cyberoam allows bypassing the DoS rule in case you are sure that the specified source/destination will never be used for flooding or want to ignore if flooding occurs from the specified source. Create DoS bypass rule Select Firewall Bypass DoS Screen Create DoS bypass rule Screen Elements Source and Destination Information Source Domain Source Domain name, IP address or Network on which the DoS rule is not name/ip Address to be applied Source Port Specify source information Specify * if you want to bypass the complete network Specify source port address. Specify * if you want to bypass all the ports Destination Domain name/ip Address Destination Port DoS will not be applied on all the requests from the specified source IP address and port Destination Domain name or IP address on which the DoS rule is not to be applied Specify destination information Specify * if you want to bypass the complete network Specify destination port address.

160 Specify * if you want to bypass all the ports Network Protocol Create button DoS will not be applied on all the requests from the specified destination IP address and port Select protocol whose traffic is to be bypassed for specified source to destination. For example, If you select TCP protocol then DoS rules will not be applied on the TCP traffic from the specified source to destination. Creates the bypass rule Table Create DoS bypass rule screen elements Delete DoS bypass rule Select Firewall Bypass DoS Screen Delete DoS bypass rule Screen Elements Select Select rule for deletion Click Del to select Select All Delete button More than one rule can also be selected Select all rules Click Select All to select all rules Deletes all the selected rules Click to delete Table Delete DoS bypass rule screen elements 160

161 Reset Console Password You can change Telnet Console password from Web based Console or Telnet Console itself. To change password from Telnet Console, refer to Cyberoam Console guide. Select System Reset Console Password Screen - Reset Console Password Screen Elements Reset Console Password GUI Admin Password Specify current GUI Admin password i.e. the password with which Administrator has logged on to Web Admin Console New password Specify new console password Confirm New password Type again the same password as entered in the New password field Submit button Saves new password Click Submit Table - Reset Console Password screen elements 161

162 162 Cyberoam User Guide System Module Configuration Enable/disable services to enhance the network performance and reduce the potential security risk. Do not enable any local services that are not in use. Any enabled services could present a potential security risk. A hacker might find a way to misuse the enabled services to access your network. By default, all the services are enabled. Cyberoam allows enabling/disabling of following services and VPN and Traffic Discovery modules: TFTP - Trivial File Transfer Protocol (TFTP) is a simple form of the File Transfer Protocol (FTP). TFTP uses the User Datagram Protocol (UDP) and provides no security features. PPTP - PPTP (Point to Point Tunneling Protocol) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a VPN tunnel using a TCP/IP based network IRC - IRC (Internet Relay Chat) is a multi-user, multi-channel chatting system based on a client-server model. Single Server links with many other servers to make up an IRC network, which transport messages from one user (client) to another. In this manner, people from all over the world can talk to each other live and simultaneously. DoS attacks are very common as it is an open network and with no control on file sharing, performance is affected. H323 - The H.323 standard provides a foundation for audio, video, and data communications across IPbased networks, including the Internet. H.323 is an umbrella recommendation from the International Telecommunications Union (ITU) that sets standards for multimedia communications over Local Area Networks (LANs) that do not provide a guaranteed Quality of Service (QoS). It enables users to participate in the same conference even though they are using different videoconferencing applications. P2P Traffic Modules - Identifies peer-to-peer (P2P) data in IP traffic. It works together with connection tracking and connection marking which helps in identifying the bigger part of all P2P packets and limit the bandwidth rate. Select Firewall System Modules and enable or disable the required service and modules. Screen System Modules Configuration

163 163 Cyberoam User Guide SNMP Simple Network Management Protocol (SNMP) is used as the transport protocol for network management. Network management consists of network management station/manager communicating with network elements such as hosts, routers, servers, or printers. The agent is the software on the network element (host, router, printer) that runs the network management software. In other words, agent is the network element. The agent will store information in a management information base (MIB). Management software will poll the various network elements/agents and get the information stored in them. The manager uses UDP port 161 to send requests to the agent and the agent uses UDP port 162 to send replies or messages to the manager. The manager can ask for data from the agent or set variable values in the agent. Agents can reply and report events. Cyberoam supports SNMPv1, SNMPv2c and SNMPv3. If SNMP agent is installed, SNMP will collect information in two ways: The SNMP management station/manager will poll the network devices/agents Network devices/agents will send trap/alert to SNMP management station/manager. SNMP terms Trap - Alert that management station receive from the agents. Agent - A program at devices that can be set to watch for some event and send a trap message to a management station if the event occurs SNMP community - Group of SNMP management stations. The community name identifies the group. A SNMP agent may belong to more than one SNMP community. It will not respond to the requests from management stations that do not belong to one of its communities.

164 164 Cyberoam User Guide Cyberoam SNMP Implementation Cyberoam has implemented SNMP in the following ways: Cyberoam will act as an SNMP Agent Cyberoam SNMP agent is to be configured to report system information and send traps (alarms or event messages) to SNMP managers. SNMP manager can access SNMP traps and data from the configured port only. The Cyberoam SNMP implementation is read-only. SNMP v1, v2c and v3 compliant SNMP managers have read-only access to Cyberoam system information and can receive Cyberoam traps. To monitor Cyberoam system information and receive Cyberoam traps, Cyberoam proprietary MIB is to be compiled into SNMP manager. SNMP managers are grouped in SNMP Communities. Cyberoam can support maximum members in each community. Each community has read-only permission for the MIB data. Each Community can support SNMPv1, SNMPv2c or both. You must specify a trap version for each community member. Cyberoam sends traps to all the communities.

165 Cyberoam MIB The Cyberoam SNMP implementation is read-only. SNMP v1, v2c and v3 compliant SNMP managers have read-only access to Cyberoam system information and can receive Cyberoam traps. To monitor Cyberoam system information and receive Cyberoam traps you must compile Cyberoam proprietary MIBs into your SNMP manager. SNMP allows network administrators to monitor the status of the Cyberoam appliance and receive notification of critical events as they occur on the network. The Cyberoam appliance supports SNMPv1, SNMPv2c, and SNMPv3 and custom Management Information Base (MIB). The Cyberoam appliance replies to SNMP Get commands for MIB via configured interface and supports a custom Cyberoam MIB for generating trap messages. The custom Cyberoam MIB is available for download from the Cyberoam Web site and can be loaded into any third-party SNMP management software. The Cyberoam MIB contains fields that report current Cyberoam Appliance status information. The tables below list the names of the MIB fields and describe the status information available for each one. You can view more details about the information available from all Cyberoam MIB fields by compiling the cyberoam.mib file into your SNMP manager and browsing the Cyberoam MIB fields. Cyberoam supports following read-only MIB objects/fields: Cyberoam Appliance MIB fields MIB field (sysinstall) appliancekey appliancemodel cyberoamversion wabcatversion avversion asversion idpversion Appliance key number of the Cyberoam Appliance in use Appliance model number of the Cyberoam Appliance in use The Cyberoam version currently running on the Cyberoam Appliance. The Webcat version installed on the Cyberoam Appliance The antivirus definition version installed on the Cyberoam Appliance The antispam definition version installed on the Cyberoam Appliance The IDP signature definition version installed on the Cyberoam Appliance System MIB fields MIB field (sysstatus) cyberoamopmode The Cyberoam appliance operation mode - Transparent or Bridge systemdate Current date cpupercentageusage diskcapacity diskusage memorycapacity memorypercentageusage The current CPU usage (as a percent) The hard disk capacity (MB) The current hard disk usage (MB) The memory capacity (MB) The current memory utilization (as a percent) 165

166 swapcapacity swappercentageusage hamode liveusers httphits ftphits pop3hits (mailhits) imaphits (mailhits) smtphits (mailhits) pop3service (servicestats) imapservice (servicestats) smtpservice (servicestats) ftpservice (servicestats) httpservice (servicestats) avservice (servicestats) asservice (servicestats) dnsservice (servicestats) haservice (servicestats) IDPService (servicestats) analyzerservice (servicestats) snmpservice (servicestats) The swap capacity (MB) The current swap utilization (as a percent). The current Cyberaom High-Availability (HA) mode (standalone, A-P) The current live connected users i.e. logged on users in Cyberoam Total HTTP hits Total TTP hits Total POP3 hits Total IMAP hits Total SMTP hits The current status of POP3 service The current status of IMAP service The current status of SMTP service The current status of FTP service The current status of HTTP service The current status of AntiVirus service The current status of AntiSpam service The current status of DNS The current status of HA The current status of IDP service The current status of Analyzer The current status of SNMP License MIB fields MIB field (syslicesne) appregstatus (liappliance) appexpirydate (liappliance) supportsubstatus (lisupport) supportexpirydate (lisupport) avsubstatus (liantivirus) supportexpirydate Current Registration status of Cyberoam Appliance Expiry date of the Cyberoam Appliance, if Appliance is the Demo Appliance Current subscription status for Cyberoam Support Subscription Expiry date for Cyberoam Support, if subscribed Current subscription status for AntiVirus module Subscription Expiry date for AntiVirus module, if 166

167 (liantivirus) assubstatus (liantispam) supportexpirydate (liantispam) assubstatus (liidp) supportexpirydate (liidp) assubstatus (liwebcat) supportexpirydate (liwebcat) subscribed Current subscription status for AntiSpam module Subscription Expiry date for AntiSpam module, if subscribed Current subscription status for IDP module Subscription Expiry date for IDP module, if subscribed Current subscription status for Web and Application Filter module Subscription Expiry date for Web and Application Filter module, if subscribed Alert MIB field MIB field (sysalerts) highcpuusage High CPU usage i.e. CPU usage exceed 90% highdiskusage High Disk usage i.e. Disk usage exceed 90% highmemusage httpvirus (avalerts) smtpvirus (avalerts) pop3virus (avalerts) imap4virus (avalerts) ftpvirus (avalerts) linktoggle (dgdalerts) idpalert1 (idpalerts) synflood (dosalerts) tcpflood (dosalerts) udpflood (dosalerts) icmpflood (dosalerts) High Memory usage i.e. memory usage exceed 90% HTTP virus detected by Cyberoam SMTP virus detected by Cyberoam POP3 virus detected by Cyberoam IMAP virus detected by Cyberoam FTP virus detected by Cyberoam Change of link status (up or down) IDP alert DoS attack SYN flood detected by Cyberoam DoS attack TCP flood detected by Cyberoam DoS attack UDP flood detected by Cyberoam DoS attack ICMP flood detected by Cyberoam 167

168 168 Cyberoam User Guide Cyberoam Traps All the SNMP communities added in Cyberoam will receive traps. All traps include the trap message as well as the Cyberoam unit serial number or Cyberoam WAN IP address. To receive traps, SNMP Manager must load and compile the Cyberoam MIB. If SNMP manager has already included standard and private MIBs in a compiled database that is in use then you must add the Cyberoam proprietary MIB to this database. Cyberoam generates the following traps, when the specified events or conditions occur: Trap Message High Disk Usage Disk usage exceed 90%

169 169 Cyberoam User Guide Manage SNMP You can manage the Cyberoam appliance using SNMP. SNMP allows network administrators to monitor the status of the Cyberoam appliance and receive notification of critical events as they occur on the network. The Cyberoam appliance supports SNMPv1, SNMPv2c and SNMPv3 and custom Management Information Base (MIB). The Cyberoam appliance replies to SNMP Get commands for MIB via configured interface and supports a custom Cyberoam MIB for generating trap messages. The custom Cyberoam MIB is available for download from the Cyberoam Web site and can be loaded into any third-party SNMP management software. The Cyberoam SNMP implementation is read-only. SNMP v1,v2c and V3 compliant SNMP managers have read-only access to Cyberoam system information and can receive Cyberoam traps. By default SNMP server is disabled. To start the SNMP server, go to System SNMP Manage SNMP To restart SNMP server automatically on Cyberoam re-start, enable Autostart from System SNMP Manage SNMP Screen Manage SNMP After enabling SNMP: 1. Configure Agent 2. Create SNMP Community if SNMP manager supports protocols v1 and v2c OR Create V3 user if SNMP manager supports protocol v3

170 Configure SNMP Agent Select System SNMP Agent Configuration Screen SNMP Agent Configuration Screen Elements Agent Configuration System Name System Location System Contact Agent Port Specify name to identify the Agent Specify physical location of the Cyberoam Appliance Specify the contact information for the person responsible for the above specified Cyberoam appliance Specify port to be used by Cyberoam to send traps Default Port: 161 Manager Port Specify port that the Remote SNMP Management station/manager can use to connect to the Cyberoam appliance System Specify description Update button Click to save the details Table SNMP Agent Configuration screen elements 170

171 Create SNMP Community Select System SNMP Create Community Screen Create SNMP Community Screen Elements Manager Configuration Community Name Specify name to identify the Community IP Address (Source) Specify IP address of the SNMP Manager that can use the settings in the SNMP community to monitor Cyberoam Protocol Version Enable the required SNMP protocol version support. SNMP v1 and v2c compliant SNMP managers have read-only access to Cyberoam system information and can receive Cyberoam traps Trap Support Enable the required version for trap support. Traps will be sent to the SNMP Managers who support the specified versions only Specify description Create button Click to save the details Table Create SNMP Community screen elements Manage SNMP Community Select System SNMP Manage Community and click the Community to updated 171

