Cyberoam Virtual Security Appliance - Installation Guide for XenServer. Version 10

Cyberoam Virtual Security Appliance - Installation Guide for XenServer Version 10 Document Version 10.6.1-01/07/2014

Contents Preface... 4 Base Configuration... 4 Installation Procedure... 4 Cyberoam Virtual Security Appliance Installation... 5 Cyberoam Virtual Security Appliance Configuration... 11 Network Configuration Wizard... 11

Typographic Conventions All contents in this guide including text or screenshots follow the given list of conventions. Item Convention Example Server Machine where Cyberoam Software - Server component is installed Client Machine where Cyberoam Software - Client component is installed User The end user Username Username uniquely identifies the user of the system Topic titles Shaded font typefaces Introduction Subtitles Bold & Black typefaces Notation conventions Navigation link Bold typeface Group Management Groups Create it means, to open the required page click on Group management then on Groups and finally click Create tab Name of a particular parameter / field / command button text Cross references Notes & points to remember Prerequisites Lowercase italic type Hyperlink in different color Bold typeface between the black borders Bold typefaces between the black borders Enter policy name, replace policy name with the specific name of a policy Or Click Name to select where Name denotes command button text which is to be clicked Refer to Customizing User database Clicking on the link will open the particular topic Note Prerequisite Prerequisite details

Preface Welcome to Installation and Deployment Guide of Cyberoam Virtual Security Appliance for XenServer platform. This guide describes how you can download, deploy and run Cyberoam as a virtual machine on XenServer. Base Configuration There underlies a base virtual hardware configuration without which Cyberoam Virtual Security Appliance goes into FAILSAFE mode. The base virtual hardware requirements for XenServer platform is as follows: One vcpu 1GB vram 3 vnic Primary Disk with 4GB size Report Disk with 80GB size To know more about what happens when your appliance goes into FAILSAFE mode and how to recover from it, refer to the Cyberoam KB article Failsafe Troubleshooting for Virtual UTM Appliance. Installation Procedure Pre-requisite Make sure that XenServer is already installed in your network. For XenServer installation instructions, refer to the XenServer Quick Installation guide: http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/citrix-xenserver-quickinstallation-and-licensing-guide.pdf Install XenCenter, a desktop Graphical User Interface (GUI) application for managing XenServer. Throughout this guide, we are using XenCenter for deployment and management of Cyberoam Virtual Security Appliance.

Cyberoam Virtual Security Appliance Installation 1. Download and Extract OVF Package Download the.zip file containing the Cyberoam OVF image and store it in your machine. 2. Import OVF file Open XenCenter and select the XenServer where you want to deploy Cyberoam Virtual Security Appliance. Right click on the selected XenServer and click Import to open the downloaded.ovf file. Screen - Import OVF file Click Browse to go to the location where Cyberoam Virtual Security Appliance.ovf file is stored.

Screen - Open Cyberoam Virtual Security Appliance Click Open to open the selected.ovf file. Click Next to launch the Import OVF/OVA Package wizard. 3. Import OVF/OVA Package Wizard Select the pool or standalone server where you want to place the OVF package contanining Cyberoam Virtual Security Appliance.

Screen - Select location Click Next to select the storage repositories in the destination pool or standalone server. You can choose to import Cyberoam s virtual storage disks on the location selected in the previous step or onto specific target storage repositories. Screen - Select Target Storage Click Next to specify the security settings related to your OVF package containing Cyberoam Virtual Security Appliance. Enable checkbox against Verify manifest content to validate the OVF package.

Screen - Select security settings Click Next to enable/disable Operating System Fixup, a feature when enabled, ensures hypervisor interoperability. Generally, Operating System Fixup is not required and by default, Don t use Operating System Fixup is selected. Cyberoam recommends that you do not change the default selection. Screen - Select Target Storage Click Next to configure the Transfer VM Settings. Transfer VM is a temporary VM, created during the deployment process, which is used to perform the import operation.

