Академический Документы
Профессиональный Документы
Культура Документы
Administrator Guide
Document version 02.03.1 Build 098 -1.0-01/03/2015
Important Notice
Cyberoam Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but
is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any
products. Cyberoam Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document.
Cyberoam Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications.
Information is subject to change without notice.
USER’S LICENSE
Use of this product and document is subject to acceptance of the terms and conditions of Cyberoam End User License
Agreement (EULA) and Warranty Policy for Cyberoam Network Security Appliances.
You will find the copy of the EULA at http://www.cyberoam.com/documents/EULA.html and the Warranty Policy for Cyberoam
Network Security Appliances at http://kb.cyberoam.com/default.asp?id=487&SID=&Lang=1.
RESTRICTED RIGHTS
Copyright 1999 - 2015 Cyberoam Technologies Private Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of
Cyberoam Technologies Pvt. Ltd.
Corporate Headquarters
Cyberoam House,
Saigulshan Complex, Opp. Sanskruti,
Beside White House, Panchwati Cross Road,
Ahmedabad - 380006, GUJARAT, INDIA.
Tel: +91-79-66216666
Fax: +91-79-26407640
Web site: www.cyberoam.com
1 OF 123
Contents
Overview ......................................................................................................................... 3
About this Guide ............................................................................................................ 4
Guide Organization ..................................................................................................................... 4
Typographic Conventions ......................................................................................................... 5
Report ............................................................................................................................. 5
Introduction ................................................................................................................................. 5
Notation conventions ............................................................................................................... 5
Technical Support ...................................................................................................................... 6
How to Start Using CCMS .............................................................................................. 7
Cyberoam’s on-Cloud Management Service for Partners ....................................................... 7
Cyberoam’s on-Cloud Management Service for Customers ................................................. 14
Manage Cyberoam Network Security Appliance(s) using CCMS ......................................... 18
Manage Cyberoam Network Security Appliance(s) using CCMS .............................. 21
Web Admin Console ................................................................................................................. 22
Connecting Web Admin Console .......................................................................................... 22
Dashboards ........................................................................................................................... 23
Log out procedure ................................................................................................................. 39
Navigating through Web Admin console ............................................................................... 39
Management Console ........................................................................................................... 42
Content Pane ......................................................................................................................... 43
Button bar .............................................................................................................................. 43
Account Management .............................................................................................................. 46
Accounts ................................................................................................................................ 46
Administration ........................................................................................................................ 48
System ................................................................................................................................... 53
Appliance Management............................................................................................................ 55
Appliances ............................................................................................................................. 55
Appliance Discovery .............................................................................................................. 68
Appliance Groups .................................................................................................................. 69
Template ................................................................................................................................ 71
Change Control ......................................................................................................................... 79
Change Control ..................................................................................................................... 79
Export Configuration .............................................................................................................. 85
Group Level Configuration - Dynamic Objects ...................................................................... 86
Individual Appliance Level Configuration .............................................................................. 95
Scheduled Tasks ................................................................................................................. 101
Diagnostics .......................................................................................................................... 102
Appliance Maintenance .......................................................................................................... 106
Backup & Restore ................................................................................................................ 106
Firmware .............................................................................................................................. 108
Maintenance ........................................................................................................................ 109
Appliance Monitoring ............................................................................................................. 111
Graphs ................................................................................................................................. 111
Alerts.................................................................................................................................... 113
Event Viewer ....................................................................................................................... 116
CCMS Monitoring.................................................................................................................... 119
Event Viewer ....................................................................................................................... 119
2 OF 123
Overview
Welcome to Cyberoam’s on-Cloud Management Service guide.
Intended audience of this guide are partners who want to become MSSP using Cyberoam’s on-Cloud
Management Service and the customers who want their Cyberoam Network Security Appliance to be
managed by Cyberoam enabled MSSPs.
CCMS provide centralized security management across distributed Cyberoam Network Security
Appliances, enabling high levels of security for MSSPs and large enterprises. With Layer 8 Identity-
based policies and centralized reports and alerts, CCMS provides granular security and visibility into
remote and branch offices across the globe.
With a single, web-based GUI across all security features, CCMS ensures centralized policy
implementation, simplifying security management and maintaining high levels of security across all
customer locations and remote offices despite the lack of technical resources at these locations.
With centralized installation, updates, monitoring, upgrades and visibility into remote networks, CCMS
delivers lower cost of ownership, minimizing investment in remote technical resources.
3 OF 123
About this Guide
This Guide provides information regarding the administration, maintenance, and customization of
Cyberoam’s on-Cloud Management Service and helps you manage and customize Cyberoam’s on-
Cloud Management Service to meet your organization’s security management requirements.
Guide Organization
The Cyberoam’s on-Cloud Management Service Administrator Guide is structured into two parts.
This section describes how to enable and use Cyberoam’s on-Cloud Management Service as a
partner or as a customer.
This part covers how to start using Cyberoam’s on-Cloud Management Service from web admin
console. This section also describes various components of Web Admin Console.
Account Management
This part covers management of CCMS service network, portal communication and appliance
inventory.
Appliance Management
This part covers various configuration and management operations that can be performed on
Cyberoam appliance(s), which are managed by CCMS. It includes addition, modification, deletion and
configuration of individual appliance and appliance groups.
Appliance Maintenance
This part explains backup restore and firmware options for managed Cyberoam appliance(s).
Appliance Monitoring
This part covers various custom dashboard options and available logs for the managed appliances.
CCMS Monitoring
This part covers activity logs for Cyberoam’s on-Cloud Management Service.
This part covers various advanced configuration options available in Cyberoam’s on-Cloud
Management Service like adding user, profile creation and linking of user with profile.
4 OF 123
Typographic Conventions
Material in this manual is presented in text, screen displays, or command-line notation.
Report
shaded font
typefaces
Introduction
typefaces
Navigation link Bold typeface CCMS Management > Administration > Profile
it means, to open the required page click CCMS
Management then Administration and finally click profile
Name of a Lowercase Enter policy name, replace policy name with the specific
particular italic type name of a policy
parameter / Or
field / Click Name to select where Name denotes command button
command text which is to be clicked
button text
Cross Hyperlink in Refer to Customizing User database Clicking on the link will
references different color open the particular topic
Notes & points Bold typeface
to remember between the Note
black borders
Prerequisites Bold typefaces
between the Prerequisite
black borders Prerequisite details
5 OF 123
Technical Support
You may direct all questions, comments, or requests concerning the software you purchased, your
registration status, or similar issues to Customer care/service department at the following address:
Cyberoam House,
Saigulshan Complex, Opp. Sanskruti,
Beside White House, Panchwati Cross Road,
Ahmedabad - 380006, GUJARAT, INDIA.
Tel: +91-79-66216666
Fax: +91-79-26407640
Web site: www.cyberoam.com
Cyberoam contact:
Technical support (Corporate Office): +91-79-66065777
Email: support@cyberoam.com
Web site: www.cyberoam.com
6 OF 123
PART
How to Start Using CCMS
1
This section covers steps to become Cyberoam’s on-Cloud Management Service Partner (CCMSP)
and enable CCMS on Cyberoam appliance(s) deployed at customers’ locations.
Given below are the registration steps to become MSSP, using Cyberoam’s on-Cloud Management
Service:
7 OF 123
After successful logon, you can see a menu in the left panel of the Partner Portal dashboard. Click
Register to proceed.
8 OF 123
Read Terms and Conditions of Cyberoam’s on-Cloud Management Service carefully. Tick ‘I agree to
terms and conditions’ checkbox and click Apply to register yourself to become a Cyberoam’s on-
Cloud Management Service provider.
9 OF 123
Cyberoam team analyses your registration request and sends a confirmation Email containing an
informational video regarding CCMS workflow.
Please visit the link given in the Email to get more information regarding Cyberoam’s on-Cloud
Management Service (CCMS).
10 OF 123
After receiving the confirmation email from Cyberoam team, login to https://partner.cyberoam.com/
using your credentials.
To view and configure CCMS settings, click Manage, under On-Cloud Management from the left
pane menu.
CCMS Settings page allows you to manage administrator users who can access CCMS, customers
who want to avail CCMS service and list of appliances to be managed.
‘Users’ tab of CCMS Settings page displays list of network administrators. Tick checkbox against
usernames to allow them access to CCMS and click Apply to save settings.
11 OF 123
Screen Elements Description
‘Customer Enrollment’ tab of CCMS Settings page displays list of partners who are part of your sales
channel.
12 OF 123
Screen – CCMS Settings – Appliance List
If the request has been sent then it displays date of request sent.
Send Request Button Click to send CCMS program request to the selected appliance(s).
Table – CCMS Settings – Appliance List
13 OF 123
Cyberoam’s on-Cloud Management Service for Customers
The selected Cyberoam customers receive CCMS program request from the Cyberoam’s On-Cloud
Management Service Provider (CCMSP). To avail CCMS service, you are requested to accept CCMS
program request from Customer My Account.
Go to ‘View Registrations’ tab to view list of registered appliances. You can view the CCMS program
request sent by the CCMSP under ‘Enroll for CCMS’ column.
14 OF 123
Click to view details of the CCMSP.
15 OF 123
Read Terms and Conditions of Cyberoam’s on-Cloud Management Service carefully. Tick ‘I agree to
terms and conditions’ checkbox and click Ok to avail Cyberoam’s on-Cloud Management Service.
Once you agree on terms and conditions, service status of your appliance at customer portal changes
immediately.
16 OF 123
Cyberoam team sends you a confirmation Email with instructions to configure your Cyberoam in order
to be managed by the CCMSP.
Note:
CCMS Partners who are using CCMS IP address need to reconfigure their Cyberoam appliances with
FQDN (manageoncloud.cyberoam.com) to continue using CCMS services.
