Routing concepts in Cyberoam



Similar documents
This article describes a detailed configuration example that demonstrates how to configure Cyberoam to provide the access of internal resources.

How To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface

How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN

How To Configure Syslog over VPN

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

How To - Deploy Cyberoam in Gateway Mode

F-SECURE MESSAGING SECURITY GATEWAY

Balancing and Gateway Failover

How To Configure Apple ipad for Cyberoam L2TP

Netgear ProSafe VPN firewall (FVS318 or FVM318) to Cisco PIX firewall

How To Configure Virtual Host with Load Balancing and Health Checking

How To - Setup Cyberoam VPN Client to connect to a Cyberoam for the remote access using preshared key

Firewall Firewall August, 2003

Enabling NAT and Routing in DGW v2.0 June 6, 2012

Using VDOMs to host two FortiOS instances on a single FortiGate unit

How To Configure L2TP VPN Connection for MAC OS X client

Configuring IP Load Sharing in AOS Quick Configuration Guide

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Using IPsec VPN to provide communication between offices

How To Setup Cyberoam VPN Client to connect a Cyberoam for remote access using preshared key

Multi-Homing Dual WAN Firewall Router

Firewall VPN Router. Quick Installation Guide M73-APO09-380

How To Configure SSL VPN in Cyberoam

How To - Implement Clientless Single Sign On Authentication with Active Directory

Best Practices: Pass-Through w/bypass (Bridge Mode)

1 PC to WX64 direction connection with crossover cable or hub/switch

How To: Configure a Cisco ASA 5505 for Video Conferencing

F-Secure Messaging Security Gateway. Deployment Guide

Barracuda Link Balancer Administrator s Guide

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC

M2M Series Routers. Port Forwarding / DMZ Setup

Load Balance Mechanism

Chapter 3 LAN Configuration

Supporting Multiple Firewalled Subnets on SonicOS Enhanced

Lab Configuring Access Policies and DMZ Settings

Lab Creating a Logical Network Diagram

Firewall Defaults and Some Basic Rules

QUICK START GUIDE. Cisco S170 Web Security Appliance. Web Security Appliance

Configuring IPsec VPN with a FortiGate and a Cisco ASA

Configuring an IPsec VPN to provide ios devices with secure, remote access to the network

Evaluation guide. Vyatta Quick Evaluation Guide

How to add a SIP server How to register a handset

ASA/PIX: Load balancing between two ISP - options

1 Basic Configuration of Cisco 2600 Router. Basic Configuration Cisco 2600 Router

DEPLOYMENT GUIDE. This document gives a brief overview of deployment preparation, installation and configuration of a Vectra X-series platform.

Network Load Balancing

Technical Support Information

How To Establish IPSec VPN connection between Cyberoam and Mikrotik router

Cisco S380 and Cisco S680 Web Security Appliance

Lab Developing ACLs to Implement Firewall Rule Sets

Load Balancing Clearswift Secure Web Gateway

Lab Organizing CCENT Objectives by OSI Layer

Volume SYSLOG JUNCTION. User s Guide. User s Guide

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

Appendix IP CAMERA Network Connections

Darstellung Unterschied ZyNOS Firmware Version 4.02 => 4.03

Tunnels and Redirectors

Troubleshooting the Firewall Services Module

Common Application Guide

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

NAPT. (SV8100 version 3.0 or higher)

Configuring SSH Sentinel VPN client and D-Link DFL-500 Firewall

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

Lab Configuring PAT with SDM and Static NAT using Cisco IOS Commands

Journaling Guide for Archive for Exchange 2007

Digi Connect WAN Application Guide Using the Digi Connect WAN and Digi Connect VPN with a Wireless Router/Access Point

Internet Telephony PBX System

Objectives. Router as a Computer. Router components and their functions. Router components and their functions

Broadband Phone Gateway BPG510 Technical Users Guide

McAfee Web Filter Deployment Guide

Configuring a VPN for Dynamic IP Address Connections

Multi-Homing Security Gateway

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Half Bridge mode }These options are all found under Misc Configuration

Configuring the PIX Firewall with PDM

Transparent Firewall/Filtering Bridge - pfsense By William Tarrh

Configuring Devices for Use with Cisco Configuration Professional (CCP) 2.5

How to Open HTTP or HTTPS traffic to a webserver behind the NetVanta 2000 Series unit (Enhanced OS)

Firewall Port Handling in TENA Applications

How To Establish Site-to-Site VPN Connection. using Preshared Key. Applicable Version: onwards. Overview. Scenario. Site A Configuration

Setting up pfsense as a Stateful Bridging Firewall.

