Cyberoam SSL VPN Installation and Configuration Guide

Similar documents
SSL VPN Client Installation Guide Version 9

SSL VPN Management Guide Version 10

SSL VPN User Guide Version 10

Thin Client Solution Installation Guide Version

Cyberoam Virtual Security Appliance - Installation Guide for XenServer. Version 10

Cyberoam Virtual Security Appliance - Installation Guide for VMware ESX/ESXi. Version 10

IPSec VPN Client Installation Guide. Version 4

Radius Integration Guide Version 9

High Availability Configuration Guide Version 9

Cyberoam IPSec VPN Client Configuration Guide Version 4

Virtual LAN Configuration Guide Version 9

HTTP Client Installation Guide Version 9

ADS Integration Guide

How To Configure SSL VPN in Cyberoam

SOFTWARE LICENSE LIMITED WARRANTY

CYBEROAM WINDOWS DOMAIN CONTROLLER INTEGRATION GUIDE VERSION:

Cyberoam Multi link Implementation Guide Version 9

CORPORATE HEADQUARTERS Elitecore Technologies Ltd. 904 Silicon Tower, Off. C.G. Road, Ahmedabad , INDIA

CORPORATE HEADQUARTERS Elitecore Technologies Ltd. 904 Silicon Tower, Off. C.G. Road, Ahmedabad , INDIA

Deploying Virtual Cyberoam Appliance in the Amazon Cloud Version 10

Cyberoam Anti Spam Implementation Guide Version 9

Unified Threat Management

VCCC Appliance VMware Server Installation Guide

Connecting an Android to a FortiGate with SSL VPN

Cyberoam Anti Virus Implementation Guide Version 9

User Guide Version 9 Document version /03/2007

User Guide Version 9.5.8

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client

A Guide to New Features in Propalms OneGate 4.0

Cyberoam Anti Spam Configuration Guide Version 9

Citrix Access on SonicWALL SSL VPN

How To - Deploy Cyberoam in Gateway Mode

Campus VPN. Version 1.0 September 22, 2008

Astaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client

M2M Series Routers. Port Forwarding / DMZ Setup

Clientless SSL VPN Users

How To Configure A Kiwi Ip Address On A Gbk (Networking) To Be A Static Ip Address (Network) On A Ip Address From A Ipad (Netware) On An Ipad Or Ipad 2 (

Sophos UTM. Remote Access via SSL. Configuring UTM and Client

Comodo LoginPro Software Version 1.5

SSL SSL VPN

How To - Implement Clientless Single Sign On Authentication with Active Directory

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

Professional Integrated SSL-VPN Appliance for Small and Medium-sized businesses

How to Create a Basic VPN Connection in Panda GateDefender eseries

Setting Up a Unisphere Management Station for the VNX Series P/N Revision A01 January 5, 2010

If you have questions or find errors in the guide, please, contact us under the following address:

SSL-VPN 200 Getting Started Guide

What is the Barracuda SSL VPN Server Agent?

SSL VPN Server Guide Access Manager 3.1 SP5 January 2013

SonicWALL SSL-VPN 2.5: NetExtender

Thinspace deskcloud. Quick Start Guide

SSL VPN. Virtual Appliance Installation Guide. Virtual Private Networks

Configuring SSL VPN on the Cisco ISA500 Security Appliance

Quick Start Guide. Cerberus FTP is distributed in Canada through C&C Software. Visit us today at

User guide. Business

How do I set up a branch office VPN tunnel with the Management Server?