Cyberoam appliances running with old CyberoamOS version (which does not support FQDN) need to
be re-configured with latest IP address. Please contact Presales team for IP Address.
17 OF 123
Manage Cyberoam Network Security Appliance(s) using CCMS
When the customer accepts CCMS program request, the partner receives a notification with appliance
details. Now the partner can manage subjected appliance(s) using CCMS.
Click Connect to CCMS to connect with Cyberoam’s on-Cloud Management Service. It leads you to
the CCMS global dashboard.
CCMS dashboard displays list of CCMS enabled appliances sending heartbeat packet to CCMS
under Appliance Discovery notification list.
18 OF 123
Screen Elements Description
Appliance Name Specify appliance name, which uniquely identifies the appliance.
Password and Confirm Password for the above mentioned Administrator Username of the
Password Appliance.
Communication Mode Specify communication mode to manage Cyberoam appliance from CCMS.
Central Management will push updates to this Appliance:
Select if the managed Cyberoam appliance is directly accessible
from CCMS i.e. there is no intermediate NAT box. Specify access
protocol and port number to communicate with managed Cyberoam
appliance.
19 OF 123
Template Select configuration template, which has to be applied on the appliance.
Access to User Specify CCMS Administrator who can manage the Cyberoam Appliance
Test Connection Click to test the connectivity between CCMS and appliance.
Once the appliance is added to CCMS the partner can configure various security settings and
manage the Cyberoam Network Security Appliance.
You can add other appliances in similar way and start managing individual appliance or group of
appliance(s) using CCMS.
20 OF 123
PART
Manage Cyberoam Network
2
Security Appliance(s) using
CCMS
This section describes various configuration and management operations that can be performed on
managed Cyberoam Network Security Appliance(s) using CCMS.
This section has following sub-sections:
21 OF 123
Web Admin Console
This section describes the features of Web Admin Console of your CCMS.
Web Admin Console is a Web 2.0 based easy-to-use graphical interface used for configuring and
managing your CCMS.
You can connect to Web Admin Console using HTTP or a secure HTTPS connection from any
management computer using web browser Microsoft Internet Explorer 7+ or Mozilla Firefox 3.0+. The
recommended minimum screen resolution for the management computer is 1024 X 768 and 32-bit
true-color.
To connect to the Web Admin Console you require an administrator account and password.
Group Level Dashboard of all the managed Appliances is displayed as soon as you logon to the Web
Admin Console.
To get the log in window, open the browser and type https://manageoncloud.cyberoam.com . A login
page appears prompting you to enter username and password. Provide your user credentials.
Screen - Login
22 OF 123
Screen Elements Description
Login
Languages supported:
English
French
Traditional Chinese
Simplified Chinese
Hindi
Login button Click to log on to Web Admin Console.
Table - Login screen elements
Dashboards
CCMS displays details of all the added appliances as soon as you log on to Web Admin Console in
the form of Dashboard. CCMS provides three types of dashboards:
Appliance Group Dashboard – Consolidated dashboard for all the appliances of selected
appliance group or appliance subgroup
Appliance Dashboard – Dashboard for the selected appliance only
Template Dashboard – Dashboard for the selected configuration template
Please note that type of displayed dashboard changes, based on the selected appliance group,
subgroup or appliance.
23 OF 123
Screen – Appliance Group Dashboard
Account Information
Disconnected
Compatibility:
Possible Status:
24 OF 123
Compatible
Incompatible
Unregistered Appliances Number of unregistered appliances in selected appliance group or
subgroup. Click the given link to view following details of
unregistered appliances:
Appliance Name
Appliance Key
Appliance Model
Synchronized Appliances Total number of synchronized appliances in selected appliance
group or subgroup.
Unsynchronized Number of unsynchronized appliances in selected appliance group
Appliances or subgroup. If any of the appliance(s) is unsynchronized then a
hyperlink would be displayed. Click the hyperlink to synchronize
the appliances.
Disconnected
Compatibility:
Possible Status:
Compatible
Incompatible
Connected Appliances Total number of appliances currently connected to CCMS in
selected appliance group or subgroup.
25 OF 123
Connectivity:
Possible status:
Connected
Sync:
Possible status:
Synchronized
Unsynchronized – Click ‘Sync now’ hyperlink to start
synchronization process.
Disconnected
Compatibility:
Possible Status:
Compatible
Incompatible
Disconnected Appliances Number of appliances in selected appliance group or subgroup,
which are currently disconnected. If any of the appliance(s) is
disconnected then a hyperlink would be displayed.
Connectivity:
Possible status:
Disconnected
Sync:
Possible status:
Synchronized
Unsynchronized – Click ‘Sync now’ hyperlink to start
synchronization process.
Disconnected
Compatibility:
Possible Status:
Compatible
Incompatible
Model Wise Information
26 OF 123
Name of appliance model along with total number of appliances of
that model number.
Connectivity:
Possible status:
Connected
Disconnected
Sync:
Possible status:
Synchronized
Unsynchronized – Click ‘Sync now’ hyperlink to start
synchronization process.
Disconnected
Compatibility:
Possible Status:
Compatible
Incompatible
Server Information
Time Server (CCMS) time in Day Date Mon YYYY HH:MM:SS format
Compatible Cyberoam Click to view list of Cyberoam appliance versions which are
Versions manageable through CCMS
Appliance License Information
Gateway Anti Virus Number of appliances in which Anti Virus module is subscribed
and unsubscribed.
27 OF 123
Status
Connectivity:
Possible status:
Connected
Disconnected
Sync:
Possible status:
Synchronized
Unsynchronized – Click ‘Sync now’ hyperlink to start
synchronization process
Disconnected
Compatibility:
Possible Status:
Compatible
Incompatible
Gateway Anti Spam Number of appliances in which Anti spam module is subscribed
and unsubscribed.
Connectivity:
Possible status:
Connected
Disconnected
Sync:
Possible status:
Synchronized
Unsynchronized – Click ‘Sync now’ hyperlink to start
synchronization process
Disconnected
Compatibility:
Possible Status:
Compatible
28 OF 123
Incompatible
Web and Application Filter Number of appliances in which Web and Application Filter module
is subscribed and unsubscribed.
Connectivity:
Possible status:
Connected
Disconnected
Sync:
Possible status:
Synchronized
Unsynchronized – Click ‘Sync now’ hyperlink to start
synchronization process
Disconnected
Compatibility:
Possible Status:
Compatible
Incompatible
Intrusion Prevention Number of appliances in which Intrusion Prevention System (IPS)
System (IPS) module is subscribed and unsubscribed.
Connectivity:
Possible status:
29 OF 123
Connected
Disconnected
Sync:
Possible status:
Synchronized
Unsynchronized – Click ‘Sync now’ hyperlink to start
synchronization process
Disconnected
Compatibility:
Possible Status:
Compatible
Incompatible
Web Application Firewall Number of appliances in which Web Application Firewall (WAF)
(WAF) module is subscribed and unsubscribed.
Connectivity:
Possible status:
Connected
Disconnected
Sync:
Possible status:
Synchronized
Unsynchronized – Click ‘Sync now’ hyperlink to start
synchronization process.
Disconnected
Compatibility:
Possible Status:
Compatible
Incompatible
30 OF 123
Out Bound Spam Number of appliances in which Outbound Spam Protection
Protection module is subscribed and unsubscribed.
Connectivity:
Possible status:
Connected
Disconnected
Sync:
Possible status:
Synchronized
Unsynchronized – Click ‘Sync now’ hyperlink to start
synchronization process
Disconnected
Compatibility:
Possible Status:
Compatible
Incompatible
Appliance Dashboard
Appliance dashboard displays following information for the selected appliance:
Appliance Information
License Information
Connection Information
Signature Information
31 OF 123
Screen – Appliance Dashboard
32 OF 123
with latest available database version at upgrade version.
Possible status:
Connected
Disconnected
Synchronization Status Synchronization status
Possible status:
Synchronized
Unsynchronized – Click ‘Sync now’ hyperlink to
start synchronization process
Disconnected
Communication Mode Communication mode to manage Cyberoam appliance
from CCMS:
Available Modes:
Central Management will push updates to this
Appliance
This Appliance will fetch updates from Central
Management
Communicate with Communication protocol – HTTP, HTTPS
Cyberoam using
Communication Port Communication port number
Test Connection Click “Test Now” to establish the connection between
Cyberoam and CCMS
License Information
Appliance Registration Registration Status
Status
Possible status:
Registered E-mail address [License Information] will
be displayed if the appliance is registered. Click
License Information hyperlink to open Customer My
Account page.
Unregistered
Subscriptions
Web and Application Filter Subscription status
Possible status:
Unregistered (when appliance is not registered)
33 OF 123
Subscribed
Unsubscribed
Expired
Trial
Intrusion Prevention System Subscription status
(IPS)
Possible status:
Unregistered (when appliance is not registered)
Subscribed
Unsubscribed
Expired
Trial
Gateway Anti Virus Subscription status
Possible status:
Unregistered (when appliance is not registered)
Subscribed
Unsubscribed
Expired
Trial
Gateway Anti Spam Subscription status
Possible status:
Unregistered (when appliance is not registered)
Subscribed
Unsubscribed
Expired
Trial
8×5 Support Subscription status
Possible status:
Unregistered (when appliance is not registered)
Subscribed
Unsubscribed
Trial
Expired
24×7 Support Subscription status:
Possible status:
Unregistered (when appliance is not registered)
Subscribed
Unsubscribed
Expired
Web Application Firewall Subscription status:
(WAF)
34 OF 123
Possible status:
Unregistered (when appliance is not registered)
Subscribed
Unsubscribed
Expired
Out Bound Spam Protection Subscription status:
Possible status:
Unregistered (when appliance is not registered)
Subscribed
Unsubscribed
Expired
Synchronize Appliance Click to synchronize appliance licenses with Customer
Licenses with Customer My My Account.
