Вы находитесь на странице: 1из 36

SSL VPN User Guide Version 10

Version 7
Document Version 10.04.5.0007 - 30/11/2013

Document Version 10.04.4.0028 - 08/10/2013


Version 7

Version 7
Cyberoam SSL VPN User Guide

Important Notice
Cyberoam Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but
is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any
products. Cyberoam Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document.
Cyberoam Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications.
Information is subject to change without notice.

USER’S LICENSE
Use of this product and document is subject to acceptance of the terms and conditions of Cyberoam End User License
Agreement (EULA) and Warranty Policy for Cyberoam UTM Appliances.

You will find the copy of the EULA at http://www.cyberoam.com/documents/EULA.html and the Warranty Policy for Cyberoam
UTM Appliances at http://kb.cyberoam.com.

RESTRICTED RIGHTS
Copyright 1999 - 2013 Cyberoam Technologies Pvt. Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of
Cyberoam Technologies Pvt. Ltd.

Corporate Headquarters
Cyberoam Technologies Pvt. Ltd.
901, Silicon Tower, Off. C.G. Road,
Ahmedabad – 380006, INDIA
Phone: +91-79-66065606
Fax: +91-79-26407640
Web site: www.cyberoam.com

2
Cyberoam SSL VPN User Guide

Contents

Introduction ......................................................................................................................... 7

Concepts ............................................................................................................................. 8
SSL VPN Access Modes ................................................................................................................ 8
Portal ............................................................................................................................................ 10

Cyberoam Configuration for SSL VPN ............................................................................ 11


Tunnel Access................................................................................................................................. 11
Web Access ..................................................................................................................................... 13
Policy ............................................................................................................................................... 14
Bookmark ........................................................................................................................................ 20
Bookmark Group ............................................................................................................................ 22
Portal ................................................................................................................................................ 24
Live SSL VPN Users ....................................................................................................................... 25

Client Configuration for SSL VPN .................................................................................... 26


Access End-User Portal ................................................................................................................. 26

Accessing SSL VPN Using Tunnel Access .................................................................................. 27


Download Client ........................................................................................................................... 28
Download and Import Client Configuration .................................................................................. 31
Establish connection .................................................................................................................... 33

Accessing SSL VPN Using Web Access ...................................................................................... 34

Accessing SSL VPN Using Application Access .......................................................................... 35

3
Cyberoam SSL VPN User Guide

Preface
Welcome to Cyberoam‟s - User guide.

Cyberoam Unified Threat Management appliances offer identity-based comprehensive security to


organizations against blended threats - worms, viruses, malware, data loss, identity theft; threats
over applications viz. Instant Messengers; threats over secure protocols viz. HTTPS; and more.
They also offer wireless security (WLAN) and 3G wireless broadband and analog modem support
can be used as either Active or Backup WAN connection for business continuity.

Cyberoam integrates features like stateful inspection firewall, VPN, Gateway Anti-Virus and Anti-
Spyware, Gateway Anti-Spam, Intrusion Prevention System, Content & Application Filtering, Data
Leakage Prevention, IM Management and Control, Layer 7 visibility, Bandwidth Management,
Multiple Link Management, Comprehensive Reporting over a single platform.

Cyberoam has enhanced security by adding an 8th layer (User Identity) to the protocol stack.
Advanced inspection provides L8 user-identity and L7 application detail in classifying traffic,
enabling Administrators to apply access and bandwidth policies far beyond the controls that
traditional UTMs support. It thus offers security to organizations across layer 2 - layer 8, without
compromising productivity and connectivity.

Cyberoam UTM appliances accelerate unified security by enabling single-point control of all its
security features through a Web 2.0-based GUI. An extensible architecture and an „IPv6 Ready‟
Gold logo provide Cyberoam the readiness to deliver on future security requirements.

Cyberoam provides increased LAN security by providing separate port for connecting to the
publicly accessible servers like Web server, Mail server, FTP server etc. hosted in DMZ which are
visible the external world and still have firewall protection.

Note

 Default Web Admin Console username is „admin‟ and password is „admin‟


 Cyberoam recommends that you change the default password immediately after installation to
avoid unauthorized access.

4
Cyberoam SSL VPN User Guide

About this Guide


This Guide provides information on how to configure Cyberoam SSL VPN connections and helps
you to manage and customize Cyberoam to meet your organization‟s various requirements for
remote users.

Typographic Conventions
Material in this manual is presented in text, screen displays, or command-line notation.