Installation of the On Site Server (OSS)

Personal Telepresence. Place the VidyoPortal/VidyoRouter on a public Static IP address

If you re not using VMware vsphere Client 5.1, your screens may vary.

SSL VPN Technology White Paper

6.0. Getting Started Guide

VoIPon Tel: +44 (0) Fax: +44 (0)

I N S T A L L A T I O N M A N U A L

Cisco - Configure the 1721 Router for VLANs Using a Switch Module (WIC-4ESW)

Smart Web Manager for VoIP Gateway Series

This Technical Support Note shows the different options available in the Firewall menu of the ADTRAN OS Web GUI.

How To Set Up A Pploe On A Pc Orca On A Ipad Orca (Networking) On A Macbook Orca 2.5 (Netware) On An Ipad 2.2 (Netrocessor

How to deploy console cable to connect WIAS-3200N and PC, to reset setting or check status via console

IP Address and Pre-configuration Information

Configuring Trend Micro Content Security

How to configure your Thomson SpeedTouch 780WL for ADSL2+

LAB Configuring NAT. Objective. Background/Preparation

Application Description

Networking Guide Redwood Manager 3.0 August 2013

How To Block On A Network With A Group Control On A Router On A Linux Box On A Pc Or Ip Access Group On A Pnet 2 On A 2G Router On An Ip Access-Group On A Ip Ip-Control On A Net

Transcription:

Routing concepts in Cyberoam Article explains routing concepts implemented in Cyberoam, how to define static routes and route policies. It includes following sections: Static route Firewall based routes Destination specific route Policy based route Explicit Source based route Routing order What is routing? Routing is termed as a process of sending packets from network of one device to another network on a different device. Static routes (Destination based routes) A static route is a manually configured mapping of an IP address to a next-hop destination. By default, the Cyberoam routing table contains a single default route. You can add routing information to the routing table by defining additional static routes. Add static routes when you want to route traffic destined for specific network/host via a different next hope instead of a default route. To add static route it is required to know Destination network/host, netmask for destination network & Next hope IP address. The gateway address specifies the next-hop router to which traffic will be routed. A static route causes packets to be forwarded to a different next hope other than the configured default gateway. By specifying through which interface/gateway the packet will leave and to which device the packet should be routed, static routes control the traffic exiting Cyberoam. Example: The following example walks you through the process of creating a static route when Cyberoam is deployed as Gateway. Cyberoam is connected to LAN via switch and configured with multiple links. As Cyberoam is configured with multiple Internet connectivity for load balancing, it will load balance web server traffic via both the gateways Gateway 1 and 2. It is required that all the outbound packets destined to externally hosted wed server should be routed through a particular gateway i.e. Gateway 2 only and not through the Gateway 1. To forward the packets for web server through Gateway 2, we need to define a static route. IP schema Gateway 1: 1.1.1.2 Gateway 2: 2.2.2.2 Web server hosted externally: 5.5.5.5

Configuration: Step 1. Log on to Console through ssh / telnet. Select option 3 Route Configuration in Main Menu to go to the Router Management menu. Step 2. In Route Management, go to option 1 Configure Static-routes/ACLs

Enable configuration mode and define static route by executing command from the command prompt as below: router> enable <cr> router# configure terminal router(config)# ip route <destination IP address/netmask> <gateway IP address> for our example, destination IP address is the IP address of the Web server i.e. 5.5.5.5/32 and gateway IP address is the IP address of the gateway through which the requests are to be routed i.e. 2.2.2.2 router(config)# write Write command saves the route permanently in the routing table