172 Screen Manage SNMP Community Screen Elements Manager Configuration Community Name Displays Community name, modify if required IP Address (Source) Displays IP address of the SNMP Manager that can use the settings in the SNMP community to monitor Cyberoam, modify if required Protocol Version Enable the required SNMP protocol version support. SNMP v1 and v2c compliant SNMP managers have read-only access to Cyberoam system information and can receive Cyberoam traps Trap Support Enable the required version for trap support. Traps will be sent to the SNMP Managers who support the specified versions only Specify description Update button Click to update and save the details Table Manage SNMP Community screen elements Delete SNMP Community Select System SNMP Manage Community to view the list of communities created Screen Delete SNMP Community Screen Elements Del Select community for deletion Click Del to select 172

173 Select All Delete button More than one community can also be selected Selects all the communities Click Select All to select all communities Deletes all the selected communities Click to delete Table Delete SNMP Community screen elements 173

174 Create SNMP V3 User Select System SNMP Create V3 User Screen Create SNMP V3 User Screen Elements SNMP V3 User Configuration Username Specify username Password Specify password Confirm Password Type again the same password as entered in the Password field Create button Creates user Table Create SNMP V3 User screen elements Manage SNMP V3 User Select System SNMP Manage V3 User to view list of created users. Click the user whose details are to be updated 174

175 Screen Edit V3 User Screen Elements SNMP V3 User Configuration Username Displays username, modify if required Password Displays password, modify if required Confirm Password Type again the same password as entered in the Password field, if changed Update button Updates and saves the user details Table Edit V3 User screen elements Delete SNMP V3 User Select System SNMP Manage V3 User to view list of created users Screen Delete SNMP V3 User Screen Elements Del Select user to be deleted Click Del to select Select All Delete button More than one user can also be selected Selects all the users Click Select All to select all users Deletes all the selected users Click to delete Table Delete SNMP V3 User screen elements 175

176 176 Cyberoam User Guide Manage Data Backup data Backup is the essential part of data protection. No matter how well you treat your system, no matter how much care you take, you cannot guarantee that your data will be safe if it exists in only one place. Backups are necessary in order to recover data from the loss due to the disk failure, accidental deletion or file corruption. There are many ways of taking backup and just as many types of media to use as well. Cyberoam provides facility of taking regular and reliable data backup. Backup consists of all the policies, logs and all other user related information. Cyberoam maintains five logs: Web surfing log This log stores the information of all the websites visited by all the users User session log Every time the user logs in, session is created. This log stores the session entries of all the users and specifies the login and logout time. Audit log This log stores the details of all the actions performed the User administrating Cyberoam. Refer to Appendix A Audit Log for more details. Virus log This log stores the details of malicious traffic requests received. Set Backup Schedule Select System Manage Data Set Backup Schedule Screen Set Backup schedule

177 Screen Elements Backup of Data only (Does not include Logs) Backup Frequency Backup schedule. Only data backup will be taken. Select any one Daily backup will be send daily Weekly backup will be send weekly Monthly backup will be send monthly Never backup will never be send In general, it is best to schedule backup on regular basis. Depending on how much information you add or change will help you determine the schedule Incremental Backup of Log files only (in CSV format) Backup process only copies what has changed since the last backup. This creates a much smaller backup file. Log Select the logs for backup. Backup of log files will be taken in CSV format. Backup Frequency Set Backup Mode Backup mode Available logs for backup: 1. Web surfing 2. Virus 3. Audit Select any one Daily backup will be send daily Weekly backup will be send weekly Never backup will never be send Specifies how backup should be taken and send Select FTP backup OR Mail backup Only for FTP backup FTP server Specify IP address of FTP server User name Specify User name with which user has to logon to the FTP server Password Specify Password Only for Mail backup To Mail Id Specify address to which the backup is to be mailed Save button Saves the configuration Table Set Backup Schedule screen elements 177

178 178 Cyberoam User Guide Backup Data Select System Manage Data Backup Data Screen Backup Data Screen Elements Backup System Data (Does not include logs) Backup button Takes the recent backup and allows to download Download button Only if backup is taken previously Click Backup data to take backup Download the backup already taken. Also displays date and time of backup Click Download to download To download follow the screen instructions Backup Log (in CSV format) Logs Backup of selected logs will be taken Backup button Select the logs for backup 1. Web surfing 2. Virus 3. Audit Takes the recent backup of logs and allows to download Download button Only if backup is taken previously Click Backup data to take the recent backup Download the backup of logs already taken. Also displays date and time of backup Click Download to download To download follow the screen instructions Table Backup Data screen elements

179 Restore Data With the help of restore facility, restore data from the backup taken. Restoring data older than the current data will lead to the loss of current data. Select System Manage Data Restore Data Screen Restore Data screen Screen Elements Upload Backup File to upload Specify name of backup file to be uploaded Browse button Select the backup file Upload button Uploads the backup file Table - Restore Data screen elements Note Restore facility is version dependant i.e. it will work only if the backup and restore versions are same e.g. if backup is taken from Cyberoam version then restore will work only for version and not for any other version. 179

180 Purge Purging of data means periodic deletion of the data. Cyberoam provides Auto purge and Manual purge facility for deleting log records. Configure Auto purge Utility Select System Manage Data Configure Auto purge utility Screen Configure Auto purge Utility screen Screen Elements Purge Frequency Purge Web surfing logs every Save button Popup Notification Enable Alert Popup Specify number of days after which web surfing log should be purged automatically Saves purging schedule configuration Enabling Popup Notification displays alert popup before purging the logs Click to enable Save button Saves popup alert configuration Download Purged Logs Only if Logs have been Auto purged Download button Allows to download the purged log files Click to download Delete button Deletes the purged log files Table Configure Auto purge Utility screen elements Note System will preserve logs only for the specified number of days and automatically purges the logs generated there after. 180

181 181 Cyberoam User Guide Manual purge Use manual purge to delete log records manually Select System Manage Data Purge Logs Screen Purge Logs screen Screen Elements Purge Select log for purging Web surfing logs User session logs Audit logs Till Date Select the date from Calendar till which the selected log(s) is to be purged Purge button Purges the selected log till the specified date Click Purge to purge Table - Purge Logs screen elements Note Auto purge option is always on

182 182 Cyberoam User Guide Client Services Client Messages Message Management tab allows Administrator to send messages to the various users. Messages help Administrator to notify users about problems as well as Administrative alerts in areas such as access, user sessions, incorrect password, and successful log on and log off etc. Message is send to the User whenever the event occurs. Message can be up to 256 characters and send to the number of users at a time. Select System Configure Client Settings Customize Client Message Screen Customized Client Messages screen Screen Elements Message Key Message code Click Message link to customize the message which will be received by user Click Save to save the changes Click Cancel to cancel the current operation Message Message description Configure Usage to Alert User before Expiration Enter Remaining Alert will be displayed to all the users when the specified data Usage in transfer is remaining Remaining usage can be entered in absolute value or in percentage

183 Data Transfer (MB) Specify remaining data transfer usage when all the users should receive alert. Eg. Absolute Remaining data transfer usage: 20 MB User1: Total Data transfer limit (as defined in Data transfer policy): 150 MB User2: Total Data transfer limit (as defined in Data transfer policy): 640 MB User1 will receive alert when he is left with 20 MB of data transfer i.e has done total data transfer of 130 MB User2 will receive alert when he is left with 20 MB of data transfer i.e has done total data transfer of 620 MB Percentage Remaining data transfer usage: 20% User1: Total Data transfer limit (as defined in Data transfer policy): 150 MB User2: Total Data transfer limit (as defined in Data transfer policy): 640 MB User1 will receive alert when he is left with 30 MB (20% of 150 MB) of data transfer i.e. has done data transfer of 120 MB Cycle Data Transfer (MB) User2 will receive alert when he is left with 128 MB (20% of 640 MB) of data transfer i.e. has done data transfer of 512 MB Specify remaining cycle data transfer usage when all the users should receive alert. Cycle data transfer is the upper limit of total data transfer allowed to the user per cycle. User will be disconnected if the limit is reached. It is applicable the users to whom the cyclic data transfer policies are applied. E.g. Absolute Remaining cycle data transfer usage: 20 MB User1: Cycle Total Data transfer limit (as defined in Data transfer policy): 150 MB User2: Cycle Total Data transfer limit (as defined in Data transfer policy): 640 MB User1 will receive alert when he is left with 20 MB of data transfer per cycle i.e. has done data transfer of 130 MB User2 will receive alert when he is left with 20 MB of data transfer per cycle i.e. has done data transfer of 620 MB Percentage Remaining cycle data transfer usage: 20% User1: Cycle Total Data transfer limit (as defined in Data transfer policy): 150 MB User2: Cycle Total Data transfer limit (as defined in Data transfer policy): 640 MB Save details button User1 will receive alert when he is left with 30 MB (20% of 150 MB) of data transfer per cycle i.e. has done data transfer of 120 MB User2 will receive alert when he is left with 128 MB (20% of 640 MB) of data transfer per cycle i.e. has done data transfer of 512 MB Saves the data transfer alert configuration Table - Customized Client Message screen elements 183

184 List of Predefined messages Messages AlertMessageWithCycleData AlertMessageWithData /Reason Message is sent to the user when the remaining cycle data transfer is equal to the configured value. Value can be configured from Customize Client Messages page. Refer to Client Messages for more details Message is sent to the user when the remaining data transfer is equal to the configured value. Value can be configured from Customize Client Messages page. Refer to Client Messages for more details DeactiveUser Administrator has deactivated the User and the User will not be able to log on DisconnectbyAdmin When the administrator disconnects the user from the live users page InvalidMachine Message is sent if User tries to login from the IP address not assigned to him/her LoggedoffsuccessfulMsg Message is sent when User logs off successfully LoggedonsuccessfulMsg Message is sent when User logs on successfully Loggedinfromsomewhereelse Message is sent if User has already logged in from other machine MaxLoginLimit Message is sent if User has reached the maximum login limit MultipleLoginnotallowed Message is sent if User is not allowed multiple login NotAuthenticate Message is sent if User name or password are incorrect NotCurrentlyAllowed Message is sent if User is not permitted to access at this time Someoneloggedin SurfingtimeExhausted SurfingtimeExpired LiveIPinuse Nmpoolexceedlimit Access Time policy applied to the User account defines the allowed access time and not allowed access at any other time. Message is sent if someone has already logged in on that particular machine Message is sent when User is disconnected because his/her allotted surfing time is exhausted The surfing time duration is the time in hours the User is allowed Internet access that is defined in Surfing time policy. If hours are exhausted, User is not allowed to access Administrator has temporarily deactivated the User and will not be able to log in because User surfing time policy has expired Message is sent if connection is requesting a public IP Address from the server that is already in use Message is sent if the maximum number of IP Addresses in the public Logon Pool at any given time has exceeded the limit Table - List of predefined messages 184

185 Client preferences Use Client preference to specify which page to open every time user logs on to Cyberoam whether HTTP client log on page should pop up if user tries to surf without logging in port from which Web Administration Console can be accessed number of concurrent log on allowed Select System Configure Client Settings Customize Client preferences Screen Customized Client Preferences screen Screen Elements Open following site after client logs on to the server URL Specify URL which is to be opened every time user logs on Update button HTTP Client Pop up HTTP client Leave this field blank, if you do not want to open any specific page every time user logs in Updates configuration Whenever User tries to surf without logging, page with a message Cyberoam Access Denied displayed If HTTP client pop up option is selected, User will get a HTTP Client pop up along with the Cyberoam Access Denied' page. Update button Once User logs on successfully using the HTTP client, user will be able to surf the requested site. Updates configuration 185

186 Web Admin Console Web Admin Console Port Update button Number of Logins Number of Logins Allowed OR Unlimited Login Specify Port number on which Web Admin Console is running Updates configuration Specify number of concurrent logins allowed to all the users OR Allows unlimited concurrent logins Updates configuration Update button Table Customized Client Preferences screen elements Note The preferences set are applicable to all the users by default i.e. by default, all the preferences set will be applicable when the user is created. Refer to Create User, for customizing number of concurrent logins allowed to the particular user. 186

187 187 Cyberoam User Guide Customize Access Deny messages Use to customize Access deny message for: all web categories individual web category all file type categories This customized message will be displayed when user tries to access the site, which is not allowed. 1. Select System Configure Customize Denied Message 2. Select category for which you want to customize access deny message Select All Web categories to display the same access deny message for all the web categories. The message specified for All Web Categories becomes the default message. Select a particular category for which you want to display a different message By default, the message specified for All Web Categories is displayed. Disable Use Default Message, if you want to display a different message for a particular category and modify the message Select All File type category to customize the access deny message for all the file type categories 3. In Denied Message, modify the message contents 4. Click Update to save if any changes are made

188 188 Cyberoam User Guide Upload Corporate logo Use to display your company s logo in all the messages displayed to the user. 1. Select System Configure Customize Denied Message 2. In Top Bar, specify the image to be displayed at the top of the message page. 3. In the Bottom Bar, specify the image to be displayed at the bottom of the message page 4. Click Upload Note Dimension of Image should be 700 * 80 and jpg file only