Item Convention Example


Server Machine where Cyberoam Software - Server component is
installed
Client Machine where Cyberoam Software - Client component is
installed
User The end user
Username Username uniquely identifies the user of the system
Topic titles Shaded

Introduction
font
typefaces

Subtitles Bold &


Black Notation conventions
typefaces
Navigation Bold Group Management  Groups  Create
link typeface it means, to open the required page click on Group
management then on Groups and finally click Create tab

Name of a Lowercase Enter policy name, replace policy name with the specific
particular italic type name of a policy
parameter / Or
field / Click Name to select where Name denotes command button
command text which is to be clicked
button text
Cross Hyperlink in Refer to Customizing User database Clicking on the link
references different will open the particular topic
color
Notes & Bold
points to typeface
remember between Note
the black
borders
Prerequisite Bold
s typefaces
between Prerequisite
the black Prerequisite details
borders

5
Cyberoam SSL VPN User Guide

Technical Support
You may direct all questions, comments, or requests concerning the software you purchased, your
registration status, or similar issues to Customer care/service department at the following address:

Corporate Office
Cyberoam Technologies Pvt. Ltd.
901, Silicon Tower
Off C.G. Road
Ahmedabad 380006
Gujarat, India.
Phone: +91-79-66065606
Fax: +91-79-26407640
Web site: www.cyberoam.com

Cyberoam contact:
Technical support (Corporate Office): +91-79-26400707
Email: support@cyberoam.com
Web site: www.cyberoam.com

Visit www.cyberoam.com for the regional and latest contact information.

6
Cyberoam SSL VPN User Guide

Introduction
A Virtual Private Network (VPN) is a network that uses public telecommunication infrastructure,
such as the Internet, to provide remote offices or traveling users with access to a central
organizational network. A secure tunnel is formed across the public network which carries private
network traffic between distant offices. This traffic is usually encrypted and compressed for
enhanced performance and security. VPN technology has replaced the need to acquire and
maintain expensive dedicated leased-line telecommunication circuits once typical in wide-area
network installations.

Note

All the screen shots in the Cyberoam User Guides have been taken from NG series of appliances. The
feature and functionalities however remains unchanged across all Cyberoam appliances.

A VPN user can access the central network in a manner that is identical to being connected
directly to the central network. Hence, it is ideal for business telecommuters or employees working
from home. It is essential that the connection between the central network and remote location
meets certain requirements like:

 Flexible Access: The remote users must be able to access the organization‟s network from
various locations, like Internet cafes, hotels, airport etc. The range of applications available
must include web applications, mail, file shares, and other more specialized applications
required to meet corporate needs.
 Secure connectivity: Guaranteed by the combination of authentication, confidentiality and
data integrity for every connection.
 Usability: Installation must be easy. No configuration should be required as a result of
network modification at the remote user end. The given solution should be seamless for the
connecting user.

SSL (Secure Socket Layer) VPN fulfills the above requirements by providing simple-to-use and
secure access to remote users. It allows access to the corporate network and provides the ability
to create point-to-point encrypted tunnels between remote user and the company‟s internal
network. It requires a combination of SSL certificates and username/password for authentication to
enable access to the internal resources.

Cyberoam extends its VPN feature to include SSL VPN functionality to provide secure access of a
company‟s central network to remote users. It delivers a set of features and benefits which are
easy to use and control and which allow access to the corporate network from anywhere, anytime.

Depending upon requirement, remote users can access through SSL VPN Client or End user Web
Portal (clientless access). It offers a secure web portal which can be accessed by each authorized
user to download a free SSL VPN Client, SSL certificates and a client configuration. In addition, it
offers granular access policies, bookmarks to designated network resources and portal
customization.

Note

 SSL VPN is not supported when Cyberoam is deployed as Bridge.


 SSL VPN feature is not available for Cyberoam CR15i models.

7
Cyberoam SSL VPN User Guide

Concepts
SSL VPN Access Modes

Cyberoam appliance authenticates any remote user based on user name and password. A
successful login determines the access rights of remote users according to user, group and the
SSL VPN policy. The SSL VPN policy specifies whether the connection will operate in Tunnel
Access Mode, Web Access Mode or Application Access Mode.

Tunnel Access Mode


Tunnel Access Mode provides remote users with access to the corporate network through laptops
as well as from Internet cafes, hotels, airport etc. It requires an SSL VPN Client at the remote end.
Hence, remote users are required to download and install SSL VPN Client from the SSL VPN
Portal. The Client establishes an SSL VPN tunnel over HTTPS link between remote user and
Cyberoam appliance to encrypt and send the traffic. Here Cyberoam acts as a secure HTTPS
gateway and authenticates remote users.

Cyberoam allows two types of tunneling:

 Split Tunnel: This ensures that only traffic for the private network is encrypted and tunneled
while Internet traffic is sent through the usual unencrypted route. This is configured by default
and is used to avoid bandwidth choking.
 Full Tunnel: This ensures that not only private network traffic but other Internet traffic is also
tunneled and encrypted.