Account
CPU Usage for last two hours
Displays line graph for CPU usage for last two hours.
Memory Usage for last two hours
Displays line graph for Memory usage for last two hours.
User Surfing Pattern
Displays Internet surfing pattern of the users in a pie chart.
Interface Status
Displays status of managed appliance’s interfaces with details like Interface Name, MTU,
Interface Speed, MAC Address, and Status of the interface.
Note:
Widgets and information present on the Appliance Dashboard is dependent on the Appliance
firmware.
Template Dashboard
A template dashboard displays summary of the selected template along with the recent activity log.
To view the details of individual template, go to Policy Configuration > Template, and select a
template. This page displays following information for selected template:
Template Summary
Recent Activities
35 OF 123
Screen – Template Dashboard
36 OF 123
Services > Service Groups
Schedule > Schedule
File Type > File Type
Network Displays name of the ‘Network’ configurations along with number of
entries:
Static Route > Unicast
DNS > DNS
DNS > DNS Host Entry
DHCP > Relay
Identity Displays name of the ‘Identity’ configurations along with number of entries:
Authentication > Authentication Server
Authentication > Firewall
Authentication > VPN
Authentication > Admin
Groups > Group
Users > Users
Users > Clientless User
Guest Users > General Settings
Guest Users > SMS Gateway
Policy > Access Time Policy
Policy > Surfing Quota Policy
Policy > Data Transfer Policy
Firewall Displays name of the ‘Firewall’ configurations along with number of
entries:
Rule > Rule
Virtual Host > Virtual Host
NAT Policy > NAT Policy
DoS > Settings
DoS > Bypass Rules
VPN Displays name of the ‘VPN’ configurations along with number of entries:
Policy > VPN Policy
IPSec > IPSec Connection
L2TP > L2TP Configuration
L2TP > L2TP Connection
PPTP > PPTP Configuration
IPS Displays name of the ‘IPS’ configurations along with number of entries:
Policy > IPS Policy
Custom Signature > Custom Signature
Web Filter Displays name of the ‘Web Filter’ configuration along with number of
entries:
Settings > Settings
Category > Web Filter Category
Category > URL Group
Policy > Web Filter Policy
Application Filter Displays name of the ‘Application Filter’ configuration along with number
37 OF 123
of entries:
Category > Application Filter Category
Policy > Application Filter Policy
WAF Displays name of the ‘WAF’ configurations along with number of entries:
Web Servers > Web Servers
Web Servers > Exceptions
Global Settings > Global Settings
IM Displays name of the ‘IM’ configurations along with number of entries:
IM Contact > IM Contact
IM Contact > IM Contact Group
IM Rules > Login
IM Rules > Conversation
IM Rules > File Transfer
IM Rules > Webcam
Content Filter > Content Filter
QoS Displays name of the QoS configuration along with number of entries:
Policy > Policy
Anti Virus Displays name of the ‘Anti Virus’ configurations along with number of
entries:
Mail > Configuration
Mail > SMTP Scanning Rules
Mail > Address Group
Mail > Configuration
HTTP/S > HTTP Scanning Rules
HTTP/S > HTTP Scanning Exceptions
FTP > FTP
Anti Spam Displays name of the ‘Anti Spam’ configurations along with number of
entries:
Configuration > Configuration
Configuration > Address Group
Configuration > Email Archiver
Spam Rules > Spam Rules
Spam Digest > Spam Digest Settings
Trusted Domain > Trusted Domain
Logs and Reports Displays name of the ‘Logs and Reports’ configurations along with number
of entries:
Configuration > Syslog Servers
Configuration > Log Settings
Confirm Button Confirm the template to be exported
Cancel Button Cancel export
Table – Template Dashboard screen elements
38 OF 123
Appliance Monitor Graph
Appliance Monitoring Graphs provide visibility of security alerts, resources and license status of
managed Cyberoam appliances at a single glance.
Click given on the button bar. These graphs display top 20 (twenty) appliances with highest
number of security, resource and license alerts. These graphs are refreshed in interval of 5 minutes.
Main Menu
On the left side of the Web Admin Console is a tree, which allows navigation to the various
functionalities.
The Main menu consists of two menu items: Policy Configuration and Management Console. Policy
Configuration menu tree allows you to navigate through pages through which you can manage
appliances while Management console menu tree allows you to navigate through pages through
which you can manage CCMS itself.
On clicking menu item, related management functions are displayed as submenu items in the menu
tree itself. On clicking submenu item, all the associated tabs are displayed as the horizontal menu bar
on the top of the page. To view page associated with the tab, click the required tab.
39 OF 123
The Main menu tree expands and contracts dynamically when clicked on without navigating to a
submenu. When you click on a top-level heading, it automatically expands that heading and contracts
the heading for the current page. To navigate to a new page, first click on the heading, and then click
on the submenu you want navigate to. Breadcrumbs on the top of the Content Pane displays the
entire navigation path.
Functions are grouped in such a way that the tree does not continue below the bottom of your
browser.
Policy Configuration
CCMS Policy Configuration allows sorting of the added appliances on the basis of different criteria for
better visibility and permits enforcement of global policies for security features like Firewall, VPN,
Intrusion Prevention System, Application filter, Anti-spam and Anti-virus on them. It also allows the
administrator to create and implement multiple QoS policies to stop bandwidth abuse in organization
to ensure productivity of the employees.
As soon as appliances are added to CCMS, CCMS connects to the Appliance and starts
synchronization process and the status of the appliance changes to . In the synchronization
process, CCMS updates its local copy as per the information provided by the Appliance. Once the
synchronization is successful, status changes to . CCMS maintains the mirror or duplicate copy of
the Appliance configuration. However, the appliance copy is always considered as the master copy. If
due to any reason, synchronization process fails, appliance status changes to .
Once the appliances is added and synchronized, appliance sends the information like appliance
health, network information, various attacks and threats identified by the appliance to CCMS through
heartbeat at the regular interval.
Appliance Group
For managing and monitoring purpose, CCMS groups all the managed appliances into various
groups. Use Appliance Group drop down to view list of all the groups. Three level collapsible tree of
Appliance Group is displayed as Group > Sub Group > Appliance. Use to expand and to close
the tree.
40 OF 123
Screen – All Firmware Versions
All Appliance Models – To view the appliance model wise grouping, under the Appliance
Group, click All Appliance Models Version. Click to expand the tree and view list of
appliance(s) that are grouped under each model. It displays name and status of the each
appliance. E.g. Below given image, shows total 3 appliances are added and are grouped as per
the appliance model number.
If the appliance is unsynchronized, click ‘Sync now’ hyperlink on Appliance Dashboard, under
Connection Information section to start synchronization process.
CCMS allows you to create custom Appliance Groups based on various criteria like Department,
Country etc. One can directly manage an appliance or appliance group from Policy Configuration
menu by clicking or from Management Console > Appliance Management >
Appliance page.
41 OF 123
Screen – Add and Manage Appliance(s) and Appliance Group(s)
Template
A template is a set of most commonly used objects, services and configurations. CCMS allows
administrator to store the most common configuration settings of Cyberoam appliances in the form of
template. The administrator can directly export the objects, services and configuration stored in a
template to selected appliance(s) or group of appliance(s). Templates can be default or user defined.
Configuration within the template can also be default or user defined.
Template Dashboard
Management Console
Management Console menu is used to manage and configure the basic system options for the
42 OF 123
CCMS. This includes the basic network settings to connect the CCMS to the corporate network, the
configuration of administrators and their access privileges, managing and updating firmware for the
CCMS as well as managed Cyberoam appliance(s).
Account Management
Appliance Management
Appliance Monitoring
Event Viewer
Content Pane
The centre part of the page is content pane that changes according to the menu item and tab.
Information of the menu is displayed in the content pane, which includes list of managed appliances
and configuration screens.
Button bar
The Button bar on the upper rightmost corner of every page provides access to several commonly
used functions like:
Appliance Search – Specify a search string and click to search appliance(s) in CCMS
Appliance(s) can be searched on following criteria:
o Appliance Name
o Model
o Appliance Key
o Firmware
o Company
o City
o State
o Country
o Anti Virus
o IPS
o Web Category
By default, it yields results based on Appliance Name. Results display following information in tabular
form:
o Appliance Name
o Appliance Key
o Company Name
o Status
o Firmware
Click Appliance Name to locate appliance in the appliance tree.
43 OF 123
Mail Attacks – Ratio of Email viruses to entire Email traffic.
Spam Attacks – Ratio of Spam emails to entire Email traffic.
Web Usage Health – Ratio of ‘Unhealthy’ and ‘Unproductive’ Web surfing to
entire Internet surfing. Click to view User Surfing pattern pie chart on
Appliance Dashboard.
IPS Alerts – IPS attacks stopped by managed Cyberoam appliances.
o Resource – Displays list of appliances which have maximum number of resource
utilization alerts.
Available Resources:
CPU – Click to view line graph for CPU usage for last two hours on Appliance
Dashboard.
Memory – Click to view line graph for Memory usage for last two hours on
Appliance Dashboard.
Disk (Report)
Disk (Config)
o License – Displays list of appliances which have maximum number of subscription
expiry alerts.
Available Subscriptions:
Anti Spam
Anti Virus
IPS
Web Category
8*5 Support
24*7 Support
WAF
Outbound Anti Spam
By default it displays 15 (Fifteen) appliances with highest number of alerts, but the administrator can
load details of maximum 60 (sixty) appliances in batch of 15 each.
44 OF 123
hyperlink or Edit icon
Delete/ – You can delete entity by clicking the Delete Icon. Use checkbox to select entity or
multiple entities to be deleted.