189 189 Cyberoam User Guide Customize Login message Use to customize login page messages and client login links provided on login page. 1. Select System Configure Customize Login Message 2. Under Client Login Links, select Login Clients that you want to be displayed on Login page. In the login page, download links are provided so that user can download the required login client. If you do not want user to download a particular login client, deselect the link In the Login message box, specify the message to be displayed. You can further customize the message by using clientip address, category and URL 3. Enable Blink Message to display blinking message 4. Before saving the configuration, click Preview and see how message will be displayed to the user 5. Click Save to save the configuration

190 HTTP Proxy Management Proxy server is a kind of buffer between your computer and the internet resources you are accessing. Proxy server accumulates and saves all those files that are most often requested by other Internet users in a Cache. The cache of a proxy server may already contain information you need by the time of your request, making it possible for the proxy to deliver it immediately. Therefore, proxy servers are able to improve the network performance by reducing the access time. Cyberoam can also act as a HTTP proxy server. All visited static sites are cached on the Cyberoam server hard drive. The advantage of a cache server is that it will cache the static web pages once requested and serve them locally when requested next time. Manage HTTP Proxy Select System HTTP Proxy Manage HTTP Proxy Screen - Manage HTTP Proxy Screen Elements Server Status Start button Only if Current Status is Stopped Stop button Only if Current Status is Running Restart button Displays current status of Cache server Click to start Cache server Click to stop Cache server Click to restart Cache server Table - Manage HTTP Proxy screen elements 190

191 191 Cyberoam User Guide Configure HTTP Proxy Use to configure http proxy port configure trusted ports Select System HTTP Proxy Configure HTTP Proxy Screen - Configure HTTP Proxy Screen Elements HTTP Proxy Port Setting HTTP Proxy port Specify proxy port to be used Save button Click to save the port setting Parent Proxy Setting

192 192 Cyberoam User Guide Enable Parent Proxy If enabled all the HTTP requests will be sent to HTTP Proxy Server via Cyberoam. One needs to configure Parent Proxy when the HTTP traffic is blocked by the upstream Gateway. Click to enable IP address Specify IP address of Parent proxy HTTP Proxy Port Specify parent proxy port Save button Click to save the setting HTTP Proxy Trusted Ports Setting Cyberoam allows the access to those sites which are hosted on standard port only if deployed as HTTP proxy. To allow access to the sites hosted on the non-standard ports, you have to define non-standard ports as trusted ports. You can define individual port or range of ports for http and https protocols. Click Add to define non-standard ports Pharming Protection Configuration Enable Pharming Pharming attacks require no additional action from the user from Protection their regular web surfing activities. Pharming attack succeeds by redirecting the users from legitimate web sites instead of similar fraudulent web sites that has been created to look like the legitimate site. Enable to protect against pharming attacks and direct users to the legitimate web sites instead of fraudulent web sites. Save button Click to enable/disable Click to save the port setting Table - Configure HTTP Proxy screen elements Set Default Internet Access Policy Go to System HTTP Proxy Default Policy to specify default internet access policy when Cyberoam is being used as HTTP Proxy

193 Manage Servers Use Services tab to Start/Stop and Enable/Disable Autostart various configured servers. According to the requirement, one can Start, Stop, Enable or Disable the services. Types of the servers available: 1. DHCP 2. Domain Name Server 3. Antivirus server 4. Antispam server 5. Cyberoam server 6. Proxy servers HTTP, SMTP, POP3, IMAP, FTP Select System Manage Services Screen - Manage Services Screen Elements Service name Status Commands Name of the server Status of the respective server Running if server is on Stopped if server is off Starts or stops the respective servers Enables or disables Autostart Action table Button Start Stop Enable Autostart Disable Autostart Restart Shutdown Refer to Action table for details Table - Manage Control Service screen elements Usage Starts the Server whose status is Stopped Stops the server whose status is Started Automatically starts the configured server with the startup of Cyberoam Disables the Autostart process Restarts Cyberoam All the servers with Enable Autostart will restart Shuts down Cyberoam server and all the servers will be stopped Table - Manage Control Service Action 193

194 Monitoring Bandwidth Usage Bandwidth is the amount of data passing through a media over a period. In other words, it is the amount of data accessed by the Users. Each time the data is accessed uploaded or downloaded, the amount is added to the total bandwidth. Because of the limited resource, it needs periodic monitoring. Bandwidth usage graphical report allows Administrator to monitor the amount of data uploaded or downloaded by the Users. Administrator can use this information to help determine: Whether to increase or decrease the bandwidth limit? Whether all the gateways are utilized optimally? Which gateway is underutilized? What type of traffic is consuming the majority of the Bandwidth? Which inbound/ outbound traffic has consumed the most Bandwidth in the last week/month? Select System View Bandwidth usage Screen View Bandwidth Usage Screen Elements Bandwidth report Graph type Generates graph Select any one Gateway wise Displays list of Gateways defined, click the Gateway whose data transfer report is to be generated Logon Pool wise Displays list of Logon Pools defined, click the Logon Pool whose data transfer report is to be generated Total Generates total (all gateways and Logon Pools) data transfer report. Also generates Live user report Graph period Gatewaywise breakup - Generates total (all gateways) data transfer report. Generates graph based on time interval selected Click Graph period to select Table - Bandwidth usage screen elements 194

195 195 Cyberoam User Guide It generates eight types of graphical reports: 1. Live users - Graph shows time and live users connected to Internet. In addition, shows minimum, maximum and average no. of users connected during the selected graph period. This will help in knowing the peak hour of the day. X axis Hours Y axis No. of users Peak hour Maximum no. of live users Screen - Bandwidth usage - Live Users graph 2. Total data transfer Graph shows total data transfer (upload + download) during the day. In addition, shows minimum, maximum and average data transfer. X axis Hours Y-axis Total data transfer (upload + download) in KB/Second Maximum data transfer Minimum data Screen - Bandwidth usage - Total Data transfer graph

196 196 Cyberoam User Guide 3. Composite data transfer Combined graph of Upload & Download data transfer. Colors differentiate upload & download data traffic. In addition, shows the minimum, maximum and average data transfer for upload & download individually X axis Hours Y-axis Upload + Download in Bits/Second Orange Color - Upload traffic Blue Color Download traffic Screen - Bandwidth usage - Composite Data transfer graph 4. Download data transfer Graph shows only download traffic during the day. In addition, shows the minimum, maximum and average download data transfer. X axis Hours Y-axis Download data transfer in Bits/Second Screen - Bandwidth usage - Download Data transfer graph

197 197 Cyberoam User Guide 5. Upload data transfer - Graph shows only upload traffic during the day. In addition, shows minimum, maximum and average upload data transfer. X axis Hours Y-axis Upload data transfer in Bits/Second Screen - Bandwidth usage - Upload Data transfer graph 6. Integrated total data transfer for all Gateways Combined graph of total (Upload + Download) data transfer for all the gateways. Colors differentiate gateways. In addition, shows the minimum, maximum and average data transfer of individual gateway X axis Hours Y-axis Total (Upload + Download) data transfer in Bits/Second Orange Color Gateway1 Blue Color Gateway2

198 198 Cyberoam User Guide 7. Integrated Download data transfer of all Gateways Graph shows only the download traffic of all the gateways during the day. In addition, shows the minimum, maximum and average download data transfer. X axis Hours Y-axis Download data transfer in Bits/Second Orange Color Gateway1 Blue Color Gateway2 8. Integrated Upload data transfer for all the Gateways - Graph shows only the upload traffic of all the gateways during the day. In addition, shows minimum, maximum and average upload data transfer. X axis Hours Y-axis Upload data transfer in Bits/Second Orange Color Gateway1 Blue Color Gateway2

199 199 Cyberoam User Guide Migrate Users Cyberoam provides a facility to migrate the existing users from PDC or LDAP server. Alternately, you can also import user definition from an external file (CSV format file). If you do not want to migrate users, configure for Automatic User creation. This reduces Administrator s burden of creating the same users again in Cyberoam. Migration from PDC server All the migrated users will be created under Group type Normal and default policies will be applied. Administrator can change the assigned group or status at the time of migration or later. After migration, Username will be set as password in Cyberoam. Select User Migrate Users to open migration page Step 1: Click Download User Migration Utility link Screen - Download User Migration Utility Step 2: Opens the File Download window and prompts to run or save the utility. Select the appropriate option and click OK button Screen - Save User Migration Utility Step 3: Opens a new browser window and prompts for the login. Provide the administrator username and

200 200 Cyberoam User Guide password. E.g. Username: cyberoam and password: cyber Step 4: On successful authentication, following screen will be shown. Upload the specified file. Screen Upload downloaded User Migration Utility Step 5: Change the group or status of the user at this stage, if required. To migrate all the users, click Select All or select the individual users and click Migrate Users. Note After migration, for Cyberoam login password will be same as the username Once the users are migrated, configure for single sign on login utility.the configuration is required to be done on the Cyberoam server. Migration from External file Instead of creating user again in Cyberoam, if you already have User details in a CSV file then you can upload CSV file. CSV file should be in the following format: 1. Header (first) row should contain field names. Format of header row: Compulsory first field: username Optional fields in any order: password, name, groupname 2. Subsequent rows should contain values corresponding to the each field in header row 3. Number of fields in each row should be same as in the header row 4. Error will be displayed if data is not provided for any field specified in the header 5. Blank rows will be ignored 6. If password field is not included in the header row then it will set same as username 7. If name field is not included in the header row then it will set same as username 8. If groupname is not included in the header row, administrator will be able to configure group at the time of migration Step 1 Upload CSV file Select System Migrate User to open migration page

201 201 Cyberoam User Guide Screen Upload CVS file Step 2 Change Group or Active status of user at this stage, if required. To migrate all the users, click Select All or select the individual users and click Migrate Users. Screen - Register migrated users from External file If migration is successful, Manage Active User page will be displayed with all the migrated users as Active users.

202 202 Cyberoam User Guide Customization Schedule PART 3 Schedule defines a time schedule for applying firewall rule or Internet Access policy i.e. used to control when firewall rules or Internet Access policies are active or inactive. Types of Schedules: Recurring use to create policies that are effective only at specified times of the day or on specified days of the week. One-time - use to create firewall rules/policies that are effective once for the period of time specified in the schedule. Define Schedule Select Firewall Schedule Define Schedule to open define schedule page Screen - Define One Time Schedule

203 Screen Elements Schedule details Name Schedule Type Start time & Stop time (only if Schedule Type is One Time ) Create button Specify schedule name. Choose a name that best describes schedule Specify type of schedule Recurring applied at specified times of the day or on specified days of the week One time applied only once for the period of time specified in the schedule Defines start and stop time for the schedule Start & stop time cannot be same Specify full description of schedule Creates schedule Add Schedule Entry details Refer to Add Schedule Entry details to add time details Table - Define Schedule screen elements Select Firewall Schedule Manage Schedule to view the list of schedule and click the Schedule name in which the schedule entry details is to be added. 203

204 Screen Add Schedule Entry details Screen Elements Schedule Entry Weekday Start time & Stop time Select weekday Defines the access hours/duration Start & stop time cannot be same Add Schedule detail Attaches the schedule details for the selected button weekday to the schedule Cancel button Cancels the current operation Table Add Schedule Entry details screen elements 204

205 Manage Schedule Use to modify: 1. Schedule Name Add Schedule Entry details 4. Delete Schedule Entry details Select Firewall Schedule Manage Schedule and click Schedule name to be updated Screen - Manage Schedule Screen Elements Schedule details Schedule name Schedule description Schedule Entry Add button Delete button Displays schedule name, modify if required Displays schedule description, modify if required Allows to add the schedule entry details Refer to Add Schedule Entry details for more details Allows to delete the schedule entry details Save button Cancel button Refer to Delete Schedule Entry details for more details Saves schedule Cancels the current operation and returns to Manage Schedule page Table - Manage Schedule screen elements 205

206 Delete Schedule Entry details Screen Delete Schedule Entry details Screen Elements Del Select Schedule Entry detail to be deleted Click Del to select Schedule Entry details Select All More than one Schedule Entry details can also be selected Selects all the Schedule Entry details Click Select All to select all the Schedule Entry details Delete button Deletes the selected Schedule Entry detail(s) Table - Delete Schedule Entry details screen elements 206

207 Delete Schedule Select Firewall Schedule Manage Schedule to view the list of Schedules Screen - Delete Schedule Screen Elements Del Select schedule to be deleted Click Del to select schedule Select All Delete button More than one schedule can also be selected Selects all the schedules Click Select All to select all the schedules Deletes the selected schedule(s) Table - Delete Schedule screen elements 207

