Cyberoam Virtual Security Appliance - Installation Guide for VMware ESX/ESXi. Version 10

Cyberoam Virtual Security Appliance - Installation Guide for VMware ESX/ESXi Version 10 Document Version 10.6.2-16/04/2015

Contents Preface... 4 Base Configuration... 4 Installation Procedure... 4 Cyberoam Virtual Security Appliance Installation... 4 Cyberoam Virtual Security Appliance Configuration... 12 Network Configuration Wizard... 12 Configure Mode... 13 Configure Internet Access... 15 Configure Mail Settings... 16 Configure Date And Time Zone... 17 What Next?... 19

Typographic Conventions All contents in this guide including text or screenshots follow the given list of conventions. Item Convention Example Server Machine where Cyberoam Software - Server component is installed Client Machine where Cyberoam Software - Client component is installed User The end user Username Username uniquely identifies the user of the system Topic titles Shaded font typefaces Introduction Subtitles Bold & Black typefaces Notation conventions Navigation link Bold typeface Group Management Groups Create it means, to open the required page click on Group management then on Groups and finally click Create tab Name of a particular parameter / field / command button text Cross references Notes & points to remember Prerequisites Lowercase italic type Hyperlink in different color Bold typeface between the black borders Bold typefaces between the black borders Enter policy name, replace policy name with the specific name of a policy Or Click Name to select where Name denotes command button text which is to be clicked Refer to Customizing User database Clicking on the link will open the particular topic Note Prerequisite Prerequisite details

Preface Welcome to Installation and Deployment Guide for Cyberoam Virtual Appliance for VMware ESX/ESXi platform. This guide describes how you can download, deploy and run Cyberoam as a virtual machine on VMware ESX/ESXi. Base Configuration There underlies a base virtual hardware configuration without which Cyberoam Virtual Security Appliance goes into FAILSAFE mode, which is as follows: One vcpu 1GB vram 3 vnic (For optimal performance keep Adapter Type as Flexible in case of Virtual Machine Hardware Version 7 and E1000E in case of Virtual Machine Hardware Version 8) Primary Disk with 4GB size Report Disk with 80GB size 1 Serial Port 1 USB Port To know more about what happens when your appliance goes into FAILSAFE mode and how to recover from it, refer to the Cyberoam KB article Failsafe Troubleshooting for Virtual UTM Appliance. Note User loses access to the Cyberoam Virtual Security Appliance for any changes in the vnic configuration numbers post deployment. Installation Procedure Pre-requisite Make sure that VMware ESX/ESXi version 4.0 or later is installed in your network. For VMware ESX/ESXi installation instructions, refer to the VMware documentation: http://www.vmware.com/support/pubs/vs_pubs.html http://www.vmware.com/support/pubs/vsphere-esxi-vcenter-server-pubs.html Cyberoam Virtual Security Appliance Installation 1. Download and Extract OVF Package Download the.zip file containing the Cyberoam OVF image and store it in your machine. For details on how you can obtain a Cyberoam Virtual Security Appliance OVF Package, refer to the Cyberoam Knowledge Base article How can I obtain a Cyberoam Virtual UTM Appliance?

2. Access ESX/ESXi Host via vsphere Client Open VMware vsphere Client and provide necessary credentials to connect to the ESX/ESXi host server on which you want to deploy the OVF template. Note In this guide we are using VMware vsphere client to connect to the ESX/ESXi host server on which the Cyberoam Virtual Security Appliance is to be deployed. Screen Access ESX/ESXi Host via vsphere Client Go to File Deploy OVF Template to open the downloaded.ovf file in the vsphere Client. Screen Deploy OVF Template

Screen Open Cyberoam Virtual Security Appliance Click Open to open the selected.ovf file. Note There are two variants of OVF file i.e. one with Virtual Machine Hardware Version 7 and the other with Virtual Machine Hardware Version 8. You must select the VM Version 8 OVF file if you plan to configure more than 8 vcpus to the Cyberoam Virtual Security Appliance to be deployed. In this guide, we are using VM Version 8 OVF file for deployment. However, the deployment steps remain the same across all variants of the OVF files. 3. Deploy OVF Template Select the source location, i.e. the location of Cyberoam Virtual Security Appliance.ovf file & Click Next to continue.