Exchange Outlook Profile/POP/IMAP/SMTP Setup Guide

Dell SonicWALL SRA 7.5 Citrix Access

Windows and MAC User Handbook Remote and Secure Connection Version /19/2013. User Handbook

INTEGRATION GUIDE. DIGIPASS Authentication for Cisco ASA 5505

UTM Quick Installation Guide

Remote Access for LAPD Users Using Aventail SSL VPN

Configuring Your Client: Outlook Express

Contents. VPN Instructions. VPN Instructions... 1

SonicWALL SSL-VPN 2.1 User s Guide

Exchange Outlook Profile/POP/IMAP/SMTP Setup Guide

Setting up VMware ESXi for 2X VirtualDesktopServer Manual

SSL VPN Server Guide. Access Manager 3.2 SP2. June 2013

How To Configure Apple ipad for Cyberoam L2TP

Configuring Your Client: Outlook Express. Quick Reference

Stealth OpenVPN and SSH Tunneling Over HTTPS

Citrix Access Gateway Plug-in for Windows User Guide

Remote Application Server Version 14. Last updated:

How To Configure Syslog over VPN

How To Set Up A Vpn Tunnel Between Winxp And Zwall On A Pc 2 And Winxp On A Windows Xp 2 On A Microsoft Gbk2 (Windows) On A Macbook 2 (Windows 2) On An Ip

Quick Connect. Overview. Client Instructions. LabTech

QUICK START GUIDE. Cisco C170 Security Appliance

F-Secure Messaging Security Gateway. Deployment Guide

SSL VPN User Guide Access Manager 3.1 SP5 January 2013

SSL VPN Technology White Paper

Cyberoam Anti Spam Implementation Guide Version 9

QUICK START GUIDE. Cisco S170 Web Security Appliance. Web Security Appliance

VMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

Achieving PCI-Compliance through Cyberoam


Deploying NetScaler Gateway in ICA Proxy Mode

Accops HyWorks v2.5. Quick Start Guide. Last Update: 4/18/2016


2X Cloud Portal v10.5

Global VPN Client Getting Started Guide

How to set up the HotSpot module with SmartConnect. Panda GateDefender 5.0

Propalms TSE Deployment Guide

Windows XP Exchange Client Installation Instructions

Introduction to Mobile Access Gateway Installation

Citrix Access Gateway Enterprise Edition Citrix Access Gateway Plugin for Java User Guide. Citrix Access Gateway 8.1, Enterprise Edition

Application Note. Intelligent Application Gateway with SA server using AD password and OTP

Steps for Basic Configuration

ez Agent Administrator s Guide

Transcription:

Important Notice Cyberoam Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Cyberoam Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document. Cyberoam Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice. USER S LICENSE Use of this product and document is subject to acceptance of the terms and conditions of Cyberoam End User License Agreement (EULA) and Warranty Policy for Cyberoam UTM Appliances. You will find the copy of the EULA at http://www.cyberoam.com/documents/eula.html and the Warranty Policy for Cyberoam UTM Appliances at http://kb.cyberoam.com. RESTRICTED RIGHTS Copyright 1999-2014 Cyberoam Technologies Pvt. Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of Cyberoam Technologies Pvt. Ltd. Corporate Headquarters Cyberoam Technologies Pvt. Ltd. 901, Silicon Tower, Off. C.G. Road, Ahmedabad 380006, INDIA Phone: +91-79-66065606 Fax: +91-79-26407640 Web site: www.cyberoam.com Page 2 of 18

Technical Support You may direct all questions, comments, or requests concerning the software you purchased, your registration status, or similar issues to Customer care/service department at the following address: Corporate Office Cyberoam Technologies Pvt. Ltd. 901, Silicon Tower Off C.G. Road Ahmedabad 380006 Gujarat, India. Phone: +91-79-66065606 Fax: +91-79-26407640 Web site: www.cyberoam.com Cyberoam contact: Technical support (Corporate Office): +91-79-66065777 Email: support@cyberoam.com Web site: www.cyberoam.com Visit www.cyberoam.com for the regional and latest contact information. Page 3 of 18

Contents Introduction to SSL VPN... 6 Concepts of SSL VPN... 7 SSL VPN Access Modes... 7 Network Resources... 9 Installing Cyberoam SSL VPN Client... 10 Configuring Cyberoam SSL VPN Client... 14 Page 4 of 18