208 Services Services represent types of Internet data transmitted via particular protocols or applications. Protect your network by configuring firewall rules to block services for specific zone limit some or all users from accessing certain services allow only specific user to communicate using specific service Cyberoam provides several standard services and allows creating: Customized service definitions Firewall rule for customized service definitions Define Custom Service Select Firewall Services Create to open the create page Screen - Define Custom Service Screen Elements Create Service Service Name Select Protocol Specify service name Select the type of protocol Create button Cancel button For IP - Select Protocol No. For TCP - Specify Source and Destination port For UDP - Specify Source and Destination port For ICMP Select ICMP Type and Code Specify service description Creates a new service Cancels the current operation and returns Manage Service Table Define Custom Service screen elements 208

209 Manage Custom Service Use to modify: Add Protocol details 3. Delete Protocol details Select Firewall Services Manage to view the list of custom services. Click service to be modified Screen - Update Custom Service Screen Elements Custom Service Service Name Protocol Details Add button Displays service name Displays description, modify if required Allows to add protocol details Click to add Delete button Save button Cancel button Select protocol For IP - Select Protocol No. For TCP - Specify Source and Destination port For UDP - Specify Source and Destination port For ICMP Select ICMP Type and Code Click Add Allows to delete protocol details Click to delete against the protocol details to be deleted Click Delete Updates the modified details Cancels the current operation Table - Update Custom Service screen elements 209

210 Delete Custom Service Select Firewall services Manage to view the list of services. Screen - Delete Custom Service Screen Elements Del Select the Service for deletion More than one services can be selected Select All Delete button Click to select Allows to select all the services for deletion Click to select Deletes all the selected service(s) Click to delete Table - Delete Custom Service screen elements Note Default Services cannot be deleted 210

211 Create Service Group Service Group is the grouping of services. Custom and default services can be grouped in a single group. Use to configure firewall rules to block group of services for specific zone limit some or all users from accessing group of services allow only specific user to communicate using group of service Select Firewall Service Group Create to open the create page Screen Create Service Group screen Screen Elements Create Service Group Service Group Name Select Service Specify service group name Select the services to be grouped. Available Services column displays the services that can be grouped Using right arrow button move all the services that are to be grouped in the Member Services list Create button Cancel button Member Services column displays the services that will be grouped Specify group description Creates a new service group Cancels the current operation and returns Manage Service Group page Table Create Service Group screen elements 211

212 Update Service Group Select Firewall Service Group Manage to view the list of groups created. Click the group to be modified Screen Edit Service Group Screen Elements Edit Service Group Service Group Name Select Service Displays service group name Displays grouped services Available Services column displays the services that can be grouped Using right arrow button move all the services that are to be grouped in the Member Services list Save button Cancel button Member Services column displays the services that will be grouped Displays group description, modify if required Saves the modified details Cancels the current operation and returns Manage Service Group page Table Edit Service Group screen elements 212

213 Delete Service Group Select Firewall Service Group Manage to view the list of groups created. Screen Delete Service Group Screen Elements Del Select the group for deletion More than one groups can be selected Select All Delete button Click to select Allows to select all the groups for deletion Click to select Deletes all the selected group(s) Click to delete Table Delete Service Group 213

214 214 Cyberoam User Guide Categories Cyberoam s content filtering capabilities prevent Internet users from accessing non-productive or objectionable websites that take valuable system resources from your network at the same time prevents hackers and viruses that can gain access to your network through their Internet connections. Cyberoam lets you prevent Internet users from accessing URLs that contain content the company finds objectionable. Cyberoam s Categories Database contains categories covering Web page subject matter as diverse as adult material, astrology, games, job search, and weapons. It is organized into general categories, many of which contain collections of related Internet sites with specific content focus. In other words, database is a collection of site/host names that are assigned a category based on the major theme or content of the site. Categories Database consists of three types: Web category Grouping of Domains and Keywords. Default web categories are available for use only if Web and Application Filter subscription module is registered. File Type category Grouping of File extensions Application protocol Grouping of protocols. Standard protocol definitions are available for use only if Web and Application Filter subscription module is registered. Apart from the default categories provided by Cyberoam, custom category can also be created if required. Creating custom category gives increased flexibility in managing Internet access for your organization. After creating a new category, it must be added to a policy so that Cyberoam knows when to enforce it and for which groups/users.

215 215 Cyberoam User Guide Web Category Web category is the grouping of Domains and Keywords used for Internet site filtering. Domains and any URL containing the keywords defined in the Web category will be blocked. Each category is grouped according to the type of sites. Categories are grouped into four types and specifies whether accessing sited specified those categories is considered as productive or not: Neutral Productive Non-working Un-healthy For your convenience, Cyberoam provides a database of default Web categories. You can use these or even create new web categories to suit your needs. To use the default web categories, the subscription module Web and Application Filter should be registered. Depending on the organization requirement, allow or deny access to the categories with the help of policies by groups, individual user, time of day, and many other criteria. Custom web category is given priority over default category while allowing/restricting the access. Search URL Use Search URL to search whether the URL is categorized or not. It searches the specified URL and displays Category name under which the URL is categorized and category description. When a custom category is created with a domain/url which is already categorized in default category then the custom category overrides the default category and the search result displays custom category name and not the default category name. Select Categories Web Category Search URL Screen Search URL

216 216 Cyberoam User Guide Manage Default Web Category Default Web categories are available for use only if Web and Application Filter subscription module is registered. Database of web categories is constantly updated by Cyberoam. If the module is not registered, page is displayed with the message Web and Application Filter module is not registered. See Register Add on Modules for registering Web and Application Filter module. Module can also be registered as Demo version if you have yet not purchased but will expire after 15 days of registration. Once the module is registered, the default categories can be used in Internet Access for filtering. Select Categories Web Category Manage Default to view list of default Web Categories Screen - Manage Default Web Category Note Default Web categories cannot be modified or deleted. Custom web category is given the priority over the default category while allowing/restricting access.

217 Create Custom Web category Select Categories Web Category Create Custom to open create page Screen - Create Custom Web Category Screen Elements Create Custom Web Category Name Specify Web category name Specify full description Category type Categories are grouped into four types and specifies whether accessing sites specified in those categories is considered as Neutral, Productive, Non-working or Un-healthy Select category type 217

218 Create button Creates a new custom Web Category. Web Category configuration is incomplete until domain names or keywords are attached Domain Management Add button Use to define domains for the web category. Depending on the user s Internet access policy, accessing specified domain(s) will be allowed or denied. Click to add Refer to Add Domain(s) for more details Keywords Management Add button Use to define keywords for the web category. Depending on the user s Internet access policy, accessing sites with the specified keyword(s) will be allowed or denied. Click to add Update button Cancel button Refer to Add Keyword(s) for details Saves the web category Cancels the current operation and returns to View Web Category page Table - Create Web Category screen elements Note Custom category name cannot be same as default category name. Add Domain Screen - Add Domain Screen Elements Domains Management Domains Specify domains for the category. Depending upon the Internet access policy and schedule strategy any site falling under the specified domain will be allowed or blocked access. Add Domain button Assigns domains to the web category Cancel button Cancels the current operation Table - Add Domain screen elements 218

219 Note Domains can be added at the time of creation of web category or whenever required. Add Keyword Screen - Add keyword Screen Elements Keywords Management Keywords Specify domains for the category. Depending on the Internet access policy and schedule strategy any site falling under the specified domain will be allowed or blocked access Add button Assigns keywords to the Web Category Cancel button Cancels the current operation Table - Add keyword screen elements Note Keywords can be added at the time of creation of web category or whenever required. 219

220 Manage Custom Web Category Use to modify: Add Domains 3. Delete Domains 4. Add Keywords 5. Delete Keywords Select Categories Web Category Manage Custom to view the list of Web categories and click Web Category to be modified Screen - Manage Custom Web category Screen Elements Update Custom Web Category Name Displays name of the web category, modify if required Displays description of the Category Category type Categories are grouped into four types and specifies whether accessing sites specified in those categories is considered as Neutral, Productive, Non-working or Un-healthy Select category type Domain Management Add button Allows to add domain name(s) to the web category Click to add Delete button Refer to Add Domains for details Allows to remove domain name(s) from the web category Click to remove Refer to Delete Domains for details 220

221 Keywords Management Add button Allows to add keyword(s) to the web category Click to add Delete button Refer to Add Keywords for details Allows to remove keywords from the web category Click to remove Update button Cancel button Refer to Delete Keywords for details Modifies and saves the updated details Click to Update Cancels the current operation and returns to the Manage Custom Web Category page Table - Update Custom Web category screen elements Delete Domain Screen Delete Domain Screen Elements Select Select All button Delete button Click all the domains required to be removed Allows to select all the domains for deletion Click Select All to select all domains Remove(s) domains from the web category Click to remove Table Delete Domain screen elements 221

222 Delete Keyword Screen - Delete keyword Screen Elements Select Select All button Delete button Click all the keywords required to be removed Allows to select all the keywords for deletion Click Select All to select all keywords Remove(s) keywords from the web category Click to remove Table - Delete keywords screen elements 222

223 Delete Web Category Prerequisite Not attached to any Policy Select Categories Web Category Manage Custom to view the list of Web Categories. Screen - Delete Custom Web Category Screen Elements Del Select web category to be deleted More than one web category can be selected Select All Delete button Click to select Allows to select all the web categories for deletion Click to select Deletes all the selected web categories Click to delete Table - Delete Custom Web Category screen elements 223

224 224 Cyberoam User Guide File Type Category File type is a grouping of file extensions. Cyberoam allows filtering Internet content based on file extension. For example, you can restrict access to particular types of files from sites within an otherwisepermitted category. For your convenience, Cyberoam provides several default File Types categories. You can use these or even create new categories to suit your needs. Depending on the organization requirement, allow or deny access to the categories with the help of policies by groups, individual user, time of day, and many other criteria. Manage Default File Type Category Cyberoam provides five default File Type categories that cannot be modified or deleted. Select Categories File Type Category Manage Default to view the list of default File Type Categories. Click the Category to view extensions included in the Category. Screen Manage Custom File Type Category

225 Create Custom File Type Category Select Categories File Type Category Create Custom to open the create page Screen - Create Custom File Type Category Screen Elements Custom File Type details Name Assign name to File Type Category File Extensions Specify file extensions to be included in the File Type Category Extensions defined here will be blocked or filtered Specify full description Create button Creates a new File Type Category Cancel button Cancels the current operation and returns to Manage Custom File Type Category page Table - Create Custom File Type screen elements 225

226 Manage Custom File Type Category Use to modify: 1. File Extensions 2. Select Categories File Type Category Manage Custom to view the list of File Type Categories and click File Type Category to be modified. Screen - Manage Custom File Type Category Screen Elements Update Custom File Type Category Name Displays name of the File Type Category, modify if necessary File Extensions Displays file extension(s) added to the Category, modify if required Displays description of Category Update button Modifies and saves the updated details Cancel button Click to Update Cancels the current operation and returns to the Manage Custom File Type Category page Screen - Manage Custom File Type Category 226

227 Delete Custom File Type Category Prerequisite Not attached to any Policy Select Categories File Type Category Manage Custom to view the list of File Type Categories created Screen - Delete Custom File Type Category Screen Elements Del Select All button Delete button Click all the File Types required to be deleted Allows to select all the File Types for deletion Click Select All to select all File Types Delete(s) the File Type Category Click to delete Table - Delete Custom File Type screen elements 227

228 228 Cyberoam User Guide Application Protocol Category Application Protocol Category is the grouping of Application Protocols used for filtering Internet content. You can also filter Internet requests based on protocols or applications other than HTTP, HTTPS or FTP, for example those used for instant messaging, file sharing, file transfer, mail, and various other network operations. For your convenience, Cyberoam provides a database of default Application Protocol categories. To use the default Application Protocol categories, the subscription module Web and Application Filter should be registered. You can also create: Customized Application protocol category, if required Firewall rule based on customized Application protocol category Manage Default Application Protocol Category Default Application protocol categories are available for use only if Web and Application Filter subscription module is registered. Database of protocol category is constantly updated by Cyberoam. If the module is not registered, page is displayed with the message Web and Application Filter module is not registered. See Register Add on Modules for registering Web and Application Filter module. Module can also be registered as Demo version if you have yet not purchased but will expire after 15 days of registeration. Once the module is registered, the default protocol categories can be used in Internet Access for filtering. Default Application protocol category cannot be modified or deleted. Select Categories Application Protocol Category Manage Default to view the list of default Application protocols Categories Screen - Manage Default Application Protocol Category

229 Create Custom Application Protocol Category Select Categories Application Protocol Category Create Custom to open the create page Screen - Create Custom Application Protocol Category Screen Elements Custom Application Protocol Category Name Specify name to Application Protocol Category Specify full description Create button Creates a new custom Application Protocol Category Application Protocol details Add button Use to assign application protocols to Category for blocking. Select application protocol you want to include in a Category. Cyberoam gives access to the Category based on the Schedule. 229

230 230 Cyberoam User Guide Allows to add application protocol(s) to Category Click to add Refer to Add Custom Application Protocol details for more details Update button Saves Application Protocol Category Cancel button Cancels the current operation and returns to View Custom Application Protocol Category page Table Create Custom Application Category screen elements Note Custom category name cannot be same as default category name. Add Custom Application Protocol Details Screen Add Custom Application Protocol Category details Screen Elements Custom Application Protocol details Application Select Application Protocols that are to be grouped in the Category. Destination Address Add button Cancel button IP Custom and Default both can be grouped in a single Application Protocol Category Specify destination IP Address Groups the application protocols in the Category Cancels the current operation Table Add Custom Application Protocol Category details