Web Access Mode


Web Access Mode is used when remote users want to access SSL VPN using a web browser
only, i.e., clientless access. It provides users with access to certain Enterprise Web
Applications/Servers. This feature comprises of an SSL daemon running on the Cyberoam unit
and an SSL VPN Portal which provides users with access to network resources behind Cyberoam
and certain web applications as configured in the SSL VPN policy.

Application Access Mode


Application Access Mode also provides clientless access. It gives the user access to web
applications as well as certain enterprise applications through a web browser. The feature
comprises of an SSL daemon running on the Cyberoam unit and an SSL VPN Portal which
provides users with access to different TCP based applications like HTTP, HTTPS, RDP, TELNET,
SSH and FTP without installing a client.

In this mode, appliance acts as a secure gateway and authenticates the remote users. On
successful authentication, appliance redirects the web browser to the Web portal from where
remote users can access the applications behind the appliance. Configuring Application Access
mode is a two-step process:
1. Select Application Access mode in SSL VPN policy
2. Assign policy to the User or Group

For administrators, Web Admin Console provides SSL VPN management. Administrator can
configure SSL VPN users, access methods and policies, user bookmarks for network resources,
and system and portal settings.

8
Cyberoam SSL VPN User Guide

For remote users, customizable End user Web Portal enables access to resources as per the
configured SSL VPN policy.

With no hassles of client installation, it is also a “clientless access”.

Prerequisite

The following requirements should be fulfilled for the remote user to access SSL VPN in Application
Access Mode:
 OS should be Windows 2000, Windows XP, Windows 7, Windows Vista or Windows Server 2003.
 Remote user should have Administrator privileges.
 Java Runtime Environment V 1.6 or above should be installed.

Threat - Free Tunneling

Cyberoam scans VPN Tunnel Traffic (incoming and outgoing) for malware, spam, inappropriate
content and intrusion attempts, ensuring Threat-free Tunneling. Furthermore, VPN traffic is
subjected to DoS inspection, although Cyberoam does provide the option of bypassing DoS
inspection for specific traffic.

Cyberoam does not have an exclusive port assigned for the VPN Zone like the LAN, WAN and
DMZ ports. As soon as a VPN connection is established, the port/interface used by the connection
is automatically added to the VPN zone, and on disconnection, the port is removed by itself. VPN
zone is used by both IPSec and SSL VPN traffic.

Note

Threat Free Tunneling is applicable only when SSL VPN tunnel is established through Tunnel Access
Mode.

Network Resources

Network Resources are the components that can be accessed using SSL VPN. SSL VPN provides
access to HTTP or HTTPS servers in the internal network, Internet, or any other network segment
that can be reached by Cyberoam. The Administrator can configure Web (HTTP), Secure Web
(HTTPS), RDP, Telnet, SSH or FTP bookmarks and internal network resources to allow access to
web-based resources and applications. If required, custom URL access can also be provided.

Network resources:

Resource Accessible in Mode

Bookmarks Web Access Mode, Application Access Mode

Bookmark Groups Web Access Mode, Application Access Mode


Custom URLs - Not
Web Access Mode
defined as Bookmark
Enterprise Private
Tunnel Access Mode
Network resources

9
Cyberoam SSL VPN User Guide

Portal

Cyberoam‟s SSL VPN Portal is the entry point for any remote user to the corporate network. It
provides easy access to network resources through a secure tunnel. It is possible to customize the
portal interface by including company logo and a customized message to be displayed to users
when they log into the portal. The Portal displays only those network resources that are assigned
to the logged in user through SSL VPN Policy and Access Mode.

10
Cyberoam SSL VPN User Guide

Cyberoam Configuration for


SSL VPN
Configuration of Cyberoam for SSL VPN can be done from VPN  SSL.

This menu covers configuring global settings for Tunnel Access and Web Access, defining
Policies, creating Bookmarks and Bookmark Groups and customizing the SSL VPN Portal.
Detailed explanations for each of these tasks are given below.

Tunnel Access
Configure Tunnel Access Mode for the remote users who are to be provided with the corporate
network access from laptops, Internet cafes, hotels etc. It requires an SSL VPN Client at the
remote end. Remote users can download and install SSL VPN Client from the End-user Web
Portal.

To configure and update certain parameters globally for Tunnel Access Mode, go to VPN  SSL
 Tunnel Access.

Screen - Tunnel Access Configuration

Screen Elements Description


Tunnel Access Settings
Protocol Select protocol TCP or UDP. Selected network protocol will
be the default protocol for all the SSL VPN clients.

11
Cyberoam SSL VPN User Guide

Connection over UDP provides better performance.