Typographic Conventions Material in this manual is presented in text, screen displays, or command-line notation. Item Convention Example User Username Topic titles Shaded font typefaces The end user Username uniquely identifies the user of the system Cyberoam SSL VPN Client Subtitles Bold & Black typefaces Notation conventions Navigation link Bold typeface Group Management > Groups > Create it means, to open the required page click on Group management then on Groups and finally click Create tab Name of a particular parameter / field / command button text Cross references Lowercase italic type Hyperlink in different color Enter policy name, replace policy name with the specific name of a policy Or Click Name to select where Name denotes command button text which is to be clicked refer to Customizing User database Clicking on the link will open the particular topic Notes & points to remember Bold typeface between the black borders Note Prerequisites Bold typefaces between the black borders Prerequisite Prerequisite details Page 5 of 18

Introduction to SSL VPN A Virtual Private Network (VPN) is a tunnel that carries private network traffic from one endpoint system to another over a public network such as the Internet without the traffic being aware that there are intermediate hops between the endpoints or the intermediate hops being aware they are carrying the network packets that are traversing the tunnel. The tunnel may optionally compress and/or encrypt the data, providing enhanced performance and some measure of security. VPN is cost-effective because users can connect to the Internet locally and tunnel back to connect to corporate resources. This not only reduces overhead costs associated with traditional remote access methods, but also improves flexibility and scalability. For business telecommuters or employees working from home, connecting securely to the corporate intranets or extranets to access files or application is essential. Hence, whenever users access the organization resources from remote locations, it is essential that not only the common requirements of secure connectivity be met but also the special demands of remote clients. These requirements include: Flexible Access: The remote users must be able to access the organization from various locations, like Internet cafes, hotels, airport etc. The range of applications available must include web applications, mail, file shares, and other more specialized applications required to meet corporate needs. Secure connectivity: Guaranteed by the combination of authentication, confidentiality and data integrity for every connection. Usability: Installation must be easy. No configuration should be required as a result of network modification at the remote user end. The given solution should be seamless for the connecting user. To satisfy the above basic requirements, a secure connectivity framework is needed to ensure that remote access to the corporate network is securely enabled. SSL (Secure Socket Layer) VPN provides simple-to-use and implement secure access for the remote users. It allows access to the Corporate network from anywhere, anytime and provides the ability to create point-to-point encrypted tunnels between remote user and company s internal network, requiring combination of SSL certificates and a username/password for authentication to enable access to the internal resources. Depending on the access requirement, remote users can access through SSL VPN Client or End user Web Portal (clientless access). Note SSL VPN is not supported when Appliance is deployed as Bridge mode. SSL VPN feature is not available for CR15i Page 6 of 18

Concepts of SSL VPN SSL VPN Access Modes When a remote user connects to the Cyberoam appliance, the Cyberoam appliance authenticates the user based on user name and password. A successful login determines the access rights of remote users according to user group SSL VPN policy. The user group SSL VPN policy specifies whether the connection will operate in Web Access mode or Tunnel Access mode. Tunnel Access mode Tunnel Access mode provides access to the Corporate network to remote users through laptops as well as from Internet cafes, hotels, airport etc. It requires an SSL VPN Client at the remote end. Remote users are required to download and install SSL VPN Client from the End-user Web Portal. SSL VPN client establishes a SSL VPN tunnel over the HTTPS link between the web browser and the Cyberoam appliance to encrypt and send the traffic to the Cyberoam appliance. Cyberoam allows two types of tunneling: Split Tunnel: To avoid the bandwidth choking, split tunnel can be configured which ensures that only the traffic for the private network is encrypted and tunneled while the Internet traffic is send through the usual unencrypted route.this is configured by default and is used to avoid bandwidth choking. In this mode, Cyberoam acts as a secure HTTP/HTTPS gateway and authenticates the remote users. On successful authentication, Cyberoam redirects the web browser to the Web portal. Remote users can download SSL VPN client and configuration file for installation. Configuring Tunnel Access mode is a two-step process: 1. Select Tunnel Access mode in VPN SSL policy 2. Assign policy to the user group Full Tunnel: This ensures that not only private network traffic but other Internet traffic is also tunneled and encrypted. For administrators, Cyberoam Web Admin console provides SSL VPN management. Administrator can configure SSL VPN users, access method and policies, network resources, and system and portal settings. For remote users: Access End user Web Portal If you are installing SSL VPN Client for the first time, download bundled SSL VPN Client and install client on desktop machine. Bundle includes installer as well as configuration file. If you have already installed the SSL VPN Client, download only the configuration file from End user Web Portal and import the downloaded SSL VPN Client Configuration file. Web Access Mode Web Access mode provides access to the remote users who are equipped with the web browser only and when access is to be provided to the certain Enterprise Web applications/servers through web browser only. In other words, it offers a clientless network access using any web browser. The feature comprises of an SSL daemon running on the Cyberoam unit and End user Web portal which provides users with access to network services and resources. In this mode, Cyberoam acts as a secure HTTP/HTTPS gateway and authenticates the remote Page 7 of 18