231 Manage Custom Application Protocol Category Use to modify: Add Application Protocol details 3. Delete Application Protocol details Select Categories Application Protocol Category Manage Custom to view the list of custom Application Protocol Categories. Click Application Protocol Category to be modified. Screen Manage Custom Application Protocol Category Screen Elements Update Custom Application Protocol Category Name Displays name of Application Protocol Category, modify if necessary Displays description of the Category Application Protocol Details Add button Allows to add Application Protocol(s) to Category Click to add Delete button Refer to Add Custom Application Protocols for details Allows to remove Application Protocol(s) from Category Click to remove Update button Refer to Delete Custom Application Protocol for details Modifies and saves the updated details Click to Update Cancel button Cancels the current operation and returns to the Manage Custom Application Protocol Category page Table Manage Custom Application Protocol Category screen elements 231

232 Delete Custom Application Protocol Category details Screen Delete Application Protocol Category details Screen Elements Del Select All button Delete button Click Application Protocol(s) required to be deleted Allows to select all Application Protocol(s) for deletion Click Select All to select all Application Protocol(s) Delete(s) Application Protocol(s) Click to delete Table Delete Application Protocol Category screen elements 232

233 Delete Custom Application Protocol Category Prerequisite Not attached to any Policy Select Categories Application Protocol Category Manage Custom to view the list of Application Protocol Categories created Screen - Delete Custom Application Protocol Category Screen Elements Del Select Category to be deleted More than one Category can be selected Select All Delete button Click to select Allows to select all the Categories for deletion Click to select Deletes all the selected Categories Click to delete Table - Delete Custom Application Protocol Category screen elements 233

234 234 Cyberoam User Guide Access Control Use Local ACLs to limit the Administrative access to the following Cyberoam services from LAN/WAN/DMZ: Admin Services Authentication Services Proxy Services Network Services Default Access Control configuration When Cyberoam is connected and powered up for the first time, it will have a default Access configuration as specified below: Admin Services HTTPS (TCP port 443) and SSH (TCP port 22) services will be open for administrative functions for LAN zone Authentication Services Cyberoam (UDP port 6060) and HTTP Authentication (TCP port 8090) will be open for User Authentication Services for LAN zone. User Authentication Services are not required for any of the Administrative functions but required to apply user based internet surfing, bandwidth and data transfer restrictions. Customize Access Control configuration Use access control to limit the access to Cyberoam for administrative purposes from the specific authenticated/trusted networks only. You can also limit access to administrative services within the specific authenticated/trusted network. Select Firewall Local ACL Screen Access Configuration Screen Elements

235 Admin Services Enable/disable access to Cyberoam using following service from the specified zone and network: HTTP HTTPS Telnet Authentication Services Enable/disable following service from the specified zone and network: Cyberoam HTTP Proxy Services Enable/disable HTTP service from the specified zone and network Network Services Enable/disable following service from the specified zone and network: DNS ICMP Update button Add button Saves configuration Allows to add the trusted networks from which the above specified services will be allowed/disallowed Click Add to add network details Specify Network IP address and Zone Click Add Table Access Configuration screen elements 235

236 Syslog Configuration Syslog is an industry standard protocol/method for collecting and forwarding messages from devices to a server running a syslog daemon usually via UDP Port 514. The syslog is a remote computer running a syslog server. Logging to a central syslog server helps in aggregation of logs and alerts. Cyberoam appliance can also send a detailed log to an external Syslog server in addition to the standard event log. The Cyberoam Syslog support requires an external server running a Syslog daemon on any of the UDP Port. The Cyberoam captures all log activity and includes every connection source and destination IP address, IP service, and number of bytes transferred. A SYSLOG service simply accepts messages, and stores them in files or prints. This form of logging is the best as it provides a Central logging facility and a protected long-term storage for logs. This is useful both in routine troubleshooting and in incident handling. Select System Syslog Configuration Screen Elements Syslog Configuration Syslog Configuration Syslog Server Click to enable syslog service Specify IP address of the syslog server. Messages from the Cyberoam will be sent to the server. 236

237 237 Cyberoam User Guide Syslog Port Syslog Facility Default: Specify the port number for communication with the syslog server. Default: 514 Select facility to be used. Cyberoam supports following facilities for log messages received from remote servers and network devices. DAEMON - Daemon logs (Information of Services running in Cyberoam as daemon) KERN Kernel log LOCAL0 LOCAL7 Log level Syslog Level USER - Logging on the basis of users who are connected to Server Specify the level of the messages logged. Cyberoam logs all messages at and above the logging severity level you select. EMERGENCY - System is not usable ALERT - Action must be taken immediately CRITICAL - Critical condition ERROR - Error condition WARNING - Warning condition NOTICE - Normal but significant condition INFORMATION - Informational DEBUG Debug - level messages Network Logging Management DoS attack Log The DoS Attack Log records attacks detected and prevented by the Cyberoam i.e. dropped TCP, UDP and ICMP packets. Invalid Traffic Log To generate DoS attack log: Click to enable logging Go to Firewall>Denial of Service>DoS Settings and click Apply Flag against SYN Flood, UDP flood, TCP flood, and ICMP flood individually Log records the dropped traffic that does not follow the protocol standards, invalid fragmented traffic and traffic whose packets Cyberoam is not able to relate to any connection. Firewall Rules Log Local ACL Log Dropped ICMP Redirected Packet Log Click to enable logging Log records the traffic, both permitted and denied by the firewall rule. To generate firewall rule logs, enable logging from Network Logging Management (Telnet Console). Log records the entire (allowed and dropped) incoming traffic and traffic for the firewall Click to enable logging Log records all the dropped ICMP redirect packets. To generate log: Click Dropped ICMP Redirected Packet Logging

238 Dropped Source Routed Packet Log Update button Go to Firewall>Denial of Service>DoS Settings and click Apply Flag against Disable ICMP redirect Packets' Log records all the dropped source routed packets. To generate log: Click Dropped Source Routed Packet Logging Go to Firewall>Denial of Service>DoS Settings and click Apply Flag against Drop Source Routed Packets Click to save the configuration 238

239 239 Cyberoam User Guide Product Licensing & Updates Product Version information Check which version of the Cyberoam is installed on your computer, and determine the appliance key. Click Cyberoam icon (on the rightmost corner of the screen) to get the information. Screen About Cyberoam

240 240 Cyberoam User Guide Upgrade Cyberoam Cyberoam provides two types of upgrades: Automatic Correction to any critical software errors, performance improvement or changes in system behavior leads to automatic upgrade of Cyberoam without manual intervention or notification. Manual Manual upgrades requires human intervention. Automatic Upgrade By default, AutoUpgrade mode is ON. It is possible to disable the automatic upgrades. Follow the procedure to disable the AutoUpgrade mode: 1. Log on to Telnet Console 2. Go to option 4 Cyberoam Console 3. At the prompt, type the command, cyberoam autoupgrade off Manual Upgrade Step 1. Check for Upgrades Press F10 to go to Dashboard from any of the screens. Under the Installation Information section, click Check for Upgrades

241 241 Cyberoam User Guide Page displays the list of available upgrades and the upgrade details like release date and size. Order specifies the sequence in which Cyberoam should be upgraded. Step 2. Download Upgrade Click Download against the version to be downloaded and follow the on screen instructions to save the upgrade file. Step 3. Upload downloaded version to Cyberoam Select Help Upload Upgrade Type the file name with full path or select using Browse and click Upload

242 242 Cyberoam User Guide Screen - Upload Upgrade version Step 4. Upgrade Once the upgrade file is uploaded successfully, log on to Console to upgrade the version. Log on to Cyberoam Telnet Console. Type 6 to upgrade from the Main menu and follow the on-screen instructions. Successful message will displayed if upgraded successfully. Repeat above steps if more than one upgrade is available. If more than one upgrade is available, please upgrade in the same sequence as displayed on the Available Upgrades page.

243 243 Cyberoam User Guide Licensing You need a customer account to register your Cyberoam appliance avail 8 X 5 support register subscription modules subscribe for free 30-days Trial subscription Select Help Licensing to view the list of subscription modules. Screen shows licensing status of Appliances and subscription modules along with the subscription expiry date if subscribed. Screen Licensing Status - Registered Appliance registered Status - Unregistered Appliance not registered Status - Subscribed - Module subscribed Status - Unsubscribed - Module not subscribed Status - Trial - Trial subscription Status - Expired - Subscription expired

244 244 Cyberoam User Guide Create Customer account and register appliance Select Help Licensing and click Register against your appliance name. You need to create a customer account to register appliance. If you have already created an account, type your username and password to register appliance and click register

245 If you have not created account, fill in the form to create your customer account and register appliance. Screen Registration Screen Elements Appliance Registration form Appliance key Displays Appliance key Appliance Model No. Displays Appliance model number ID Specify ID Password Company name Contact person Address, City, State, Country, Zip, Phone, Fax Account will be created with this id and will be username for customer my account. Specify password for your account and retype to confirm. Remember to choose a password that is easy for you to remember but hard for others to guess. Specify company name under whose name appliance is to be registered Cannot be modified Specify name of the contact person in the company Specify complete address of the company 245

246 246 Cyberoam User Guide Secret Question and Question and answer related to your password Answer This question will be mailed to the customer in case he forgets his password. If customer s reply to the question matches the answer, new password will be mailed at his id. External Proxy Server Information Configure for proxy server if HTTP Proxy Server is used to connect to Web Proxy Server Specify HTTP proxy server setting (name or IP address) to connect to Cyberoam registration server Proxy Port Specify port number if proxy server is running on the port than other than the default port (80) Username and Specify username and password to be used to log on to proxy Password server (if configured) Register button This process will create user account and register the appliance Table - Registration screen elements Subscribe Modules Cyberoam includes following Subscription modules, which are not included in basic package: Intrusion Detection and Prevention Gateway Anti Virus Gateway Anti Spam Web and Application Filter Customer has to procure a different license and subscribe for using any of the Subscription modules. You can also subscribe for the 30-days free Trial subscription of any of the modules. Prerequisite Account created Appliance registered Select Help Licensing and click Subscribe against the module to be subscribed.

247 247 Cyberoam User Guide Screen Subscribe Module Screen Subscribe Trial Module Screen Elements Subscribe Appliance key Displays Appliance key Appliance Model No. Displays Appliance model number Module Displays module name to be subscribed Registered ID and Specify ID and password of your registered account Password Subscription Key Specify subscription key of the module obtained from Sales person (Only if you have purchased the module) External Proxy Server Information Configure for proxy server if HTTP Proxy Server is used to connect to Web Proxy Server Specify HTTP proxy server setting (name or IP address) to connect to Cyberoam registration server Proxy Port Specify port number if proxy server is running on the port than other than the default port (80) Username and Specify username and password to be used to log on to proxy Password server (if configured) Subscribe/Trial button Registers the specified module Table Subscribe Module

248 248 Cyberoam User Guide Download Clients Cyberoam Client supports Users using following platforms: Windows Enables Users using Windows Operating System to log-on to Cyberoam Server Linux Enables Users using Linux Operating System to log-on to Cyberoam server HTTP Enables Users using any other Operating System than Windows & Linux to log-on to Cyberoam Server Single Sign on Client Enables Windows-migrated Users to log on to Cyberoam using Windows Username and password. Single Sign on Client Auto Setup Download the setup. Depending on the requirement, download the Cyberoam Client. Select Help Downloads to download Cyberoam Client Screen Download Clients

249 249 Cyberoam User Guide Documentation Select Help Guides to download various guides Screen Download Cyberoam Guides

250 250 Cyberoam User Guide Appendix A Audit Log Audit logs are an important part of any secure system that provides an invaluable view into the current and past state of almost any type of complex system, and they need to be carefully designed in order to give a faithful representation of system activity. Cyberoam Audit log can identify what action was taken by whom and when. The existence of such logs can be used to enforce correct user behavior, by holding users accountable for their actions as recorded in the audit log. An audit log is the simplest, yet also one of the most effective forms of tracking temporal information. The idea is that any time something significant happens you write some record indicating what happened and when it happened. Audit logs can be accessed in two ways: 1. Log on to Cyberoam Web Admin Console and click Reports to open the reports page in a new window Screen - Reports 2. Log on to Reports, click on the Reports link to open the reports login page in a new window Screen Reports Login

251 251 Cyberoam User Guide Viewing Log details Tailor the report by setting filters on data by arbitrary date range. Use the Calendar to select the date range of the report. Screen Audit Log report Screen Sample Audit Log Report