Screen Deploy OVF Template Verify the OVF template details and click Next to continue. Screen Verify OVF template details

Specify a name for the Cyberoam Virtual Security Appliance to be deployed and click Next to continue. Screen Name and Location details Select the resource pool within which you want to deploy the OVF template and click Next to continue. Screen Resource Pool Configuration Note Here, we are deploying the Cyberoam Virtual Security Appliance on a single/standalone server. The Resource Pool configuration may be different in a Cluster environment. Select the format in which you want to store the virtual disks. Following are the available options: Thin Provision This uses only the minimum required space for the Virtual Appliance, saving the rest for other use.

Thick Provision This uses the entire allotted virtual disk for Cyberoam Virtual Security Appliance installation, wiping out any additional data on the disk. In case you are using VMware ESXi 5.0, you will get a total of 3 formats to store the virtual disks: Thin Provision, Thick Provisioned Lazy Zeroed and Thick Provision Eager Zeroed. For more information, refer to http://www.vmware.com/. Click Next to continue. Screen Select Disk Format Select the networks to be used by the Cyberoam Virtual Security Appliance and click Next to continue. Screen Network Mapping

Verify the selected deployment options and click Finish to start the deployment process. Screen Deployment Summary Screen Deployment Progress This installs Cyberoam Virtual Security Appliance on your machine.

Note To optimize the performance of your Virtual Appliance, configure vcpu and vram according to the license you have obtained. While configuring number of vcpus, ensure that you do not exceed the maximum number limit specific to your license else Cyberoam will go into FAILSAFE mode. For example, for a CRiV-4C you can allocate a maximum of 4 vcpus. Any number higher than that will put the Virtual Appliance into FAILSAFE mode. Following is the Model wise recommended vram: CRiV-1C & CRiV-2C: 1GB CRiV-4C & CRiV-8C: 2GB CRiV-12C & CRiV-UNL: 4GB Cyberoam Virtual Security Appliance does not recognize more than 4GB of vram, if configured. Cyberoam Virtual Security Appliance allows you to configure a maximum of 26 vnics. However, this number varies according to your hypervisor. For an example VMware ESXi 4.0/5.0 allows allotment of a maximum of 10 vnics to a virtual machine. vnic adaptor types can be tweaked to obtain higher performance. For details on how to modify allotted virtual hardware configurations, refer to http://www.vmware.com/. 4. Power on Right click the deployed Appliance and go to Power Power On to access Cyberoam. Screen Power on the Cyberoam Virtual Security Appliance Enter the administrator password i.e. admin to continue to the Main Menu of the Cyberoam Virtual Security Appliance. Screen Enter administrator password

Cyberoam Virtual Security Appliance Configuration To configure Cyberoam Virtual Security Appliance, you need to log into the Cyberoam Web Admin Console. From the management computer: Browse to https://172.16.16.16 Log on to the Cyberoam Web Admin Console using default username admin and default password admin. Click Wizard icon to launch the Network Configuration Wizard. Network Configuration Wizard After logging into the Cyberoam Web Admin Console, click Wizard icon on the top right corner of your Cyberoam Dashboard to launch the Network Configuration wizard. Screen 1 Launch Network Configuration Wizard Network Configuration Wizard guides you step-by-step through configuration of the network parameters like IP Address, subnet mask, and default gateway for Cyberoam. Use the configuration settings you noted earlier. Click Start to start the Network configuration Wizard.

Screen 2 Network Configuration Wizard Configure Mode Gateway mode To configure Cyberoam in Gateway mode, select Gateway Mode and click. Follow the on screen steps to: 1. Configure Interface: Configure IP Address, Subnet Mask and Zone for each port. By default, Cyberoam binds ports A, B and C to LAN, WAN and DMZ zones, respectively. Bridge Mode To configure Cyberoam in Bridge mode, select Bridge Mode and click. 1. Configure Bridge IP Address and subnet mask. 2. Provide Gateway and DNS IP Address. Refer to the screen titled Screen 3 - Configure Interface. To enable interface for PPPoE, provide PPPoE details - Username and Password (only for WAN zone). Click Next to repeat the above steps for each part 2. Configure DNS server address: Click Obtain an IP from DHCP to override appliance DNS and use DNS received from the external DHCP server. Refer to the screen titled Screen 4 - DNS Configuration.