users. On successful authentication, Cyberoam redirects the web browser to the Web portal from where remote users can access the applications behind the Cyberoam appliance. Configuring Web Access mode is a two-step process: 1. Select Web Access mode in VPN SSL policy 2. Assign policy to the User or Group For administrators, Cyberoam Web Admin console provides SSL VPN management. Administrator can configure SSL VPN users, access method and policies, user bookmarks for network resources, and system and portal settings. For remote users, customizable End user Web Portal enables access to resources as per the configured SSL VPN policy. With no hassles of client installation, it is truly a clientless access. Application access mode Application Access mode provides access to the remote users who are equipped with the web browser and when access is to be provided to the certain Enterprise applications through web browser only. Application access mode also offers a clientless network access using any web browser. The feature comprises of an SSL daemon running on the Cyberoam unit and End user Web portal which provides users with access to network services and resources. Application access allows remote access to different TCP based applications like HTTP, HTTPS, RDP, TELNET, SSH and FTP without installing client. In this mode, Cyberoam acts as a secure gateway and authenticates the remote users. On successful authentication, Cyberoam redirects the web browser to the Web portal from where remote users can access the applications behind the Cyberoam appliance. Configuring Application Access mode is a two-step process: 1. Select Application Access mode in VPN SSL policy 2. Assign policy to the User or Group For administrators, Cyberoam Web Admin console provides SSL VPN management. Administrator can configure SSL VPN users, access method and policies, user bookmarks for network resources, and system and portal settings. For remote users, customizable End user Web Portal enables access to resources as per the configured SSL VPN policy. With no hassles of client installation, it is also a clientless access. Prerequisite (Remote User) Microsoft Windows Supported Windows 2000, Windows XP, Windows 7, Windows Vista and Windows Server 2003 Admin Rights Required Remote user must be logged on as Admin User or must have Admin privilege JRE Installation Java Runtime Environment Version 1.6 or above must be installed Page 8 of 18

Threat - Free Tunneling Cyberoam scans VPN Tunnel Traffic (incoming and outgoing) for malware, spam, inappropriate content and intrusion attempts, ensuring Threat-free Tunneling. Furthermore, VPN traffic is subjected to DoS inspection, although Cyberoam does provide the option of bypassing DoS inspection for specific traffic. Cyberoam does not have an exclusive port assigned for the VPN Zone like the LAN, WAN and DMZ ports. As soon as a VPN connection is established, the port/interface used by the connection is automatically added to the VPN zone, and on disconnection, the port is removed by itself. VPN zone is used by both IPSec and SSL VPN traffic. Note Threat Free Tunneling is applicable only when SSL VPN tunnel is established through Tunnel Access Mode. Network Resources Network Resources are the components that can be accessed using SSL VPN. SSL VPN provides access to an HTTP or HTTPS server on the internal network, Internet, or any other network segment that can be reached by the Cyberoam. The Administrator can configure Web (HTTP) or Secure Web (HTTPS) bookmarks and internal network resources to allow access to Web-based resources and applications. If required, custom URL access can also be provided. Network resources: Resource Bookmarks Bookmark Groups Custom URLs - Not defined as Bookmark Enterprise Private Network resources Accessible in Mode Web Access Mode, Application Access Mode Web Access Mode, Application Access Mode Web Access Mode Tunnel Access Mode Page 9 of 18