From the drop-down list against Network, select the network on which the temporary VM will run. Specify an unused IP Address from the pool or standalone server you selected in the very beginning of Step 3. Alternatively, you can choose to automatically obtain network settings using DHCP. Screen - Select Target Storage. Click Next to continue to the final step of the Import OVF/OVA Package wizard i.e. reviewing the import settings. Screen - Select Target Storage

Click Finish to exit the Import OVF/OVA Package wizard. The deployment process takes time to complete. Please wait while the process completes. This installs Cyberoam Virtual Security Appliance on your machine. Note: To optimize the performance of your Virtual Appliance, configure vcpu and vram according to the license you have obtained. While configuring number of vcpus, ensure that you do not exceed the maximum number limit specific to your license else Cyberoam will go into FAILSAFE mode. For example, for a CRiV-4C you can allocate a maximum of 4 vcpus. Any number higher than that will put the Virtual Appliance into FAILSAFE mode. Following is the Model wise recommended vram: CRiV-1C & CRiV-2C: 1GB CRiV-4C & CRiV-8C: 2GB CRiV-12C & CRiV-UNL: 4GB Cyberoam Virtual Security Appliance allows you to configure a maximum of 26 vnics. However, this number varies according to your hypervisor. For example, XenServer allows allotment of a maximum of 7 vnics to a virtual machine. For details on how to modify allotted virtual hardware configurations, refer to http://www.citrix.com/. 4. Start VM Right click the deployed Virtual Appliance and click Start to access Cyberoam. Screen Power on the Cyberoam Virtual Security Appliance Enter the administrator password i.e. admin to continue to the Main Menu of the Cyberoam Virtual Security Appliance.

Screen Enter administrator password Cyberoam Virtual Security Appliance Configuration To configure Cyberoam Virtual Security Appliance, you need to log into the Cyberoam Web Admin Console. From the management computer: Browse to https://172.16.16.16 Log on to the Cyberoam Web Admin Console using default username admin and default password admin. Click Wizard icon to launch the Network Configuration Wizard. Network Configuration Wizard After logging into the Cyberoam Web Admin Console, click Wizard icon on the top right corner of your Cyberoam Dashboard to launch the Network Configuration wizard. Screen 1 Launch Network Configuration Wizard Network Configuration Wizard guides you step-by-step through configuration of the network parameters like IP address, subnet mask, and default gateway for Cyberoam. Use the configuration settings you noted i earlier. Click Start to start the Network configuration Wizard.

Screen 2 Network Configuration Wizard Configure Mode Gateway mode To configure Cyberoam in Gateway mode, select Gateway Mode and click. Follow the on screen steps to: 1. Configure Interface: Configure IP Address, Subnet Mask and Zone for each port. By default, Cyberoam binds ports A, B and C to LAN, WAN and DMZ zones, respectively. Bridge Mode To configure Cyberoam in Bridge mode, select Bridge Mode and click. 1. Configure Bridge IP Address and subnet mask. 2. Provide Gateway and DNS IP Address. Refer to the screen titled Screen 3 - Configure Interface. To enable interface for PPPoE, provide PPPoE details - Username and Password (only for WAN zone). Click Next to repeat the above steps for each part 2. Configure DNS server address: Click Obtain an IP from DHCP to override appliance DNS and use DNS received from the external DHCP server. Refer to the screen titled Screen 4 - DNS Configuration.

Screen 3 Configure Interface Screen 4 DNS Configuration

Configure Internet Access Configure Internet access policy for LAN to WAN traffic. Monitor Only policy allows LAN to WAN traffic General Internet policy enables IPS 1 and Virus 2 scanning and allows LAN to WAN traffic except Unhealthy Web and Internet traffic as defined by Cyberoam. This will include sites related to Adult contents, Drugs, Crime and Suicide, Gambling, Militancy and Extremist, Violence, Weapons, Phishing and Fraud and URL Translation sites. Strict Internet policy enables IPS 1 and Virus 2 scanning and allows only authenticated LAN to WAN traffic. Click button to configure the mail settings. Screen 5 Configure Internet Access Note 1 Until Intrusion Prevention System module is subscribed, IPS scanning will not be effective. 2 Until Gateway Anti Virus module is subscribed, virus scanning will not be effective.