Note Bridge Mode requires Promiscuous mode to be enabled on all bridge member interfaces. Screen 3 Configure Interface Screen 4 DNS Configuration

Configure Internet Access Configure Internet access policy for LAN to WAN traffic. Monitor Only policy allows LAN to WAN traffic General Internet policy enables IPS 1 and Virus 2 scanning and allows LAN to WAN traffic except Unhealthy Web and Internet traffic as defined by Cyberoam. This will include sites related to Adult contents, Drugs, Crime and Suicide, Gambling, Militancy and Extremist, Violence, Weapons, Phishing and Fraud and URL Translation sites. Strict Internet policy enables IPS 1 and Virus 2 scanning and allows only authenticated LAN to WAN traffic. Click button to configure the mail settings. Screen 5 Configure Internet Access Note 1 Until Intrusion Prevention System module is subscribed, IPS scanning will not be effective. 2 Until Gateway Anti Virus module is subscribed, virus scanning will not be effective.

Configure Mail Settings Specify Administrator Email ID. Specify Mail server IP Address. Specify email address that should be used to send the System Alerts. Click Authentication Required to enable SMTP authentication, if required and specify username and password. Click button for Date and Time zone configuration. Screen 6 Configure Mail Settings

Configure Date And Time Zone Set time zone and current date. Enable clock synchronization with NTP server to tune Cyberoam's clock using global time servers. Screen 7 Configure Date and Time Click button to view the configured details. Copy the configured details for future use. Click 'Finish'. It will take few minutes to save the configuration details. Screen 8 Network Configuration Wizard

On successful configuration, following page will be displayed. Screen 9 Network Configuration Wizard Please wait for Cyberoam to restart before clicking the URL to access the Web Admin Console. Click Close to close the Network Configuration Wizard window. Congratulations!!! This finishes the basic configuration of Cyberoam. Your network is now protected from Internet-based threats and access to Adult contents, Drugs, Crime and Suicide, Gambling, Militancy and Extremist, Violence, Weapons, Phishing and Fraud and URL Translation sites will be blocked. Note To keep your Cyberoam Virtual Security Appliance activated, you must connect it to the Internet at least once in 30 days. In case of de-activation, contact support@cyberoam.com.

What Next? 1. Avail Subscriptions To subscribe for free 15-days trial subscription of Web and Application Filtering, IPS, Anti Virus and Anti Spam, browse to http://customer.cyberoam.com and login with the credential provided at the time of account creation. Access Cyberoam Web Admin Console Browse to https://<ip address of cyberoam> and log on using the default username (admin) and password (admin). Note: Internet Explorer 7+ or Mozilla Firefox 1.5+ is required to access the Cyberoam Web Admin Console. Go to System Maintenance Licensing page and synchronize the registration details. Registration and subscription details will be displayed only after synchronization. 2. Configure DNS Configure the correct firewall rule for your Domain Name Server (DNS). You may not be able to access Internet if not configured properly. 3. Enable Virus Scanning Go to Firewall Rule Rule and edit default firewall rules to enable virus scanning. 4. Set authentication parameters Go to Identity Authentication Authentication Server to define the authentication parameters. 5. Access Help For accessing online help, click the Help button or F1 key on any of the screens to access the corresponding topic's help. Use the Contents and Index options to navigate through the entire online help.

Additional Resources Visit following links for more information to configure Cyberoam Technical Documentation - http://docs.cyberoam.com Cyberoam Knowledge Base - http://kb.cyberoam.com Cyberoam Security Center - http://csc.cyberoam.com Cyberoam Upgrades - http://customer.cyberoam.com Important Notice Cyberoam Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Cyberoam Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document. Cyberoam Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice. USER S LICENSE Use of this product is subject to acceptance of the terms and conditions of Cyberoam End User License Agreement (EULA) at the time of installation. RESTRICTED RIGHTS Copyright 1999-2015 Cyberoam Technologies Private Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of Cyberoam Technologies Pvt. Ltd. Corporate Headquarters Cyberoam Technologies Pvt. Ltd. 901, Silicon Tower, Off. C.G. Road, Ahmedabad - 380 006, INDIA Phone: +91-79-66065606 Fax: +91-79-26407640 Web site: www.cyberoam.com Technical Support You may direct all questions, comments, or requests concerning the software you purchased, your registration status, or similar issues to Customer care/service department at the following address: Email: support@cyberoam.com Web site: www.cyberoam.com Visit www.cyberoam.com for the regional and latest contact information.