252 252 Cyberoam User Guide Audit Log Components Entity Cyberoam Component through which the event was generated/audit Resource Type Entity Name Unique Identifier of Entity Action Operation requested by entity/audit Action Action By User who initiated the action/accessor name Action Status Action result/audit Outcome Entity Entity Name Action Action By Action Status Message IP Address Report GUI Login <username> Successful - <IP address> Report GUI Login <username> Failed Wrong username password Management GUI Management GUI Management GUI Configuration Wizard Configuration Wizard or <IP address> Login <username> Successful - <IP address> Login <username> Failed User not found <IP address> Login <username> Failed User has no previllege of Administration <IP address> Started <username> Successful - <IP address> Finished <username> Successful - <IP address> System Started <username> Successful Cyberoam- System Started SSh authentication <username> Successful User admin, coming from , authenticated. SSh authentication <username> Failed Login Attempt failed from by user root SSh authentication <username> Failed Password authentication failed. Login to account hello not allowed or account nonexistent <IP address> <IP address> <IP address> <IP address> Explanation Login attempt to Report GUI by User <username> was successful Login attempt to Report GUI by User <username> was not successful because of wrong username and password Login attempt to Management GUI by User <username> was successful Login attempt to Management GUI by User <username> was not successful because system did not find the User <username> Login attempt to Management GUI by User <username> was not successful as user does not have administrative privileges User <username> s request to start Configuration Wizard was successful User <username> s request to close Configuration Wizard was successful Cyberoam was successfully started by the User <username> <username> trying to log on from <ip address> using SSH client was successfully authenticated Authentication of <username> trying to log on from <ip address> using SSH client was not successful Log on to account <username> using SSH client was not successful telnet authentication <username> Successful Login <IP Remote Login attempt

253 253 Cyberoam User Guide telnet authentication <username> Failed Authentication Failure console authentication <username> Successful Login Successful console authentication <username> Successful Login Successful console authentication <username> Failed Authentication Failure Successful address> through Telnet by User <username> was successful <IP address> Authentication of <username> trying to log on remotely through Telnet was not successful ttys0 Login attempt to Console using Console Interface via remote login utility by User <username> was successful tty1 Login attempt to Console via direct Console connection by User <username> was successful <IP address> Firewall Started System Successful - <IP address> Firewall Rule Firewall Rule Firewall Rule Firewall Rule <firewall rule id> e.g. 7 <firewall rule id> e.g. 6 <firewall rule id> e.g. 21 <firewall rule id> e.g. 10 Create <username> Successful - <IP address> Update <username> Successful - <IP address> Update System Successful - <IP address> Delete System Successful - <IP address> Host N/A Delete <username> Failed - <IP address> Host <host name> e.g , #Port D Host <host name> e.g , #Port D HostGroup <host group name> e.g. mkt group HostGroup <host group name> e.g. sys group HostGroup <host group name> e.g. Trainee Service <service name> e.g. vypress chat Delete <username> Successful - <IP address> Insert <username> Successful - <IP address> Delete <username> Successful - <IP address> Update <username> Successful - <IP address> Insert <username> Successful - <IP address> Delete <username> Successful - <IP address> Login attempt to Console by User <username> was not successful Firewall subsystem started successfully without any error Firewall rule <firewall rule id> was created successfully by user <username> Firewall rule <firewall rule id> was updated successfully by user <username> Firewall rule <firewall rule id> was updated successfully by user <username> Firewall rule <firewall rule id> was deleted successfully by user <username> Request to delete Host by user <username> was not successful Host <host name> was deleted successfully by user <username> Host <host name> was added successfully by user <username> Host Group <host group name> was deleted successfully by user <username> Host Group <host group name> was updated successfully by user <username> Host Group <host group name> was updated successfully by user <username> Service <service name> was deleted successfully by user <username>

254 254 Cyberoam User Guide Service Service ServiceGroup ServiceGroup ServiceGroup SNAT Policy SNAT Policy SNAT Policy DNAT Policy DNAT Policy DNAT Policy Schedule Schedule Schedule Schedule Detail <service name> e.g. vypress chat <service name > e.g. vypress chat <service group name > e.g. Intranet chat <service group name > e.g. Intranet chat <service group name > e.g. Intranet chat <policy name> <policy name> <policy name> <policy name> <policy name> <policy name> <schedule name> <schedule name> <schedule name> <schedule name> Update <username> Successful - <IP address> Insert <username> Successful - <IP address> Insert <username> Successful - <IP address> Update <username> Successful - <IP address> Delete <username> Successful - <IP address> Insert <username> Successful - <IP address> Update <username> Successful - <IP address> Delete <username> Successful - <IP address> Insert <username> Successful - <IP address> Update <username> Successful - <IP address> Delete <username> Successful - <IP address> Insert <username> Successful - <IP address> Update <username> Successful - <IP address> Delete <username> Successful - <IP address> Insert <username> Successful - <IP address> Local ACLs Local ACLs Update <username> Successful - <IP address> DoS Bypass DoS Bypass Delete <username> Successful - <IP address> Service <service name> was updated successfully by user <username> Service <service name> was inserted successfully by user <username> Service group <service group name > was inserted successfully by user <username> Service group <service group name > was updated successfully by user <username> Service group <service group name > was deleted successfully by SNAT policy <policy name> was inserted successfully by user <username> SNAT policy <policy name> was updated successfully by user <username> SNAT policy <policy name> was deleted successfully by user <username> DNAT policy <policy name> was inserted successfully by user <username> DNAT policy <policy name> was updated successfully by user <username> DNAT policy <policy name> was deleted successfully by user <username> Schedule <schedule name> was inserted successfully by user <username> Schedule <schedule name> was updated successfully by user <username> Schedule <schedule name> was deleted successfully by user <username> Schedule details to Schedule <schedule name> was inserted successfully by user <username> Local ACL was updated successfully by user <username> DoS Bypass rule deleted successfully

255 255 Cyberoam User Guide DoS Bypass DoS Bypass Insert <username> Successful - <IP address> DoS Settings DoS Settings Update <username> Successful - <IP address> Online Registraion Upload Version Register <username> Successful - <IP address> Upload Version <username> Successful - <IP address> Date Update <username> Successful System time changed from :15:50 IST to :15:03 IST <IP address> by <username> DoS Bypass rule inserted successfully by user <username> DoS settings updated successfully by user <username> User <username> successfully registered Appliance/Subscription module(s) through Online Registration User <username> successfully uploaded the version Request to update the Date from Console by User <username> was successful Apart from the tabular format, Cyberoam allows to view the log details in: Printable format Click to open a new window and display the report in the printer friendly format. Report can be printed from File -> Print. Export as CSV (Comma Separated Value) Click to export and save the report in CSV format. Report can be very easily exported to MS Excel and all the Excel functionalities can be used to analyze the data.

256 Appendix B Network Traffic Log Fields Cyberoam provides extensive logging capabilities for traffic, system and network protection functions. Detailed log information and reports provide historical as well as current analysis of network activity to help identify security issues and reduce network misuse and abuse. Cyberoam provides following logs: DoS Attack Log Invalid Traffic Log Firewall Rule Log Local ACL Log Dropped ICMP Redirected Packet Log Dropped Source Routed Packet Log By default, only the firewall rule logging will be ON i.e. only traffic allowed/denied by the firewall will be logged. Refer to Cyberoam Console Guide on how to enable/disable logging. SR. No. DATA FIELDS TYPE DESCRIPTION 1. Date date Date (yyyy-mm-dd) when the event occurred For the allowed traffic - the date on which connection was started on Cyberoam For the dropped traffic - the date when the packet was dropped by Cyberoam 2. Time time Time (hh:mm:ss) when the event occurred For the allowed traffic - the tome when the connection was started on Cyberoam For the dropped traffic - the time when the packet was dropped by Cyberoam 3. Device Name String Model Number of the Cyberoam Appliance 4. Device Id String Unique Identifier of the Cyberoam Appliance 5. Log Id string Unique 7 characters code (c1c2c3c4c5c6c7) e.g , c1c2 represents Log Type e.g. 01 c3c4 represents Log Component e.g. Firewall, local ACL c5c6 represents Log Sub Type e.g. allow, violation c7 represents Priority e.g Log Type string Section of the system where event occurred e.g. Traffic for traffic logging. Possible values: 01 Traffic - Entire traffic intended for Cyberoam 5. Log Component string Component responsible for logging Possible values: 01 - Firewall rule 256

257 257 Cyberoam User Guide Event due to any traffic allowed or dropped based on the firewall rule created 02 - Local ACL Event due to any traffic allowed or dropped based on the local ACL configuration or all other traffic intended for the firewall 03 - DoS Attack Event due to any packets dropped based on the dos attack settings i.e. Dropped tcp, udp and icmp packets Invalid traffic Event due to any traffic dropped which does not follow the protocol standards, invalid fragmented traffic and traffic whose packets Cyberoam is not able to relate to any connection. Refer to Invalid traffic list for more details Invalid Fragmented traffic Event when any invalid fragmented traffic is dropped. Refer to Invalid Fragmented traffic list for more details ICMP redirect Event due to any ICMP Redirected packets dropped based on the DoS attack setting 07 - Source routed packet Event due to any source routed packets dropped based on the DoS attack setting 08 Fragmented traffic Event when any fragmented traffic is dropped due to Advanced Firewall settings. Refer to Console Guide Page no. 59 for more details. 6. Log Sub Type string Decision taken on traffic Possible values: 01 Allowed Traffic permitted to and through Cyberoam based on the firewall rule settings 02 Violation Traffic dropped based on the firewall rule settings, local ACL settings, DOS settings or due to invalid traffic. 7. Status string Ultimate state of traffic (accept/deny) 8. Priority string Severity level of traffic Possible values: 01 Notice 9. Duration integer Durability of traffic 10. Firewall Rule ID integer Firewall rule id of traffic 11. User string User Id 12. User Group string Group Id of user 13. IAP integer Internet Access policy Id applied for traffic 14. In Interface string Interface for incoming traffic e.g. eth0 Blank for outgoing traffic 15. Out Interface string Interface for outgoing traffic e.g. eth1 Blank for incoming traffic

258 16. Source IP string Source IP address of traffic 17. Destination IP string Destination IP address of traffic 18. Protocol integer Protocol number of traffic 19. Source Port integer Source Port of TCP and UDP traffic 20. Destination Port integer Destination Port of TCP and UDP traffic 21. ICMP Type integer ICMP type of ICMP traffic 22. ICMP Code integer ICMP code of ICMP traffic 23. Sent Packets integer Total number of packets sent 24. Received integer Total number of packets received Packets 25. Sent Bytes integer Total number of bytes sent 26. Received Bytes integer Total number of bytes received 27. Translated Source IP integer Translated Source IP address if Cyberoam is deployed as Gateway 28. Translated Source Port 29. Translated Destination IP 30. Translated Destination Port integer integer integer "N/A" - if Cyberoam is deployed as Bridge Translated Source port if Cyberoam is deployed as Gateway "N/A" - if Cyberoam is deployed as Bridge Translated Destination IP address if Cyberoam is deployed as Gateway "N/A" - if Cyberoam is deployed as Bridge Translated Destination port if Cyberoam is deployed as Gateway "N/A" - if Cyberoam is deployed as Bridge Invalid traffic Cyberoam will define following traffic as Invalid traffic: Short IP Packet IP Packets with bad IP checksum IP Packets with invalid header and/or data length Truncated/malformed IP packet Packets of Ftp-bounce Attack Short ICMP packet ICMP packets with bad ICMP checksum ICMP packets with wrong ICMP type/code Short UDP packet Truncated/malformed UDP packet UDP Packets with bad UDP checksum Short TCP packet Truncated/malformed TCP packet TCP Packets with bad TCP checksum TCP Packets with invalid flag combination Cyberoam TCP connection subsystem not able to relate TCP Packets to any connection If Strict Internet Access Policy is applied then Cyberoam will define following traffic also as Invalid traffic: UDP Packets with Destination Port 0 TCP Packets with Source Port and/or Destination Port 0 258

259 259 Cyberoam User Guide Land Attack Winnuke Attack TCP Syn Packets contains Data IP Packet with Protocol Number 0 IP Packet with TTL Value 0 Invalid Fragmented traffic Cyberoam will define following traffic as Invalid Fragmented traffic: Fragment Queue out of memory while reassembling IP fragments Fragment Queue Timeout while reassembling IP fragments Fragment too far ahead while reassembling IP fragments Oversized IP Packet while reassembling IP fragments Fragmentation failure while creating fragments