Synchronize/ – You can synchronize configuration of selected entities of managed
appliance(s) with the configuration available in CCMS.
Expand/Collapse icons – Clicking on the parent record displays its child records.
45 OF 123
Account Management
Account Management allows configuration and administration of CCMS for secure and remote
management as well as administrative privilege that you can assign to admin users. It also provides
configuration of several non-network features, such as service network and portal settings.
Accounts
Accounts section allows you to view list of companies (Distributors/Partners/Resellers) and manage
their respective appliances, which are part of CCMS service network. It also allows configuration and
synchronization of Partner Portal with CCMS.
Service Network
Service Network page allows the CCMS administrator to view the list of account holder companies,
which are part of CCMS service network. It displays the list of companies
(Partner/Distributor/Reseller) in hierarchy.
Individual CCMS administrator(s) of account holder companies can only view their respective service
network.
Portal Communication
This page allows Administrator to configure IP address or domain name for Partner Portal access.
The administrator can synchronize CCMS with available updated information on partner portal and
can override all current configurations by synchronizing all the appliances available on Partner Portal.
46 OF 123
Settings
Time Zone Settings
CCMS current time zone can be set by using Time Zone Settings so that logs show the precise time
based on the specified time zone.
Screen – Settings
Appliance Inventory
This page displays the list of appliances, which are available for management through CCMS.
Use Appliance Inventory page to view and manage Cyberoam appliances to the CCMS.
From Appliance Inventory page you can:
Add
View
View Appliances available in Inventory
Appliance Key Appliance Key of the appliance. This field displays appliance
keys of both the appliances if the appliance is deployed in High
Availability Mode.
47 OF 123
Administration
This menu covers general configuration of CCMS including adding administrators. Role-based
administration capabilities are provided to offer greater granular access control and flexibility.
Access Profile
User
Live Users
Access Profile
Use Profile page to create profiles for Administrators. Role-based administration capabilities are
provided to offer greater granular access control and flexibility. Profile sets up access levels for the
administrative users. Profile determines the privileges of the administrator and the administrator’s
access to Cyberoam appliance features.
Access profile page is divided into access control categories for which you can enable None, Read-
only, or Read-Write access.
For ease of use by default, CCMS has “Administrator” profile with full privileges.
Delete – Click the Delete icon in the Manage column against a profile to be deleted. A
dialog box is displayed asking you to confirm the deletion. Click OK to delete the profile. To
delete multiple profiles, select them and click the Delete button.
Manage Profile
48 OF 123
Screen Elements Description
Profile Parameters
Add Profile
Profile Name Name to identify the profile. By default CCMS has two profiles.
Administrator – super administrator with full privileges
Appliance Administrator – read-write privileges for
selected appliance(s)
Policy Configuration Profile Configuration access covers access to following menu
items of CCMS:
Dashboard
Objects
Network
Firewall
Console Access from GUI
Web Filter
49 OF 123
Application Filter
IM
QoS
Traffic Discovery
System
Identity
VPN
IPS
Anti Virus
Anti Spam
Logs & Reports
WAF
Access levels can be set for individual menus as well. You can
either set a common access level for all the menus or
individually select the access level for each of the menu.
Users
Use User page to add administrator users. It allows configuring administrator access to the Cyberoam
appliance, including the level of access and which Cyberoam appliances administrator have access
to. All administrator settings can be configured only when you are logged in as the admin
administrator. The admin administrator is the only user with complete access to the entire CCMS
options.
To manage users, go to Management Console > Account Management >
Administration > User. You can:
Add
View
50 OF 123
Edit – Click the Edit icon in the Manage column against the User Name to be modified. Edit
User page is displayed which has the same parameters as the Add User window.
Search – Click the Search icon in the User Name column to search for users with the
following criteria: is, is not, and contains. A pop-up window is displayed that has filter conditions
for search. Click OK to get the search results and Clear button to clear the results.
is not All the Usernames that do not match with the string
specified in the criteria.
contains All the Usernames that contain the string specified in the
criteria.
Manage Users
51 OF 123
User Parameters
You can create a new profile directly from this page itself and
attach to the user.
Live Users
Live Users page displays list of currently logged on users and their important parameters. Use Live
User page to manage live users of CCMS.
52 OF 123
Screen Elements Description
Username Username, which uniquely identifies user and used for login.
Host IP IP address of the host from where the user is logged in.
Table – Manage Live User screen elements
To edit live user details, go to Management Console > Account Management >
Administration > Live Users. Click user hyperlink to edit user parameters.
Note:
Admin user cannot be deleted.
System
API Explorer
CCMS can be integrated with any Professional Services Automation solution (PSA) by using
Application Programming Interface (API) of CCMS. API Explorer page enables the administrator to
access CCMS’s XML based API to retrieve a certain set of information from CCMS.
CCMS API supports ‘get’ API request type to retrieve the information.
To access CCMS API, go to Management Console > Account Management > System
> API Explorer.
53 OF 123
displayed in the response box.
Submit Click to submit XML query
API Response
Displays response of submitted XML query.
Table – API Explorer
54 OF 123
Appliance Management
Appliance management enables administrator to add and manage appliances. Once the appliances
are added, they can be organized into groups as per the requirement and add dynamic objects. Once
the appliance is added, administrator can select the appliance from the Appliance tree and configure
appliance. As CCMS acts as backup repository, administrator can take backup, save the backup for
the later use or, restore and apply the backup to a single appliance or group of appliances. Apart from
backup, administrator can also download and upgrade to the latest firmware.
Use the Appliance menu to add Cyberoam appliances to the CCMS. Once you have added the
appliances and organized them into groups, you can configure single appliance or groups of
appliances.
Appliances
Use the Appliances page to view and manage the list of Appliances added to CCMS.
Search – Click the Search icon in the Appliance Name column to search for specific
appliance. Appliance can be searched on the following criteria: is, is not and contains. A pop-up
window is displayed that has filter conditions for search. Click OK to get the search results and
Clear button to clear the results.
is not All the appliances that do not match with the string
specified in the criteria.
55 OF 123
contains All the appliances that contain the string specified in
the criteria.
Delete – Click the Delete icon in the Manage column against the appliance to be deleted. A
dialog box is displayed asking you to confirm the deletion. Click OK to delete the appliance. To
delete multiple appliances, select them and click the Delete button.
Reboot – Click to reboot the selected appliance(s) immediately or set schedule to reboot the
appliance(s).
More
1. Add Appliance Wizard
2. Export > Appliance List
3. Export > Appliance IP Change Report
Appliance Key Appliance Key of the appliance. This field displays appliance keys
of both the appliances if the appliance is deployed in High
Availability Mode.
Status
56 OF 123
Synchronized
Unsynchronized – Click ‘Sync now’ hyperlink to start
synchronization process
Disconnected
Compatible
Incompatible
Available subscriptions:
AV, AS, IPS, WAF, Outbound Anti Spam, Web & Application
Filter, 24×7, 8×5 support
Possible status:
: Trial
: Registered
: Expired
Access Protocol Protocol and Port number used to communicate with the
appliance
Possible status:
Registered
Unregistered
Edit Appliances
57 OF 123
Screen – Edit Appliance
Password and Confirm Password for the above mentioned Administrator Username of
Password the Appliance
58 OF 123
appliance will pull those updated configuration settings.
Access to User Specify CCMS Administrator who can manage the Appliance
Test Connection Click to test the connectivity between CCMS and appliance
You can also run Add Appliance Wizard from Appliance Discovery notification.
59 OF 123
Screen – Appliance Information
60 OF 123
Screen Elements Description
Appliance Key Specify Appliance Key. If you are running the wizard from
Appliance Discovery notification then this field will reflect
appliance key automatically.
Password and Confirm Password for the above mentioned Administrator Username of
Password the Appliance.
Enable Change Control Enabling Change Control allows the administrator to maintain
(CCL) list of configuration revisions. Configuration Revisions are the
configuration changes synchronized by CCMS.
61 OF 123
Configure Communication Mode Details using Wizard
Access Protocol Specify Protocol that is to be used to access the Appliance for
pushing configuration and synchronizing i.e. Protocol used to
communicate with the appliance.
Access Port Specify Port through which Appliance and CCMS should
62 OF 123
communicate.
Latest Applicable Firmware If the appliance model is already added in CCMS the latest
for Appliance version will be displayed automatically else click ‘Check for
Upgrades’ to check availability of latest firmware version.
Do you want to upgrade the To upgrade the appliance with latest available firmware click
appliance Yes.
By default, it is disabled.
63 OF 123
Backup Management using Wizard
Do you want to restore any Click Yes to restore backup of any existing appliance in
existing configuration appliance to be added. By default, it is disabled.
backup in new appliance?
64 OF 123
Template Management using Wizard
Do you want to apply any Click Yes to add an appliance with existing configuration
configured template to the template. By default, it is disabled.
appliance?
65 OF 123
Summary
Screen – Summary
66 OF 123
Export > Appliance List
Export > Appliance List option is used to export the list of all managed appliances added in the
CCMS.
The list is exported in excel format containing the following details for each appliance which includes
Appliance Name, Appliance Key, IP/Domain, Connection Status, Firmware Version, IPS Version, AV
Version, Webcat Version, License Subscription Expiration, Last backup Time, Upstream Bytes and
Downstream Bytes.
Appliance List report is generated automatically at 11:50 PM Daily by default and the previous report
is overwritten by the new report. To see the last generated report, go to Management Console >
Appliance Management > Appliances > More > Export > Appliance List. This report
can also be generated manually. To generate reports manually, go to Management Console >
Appliance Management > Appliances > More > Export > Appliance List and click
Generate.
The manually generated report will overwrite the previously generated report.
The report is exported in the excel format which includes IP change information based on Appliance
67 OF 123
Name, Appliance Key, Time, Old IP and New IP.