SSL Server Certificate Select SSL Server certificate to be used for authentication
from the dropdown list. If you do not have certificate,
generate the same.

Certificate can be created from System  Certificate 


Certificate.
Per User Certificate Click Per User Certificate if you want to use individual user
certificates for authentication.

One can use a common certificate for all the users or create
individual certificate for each user. Cyberoam automatically
generates certificate valid up to 31st December, 2036 for all
the users added in Cyberoam.

To enable Per User Certificate, you need to configure the


Default CA. Configure Default CA from System 
Certificate  Certificate Authority.
SSL Client Certificate Select the SSL Client certificate from the dropdown list if you
want to use common certificate for authentication. If you do
not have certificate, generate a Self-signed certificate.

The selected certificate is bundled with the Client installer


and is downloaded when remote users install SSL client.
Remote users/SSL Clients represent the selected certificate
to the server for authenticating themselves. Same certificate
can be used for both SSL Server and Client.
IP Lease Range Specify the range of IP Addresses reserved for the SSL
Clients. SSL clients will be leased IP Address from the
configured pool.
Subnet Mask Specify Subnet mask.
Primary DNS
Specify IP Addresses of Primary DNS servers to be provided
for the use of Clients.

Note
Do not assign the private IP Address space that is already
configured for any ports via Network Configuration.

Secondary DNS Specify IP Addresses of Secondary DNS servers to be


provided for the use of Clients.
Primary WINS Specify IP Addresses of Primary WINS servers to be
provided for the use of Clients.
Secondary WINS Specify IP Addresses of Secondary WINS servers to be
provided for the use of Clients.
Dead Peer Detection Click “Enable Dead Peer Detection” checkbox to enable
Dead Peer Detection.
Check Peer After Every Specify time after which the peer must be checked for its
status.

Time Range (in seconds): 60 - 3600.

By default, the duration is 60 seconds.


Disconnect After Specify time after which the connection must be
disconnected if the peer is not live.

12
Cyberoam SSL VPN User Guide

Time Range (in seconds): 300 - 1800.

By default, the duration is 300 seconds.


Idle Timeout Specify idle timeout. Connection will be dropped after the
configured inactivity time and user will be forced to re-login.

Idle Timeout Range (in minutes): 15 - 60.

By default, the duration is 15 minutes.


Data Transfer Threshold Specify data transfer threshold.

Once the idle timeout is reached, before dropping the


connection, appliance will check the data transfer. If data
transfer is more than the configured threshold, connection
will not be dropped.

Administrator can check the data transfer for the live


connections from the VPN  Live Connections  SSL
VPN Users page.

Data Transfer Threshold Range (in bytes): 1 - 65536.

By default, the value is 250 bytes.


Table - Tunnel Access screen elements

Web Access
Configure Web Access Mode for the remote users who are equipped with the web browser only
and when access is to be provided to the certain Enterprise Web applications/servers through web
browser only. In other words, it is a clientless access.

To configure Web Access Mode, go to VPN  SSL  Web Access.

Screen - Web Access Configuration

Screen Elements Description


Web Access Settings
Idle Time Specify idle time. Connection will be dropped after the
configured inactivity time and user will be forced to re-login.

Idle Time Range (in minutes): 10 - 60.

By default, the duration is 10 minutes.

13
Cyberoam SSL VPN User Guide

Table - Web Access screen elements

Policy
SSL VPN Policies determine the Access Mode assigned to the remote users and the network
resources available to users and also controls the access to the private network (corporate
network) in the form of bookmarks.

To configure SSL VPN Policies, go to VPN  SSL  Policy. You can:


 Add
 View
 Edit – Click the Edit icon in the Manage column against the SSL VPN Policy to be
modified. Edit SSL VPN Policy is displayed in a new window which has the same parameters
as the Add SSL VPN Policy window.
 Delete – Click the Delete icon in the Manage column against a SSL VPN Policy to be
deleted. A dialog box is displayed asking you to confirm the deletion. Click OK to delete the
SSL VPN Policy. To delete multiple SSL VPN policies, select them and click the Delete
button.
 Add SSL VPN Policy Members
 Manage SSL VPN Policy Members

Manage SSL VPN Policies

Screen - Manage SSL VPN Policies

Screen Elements Description


Add Button Add a new SSL VPN Policy.
Name Displays name of the SSL VPN Policy.
Access Mode Displays the selected access mode of Policy: Tunnel
Access, Web Access or Application Access.
Tunnel Type Displays the type of SSL VPN Tunnel established: Split or
Full Tunnel.
Edit Icon Edit the SSL VPN Policy.
Delete Button Delete the SSL VPN Policy.
Alternately, click the delete icon against the policy to be
deleted.
Table - Manage SSL VPN Policies screen elements

14
Cyberoam SSL VPN User Guide

SSL VPN Policy Parameters

To add or edit SSL VPN Policies, go to VPN  SSL  Policy. Click Add Button to add a new
policy or Edit Icon to modify the details of the policy.