260 Appendix C Web Categories The list includes all categories with a short description of each category. Visit for latest updates Category Name Type ActiveX Non Working Includes all ActiveX applications AdultContent UnHealthy Adult sites not falling in "Porn, Nudity, Swimwear & Lingerie, Sex Education, and Sexual Health & Medicines" will be included in "Adult Content" and which may contain material not suitable to be viewed for audience under 18 Advertisements Non Working Sites providing advertising graphics or other pop ad content files AlcoholandTobacco Non Working Sites providing information about, promote, or support the sale of alcoholic beverages or tobacco products or associated paraphernalia ALLWebTraffic Neutral Any HTTP Traffic Applets Non Working All web pages containing Applets ArtsAndHistory Non Working Sites primarily exhibiting artistic techniques like creative painting, sculpture, poetry, dance, crafts, Literature, and Drama. Sites that narrate historical details about countries/places; events that changed the course of history forever; sites providing details and events of all wars i.e. World Wars, Civil Wars, and important persons of world historical importance Astrology Non Working Sites showing predictions about Sun signs and into various subjects like Education & Career, Love Relationships, etc. BusinessAndEcono my Neutral Sites sponsored by or devoted to business firms, business associations, sites providing details for all types of industrial sector like Chemicals, Machinery, Factory Automation, Cable and Wire, sites providing information about couriers and logistics, and Non- Alcoholic Soft drinks and Beverages Chat Non Working Sites hosting Web Chat services or providing support or information about chat via HTTP or IRC CommercialBanks Neutral Commercial Banks Category includes all Banking Sites i.e. International / National Public or Private Sector Banks providing a wide range of services such as all types of Accounts and Cards, Fixed Deposits, and Loans Communication Neutral Sites offering telephone, wireless, long distance, and paging services. It also includes sites providing details about Mobile communications / cellular communications ComputerSecurityA ndhacking Productive Sites providing information about hacking, computer security, sites providing Anti-Virus solutions, including sites providing information about or promote illegal or questionable access to or use of computer or communication equipment, software, or databases Cookies Non Working Includes all cookie based web pages Cricket Non Working Sites providing Live Scores of cricket matches, Debates on Cricketers, Top 10 Cricketers, Cricket News, and forthcoming Cricket matches. Cricket Category is differentiated from Sports Category and solely devoted 260

261 to Cricket activities CrimeAndSuicide UnHealthy Advocating, instructing, or giving advice on performing illegal acts such as phone, service theft, evading law enforcement, lock-picking, burglary techniques and suicide CulturalInstitutions Neutral Sites sponsored by museums, galleries, theatres, libraries, and similar institutions; also, sites whose purpose is the display of artworks DatingAndMatrimon ials DownloadFreeware AndShareware Non Working UnHealthy Sites assisting users in establishing interpersonal relationships, friendship, excluding those of exclusively gay, or lesbian or bisexual interest and Matrimonial Sites providing photos and details of individuals seeking life partners Sites whose primary purpose is providing freeware and shareware downloads of application, software, tools, screensavers, wallpapers, and drivers Drugs UnHealthy Sites providing information about the cultivation, preparation, or use of prohibited drugs EducationalInstition s EducationAndRefer encematerial Productive Productive Sites sponsored by schools, colleges, institutes, online education and other educational facilities, by nonacademic research institutions or that relate to educational events and activities Sites offering books, reference-shelf content such as atlases, dictionaries, encyclopedias, formularies, white and yellow pages, and public statistical data Electronics Neutral Sites providing information on manufacturing of electronics and electrical equipments, gadgets, instruments like air conditioners, Semi conductors, Television, Storage Devices, LCD Projectors, Home Appliances, and Power Systems etc. Entertainment Non Working Sites providing entertainment sources for Movies, Celebrities, Theatres, about or promote motion pictures, non-news radio and television, humor, Comics, Kids and Teen amusement, Jokes, and magazines Finance Non Working Sites providing information on Money matters, investment, a wide range of financial services, economics and accounting related sites and sites of National & International Insurance companies providing details for all types of Insurances & Policies Gambling UnHealthy Sites providing information about or promote gambling or support online gambling, involving a risk of losing money Games Non Working Sites providing information about or promote electronic games, video games, computer games, role-playing games, or online games Government Neutral Sites sponsored by countries, government, branches, bureaus, or agencies of any level of government including defence. Government associated Sites providing comprehensive details on Tax related issues excluding Government sites providing Visa and Immigration services HealthAndMedicine s HobbiesAndRecrea tion Productive Non Working Sites providing information or advice on personal health and fitness. Sites of pharmaceutical companies and sites providing information about Medicines Sites providing information about or promote private and largely sedentary pastimes, but not electronic, video, or online games. Homelife and family-related topics, including parenting tips, gay/lesbian/bisexual (non- 261

262 pornographic sites), weddings, births, and funerals Foreign cultures, socio-cultural information HTTPUpload Non Working HTTP Upload Restriction HumanRightsandLi berty Neutral ImageBanks Non Working Image Banks InformationTechnol ogy Sites advocating sand protecting Human Rights and Liberty to prevent discrimination and protect people from inhumane Productive Sites sponsoring or providing information about computers, software applications, database, operating system. Including sites providing information of hardware, peripherals, and services. Sites offering design, flash, graphics, multimedia, and web site designing tutorials, tools, advice and services InstantMessages Non Working Sites enabling instant messaging IPAddress Neutral ISPWebHosting Neutral Sites enabling users to make telephone, lease line, ISDN, Cable, V-SAT connections via Internet or obtaining information for that purpose. Sites providing hosting services, or top-level domain pages of Web communities JobsSearch UnHealthy Sites offering information about or support the seeking of employment or employees Kids Neutral Sites designed specifically for kids MilitancyAndExtrem ist UnHealthy Sites offering information about groups advocating antigovernment beliefs or action Music Non Working Sites providing songs and music and supporting downloads of MP3 or other sound files or that serve as directories of such sites NatureAndWildLife Non Working Sites providing information about Nature, explorations, discoveries, wild life, animals, birds, protecting endangered species, habitats, Animal sanctuaries, etc. NewsAndMedia Neutral Sites offering current news and opinions, including those sponsored by newspapers, general-circulation magazines or other media. It also includes sites of advertising agencies and sites providing details of weather forecast None Neutral Uncategorized Traffic Nudity UnHealthy Sites depicting nude or seminude human forms, singly or in groups, not overtly sexual in intent or effect. It includes Nude images of film stars, models, nude art and photography PersonalAndBisogr aphysites Non Working Includes personal sites of individuals and biographical sites of ordinary or famous personalities PhishingAndFraud UnHealthy Sites gathering personal information (such as name, address, credit card number, school, or personal schedules) that may be used for malicious intent PhotGallaries Non Working Sites providing photos of celebrities, models, and wellknown personalities Such sites may also contain profiles or additional elements as long as the primary focus is on multi-celebrity photographs PoliticalOrganizatio ns Neutral Sites sponsored by or providing information about political parties and interest groups focused on elections or legislation Porn UnHealthy Sites depicting or graphically describing sexual acts or activity, including exhibitionism and sites offering direct links to such sites. Sites providing information or catering Gay, Lesbian, or Bisexual images and lifestyles 262

263 are also included in this category Portals Non Working Portals include web sites or online services providing a broad array of resources and services such as search engines, free , shopping, news, and other features PropertyAndRealEs tate Neutral Sites providing information about renting, buying, selling, or financing residential, real estate, plots, etc. Science Productive Sites providing news, research projects, ideas, information of topics pertaining to physics, chemistry, biology, cosmology, archeology, geography, and astronomy SearchEngines Neutral Sites supporting searching the Web, groups, or indices or directories thereof SeXHealthAndEduc ation SharesAndStockMa rket Neutral Non Working Sites providing information regarding Sexual Education and Sexual Health and sites providing Medicines to cure and overcome Sex related problems and difficulties, with no pornographic intent Sites providing charting, market commentary, forums, prices, and discussion of Shares and Stock Market. It also includes sites dealing in online share trading and sites of stockbrokers Shopping Non Working Sites supporting Online purchases of consumer goods and services except: sexual materials, lingerie, swimwear, investments, medications, educational materials, computer software or hardware. Also Sites of Showrooms, Stores providing shopping of consumer products Spirituality Non Working Sites featuring articles on healing solutions in wellness, personal growth, relationship, workplace, prayer, articles on God, Society, Religion, and ethics Sports Non Working Sites providing any information about or promoting sports, active games, and recreation. All types of Sites providing information about Sports except Cricket SpywareAndP2P UnHealthy Sites or pages that download software that, without the user's knowledge, generates http traffic (other than simple user identification and validation) and Sites providing client software to enable peer-to-peer file sharing and transfer SwimwareAndLinge rie TravelFoodAndImm igration URLTranslationSite s Non Working Non Working UnHealthy Sites showing images of models and magazines offering lingerie/swimwear but not Nude or sexual images. It also includes Arts pertaining Adult images and shopping of lingerie Sites providing information about traveling i.e. Airlines and Railway sites. Sites providing details about Hotels, Restaurants, Resorts, and information about worth seeing places. Sites that list, review, advertise, or promote food, dining, or catering services. Sites providing Visa, Immigration, Work Permit and Holiday & Work Visa details, procedures and services Sites offering Online translation of URLs. These sites access the URL to be translated in a way that bypasses the proxy server, potentially allowing unauthorized access Vehicles Non Working Sites providing information regarding manufacturing and shopping of vehicles and their parts Violence UnHealthy Sites featuring or promoting violence or bodily harm, including self-inflicted harm; or that gratuitously displaying images of death, gore, or injury; or featuring images or descriptions that are grotesque or frightening 263

264 264 Cyberoam User Guide and of no redeeming value. These do not include news, historical, or press incidents that may include the above criteria Weapons UnHealthy Sites providing information about, promote, or support the sale of weapons and related items WebBased Non Working Sites providing Web based information regarding services services or

265 Appendix D Services Service Name Details All Services All Services Cyberoam UDP (1024:65535) / (6060) AH IP Protocol No 51 (IPv6-Auth) AOL TCP (1:65535) / (5190:5194) BGP TCP (1:65535) / (179) DHCP UDP (1:65535) / (67:68) DNS TCP (1:65535) / (53), UDP (1:65535) / (53) ESP IP Protocol No 50 (IPv6-Crypt) FINGER TCP (1:65535) / (79) FTP TCP (1:65535) / (21) FTP_GET TCP (1:65535) / (21) FTP_PUT TCP (1:65535) / (21) GOPHER TCP (1:65535) / (70) GRE IP Protocol No 47 H323 TCP (1:65535) / (1720), TCP (1:65535) / (1503), UDP (1:65535) / (1719) HTTP TCP (1:65535) / (80) HTTPS TCP (1:65535) / (443) ICMP_ANY ICMP any / any IKE UDP (1:65535) / (500), UDP (1:65535) / (4500) IMAP TCP (1:65535) / (143) INFO_ADDRESS ICMP 17 / any INFO_REQUEST ICMP 15 / any IRC TCP (1:65535) / (6660:6669) Internet-Locator- TCP (1:65535) / (389) Service L2TP TCP (1:65535) / (1701), UDP (1:65535) / (1701) LDAP TCP (1:65535) / (389) NFS TCP (1:65535) / (111), TCP (1:65535) / (2049), UDP (1:65535) / (111), UDP (1:65535) / (2049) NNTP TCP (1:65535) / (119) NTP TCP (1:65535) / (123), UDP (1:65535) / (123) NetMeeting TCP (1:65535) / (1720) OSPF IP Protocol No 89 (OSPFIGP) PC-Anywhere TCP (1:65535) / (5631), UDP (1:65535) / (5632) PING ICMP 8 / any POP3 TCP (1:65535) / (110) PPTP IP Protocol No 47, TCP (1:65535) / (1723) QUAKE UDP (1:65535) / (26000), UDP (1:65535) / (27000), UDP (1:65535) / (27910), UDP (1:65535) / (27960) RAUDIO UDP (1:65535) / (7070) RIP UDP (1:65535) / (520) RLOGIN TCP (1:65535) / (513) SAMBA TCP (1:65535) / (139) SIP UDP (1:65535) / (5060) SIP-MSNmessenger TCP (1:65535) / (1863) 265

266 266 Cyberoam User Guide SMTP TCP (1:65535) / (25) SNMP TCP (1:65535) / (161:162), UDP (1:65535) / (161:162) SSH TCP (1:65535) / (22), UDP (1:65535) / (22) SYSLOG UDP (1:65535) / (514) TALK TCP (1:65535) / (517:518) TCP TCP (1:65535) / (1:65535) TELNET TCP (1:65535) / (23) TFTP UDP (1:65535) / (69) TIMESTAMP ICMP 13 / any UDP UDP (1:65535) / (1:65535) UUCP TCP (1:65535) / (540) VDOLIVE TCP (1:65535) / (7000:7010) WAIS TCP (1:65535) / (210) WINFRAME TCP (1:65535) / (1494) X-WINDOWS TCP (1:65535) / (6000:6063)

267 Appendix E Application Protocols Group Application Name Definition Any All Services File Transfer FTP File Transfer Protocol is a method to transfer files from one location to another, either on local disks or via the Internet yahoofilexfer Yahoo Messenger file transfer File Transfer gnucleuslan Gnucleuslan P2P client client imesh IMESH P2P client File sharing Gnutella Gnutella is a system in which individuals can exchange files over the Internet directly without going through a Web site. Gnutella is often used as a way to download music files from or share them with other Internet users Kazaa A decentralized Internet peer-to-peer (P2P) file-sharing program directconnect peer-to-peer (P2P) file-sharing program Mail Protocol POP3 Transport protocol used for receiving s. SMTP A protocol for transferring messages from one server to another. IMAP A protocol for retrieving messages Chat ymsgr Yahoo Messenger msnmessenger MSN Messenger AOL Chat client indiatimes Chat client Media Player wmplayer Windows Media Player quickplayer Quick Time Player Voice over IP SIP (Session Initiation Protocol) Protocol for initiating an interactive user session that involves multimedia elements such as video, voice, chat, gaming, and virtual reality. SIP works in the Application layer of the OSI communications model. H323 A standard approved by the International Telecommunication Union (ITU) that defines how audiovisual conferencing data is transmitted across networks. It enables users to participate in the same conference even though they are using different videoconferencing applications. RTSP (Real Time Streaming Protocol) A standard for controlling streaming data over the World Wide Web Printing IPP (Internet Printing Protocol) Protocol used for printing documents over the web. IPP defines basic handshaking and communication methods, but does not enforce the format of the print data stream. Network DHCP Protocol for assigning dynamic IP addresses to devices on a network SNMP DNS RDP (Simple Network Management Protocol) Protocol for network management software. Defines methods for remotely managing active network components such as hubs, routers, and bridges An Internet service that translates domain names to or from IP addresses, which are the actual basis of addresses on the Internet. (Remote Desktop Protocol) Protocol that allows a Windows-based terminal (WBT) or other Windows-based client to communicate with a 267