Appliance Discovery
Cyberoam appliance(s) sends heartbeat packet to CCMS over Syslog, HTTP or HTTPS. Appliance
discovery page allows you to view and add these Cyberoam appliance(s) to CCMS.
Appliance Discovery
To view and add discovered appliance(s) to CCMS, go to Management Console > Appliance
Management > Appliances > Appliance Discovery. You can:
View
Add
Manage Discovered appliances
68 OF 123
IP IP address of WAN interface of the appliance
Appliance Groups
Administrator may want to divide the managed appliances into groups for the following reasons:
to configure group-shared settings and then push the configurations on the appliances at once.
For example group all the appliances that need to upgrade subscription and push the upgrades
to all the appliances
to manage a great number of appliances more efficiently
to group the appliances according to their locations (country/state/city)
to group the appliances according to ownership/company and departments
to group the appliances according to their firmware
to group the appliances according to the appliance models
to group the appliances according to subscription - AV, IPS, Web category
to group the appliances according to the appliance names
Search – Click the Search icon in the Appliance Group Name column to search for group
with the following criteria: is, is not, and contains. A pop-up window is displayed that has filter
conditions for search. Click OK to get the search results and Clear button to clear the results.
is not All the groups that do not match with the string specified
in the criteria.
contains All the groups that contain the string specified in the
criteria.
69 OF 123
For example, if the search string is “Branch”, all the
groups containing the string “Branch” are displayed.
Table – Search Criteria
Delete – Click the Delete icon in the Manage column against a group to be deleted. A
dialog box is displayed asking you to confirm the deletion. Click OK to delete the group. To
delete multiple Users, select them and click the Delete button.
Manage Appliance Groups
70 OF 123
Screen Elements Description
Appliance Group Name Specify group name, which uniquely identifies the group
Template
A template is a set of most commonly used objects, services and configurations. CCMS allows
administrator to store the most common configuration settings of Cyberoam appliances in the form of
template. The administrator can directly export the objects, services and configuration stored in a
template to selected appliance(s). You can
Add
View
Edit – Click the Edit icon in the Manage column against the template to be modified. Edit
template pop-up is displayed where you can edit description of the template.
Export – Click the Export icon in the Manage column against the template to be exported.
Clone – Click the Clone icon in the Manage column against the template to be cloned.
Delete – Click the Delete icon in the Manage column against the template to be deleted. A
dialog box is displayed asking you to confirm the deletion. Click OK to delete the template.
Please note that delete process takes some time based on size of configuration stored in the
template. Hence you can not delete another template before the completion of earlier delete
process. You also can not delete multiple templates in a single click.
Manage Templates
71 OF 123
Screen – Manage Template
You can add a new template from Management Console > Appliance Management >
Template or Policy Configuration > Template > Add Template. Click Add Button to
create a template or Edit Icon to modify the description of the template.
72 OF 123
Appliance Select a Cyberoam appliance from the list of managed
appliances to store configuration available at that Cyberoam
appliance in the form of template
Clone From Select the template to be cloned
Description Specify description of the appliance
Table – Add Template Screen elements
Export Template
73 OF 123
Configuration > Time
Configuration > Notification
Configuration > Messages
Configuration > Web Proxy
Configuration > Parent Proxy
Configuration > Captive Portal
Maintenance > Updates
SNMP > Agent Configuration
SNMP > Community
SNMP > v3 User
Certificate > Certificate
Certificate > Certificate Authority
Certificate > CRL
CLI Configuration > CLI Configuration
CLI Configuration > CTA
Objects Displays name of the ‘Objects’ configurations along with number
of entries:
Host > IP Host
Host > IP Host Group
Host > MAC Host
Host > FQDN Host
Host > FQDN Host Group
Host > Country Host
Host > Country Host Group
Services > Services
Services > Service Groups
Schedule > Schedule
File Type > File Type
Network Displays name of the ‘Network’ configurations along with number
of entries:
Static Route > Unicast
DNS > DNS
DNS > DNS Host Entry
DHCP > Relay
Identity Displays name of the ‘Identity’ configurations along with number
of entries:
Authentication > Authentication Server
Authentication > Firewall
Authentication > VPN
Authentication > Admin
Groups > Group
Users > Users
Users > Clientless User
Guest Users > General Settings
Guest Users > SMS Gateway
Policy > Access Time Policy
Policy > Surfing Quota Policy
Policy > Data Transfer Policy
Firewall Displays name of the ‘Firewall’ configurations along with number
of entries:
Rule > Rule
Virtual Host > Virtual Host
NAT Policy > NAT Policy
DoS > Settings
DoS > Bypass Rules
74 OF 123
VPN Displays name of the ‘VPN’ configurations along with number of
entries:
Policy > VPN Policy
IPSec > IPSec Connection
L2TP > L2TP Configuration
L2TP > L2TP Connection
PPTP > PPTP Configuration
IPS Displays name of the ‘IPS’ configurations along with number of
entries:
Policy > IPS Policy
Custom Signature > Custom Signature
Web Filter Displays name of the ‘Web Filter’ configuration along with
number of entries:
Settings > Settings
Category > Web Filter Category
Category > URL Group
Policy > Web Filter Policy
Application Filter Displays name of the ‘Application Filter’ configuration along with
number of entries:
Category > Application Filter Category
Policy > Application Filter Policy
WAF Displays name of the ‘WAF’ configurations along with number of
entries:
Web Servers > Web Servers
Web Servers > Exceptions
Global Settings > Global Settings
IM Displays name of the ‘IM’ configurations along with number of
entries:
IM Contact > IM Contact
IM Contact > IM Contact Group
IM Rules > Login
IM Rules > Conversation
IM Rules > File Transfer
IM Rules > Webcam
Content Filter > Content Filter
QoS Displays name of the QoS configuration along with number of
entries:
Policy > Policy
Anti Virus Displays name of the ‘Anti Virus’ configurations along with
number of entries:
Mail > Configuration
Mail > SMTP Scanning Rules
Mail > Address Group
Mail > Configuration
HTTP/S > HTTP Scanning Rules
HTTP/S > HTTP Scanning Exceptions
FTP > FTP
Anti Spam Displays name of the ‘Anti Spam’ configurations along with
number of entries:
Configuration > Configuration
Configuration > Address Group
Configuration > Email Archiver
Spam Rules > Spam Rules
75 OF 123
Spam Digest > Spam Digest Settings
Trusted Domain > Trusted Domain
Logs and Reports Displays name of the ‘Logs and Reports’ configurations along
with number of entries:
Configuration > Syslog Servers
Configuration > Log Settings
Confirm Button Confirm the template to be exported
Edit Template
System
o Administration > Settings
o Administration > Appliance Access
o Administration > Profile
o Configuration > Time
o Configuration > Notification
o Configuration > Messages
o Configuration > Web Proxy
o Configuration > Parent Proxy
o Configuration > Captive Portal
o Maintenance > Updates
o SNMP > Agent Configuration
o SNMP > Community
o SNMP > v3 User
o Certificate > Certificate
o Certificate > Certificate Authority
o Certificate > CRL
o CLI Configuration > CLI Configuration
Objects
o Host > IP Host
o Host > IP Host Group
o Host > MAC Host
o Host > FQDN Host
o Host > FQDN Host Group
o Host > Country Host
o Host > Country Host Group
o Services > Services
o Services > Service Groups
o Schedule > Schedule
76 OF 123
o File Type > File Type
Network
o Static Route > Unicast
o DNS > DNS
o DNS > DNS Host Entry
o DHCP > Relay
Identity
o Authentication > Authentication Server
o Authentication > Firewall
o Authentication > VPN
o Authentication > Admin
o Groups > Group
o Users > Users
o Users > Clientless User
o Guest Users > General Settings
o Guest Users > SMS Gateway
o Policy > Access Time Policy
o Policy > Surfing Quota Policy
o Policy > Data Transfer Policy
Firewall
o Rule > Rule
o Virtual Host > Virtual Host
o NAT Policy > NAT Policy
o DoS > Settings
o DoS > Bypass Rules
VPN
o Policy > VPN Policy
o IPSec > IPSec Connection
o L2TP > L2TP Configuration
o L2TP > L2TP Connection
o PPTP > PPTP Configuration
IPS
o Policy > IPS Policy
77 OF 123
o Custom Signature > Custom Signature
Web Filter
o Settings > Settings
o Category > Web Filter Category
o Category > URL Group
o Policy > Web Filter Policy
Application Filter
o Category > Application Filter Category
o Policy > Application Filter Policy
WAF
o Web Servers > Web Servers
o Web Servers > Exceptions
o Global Settings > Global Settings
IM
o IM Contact > IM Contact
o IM Contact > IM Contact Group
o IM Rules > Login
o IM Rules > Conversation
o IM Rules > File Transfer
o IM Rules > Webcam
o Content Filter > Content Filter
QoS
o Policy > Policy
Anti Virus
o Mail > Configuration
o Mail > SMTP Scanning Rules
o Mail > Address Group
o Mail > Configuration
o HTTP/S > HTTP Scanning Rules
o HTTP/S > HTTP Scanning Exceptions
78 OF 123
o FTP > FTP
Anti Spam
o Configuration > Configuration
o Configuration > Address Group
o Configuration > Email Archiver
o Spam Rules > Spam Rules
o Spam Digest > Spam Digest Settings
o Trusted Domain > Trusted Domain
Change Control
Change Control Change Control page allows the administrator to view and manage list of revisions for
the managed appliances. Revisions are the configuration changes synchronized by CCMS and stored
in CCMS repository. Each revision has a unique Change List ID. Additionally, Export Configuration
can be used to export configuration and the change list of appliances or appliance groups.