Configure Mail Settings Specify Administrator Email ID. Specify Mail server IP address. Specify email address that should be used to send the System Alerts. Click Authentication Required to enable SMTP authentication, if required and specify username and password. Click button for Date and Time zone configuration. Screen 6 Configure Mail Settings

Configure Date And Time Zone Set time zone and current date. Enable clock synchronization with NTP server to tune Cyberoam's clock using global time servers. Screen 7 Configure Date and Time Click button to view the configured details. Copy the configured details for future use. Click 'Finish'. It will take few minutes to save the configuration details.

Screen 8 Network Configuration Wizard On successful configuration following page will be displayed. Screen 9 Network Configuration Wizard Please wait for Cyberoam to restart before clicking the URL to access the Web Admin Console. Click Close to close the Network Configuration Wizard window.

Congratulations!!! This finishes the basic configuration of Cyberoam. Your network is now protected from Internet-based threats and access to Adult contents, Drugs, Crime and Suicide, Gambling, Militancy and Extremist, Violence, Weapons, Phishing and Fraud and URL Translation sites will be blocked. Note If Cyberoam Virtual Security Appliance is not connected to the Internet for 30 days in a row, it will lead to de-activation of the appliance. In case of de-activation, contact support@cyberoam.com. What Next? 1. Avail Subscriptions To subscribe for free 15-days trial subscription of Web and Application Filtering, IPS, Anti Virus and Anti Spam, browse to http://customer.cyberoam.com and login with the credential provided at the time of account creation. Access Cyberoam Web Admin Console Browse to https://<ip address of cyberoam> and log on using the default username (admin) and password (admin). Note: Internet Explorer 7+ or Mozilla Firefox 1.5+ is required to access the Cyberoam Web Admin Console. Go to System Maintenance Licensing page and synchronize the registration details. Registration and subscription details will be displayed only after synchronization. 2. Configure DNS Configure the correct firewall rule for your Domain Name Server (DNS). You may not be able to access Internet if not configured properly. 3. Enable Virus Scanning Go to Firewall Rule Rule and edit default firewall rules to enable virus scanning. 4. Set authentication parameters Go to Identity Authentication Authentication Server to define the authentication parameters. 5. Access Help

For accessing online help, click the Help button or F1 key on any of the screens to access the corresponding topic's help. Use the Contents and Index options to navigate through the entire online help.

Additional Resources Visit following links for more information to configure Cyberoam Technical Documentation - http://docs.cyberoam.com Cyberoam Knowledge Base - http://kb.cyberoam.com Cyberoam Security Center - http://csc.cyberoam.com Cyberoam Upgrades - http://customer.cyberoam.com Important Notice Cyberoam Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Cyberoam Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document. Cyberoam Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice. USER S LICENSE Use of this product is subject to acceptance of the terms and conditions of Cyberoam End User License Agreement (EULA) at the time of installation. RESTRICTED RIGHTS Copyright 1999-2014 Cyberoam Technologies Private Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of Cyberoam Technologies Pvt. Ltd. Corporate Headquarters Cyberoam Technologies Pvt. Ltd. 901, Silicon Tower, Off. C.G. Road, Ahmedabad - 380 006, INDIA Phone: +91-79-66065606 Fax: +91-79-26407640 Web site: www.cyberoam.com Technical Support You may direct all questions, comments, or requests concerning the software you purchased, your registration status, or similar issues to Customer care/service department at the following address: Email: support@cyberoam.com Web site: www.cyberoam.com Visit www.cyberoam.com for the regional and latest contact information.