Screen - Add SSL VPN Policy

15
Cyberoam SSL VPN User Guide

Screen Elements Description


Add SSL VPN Policy
Name Specify a name to identify the SSL VPN policy.
Access Mode Select the access mode by clicking the appropriate option.

Available Options:
 Tunnel Access Mode – For the remote users who are to be
provided with the Corporate network access from laptops,
Internet cafes, hotels etc. It requires an SSL VPN Client at
the remote end. Remote users can download and install
SSL VPN Client from the SSL VPN Portal.

 Web Access Mode – For remote users who want to access


SSL VPN using a web browser only, i.e., clientless access.
It provides users with access to certain Enterprise Web
Applications/Servers. This feature comprises of an SSL
daemon running on the Cyberoam unit and an SSL VPN
Portal which provides users with access to network
resources behind Cyberoam and certain web applications
as configured in the SSL VPN policy.

 Application Access Mode – It also provides clientless


access. It gives the user access to web applications as well
as certain enterprise applications through a web browser.
The feature comprises of an SSL daemon running on the
Cyberoam unit and an SSL VPN portal which provides
users with access to different TCP based applications like
HTTP, HTTPS, RDP, TELNET, SSH and FTP without
installing a client.

Description Provide SSL VPN Policy Description.


Tunnel Access Settings
Tunnel Type Select the tunnel type. Tunnel type determines how the remote
user‟s traffic will be routed.

Available Options:
 Split Tunnel - ensures that only the traffic for the private
network is tunneled and encrypted.

 Full Tunnel - ensures not only private network traffic but other
Internet traffic is tunneled and encrypted.

By default, Split Tunnel is enabled.


Accessible Resources Accessible Resources allows restricting the access to certain
hosts of the private network. User‟s access to private network
is controlled through his SSL VPN policy while Internet access
is controlled through his Internet Access policy.

“Available Host/Network” list displays the list of available hosts


and network. All the hosts added from Hosts menu, IP Host will
be displayed in the list.

Select or Clear the Hosts to add or remove from the list.


“Selected Host/Network” list displays the list of Host/Network
that remote user can access.
Advanced Settings (DPD & Idle Timeout)

16
Cyberoam SSL VPN User Guide

Screen - DPD & Idle Timeout Advanced Settings


DPD Settings One can customize and override the global Dead Peer
Detection setting.

Click “Use Global Settings” to apply the default DPD Settings.

Click “Override Global Settings” to configure the DPD Settings


manually.

Click “Enable DPD” checkbox to enable Dead Peer Detection


check at regular interval whether peer is live or not.

Specify time after which the peer must be checked for its
status.
Time Range (in seconds): 60 - 3600.
By default, the duration is 60 seconds.

Specify time after which the connection must be disconnected


if peer is not live.
Time Range (in seconds): 300 - 18000.
By default, the duration is 300 seconds.
Idle Timeout Connection will be dropped after the configured inactivity time
and user will be forced to re-login.

One can use the global settings or customize the idle timeout.

Click “Use Global Settings” to apply the default Idle Timeout


value.
By default, the duration is 15 minutes.

Click “Override Global Settings” to configure the Idle Timeout


value manually.
Idle Timeout Range (in minutes): 15 - 60.
Web Access Settings

17
Cyberoam SSL VPN User Guide

Accessible Resources Accessible Resources also allows restricting the access to the
bookmarks.

Click “Enable Arbitrary URL Access” to enable the access to


custom URLs.

“Available Bookmarks/Bookmarks Group” list displays the list of


available resources. All the Bookmarks/Bookmarks Group
added will be displayed in the list.

Select or Clear the Bookmarks to add or remove from the list.

“Selected Bookmarks/Bookmarks Group” list displays the list of


Bookmarks/Bookmarks Group that remote user can access.
Advanced Settings (Idle Timeout)

Screen - Idle Timeout Advanced Settings

Idle Timeout Connection will be dropped after the configured inactivity time
and user will be forced to re-login. One can use the global
settings or customize the idle timeout.

Click “Use Global Settings” to apply the default Idle Timeout


settings.

By default, the Idle Timeout is 10 minutes.

Click “Override Global Settings” to configure the Idle Timeout


settings manually.

Idle Timeout Range (in minutes): 10 - 60


Application Access Settings
Accessible Resources Accessible Resources also allows restricting the access to the
bookmarks.

“Available Bookmarks/Bookmarks Group” list displays the list of


available resources. All the Bookmarks/Bookmarks Group
added will be displayed in the list.