Change Control
Change Control page allows the administrator to view and manage list of revisions for the
managed appliances. Revisions are the configuration changes synchronized by CCMS and stored
in CCMS repository. Each revision has a unique Changed List ID.
This page also allows the administrator to view list of affected configuration settings, compare
different versions of configurations and roll back to previous configurations.
Given below is the description of Policy Version Control terminology for your understanding:
Revision – Number of changes made to an entity (an entity can be an object, policy, rule etc.)
Change List – Operation ID which results into revision of one or more entities. For example,
Change List 10009 results into Revision 6 of Entity A and Revision 2 of Entity B.
System Snapshot – Entire configuration which is considered as base version.
79 OF 123
o After a firmware upgrade
Alternatively, the administrator can take system snapshot(s) manually.
There can be maximum three snapshots for an appliance.
Configuration roll back is possible up to the last snapshot only.
If an appliance is no longer managed by CCMS, the revision history for the appliance will
remain in CCMS until not purged manually.
This page in CCMS is named as Change Control and allows the administrator to
view change list of affected configuration settings
view details of configuration changes
compare different versions of configurations
take configuration snapshot
restore system configuration snapshot
roll back to previous configuration
80 OF 123
IP Address IP address of the User
Entity Type of Entity
Entity Name Name of the Entity
Component Name of the component used for configuration change.
Possible components:
Central Management
GUI
API
Action Action performed on the configuration.
Possible Actions:
Update
Insert
Delete
Reorder
Enable/Disable
Custom
Reverted Change List Displays list of Change List IDs on mouse over. Changes
associated with the listed IDs have been reverted.
Details Icon Click to view details of the revision. Details include
listing of all dependent entities.
For example if there is a change in firewall rule, details will
display list of dependent Web Filter policy, Application
Filter policy etc.
Revert up to this change Click to revert the changes done in the revision.
list Icon
Restore Icon Click to restore the configuration revision.
Purge Icon Click to purge the configuration revision.
81 OF 123
View the Revision History
82 OF 123
Details Icon Click to view details of the revision in XML format.
Difference with Previous Click to compare revision versions.
Version Icon
83 OF 123
View the Revision Details
84 OF 123
Revert the Revision
Export Configuration
Export Configuration allows the administrator to export configuration and the change list of appliances
or appliance groups. Multiple appliances or appliance groups can be selected for export. To export
configuration go to Management Console > Appliance Management > Change
Control > Export Configuration.
Select the Appliance or Appliance Groups from the drop down list and click Export to generate the
configuration file in .TAR file format. To stop the export process, click Cancel.
85 OF 123
Screen – Export Configuaration
The .TAR file contains selected appliance configuration along with the change list applicable to the
appliance or appliance group. After generation, the .TAR file can be downloaded by clicking
Download. The .TAR file must be extracted at preferred location to view configuration details and
change list details including Appliance Name, Appliance Key and Time.
All of the dynamic objects are created using a similar method - create object and then specify the
dynamic object-appliance mappings.
With dynamic objects, configuration of common objects like mail server, radius servers becomes easy
as they need to be configured only once and then can be mapped.
Host
Zone
Interface
Gateway
Host
Host is a logical building block used in defining firewall rules, virtual host and NAT policy. By default,
the number of hosts equal to the ports in the Cyberoam appliance are already created.
Host represents various types of addresses, including IP addresses, networks and Ethernet MAC
addresses.
Hosts allow entities to be defined once and then be re-used in multiple referential instances
throughout the configuration. For example, an internal Mail Server with an IP address as
192.168.1.15. Rather than repeated use of the IP address while constructing firewall rules or NAT
Policies, it allows creating a single entity called “Internal Mail Server” as a Host name with an IP
address as 192.168.1.15. This host, “Internal Mail Server” can then be easily selected in any
configuration screen that uses Hosts as a defining criterion.
By using hosts instead of numerical addresses, you only need to make changes in a single location,
rather than in each configuration where the IP address appears. Using Hosts reduces the error of
86 OF 123
entering incorrect IP addresses, makes it easier to change addresses and increases readability.
Go to Management Console > Appliance Management > Dynamic Objects > Host
to:
Add
View
Edit – Click the Edit icon in the Manage column against the Host to be modified. Edit Host
pop-up window is displayed which has the same parameters as the Add Host window.
Search – Click the Search icon in the Address Detail column to search for specific IP
address. IP address can be searched on the following criteria: is equal to, starts with and
contains. Click OK to get the search results and Clear button to clear the results.
is not All the appliances that do not match with the string
specified in the criteria.
Delete – Click the Delete icon in the Manage column against a Host to be deleted. A dialog
box is displayed asking you to confirm the deletion. Click OK to delete the Host. To delete
multiple Hosts, select them and click the Delete button.
Manage IP Hosts
87 OF 123
Screen – Manage IP host
To add or edit hosts, go to Management Console > Appliance Management > Dynamic
Objects > Host.
88 OF 123
IP Family Type of IP family.
Available options:
IPv4
IPv6
Appliance-Host Mapping
Zone
A Zone is a logical grouping of ports/physical interfaces and/or virtual subinterfaces if defined.
Zones provide a flexible layer of security for the firewall. With the zone-based security, the
administrator can group similar ports and apply the same policies to them, instead of having to write
the same policy for each interface.
LAN – Depending on the appliance in use and network design, one can group one to six physical
ports in this zone. Group multiple interfaces with different network subnets to manage them as a
single entity. Group all the LAN networks under this zone.
By default the traffic to and from this zone is blocked and hence the highest secured zone. However,
traffic between ports belonging to the same zone will be allowed.
DMZ (DeMilitarized Zone) - This zone is normally used for publicly accessible servers. Depending on
the appliance in use and network design, one can group one to five physical ports in this zone.
WAN - This zone is used for Internet services. It can also be referred as Internet zone.
VPN - This zone is used for simplifying secure, remote connectivity. It is the only zone that does not
have an assigned physical port/interface. Whenever the VPN connection is established, port/interface
89 OF 123
used by the connection is automatically added to this zone and on disconnection; port is automatically
removed from the zone. Like all other default zones, scanning and access policies can be applied on
the traffic for this zone.
Local – Entire set of physical ports available on your appliance including their configured aliases are
grouped in LOCAL zone. In other words, IP addresses assigned to all the ports fall under the LOCAL
zone.
Delete – Click the Delete icon in the Manage column against the Zone to be deleted. A
dialog box is displayed asking you to confirm the deletion. Click OK to delete the zone. To
delete multiple zones, select them and click the Delete button.
Manage Zones
90 OF 123
Screen – Add Zone
Appliance-Zone Mapping
Interface
Interface - Physical interfaces/ports available on your appliance. If virtual subinterface is configured
for the physical interface, it is also displayed beneath the physical interface. Virtual subinterface
configuration can be updated or deleted.
91 OF 123
Zone and Zone Type - Displays port to zone relationship i.e. zone-port membership.
To manage Interfaces, go to Management Console > Appliance Management >
Dynamic Objects > Interface. You can:
Add
View
Edit – Click the Edit icon in the Manage column against the Interface to be modified. Edit
Interface page is displayed which has the same parameters as the Add Interface window.
Delete – Click the Delete icon in the Manage column against the Interface to be deleted. A
dialog box is displayed asking you to confirm the deletion. Click OK to delete the zone. To
delete multiple Interfaces, select them and click the Delete button.
Manage Interface
92 OF 123
Interface Parameters
93 OF 123
Local zone service likes Administration, Authentication,
and Network.
Appliance-Interface Mapping
Appliance Select the appliance.
Interface Select the Interface that is to be mapped.
Table – Add Interface screen elements
Gateway
Cyberoam supports multiple gateways to cope with gateway failure problems. However, simply adding
one more gateway is not an end to the problem. Optimal utilization of all the gateways is also
necessary. Cyberoam Multi Link Manger provides link failure protection by detecting the dead
gateway and switching over to the active link and provides a mechanism to balance traffic between
various links.
Delete – Click the Delete icon in the Manage column against the Gateway to be deleted. A
dialog box is displayed asking you to confirm the deletion. Click OK to delete the zone. To
delete multiple Gateway, select them and click the Delete button.
Manage Gateway
94 OF 123
Gateway Parameters
Appliance-Gateway Mapping
95 OF 123
Anti Virus
Anti Spam
Logs and Reports
System
System allows configuration and administration of Cyberoam appliance for secure and remote
management as well as administrative privilege that you can assign to admin users. It also provides
the basic system settings and language settings of the Web Admin console. Configure several non-
network features, such as SNMP, custom messages and portal setting through System.
Objects
Objects are the logical building blocks of various policies and rules, which include:
Host – IP, network and MAC addresses. They are used in defining firewall rules, virtual host,
NAT policy, IPSec, L2TP and VPN policies
Services which represent specific protocol and port combination for example, DNS service for
TCP protocol on 53 port. Access to services are allowed or denied through firewall rules.
Schedule to control when the firewall rule, Access time policy, Web filter policy, Application filter
policy, or QoS policy will be in effect for example, All Days, Work Hours
File types – defining web filter policy, SMTP scanning rules
Network
Network establishes how Cyberoam connects and interacts with your network and allows configuring
network specific settings.
Basic network settings include configuring Cyberoam interfaces and DNS settings. It also describes
how to use DHCP to provide convenient automatic network configuration for your clients.
This menu covers how to configure your Cyberoam to operate in your network. Basic network settings
include configuring Cyberoam interfaces and DNS settings. More advanced configuration includes
adding VLAN subinterfaces and custom zones to the Cyberoam network configuration. It also
describes how to use DHCP to provide convenient automatic network configuration for your clients.
Identity
Once you have deployed Cyberoam, default access policy is automatically applied which will allow
complete network traffic to pass through Cyberoam. This will allow you to monitor user activity in your
Network based on default policy.