Installing Cyberoam SSL VPN Client Step 1 Download Cyberoam SSL VPN client installation program CyberoamSSLVPNClient_Setup.exe from the Client page of Cyberoam website. Step 2 Double click on the downloaded file to install and select the language for displaying the installation steps. Follow the onscreen instructions given by the installation wizard. Note Need Administrator privileges to install the client. On clicking Download Client, the following message appears. Screen - Prompt Message Step 3 Click Save to save a copy of the executable (.exe) file on your local machine. The following warning message appears. Screen Warning Message On clicking Allow, the Installer Language dialog box appears. Page 10 of 18

Screen Language Selection Step 4 Select the preferred language. The default language is English. Screen Choose Install Location Page 11 of 18

Step 5 Click Browse to change the location of the Destination Folder where the client is to be installed. Click Install. The following screen appears while installation is in progress. Screen Installation in Progress Screen TAP Adapter Confirmation Page 12 of 18

Step 6 A screen will be displayed that prompts you to install the Tap-Windows adapter titled TAP- Windows Provider V9 Network adapters. It is mandatory to install the Tap-Windows adapter to proceed further. Screen Warning Message Screen Installation Complete Once the installation is complete, you will find CrSSL Client icon in the system tray. Page 13 of 18

Configuring Cyberoam SSL VPN Client Step 1 Right click the Client icon in the System Tray to configure the SSL VPN server IP Address. Screen Server Settings Step 2 Screen SSL VPN Server Settings Configure the SSL VPN Server, the Protocol and the Port. Use the Restore to default (last imported) configuration to import the configurations made in the previous version. Page 14 of 18

Step 3 Previous Configuration can also be imported by selecting the Import Configuration option as shown below: Screen Import Configuration Import Configuration using the on screen instructions that follow. Step 3 Login to access network resources or Internet Double click SSL VPN Client icon and specify username and password and click Login button. Screen User Authentication Enable Save username and password checkbox, if you don t want to type username and password every time you login. Enable Auto Start SSLVPN checkbox to automatically initiate the SSL VPN Client when the system starts. For enabling Auto Start SSLVPN checkbox, Save username and password checkbox needs to be enabled. Page 15 of 18

If the Per User Certificate option is enabled from VPN > SSL > Tunnel Access > Tunnel Access Settings in Cyberoam, the user will be prompted to specify the configured Passphrase in the Enter Password option as shown in the screen below: Screen Enter Password (Passphrase) The icon turns yellow indicating that connection is in progress. Right click the CrSSL Client icon and click Show Status to view the connection status. Screen View Connection Status Screen Connection Status Page 16 of 18

The icon turns green the moment connection is established and IP is leased. Right click the green SSL VPN Client icon Screen Connection Established and click Logout to disconnect the connection. Screen Disconnect the connection Once disconnected, the SSLVPN Client icon turns red. Right click the red icon the SSL VPN Client. and click Exit to Screen Exit the SSL VPN Client This finishes the configuration of Cyberoam SSL VPN client on the remote user s machine. Page 17 of 18

Configure Proxy (if required) Configure proxy if Client is not able to connect to the Internet directly i.e. outbound access is restricted via HTTP or SOCKS proxy. Note If you are configuring proxy, make sure, you have not selected UDP protocol in the Server Settings (Step 2). Screen Configuring Proxy Screen Proxy Settings This completes the Installation and Configuration for Cyberoam SSL VPN Client. Page 18 of 18

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information