Select or Clear the Bookmarks to add or remove from the list.

“Selected Bookmarks/Bookmarks Group” list displays the list of


Bookmarks/Bookmarks Group that remote user can access.
Table - Add SSL VPN Policy screen elements

18
Cyberoam SSL VPN User Guide

Add SSL VPN Policy Members

Click “Add Policy Member(s)” button to add user or user groups to SSL VPN Policy members list.
A pop-up window is displayed to select the users. Multiple users or user groups can be also
selected.

Screen - Add SSL VPN Policy Members

Select Users or user groups who are to be allowed access through SSL VPN connection. Click
“Apply” button to add these users and user groups to the SSL VPN Policy members list.

Users or user groups to be added can also be searched in the Members list.

Manage SSL VPN Policy Members

Click “Manage Policy Member(s)” button to view user or user groups that are in SSL VPN Policy
members list. A pop-up window is displayed to view the users. Multiple users or user groups can
be selected and deleted.

Screen - Manage SSL VPN Policy Members

The page displays the list of SSL VPN Policy members who are allowed access through SSL
connection. To delete users, select the users to be deleted and click “Delete” button.

Users or user groups to be deleted can be searched from the Members list.

19
Cyberoam SSL VPN User Guide

Bookmark
Bookmarks are the resources whose access will be available through SSL VPN Portal. You can
also create a group of bookmarks that can be configured in SSL VPN Policy.

These resources will be available in Web Access and Application Access modes and is to be
configured in SSL VPN Policy.

To manage Bookmarks, go to VPN  SSL  Bookmark. You can:

 Add
 View
 Edit - Click the Edit icon in the Manage column against the Bookmark to be modified. Edit
Bookmark pop-up window is displayed which has the same parameters as the Add Bookmark
window.

 Delete - Click the Delete icon in the Manage column against a Bookmark to be deleted. A
dialog box is displayed asking you to confirm the deletion. Click OK to delete the Bookmark.
To delete multiple Bookmarks, select them and click the Delete button.

Manage Bookmarks

Screen - Manage Bookmarks

Screen Elements Description


Add Button Add a new Bookmark.
Name Displays name of the Bookmark.
Type Displays selected Bookmark Type: HTTP, HTTPS, RDP,
Telnet, SSH or FTP.
URL Displays the URL for which the bookmark is created.
Description Displays the Bookmark Description.
Edit Icon Edit the Bookmark.
Delete Button Delete the Bookmark.

Alternately, click the delete icon against the bookmark to be


deleted.
Table - Manage Bookmarks screen elements

20
Cyberoam SSL VPN User Guide

Bookmark Parameters
To add or edit Bookmarks, go to VPN  SSL  Bookmark. Click Add Button to add a new
bookmark or Edit Icon to modify the details of the bookmark.

Screen - Add Bookmark

Screen Elements Description


Name Specify a name to identify the Bookmark.
Type Select the type of Bookmark from the options available.

Available Options:
 HTTP
 HTTPS
 RDP
 Telnet
 SSH
 FTP
 IBM Server Terminal
URL Specify the URL of the website for which the bookmark is to
be created.
Referred Domains Provide a set of domain(s)/URL(s) required by Bookmarked
URL to render it appropriately.
Description Provide Bookmark Description.
Table - Add Bookmark screen elements

21
Cyberoam SSL VPN User Guide

Bookmark Group
To manage Bookmark Groups, go to VPN  SSL  Bookmark Group. You can:

 Add
 View
 Edit - Click the Edit icon in the Manage column against the Bookmark Group to be
modified. Edit Bookmark Group pop-up window is displayed which has the same parameters
as the Add Bookmark Group window.

 Delete - Click the Delete icon in the Manage column against a Bookmark Group to be
deleted. A dialog box is displayed asking you to confirm the deletion. Click OK to delete the
Bookmark Group. To delete multiple Bookmark Groups, select them and click the Delete
button.

Manage Bookmark Groups

Screen - Manage Bookmark Groups

Screen Elements Description


Add Button Add a new Bookmark Group.
Name Displays name of the Bookmark Group.
Description Displays Bookmark Group Description.
Edit Icon Edit the Bookmark Group.
Delete Button Delete the Bookmark Group.

Alternately, click the delete icon against the bookmark group


to be deleted.
Table - Manage Bookmark Group screen elements

22
Cyberoam SSL VPN User Guide

Bookmark Group Parameters


To add or edit Bookmark Group, go to VPN  SSL  Bookmark Group. Click Add Button to
add a new Bookmark Group or Edit Icon to modify the details of the Bookmark Group.

-
Screen - Add Bookmark Group

Screen Elements Description


Name Specify a name to identify the Bookmark Group.
Select Bookmark Select bookmarks to be grouped.