As Cyberoam monitors and logs user activity based on IP address, all the reports are also generated
based on IP address. To monitor and log user activities based on User names or logon names, you
have to configure Cyberoam for integrating user information and authentication process. Integration
will identify access request based on User names and generate reports based on Usernames.
When the user attempts to access Cyberoam, Cyberoam requests a user name and password and
authenticates the user’s credentials before giving access. User level authentication can be performed
96 OF 123
using the local user database on the Cyberoam, an External ADS server, LDAP or RADIUS server.
Firewall
A firewall protects the network from unauthorized access and typically guards the LAN and DMZ
networks against malicious access; however, firewalls may also be configured to limit the access to
harmful sites for LAN users.
The responsibility of firewall is to grant access from Internet to DMZ or Service Network according to
the Rules and Policies configured. It also keeps watch on state of connection and denies any traffic
that is out of connection state.
Firewall rule provides centralized management of security policies. From a single firewall rule, you can
define and manage entire set of Cyberoam security policies.
VPN
Cyberoam VPN automatically encrypts the data and sends it to the remote site over the Internet,
where it is automatically decrypted and forwarded to the intended destination. By encrypting, the
integrity and confidentiality of data is protected even when transmitted over the untrusted public
network. Cyberoam uses IPSec standard i.e. IPSec protocol to protect traffic. In IPSec, the identity of
communicating users is checked with the user authentication based on digital certificates, public keys
or preshared keys.
Cyberoam ensures that all the VPN traffic passing through the VPN tunnels is threat free. All the
firewall rules and policies are applicable to the traffic going into the VPN tunnels and coming out of
the VPN tunnels. Cyberoam inspects all the traffic going into the VPN tunnels and coming out of the
tunnels and makes sure that there are no viruses, worms, spam, and inappropriate content or
intrusion attempts in the VPN traffic. As VPN traffic is, by default subjected to the DoS
inspection,Cyberoam provides a facility by which one can bypass scanning of traffic coming from
97 OF 123
certain hosts from VPN zone. The above functionality is achieved by adding one additional zone
called VPN zone. VPN traffic passes through VPN zone and firewall rule can be applied to VPN zone.
Cyberoam can be used to establish VPN connection between sites, LAN-to-LAN and Client-to-LAN
connection. VPN is the bridge between Local & Remote networks/subnets.
Cyberoam supports following protocols to authenticate and encrypt traffic:
Internet Protocol Security (IPSec)
Layer Two Tunneling Protocol (L2TP)
Point-to-Point Tunneling Protocol (PPTP)
IPS
Cyberoam IPS uses Signatures to identify the malicious activity on the network but instead of
providing only one policy (global) for managing multiple networks/hosts, allows to tailor the policy per
network/host i.e. allows to defining multiple policies for managing multiple networks/hosts.
Cyberoam IPS consists of a signature engine with a predefined database of signatures. Predefined
signatures are not editable.
As per your network requirements, Cyberoam allows you to define multiple policies instead of one
global policy, to decrease packet latency and reduce false positives.
Policy allows you to view Cyberoam predefined signatures and customize the intrusion prevention
configuration at the category as well as individual signature level. Categories are signatures grouped
together based on the application and protocol vulnerabilities.
Each IPS policy contains a set of signatures that the Cyberoam searches for, and log and block and
allows to:
Enable or disable category from IPS protection
Enable or disable individual signature in a category to tailor IPS protection based on your
network environment
Define the action to be taken when the matching traffic pattern is found. Cyberoam can
either detect or drop the connection. In either of the case, Cyberoam generates the log and
alerts the Network Administrator.
To enable the Intrusion Prevention System functionality, apply the policy using firewall rule. You can
create rule to apply:
Single policy for all the user/networks
Different policies for different users/networks or hosts
As firewall rules control all traffic passing through the Cyberoam and decide whether to allow or drop
the connection, IPS policy will be applied to only that traffic/packet which firewall passes.
Web Filter
Web Filter menu allows to configure and manage Web Filtering in Cyberoam. The traffic coming from
the web is filtered by various policies and categories.
98 OF 123
Application Filter
Application Filter menu in Cyberoam allows configuring and managing filtering on various
applications. The traffic coming from the web is filtered by various policies and categories.
WAF
A WAF (Web Application Firewall) protects applications accessed via HTTP and HTTPS against the
attacks on Web server at the application layer.
IM
IM (Instant Messaging) allows configuring and managing restrictions on instant messaging services
provided by the Yahoo and MSN messengers. The traffic coming from the web in form of files and
chat is filtered by various rules and content filtering strategies. You can add an IM contact or IM
contact group for configuring rules.
QoS
Bandwidth is the amount of data passing through a media over a period of time and is measured in
terms of kilobytes per second (kbps) or kilobits per second (kbits) (1 Byte = 8 bits).
The primary objective of QoS (Quality of Service) policy is to manage and distribute total bandwidth
on certain parameters and user attributes. QoS policy allocates & limits the maximum bandwidth
usage of the user and controls web and network traffic.
Anti Virus
Cyberoam Gateway Anti Virus provides you with powerful tools for scanning and detecting infection
and spam in the incoming e-mail traffic. For detecting virus, Cyberoam uses its built-in signature
database.
Cyberoam Anti Virus scans the following traffic as it passes through the Cyberoam:
HTTP
HTTPS
FTP
SMTP
POP3
IMAP
For extra protection, you can configure to block specified file types from passing through the
Cyberoam. You can use this feature to stop files that might contain new viruses. Additional filtration of
messages from configured IP address and URL decreases the load on the server when scanning
email traffic for viruses.
99 OF 123
Stop users from sending/receiving messages with any type of attachments
Perform anti-virus processing of infection revealed in email messages by scanning
Define policies to take appropriate action based on the protocol i.e. define action policy on how
to handle for SMTP, POP3, FTP traffic and HTTP and HTTPS traffic if infection is detected
Limit HTTP and FTP download file size
Notify senders, recipients, and the administrator about messages containing infected,
suspicious, or password-protected attachments
Quarantine messages - Quarantine feature allows to isolate and move infected and suspicious
mails in a quarantine directory defined by a network administrator.
Customize the anti virus protection of incoming and outgoing e-mail messages by defining scan
policies.
Cyberoam Gateway Anti Virus is fully compatible with all the mail systems and therefore can be easily
integrated into the existing network.
Please refer to Cyberoam Anti Virus Implementation Guide for further details.
Anti Spam
Cyberoam Gateway Anti Spam provides a powerful tool for scanning and detecting infection.
Cyberoam Anti Spam as a part of unified solution along with Anti Virus and IPS (Intrusion Prevention
System), provides real time virus scanning that protects all network nodes – workstations, files
servers, mail system from known and unknown attacks by worms and viruses,
Trojans, spyware, adware, spam, hackers and all other cyber threats.
Cyberoam Gateway Anti Spam provides powerful tools for scanning and detecting spam in the
incoming e-mail traffic. Cyberoam Gateway Anti Spam inspects all incoming emails - SMTP, POP3
and IMAP traffic - before the messages are delivered to the receiver's mailbox. If spam is detected,
depending on the policy and rules set, emails are processed and delivered to the recipient unaltered,
reject and generate a notification on the message rejection, add or change subject or change the
receiver.
Cyberoam Gateway Anti Spam is fully compatible with all the mail systems and therefore can be
easily integrated into the existing network.
100 OF 123
Configure action for individual email address
Notify receivers about spam messages
Please refer to Cyberoam Anti Spam Implementation Guide for further details.
Cyberoam can either store logs locally or send logs to external syslog servers for storage and archival
purposes.
Cyberoam can log many different network activities and traffic including:
Firewall log
Anti-virus infection and blocking
Web filtering, URL and HTTP content blocking
Signature and anomaly attack and prevention
Spam filtering
IM logs
Administrator logs
User Authentication logs
Cyberoam supports multiple syslog servers for remote logging. When configuring logging to a Syslog
server, one needs to configure the facility, severity and log file format. One can also specify logging
location if multiple syslog servers are defined.
Maximum five syslog servers can be defined from Logging page of Web Admin Console.
Cyberoam can either store logs locally or send to the syslog servers. Traffic Discovery logs can be
stored locally only.
Scheduled Tasks
Any configuration changes done on CCMS for managed appliances can be pushed to the appliance
or group of appliance(s) immediately or can be scheduled.
Page displays details of the task – entity and sub entity name, appliance for which task is scheduled,
schedule time and option to delete or reschedule the task.
101 OF 123
Screen – Manage Scheduled Tasks
Diagnostics
Diagnostic pages allow checking the accessibility of your CCMS in a single shot. This information can
be used for troubleshooting.
It is like a periodic connectivity check up that helps to identify the impending problems. After
identifying the problem, appropriate actions can be taken to solve the problems and keep the
appliance running smoothly and efficiently.
View the statistics to diagnose the connectivity problem, network problem and test network
communication. It assists in troubleshooting issues such as hangs, packet loss, connectivity,
discrepancies in the CCMS network.
Ping
Trace route
Name lookup
Route lookup
Ping
Ping is the most common network administration utility used to test the reachability of a host on an
Internet Protocol (IP) network and to measure the round-trip time for messages sent from the
originating host to a destination computer.
102 OF 123
Ping sends ICMP echo request/replies to test connectivity to other hosts. Use standard ICMP ping to
confirm that the server is responding. Ping confirms that the server can respond to an ICMP ping
request.
Screen – Ping
Range – 1 to 65507
Table – Ping screen elements
Traceroute
Traceroute is a useful tool to determine if a packet or communications stream is being stopped at the
CCMS, or is lost on the Internet by tracing the path taken by a packet from the source system to the
destination system, over the Internet.