Firewall based route A static route specifies how to handle traffic that matches specific criteria, such as destination address, destination mask, gateway to forward traffic, the interface that gateway is located. Static routing method satisfies most of the requirements, but is limited to forwarding based on destination address only. Firewall based routing is extended static routes which provide more flexible traffic handling capabilities. It allows for matching based upon source address, service/application, and gateway weight for load balancing. Hence, it offers granular control for forwarding packets based upon a number of user defined variables like: Destination Source Application Combination of all of the above The following examples walk through how to create routes with the help of Firewall along with other features. 1. Destination specific route Destination specific route is same as the static route creation except that it is created from firewall page of Web Admin Console while static route is created from Console. Required when: Internal users require access to externally hosted servers Packets for external server should always be routed through a designated gateway and not the default gateway Example: Cyberoam is connected to LAN via switch and configured with multiple links. Mail server is deployed in LAN. LAN user s requests for the externally hosted server should be routed through designated gateway i.e. Gateway 2 only and should not be load balanced. IP schema Gateway 1: 1.1.1.2 Gateway 2: 2.2.2.2 SMTP server (external): 5.5.5.5 Cyberoam WAN IP address:1.1.1.1/24 and 2.2.2.1/24 WAN Alias IP address: 2.2.2.5 Mail server (internal): 172.16.16.100

Step 1: Go to Firewall > Host > Add and define a host i.e. IP address for the external server. You can also add from within the firewall rule as shown in the below given screen shot. Step 2: Go to Firewall > Create Rule to add LAN to WAN rule for the host i.e. external server 5.5.5.5

2. Policy based route Required when: Server is hosted internally and required to NAT the outbound packets Packets from internal server should always be routed through a designated gateway and should not be load balanced. Example: Cyberoam is connected to LAN via switch and configured with multiple links. Mail server is deployed in LAN. The traffic originated by mail server should be routed through a designated gateway and request should be forwarded with alias IP address i.e. source NATted. IP schema Gateway 1: 1.1.1.2 Gateway 2: 2.2.2.2 Cyberoam WAN IP address:1.1.1.1/24 and 2.2.2.1/24 WAN Alias IP address: 2.2.2.5 Mail server (internal): 172.16.16.100 Configuration: Step 1: Go to Firewall > Host > Add and define a host i.e. IP address for the external server. You can also add from within the firewall rule as shown in the below given screen shot.

Step 2. Go to Firewall > SNAT Policy > Create to forward the entire outbound traffic from internal mailer to the specified IP address. For our example, specify WAN Alias IP address - 2.2.2.5 Step 3: Go to Firewall > Create Rule to add LAN to WAN rule to forward the mail server traffic to the external server through designated gateway after natting the packets.

Explicit Source based routing from Gateway Required for Half open connections whose information is not available in Cyberoam Example: Mail server hosted internally is used by remote users to send and receive mails and the packets from mail server should explicitly be routed through Gateway 2. IP schema Gateway 1: 1.1.1.2 Gateway 2: 2.2.2.2 Cyberoam WAN IP address:1.1.1.1/24 and 2.2.2.1/24 WAN Alias IP address: 2.2.2.5 Mail server (internal): 172.16.16.100 Configuration: To explicitly route the traffic of a particular host/network from a designated gateway, one has to add host/network under the designated gateway. Step 1: Go to System > Gateway > Manage Gateway(s) and define the all the gateways other than the default gateway. Default gateway is defined at the time of Deployment.

Step 2: Go to System > Gateway > Manage Gateway(s) and click the gateway for which host/network is to be added Traffic from the specified host/network will be routed from the selected gateway. Note: If explicit source based routing is not defined then in above mentioned cases, the first return

packet (Syn + Ack) from mail server may be routed through either of the gateway, resulting into incomplete 3-way handshake. But incase of TCP packet, firewall maintains session information only when 3-way handshake is complete. Hence it is required to explicitly route such half open connection from the gateway itself. Routing Order Cyberoam provides number of ways to define routes when configured to use multiple gateways. When more than one route is configured, Cyberoam processes route in the following order: 1. Static route (Destination based route) 2. Firewall based routes (Source, Destination or Application based route) 3. Explicit source based route 4. Default Gateway Default gateway is defined at the time of deployment. Document version: 2.0-27/12/2007

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information