“Bookmark List” displays the list of bookmarks that can be


added to the group.

“Selected Bookmark List” displays the list of bookmarks that


are included in the group.

Select or clear the Bookmarks to add or remove from the


list.
Description Provide Bookmark Group Description.
Table - Add Bookmark Group screen elements

23
Cyberoam SSL VPN User Guide

Portal
SSL VPN Portal is an entry point to the corporate network. It can be accessed by browsing to
https://<WAN IP Address of Cyberoam:port> from the web browser. Use default port: 8443 unless
customized. Confirm port number from System  Administration  Settings.

For users having Tunnel Access, SSL VPN Client and Configuration file can be downloaded from
the portal. For users having Web and Application Access, a list of all the bookmarks will be
displayed. URL Address bar will also be displayed to the user, if allowed in the User SSL VPN
policy. User can type the URL in the address bar to access other URLs than bookmarks. All the
downloadable components will be displayed only if the remote user is allowed the “Full” access.

Cyberoam provides flexibility to customize the Portal page to offer consistent logon/log off page.
This page can be exclusive to your business including your business name and logo. To customize
the SSL VPN user portal, go to VPN  SSL  Portal.

Screen - SSL VPN User Portal

Screen Elements Description


General Settings
Logo To upload the custom logo, specify Image file name to be
uploaded else click “Default”. Use “Choose File” button to
select the complete path.

The image size should not exceed 700 X 80 pixels.


Page Title Change the Page Title, if required.
Login Page Message Provide message to be displayed on the Portal login page.
Home Page Message Provide message to be displayed on the Portal.

24
Cyberoam SSL VPN User Guide

This message can reflect your business or even a welcome


message.
Color Scheme Customize the color scheme of the portal if required. Specify
the color code or click the square box to pick the color.
Preview Button Click to view the custom settings before saving the changes.
Reset to Default Button Click to revert to the default settings.
Table - SSL VPN Portal screen elements

Live SSL VPN Users


To view the list of all the currently logged on SSL VPN users, go to VPN  Live Connections
 SSL VPN Users.

Page displays important parameters like Username, Source and leased IP Address, Access mode,
date and time when connection was established, tunnel type and data transferred. If the
connection is established through Web Access mode, only username, access mode and date and
time when connection was established will be displayed. Page allows disconnection of any live
user.

Screen - Live SSL VPN Users

25
Cyberoam SSL VPN User Guide

Client Configuration for


SSL VPN
Access End-User Portal
Cyberoam SSL VPN Portal can be accessed by remote users using the URL - https://<WAN IP
Address of Cyberoam:port>. Use the default port: 8443 unless customized. User is directed to the
Cyberoam SSL VPN Portal Login Page. Access is available only to those users who have been
assigned the SSL VPN Policy.

Screen - Login Page

Screen Elements Description


Username Specify user login name.
Password Specify user account Password.
Language Select the language.

Available Options:
 Chinese-Simplified
 Chinese-Traditional
 English
 French
 Hindi

26
Cyberoam SSL VPN User Guide

 Japanese

By default, English is selected.


Login Button Click to login to the Cyberoam SSL VPN Portal.
Table - Login Page

Accessing SSL VPN Using Tunnel Access


After successfully logging into the Cyberoam SSL VPN Portal, user is directed to the Main Page
which has only the “Tunnel Access Mode” section activated.

Screen - Main Page for Tunnel Access Mode

Screen Elements Description


SSL VPN Client (Tunnel access mode)
Download Client Click to download the SSL VPN Client Installer bundled with
Configurations.
Download SSL VPN Click to download the SSL VPN Configurations for Windows.
Client Configuration -
Windows
Note

Only the SSL VPN Configurations is available through this


option.

Download SSL VPN Click to download the SSL VPN Configurations for MAC
Client Configuration - Tunnelblick.
MAC Tunnelblick
Note

27
Cyberoam SSL VPN User Guide

Only the SSL VPN Configurations is available through this


option.

Receive Passphrase Select a mode to receive the SSL VPN Certificate


Passphrase. To receive the Passphrase in the SSL VPN
Client Bundle itself, enable “Key Encryption” option in the
selected “SSL Client Certificate” prior to downloading the SSL
VPN Client Bundle.

Available Options:
 Show - Select to Display the “Passphrase” on the
screen.

 Send Email - Select to send the “Passphrase” to the Email


Address of the logged-in user. It is mandatory to configure
Email Address and SMTP Mail Server to be able to receive
the SSL VPN Passphrase via Email. Configure User Email
Address from Identity  Users  Users and
configure SMTP Mail Server from System 
Configuration  Notification in the section “Mail
Server Settings”.