268 Remote logging nbns Telnet SSH HTTP SSL ICMP Windows XP Professional based computer. RDP works across any TCP/IP connection NetBIOS Naming Service Protocol for remote computing on the Internet. It allows a computer to act as a remote terminal on another machine, anywhere on the Internet (Secure Socket Shell) Protocol used for secure access to a remote computer Protocol for moving hypertext files across the Internet. (Secure Socket Layer) Protocol used for secure Internet communications. (Internet Control Message Protocol) A message control and errorreporting protocol 268

269 269 Cyberoam User Guide Menu wise Screen and Table Index Screen - Console access...12 Screen - Console login screen...12 Screen - HTTP login screen...13 Screen - HTTPS login...14 Table - Login screen elements...15 Screen - Create Zone...21 Table Create Zone...21 Screen Cyberoam Authentication...23 Table Cyberoam Authentication screen elements...23 Table - Create User - Decision matrix...24 Screen - Add User...25 Table - Add User screen elements...27 Table - View Group details screen elements...27 Table - Apply Login Node Restriction screen elements...28 Screen - Add multiple Clientless users...29 Table - Add multiple Clientless users screen elements...30 Screen - Add single Clientless user...31 Table - Create single Clientless user screen elements...32 Table - Select Node screen elements...32 Table - Group creation - Decision matrix...33 Screen - Create Group...34 Table - Create Group screen elements...36 Screen Apply Login Node Restriction...36 Table - Apply Login Node Restriction screen elements...37 Screen - Create Firewall rule...41 Table - Create Firewall rule screen elements...45 Screen- Edit Firewall Rule...47 Table Edit Firewall Rule...51 Screen Default Screen Display of Manage Firewall Rules page...53 Screen Customized Screen Display of Manage Firewall Rules page...53 Screen - Delete Firewall rule...54 Screen Create Host Group...55 Table Create Host Group screen elements...55 Screen Remove Host from Host Group...56 Table Remove Host from Host Group screen elements...57

270 270 Cyberoam User Guide Screen Delete Host Group...57 Table Delete host Group screen elements...57 Screen Add Host...58 Table Add Host screen elements...58 Screen Delete Host...58 Table Delete Host screen elements...59 Screen - Create Logon Pool...60 Table - Add Logon Pool screen elements...61 Screen Application wise Live connections...62 Table Application wise Live connections screen elements...63 Screen User wise Live connections...66 Table User wise Live connections screen elements...66 Screen LAN IP Address wise Live connections...67 Table LAN IP Address wise Live connection screen elements...68 Screen Today s Connection History Application wise...69 Table Today s Connection History Application screen elements...70 Screen Today s Connection History User wise...71 Table Today s Connection History User wise screen elements...72 Screen Today s Connection History LAN IP Address wise...73 Table Today s Connection History LAN IP Address wise screen elements...74 Screen - Create Surfing Quota policy...76 Table - Create Surfing Quota policy screen elements...77 Screen - Update Surfing Quota policy...78 Table - Update Surfing Quota policy screen elements...79 Screen - Delete Surfing Quota policy...79 Table - Delete Surfing Quota policy screen elements...79 Screen - Create Access Time policy...80 Table - Create Access Time policy screen elements...81 Screen - Update Access Time policy...82 Table - Update Access Time policy screen elements...83 Screen - Delete Access Time policy...83 Table - Delete Access Time policy screen elements...83 Screen - Create Internet Access policy...85 Table - Create Internet Access policy screen elements...86 Screen Add Internet Access policy rule...87 Table Add Internet Access policy rule screen elements...88 Screen - Update Internet Access policy...88 Table - Update Internet Access policy screen elements...89 Screen - Delete Internet Access policy rule...89 Table - Delete Internet Access policy rule screen elements...90

271 271 Cyberoam User Guide Screen - Delete Internet Access policy...90 Table - Delete Internet Access policy screen elements...91 Table - Implementation types for Strict - Bandwidth policy...92 Table - Bandwidth usage for Strict - Bandwidth policy...92 Table - Implementation types for Committed - Bandwidth policy...93 Table - Bandwidth usage for Committed - Bandwidth policy...93 Screen - Create Bandwidth policy...94 Table - Create Bandwidth policy - Common screen elements...94 Screen - Create Logon Pool based Bandwidth policy...95 Table - Create Logon Pool based Bandwidth policy screen elements...95 Screen - Create User/IP based Strict Bandwidth policy...96 Table - Create User/IP based Strict Bandwidth policy screen elements...97 Screen - Create User/IP based Committed Bandwidth policy...98 Table - Create User/IP based Committed Bandwidth policy screen elements...99 Screen - Update Bandwidth policy Table - Update Bandwidth policy Common screen elements Screen - Update Logon Pool based Bandwidth policy Table - Update Logon Pool based Bandwidth policy screen elements Screen - Update User based Bandwidth policy Table - Update User based Bandwidth policy screen elements Screen Assign Schedule to User based Strict Bandwidth policy Table Assign Schedule to User based Strict Bandwidth policy screen elements Screen - Assign Schedule to User based Committed Bandwidth policy Table Assign Schedule to User based Committed Bandwidth policy screen elements Screen - Remove Schedule from User based Bandwidth policy Table - Remove Schedule from User based Bandwidth policy screen elements Screen - Delete Bandwidth policy Table - Delete Bandwidth policy screen elements Screen Create Data transfer policy Table Create Data transfer policy screen elements Screen Update Data transfer policy screen Table Update Data transfer policy screen elements Screen Delete Data transfer policy screen Table - Delete Data transfer policy screen element Screen Create SNAT policy Table Create SNAT policy screen elements Screen Update SNAT policy Table Update SNAT policy screen elements Screen Delete SNAT policy Table Delete SNAT policy screen elements...114

272 272 Cyberoam User Guide Screen - Create DNAT policy Table - Create DNAT policy screen elements Screen Edit DNAT policy Table Edit DNAT policy screen elements Screen Delete DNAT policy Table Delete DNAT policy screen elements Screen Edit Zone Table Edit Zone Screen Delete Zone Table Delete Zone Screen - Manage Group Table - Manage Group screen elements Screen Add Group Member Table Add Group Member screen elements Table - Need to Update group Screen - Show Group Members Table - Show Group Members screen elements Screen - Change Login Restriction Table - Change Login Restriction screen elements Screen - Delete Group Table - Delete Group screen elements Screen - Search User Table - Search User screen elements Table - Search User Result Screen Manage Live Users Table Manage Live User screen elements Table - Need to Update User Screen - Manage User Table - Manage User screen elements Screen - Change User Personal details Table - Change User personal details screen elements Screen - User My Account Screen - User My Account Screen - Change Password Table - Change password screen elements Screen - Change Personal details Table - Change Personal details screen elements Screen - Internet Usage Status Table - Internet Usage screen elements Screen - Change Group...135

273 273 Cyberoam User Guide Table - Change Group screen elements Table - Change Individual policy Screen - Change User Login Restriction Table - Change User Login Restriction screen elements Screen - Delete Active User Screen - Delete Deactive User Screen - Delete Clientless User Table - Delete User screen elements Screen - Deactivate User Table - Deactivate User screen elements Screen - Activate Normal User Screen - Activate Clientless User Table - Activate User screen elements Screen - Search Node Table - Search Node results Screen - Update Logon Pool Table - Update Logon Pool screen elements Screen - Add Node Table - Add Node screen elements Screen - Delete Node Table - Delete Node screen elements Screen - Delete Logon Pool Table - Delete Logon Pool screen elements Screen Configure DNS Table - Configure DNS Screen - Configure DHCP Table - Configure DHCP screen elements Screen Cyberoam as Gateway - View Interface details Table View Interface details screen elements Screen Register Hostname with DDNS Table Register hostname with DDNS Screen PPPoE configuration Table PPPoE configuration screen elements Screen Gateway Configuration Table - Gateway Configuration screen elements Screen DoS Settings Table DoS Settings screen elements Screen Create DoS bypass rule Table Create DoS bypass rule screen elements Screen Delete DoS bypass rule...160

274 274 Cyberoam User Guide Table Delete DoS bypass rule screen elements Screen - Reset Console Password Table - Reset Console Password screen elements Screen System Modules Configuration Screen Manage SNMP Screen SNMP Agent Configuration Table SNMP Agent Configuration screen elements Screen Create SNMP Community Table Create SNMP Community screen elements Screen Manage SNMP Community Table Manage SNMP Community screen elements Screen Delete SNMP Community Table Delete SNMP Community screen elements Screen Create SNMP V3 User Table Create SNMP V3 User screen elements Screen Edit V3 User Table Edit V3 User screen elements Screen Delete SNMP V3 User Table Delete SNMP V3 User screen elements Screen Set Backup schedule Table Set Backup Schedule screen elements Screen Backup Data Table Backup Data screen elements Screen Restore Data screen Table - Restore Data screen elements Screen Configure Auto purge Utility screen Table Configure Auto purge Utility screen elements Screen Purge Logs screen Table - Purge Logs screen elements Screen Customized Client Messages screen Table - Customized Client Message screen elements Table - List of predefined messages Screen Customized Client Preferences screen Table Customized Client Preferences screen elements Screen - Manage HTTP Proxy Table - Manage HTTP Proxy screen elements Screen - Configure HTTP Proxy Table - Configure HTTP Proxy screen elements Screen - Manage Services Table - Manage Control Service screen elements...193

275 275 Cyberoam User Guide Table - Manage Control Service Action Screen View Bandwidth Usage Table - Bandwidth usage screen elements Screen - Bandwidth usage - Live Users graph Screen - Bandwidth usage - Total Data transfer graph Screen - Bandwidth usage - Composite Data transfer graph Screen - Bandwidth usage - Download Data transfer graph Screen - Bandwidth usage - Upload Data transfer graph Screen - Download User Migration Utility Screen - Save User Migration Utility Screen Upload downloaded User Migration Utility Screen Upload CVS file Screen - Register migrated users from External file Screen - Define One Time Schedule Table - Define Schedule screen elements Screen Add Schedule Entry details Table Add Schedule Entry details screen elements Screen - Manage Schedule Table - Manage Schedule screen elements Screen Delete Schedule Entry details Table - Delete Schedule Entry details screen elements Screen - Delete Schedule Table - Delete Schedule screen elements Screen - Define Custom Service Table Define Custom Service screen elements Screen - Update Custom Service Table - Update Custom Service screen elements Table - Delete Custom Service screen elements Screen Create Service Group screen Table Create Service Group screen elements Screen Edit Service Group Table Edit Service Group screen elements Screen Delete Service Group Table Delete Service Group Screen Search URL Screen - Manage Default Web Category Screen - Create Custom Web Category Table - Create Web Category screen elements Screen - Add Domain Table - Add Domain screen elements...218

276 276 Cyberoam User Guide Screen - Add keyword Table - Add keyword screen elements Screen - Manage Custom Web category Table - Update Custom Web category screen elements Screen Delete Domain Table Delete Domain screen elements Screen - Delete keyword Table - Delete keywords screen elements Screen - Delete Custom Web Category Table - Delete Custom Web Category screen elements Screen Manage Custom File Type Category Screen - Create Custom File Type Category Table - Create Custom File Type screen elements Screen - Manage Custom File Type Category Screen - Manage Custom File Type Category Screen - Delete Custom File Type Category Table - Delete Custom File Type screen elements Screen - Manage Default Application Protocol Category Screen - Create Custom Application Protocol Category Table Create Custom Application Category screen elements Screen Add Custom Application Protocol Category details...230

277 277 Cyberoam User Guide Table Add Custom Application Protocol Category details Screen Manage Custom Application Protocol Category Table Manage Custom Application Protocol Category screen elements Screen Delete Application Protocol Category details Table Delete Application Protocol Category screen elements Screen - Delete Custom Application Protocol Category Table - Delete Custom Application Protocol Category screen elements Screen Access Configuration Table Access Configuration screen elements Screen About Cyberoam Screen - Upload Upgrade version Screen Licensing Screen Registration Table - Registration screen elements Screen Subscribe Module Screen Subscribe Trial Module Table Subscribe Module Screen Download Clients Screen Download Cyberoam Guides Screen - Reports Screen Reports Login Screen Audit Log report Screen Sample Audit Log Report...251