Use traceroute to
find any discrepancies in the CCMS network or the ISP network within milliseconds
trace the path taken by a packet from the source system to the destination system, over the
Internet
103 OF 123
Screen – Trace Route
Name lookup
Name lookup is used to query the Domain Name Service for information about domain names and IP
addresses. It sends a domain name query packet to a configured domain name system (DNS) server.
If you enter a domain name, you get back the IP address to which it corresponds, and if you enter an
IP address, then you get back the domain name to which it corresponds. In other words, it reaches
out over the Internet to do a DNS lookup from an authorized name server, and displays the
information in the user understandable format.
Route lookup
If you have routable networks and wish to search through which Interface CCMS routes the traffic
then lookup the route for the IP address.
104 OF 123
Screen – Route Lookup
105 OF 123
Appliance Maintenance
This section covers maintenance of added appliances in Cyberoam’s on-Cloud Management Service.
Backup and Restore of Cyberoam configuration and firmware management are the essential parts of
Cyberoam appliance maintenance.
The Backup and Restore menu enables you to save back up of your Cyberoam Appliance on CCMS.
It is a good idea to backup the Appliance configuration on a regular basis to ensure that, if the system
fails, you can quickly get the system back to its original state with minimal affect to the network. It is
also a good idea to back up the configuration after making any configuration changes in the
appliance.
You can save the backup of the appliance on CCMS and restore later if something fails on the
Appliance. It is always a good idea to back up the configuration when any changes are made to
ensure you have the latest configuration stored.
This Page displays date on which the backup was taken along with option to save one backup as
‘Last Good Backup’. You can store upto 5(five) backups for any appliance. The ‘Last Good Backup’
will be preserved all the time.
You can also download the backup to save and restore later.
106 OF 123
Screen Elements Description
Scheduled Backup
Available options:
Backup Mode Select how and to whom backup files should be sent.
Available Options:
Select Appliances Select the appliances whose backup is to be taken at the configured
schedule.
Manual Backup
Backup Date Time and Date of the backup in DD/MM/YYYY HH:MM:SS format
Last Good Backup Select a backup to be stored as ‘last good backup’. This backup will not be
purged.
You can take maximum five backups including ‘last good backup’.
107 OF 123
Firmware
Instead of upgrading each managed appliance manually, administrator can upgrade appliance
firmware through CCMS. CCMS can store and apply firmware images. CCMS can download local
copies of firmware images from the Upgrade server. After firmware images have been downloaded,
you can upgrade an appliance or group of appliances.
Use Firmware page to check for the latest available firmware for managed Cyberoam appliances. To
check for the availability of the latest firmware, go to Management Console > Appliance
Management > Firmware > Firmware.
Screen – Firmware
Administrator can download and save the firmware for later use or apply firmware directly.
108 OF 123
Apply Firmware
Maintenance
Maintenance page is used to Manage Inactive Users. The following management options are
available:
109 OF 123
Screen – Maintenance
110 OF 123
Appliance Monitoring
CCMS helps administrator to monitor all the managed appliance for surfing trends, attacks and
outages. Graphs can be used to monitor single appliance or group of appliances. It normally required
Administrator to log on to individual appliance to view system resources and information but with
CCMS, the administrator can view that same information for all the appliances from CCMS itself.
Graphs
Graphs are graphical presentation of user surfing pattern, disk, memory and CPU usage and various
attacks on the appliance.
Administrator can add multiple profiles. Administrator can add profile for group of appliances or single
appliance. Tab for each profile is added on Graphs page.
Profile
To add or edit profile, go to Management Console > Appliance Monitoring > Graphs >
Profile. You can
Add
View
Edit - Click the Edit icon in the Manage column against the profile to be modified. Edit
Profile page is displayed which has the same parameters as the Add Profile window.
Delete – Click the Delete icon in the Manage column against the profile to be deleted. A
dialog box is displayed asking you to confirm the deletion. Click OK to delete the dashboard. To
delete multiple profiles, select them and click the Delete button.
Manage Profile
111 OF 123
Edit Icon Edit profile details
Profile Parameters
To add or edit profiles, go to Management Console > Appliance Monitoring > Graphs >
Profile. Click Add Button to add a new profile or Edit Icon to modify the details.
Available options:
CPU Usage
Memory Usage
Virus Attacks
HTTP Attacks
Mail Attacks
IPS Threats
112 OF 123
Spam Mails
Disk Usage
User Surfing Pattern
Table – Add Profile screen elements
Graphs
To view graphs, go to Management Console > Appliance Monitoring > Graphs >
Graphs. If multiple graphs are added, Tab for each graph is displayed
Depending on the components selected at the time of adding graph, graph displays line graphs for the
usage status of the CPU, memory and hard disk, user surfing patter grouped into Neutral, Productive,
Non Working and Unhealthy categories, virus, HTTP and mail attacks, IPS threats and spam mails.
If multiple appliances are grouped under single graph, line graph of each appliance is plotted in each
component.
Screen – Graphs
Alerts
CCMS allows administrator to create and send email alerts to the specified email address(s) based on
predefined criteria. CCMS alert notification ensures the concerned person receive an alert in
situations like excess CPU, disk and memory usage or alarming count of viruses or IPS attacks.
Profile
To add or edit alerts, go to Management Console > Appliance Monitoring > Alerts >
Profile. You can
Add
View
Edit – Click the Edit icon in the Manage column against the profile to be modified. Edit
Profile page is displayed which has the same parameters as the Add Profile window.
Delete – Click the Delete icon in the Manage column against the profile to be deleted. A
dialog box is displayed asking you to confirm the deletion. Click OK to delete the dashboard. To
delete multiple profiles, select them and click the Delete button.
113 OF 123
Manage Alert Profile
Possible status:
- Click to disable the alert notification.
- Click to enable the alert notification.
To add or edit profiles, go to Management Console > Appliance Monitoring > Alerts >
Profile. Click Add Button to add a new profile or Edit Icon to modify the details.
114 OF 123
Screen Elements Description
Send email(s) alerts to Specify the email addresses on which the alerts are to be sent.
Available criteria:
Any subscription module expires
CPU usage exceeds
Memory usage exceeds
Disk usage exceeds
IPS Threats count
Web virus count exceeds
Mail Virus count exceeds
Total virus count exceeds
Spam Mail count exceeds
Unhealthy Surfing hits
Appliance Connection Status
Gateway status change
VPN connection status change
HA Status change
Specify duration of sending notifications in ‘Notify me’ field.
The duration can be in hours or minutes.
Alerts
To view alerts, go to Management Console > Appliance Monitoring > Alerts > Alerts.
115 OF 123
Screen – Alerts
Alert Message Description of the alert i.e. on which event the alert has been
sent
Table – Add Alert
Event Viewer
Audit and System logs are an important part of any secure system that provides an invaluable view
into the current and past state of almost any type of complex system, and they need to be carefully
designed in order to give a faithful representation of system activity.
They can identify what action was taken by whom and when. The existence of such logs can be used
to enforce correct user behavior, by holding users accountable for their actions as recorded in the
audit log.
They are the simplest, yet also one of the most effective forms of tracking temporal information. The
idea is that any time something significant happens you write some record indicating what happened
and when it happened.
Event Viewer
To view logs of any of the managed appliance, go to Management Console > Appliance
Monitoring > Event Viewer > Event Viewer, select log date and time, appliance and log
type and click Go. Page will display list of all archived logs for the selected appliance.
116 OF 123
Screen – Event Viewer
To search the archived log, go to Management Console > Appliance Monitoring > Event
Viewer > Event Viewer, and click the View Data link. In Advanced Search section:
117 OF 123
Advanced Search options Select Match all of the following to get search result
based on all criteria or Match any of the following to
get search result based on any of the criterion
Add searching criterion. Available options are Upload
Time, Log Component, Status, Username, IP address,
Message, Message ID, File Name, Offset.
Search Results
Log Component For file type Audit Logs, Log Component is GUI
For file type System, Log Component is System
Status Successful
Unsucessful
Message ID Message ID
Table – Search Logs screen elements
118 OF 123
CCMS Monitoring
The administrator can monitor CCMS for policy configuration changes, management console changes
and system events using CCMS logs. In addition, the administrator can view status of the various
signature distribution servers and update them as and when required.
CCMS includes a system to view the events and activities occurring through CCMS from Event
Viewer. Events for various modules – Policy Configuration, Management Console and System are
logged and can be viewed for required date and time.
Event Viewer
Event Viewer
The administrator can monitor CCMS for policy configuration changes, management console changes
and system events using CCMS logs. In addition, the administrator can view status of the various
signature distribution servers and update them as and when required.
CCMS includes a system to view the events and activities occurring through CCMS from Event
Viewer. Events for various modules – Policy Configuration, Management Console and System are
logged and can be viewed for required date and time.
CCMS displays events in expandable three level tree format. By default the event tree is displayed in
collapsed format. Click to expand the tree to view event details.
First level shows CCMS Group/Global/Appliance Level Event Message.
Second Level shows response for each appliance (on which entity is pushed)
Third level shows response of dependent entities
Event Viewer page allows to view the logs for various modules – Policy Configuration, Management
Console, System Events. This page gives consolidated information about all the events that occurred
for the respective modules and information can be filtered based on event id, username or IP
address.
To view logs, go to Management Console > Event Viewer > Event Viewer.
Select date for the log and one of the following modules:
Policy Configuration log – Log provides information of the administrative events and task
occurred at global and appliance level.
Management Console log – Log provides information of the administrative events and task
occurred at CCMS
System Events – Log provides information of the system events
119 OF 123
Screen – Event Viewer
Event Event ID
Sub Entity Name of the sub entity through which the event occurred
120 OF 123
pushed on managed appliances.
Event Event ID
Sub Entity Name of the Sub Component through which the event
occurred
System Events
121 OF 123
Sub Entity Name of the Sub Component through which the event
occurred
122 OF 123