Note

Selecting “Send Email” returns an error “Failed to send the


Passphrase” if the Email Address of the logged-in user is not
configured in Cyberoam.

To configure the mode for receiving the Passphrase, go to


System  Administration  Settings and select
from the options available against parameter "Receive
Passphrase via" of section SSL VPN Settings.

Note

Only the configured modes are displayed against “Receive


Passphrase” parameter.

Table - Main Page for Tunnel Access Mode Screen Elements

Download Client
For downloading the client for the first time, click “Download Client” and follow the on-screen
instructions:

28
Cyberoam SSL VPN User Guide

Screen - Download Client

Note

Windows Vista users need Administrator privileges to install the client.

On clicking “Download Client”, the following message appears.

Screen - Prompt Message

Click “Save” to save a copy of CrSSL.exe on your local machine, else click “Run” to run the setup.
The following warning message appears.

Screen - Warning Message

On clicking “Run”, the “Choose Install Location” dialog box appears.

29
Cyberoam SSL VPN User Guide

Screen - Choose Install Location

Click “Browse” to change the location of the Destination Folder where the client is to be installed.
Click “Install”. The following screen appears while installation is in progress.

Screen - Installation in Progress

30
Cyberoam SSL VPN User Guide

Once the installation is complete, the CrSSL Client icon appears in the system tray.

Download and Import Client Configuration

Note

If you are installing SSL VPN Client for the first time, skip this section.

Step 1: Download SSL VPN Client Configuration

You need to download the configuration file if you have already installed Client or if the server
configuration has changed. Click “Download SSL VPN Client Configuration - Windows” and follow
the on- screen instructions.

Screen - Download Configuration

On clicking “Download SSL VPN Client Configuration - Windows”, the following message appears.

Screen - Prompt Message

Click “Save” to save clientbundle.tgz.

31
Cyberoam SSL VPN User Guide

Step 2: Import SSL VPN Configuration

Right click the CrSSL Client icon in the System Tray.

Click “Import Configuration”. The Import Configuration screen appears.

Screen - Import Configuration

Click the ellipses (…) to browse to the location at which the file clientbundle.tgz is saved. Click
“Import” to import the SSL VPN Configuration from clientbudle.tgz.

32
Cyberoam SSL VPN User Guide

Screen – Import Configuration Status

Establish connection

Step 1: Login to access network resources or Internet

Double click CrSSL Client icon and specify username and password and click “Login”
button.

Screen – User Authentication

Screen Elements Description


Username Specify user login name.
Password Specify user account Password.
Save username and Click to save username and password.
password
Auto Start SSL VPN Click to start SSL VPN Tunnel automatically with system
restart.
Login Button Click to login.
Exit Button Click to close the CrSSL Client.
Table – User Authentication Screen Elements

User is prompted to provide an additional password as “Passphrase” when the selected SSL Client
Certificate under “Tunnel Access Settings” page contains an Encrypted Key.

33
Cyberoam SSL VPN User Guide

Screen - Enter Password

Screen Elements Description


Enter Password Specify the Passphrase.
OK Button Click to login.
Cancel Button Click to cancel the login session.

The icon turns yellow indicating that connection is in progress and turns green the moment
connection is established and IP Address is leased.

To disconnect the connection, right click the CrSSL Client icon and click “Logout”.

Accessing SSL VPN Using Web Access


After successfully logging into the Cyberoam SSL VPN Portal, user is directed to the Main Page,
which has only the “Web Access Mode” section activated.

Screen - Main Page for Web Access Mode

34
Cyberoam SSL VPN User Guide

Screen Elements Description


Configured Bookmarks
Sr. No. Displays serial number of the Bookmark.
Bookmark Name Displays name of the Bookmark.
Bookmark URL Displays URL of the Bookmark.
Service Displays Service used for creating the Bookmark.
Table - Main Page for Web Access Mode Screen Elements

Accessing Applications

User can access any of the Bookmarks listed on the Main Page which include certain Enterprise
Web Applications/Servers.

Accessing SSL VPN Using Application Access


After successfully logging into the Cyberoam SSL VPN Portal, user is directed to the Main Page
which has only the “Application Access Mode” section activated.

Screen - Main Page for Application Access Mode

Screen Elements Description


Configured Bookmarks
Sr. No. Displays serial number of the Bookmark.
Bookmark Name Displays name of the Bookmark.

35
Cyberoam SSL VPN User Guide

Bookmark URL Displays URL of the Bookmark.


Service Displays Service used for creating the Bookmark.
Table - Main Page for Application Access Mode Screen Elements

Accessing Applications

User can access any of the Bookmarks listed on the Main Page which include certain Enterprise
Applications/Servers.

36

Вам также может понравиться