Академический Документы
Профессиональный Документы
Культура Документы
Version 9
IMPORTANT NOTICE Elitecore has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Elitecore assumes no responsibility for any errors that may appear in this document. Elitecore reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice. USERS LICENSE The Appliance described in this document is furnished under the terms of Elitecores End User license agreement. Please read these terms and conditions carefully before using the Appliance. By using this Appliance, you agree to be bound by the terms and conditions of this license. If you do not agree with the terms of this license, promptly return the unused Appliance and manual (with proof of payment) to the place of purchase for a full refund. LIMITED WARRANTY Software: Elitecore warrants for a period of ninety (90) days from the date of shipment from Elitecore: (1) the media on which the Software is furnished will be free of defects in materials and workmanship under normal use; and (2) the Software substantially conforms to its published specifications except for the foregoing, the software is provided AS IS. This limited warranty extends only to the customer as the original licenses. Customers exclusive remedy and the entire liability of Elitecore and its suppliers under this warranty will be, at Elitecore or its service centers option, repair, replacement, or refund of the software if reported (or, upon, request, returned) to the party supplying the software to the customer. In no event does Elitecore warrant that the Software is error free, or that the customer will be able to operate the software without problems or interruptions. Elitecore hereby declares that the anti virus and anti spam modules are powered by Kaspersky Labs and the performance thereof is under warranty provided by Kaspersky Labs. It is specified that Kaspersky Lab does not warrant that the Software identifies all known viruses, nor that the Software will not occasionally erroneously report a virus in a title not infected by that virus. Hardware: Elitecore warrants that the Hardware portion of the Elitecore Products excluding power supplies, fans and electrical components will be free from material defects in workmanship and materials for a period of One (1) year. Elitecore's sole obligation shall be to repair or replace the defective Hardware at no charge to the original owner. The replacement Hardware need not be new or of an identical make, model or part; Elitecore may, in its discretion, replace the defective Hardware (or any part thereof) with any reconditioned product that Elitecore reasonably determines is substantially equivalent (or superior) in all material respects to the defective Hardware. DISCLAIMER OF WARRANTY Except as specified in this warranty, all expressed or implied conditions, representations, and warranties including, without limitation, any implied warranty or merchantability, fitness for a particular purpose, non-infringement or arising from a course of dealing, usage, or trade practice, and hereby excluded to the extent allowed by applicable law. In no event will Elitecore or its supplier be liable for any lost revenue, profit, or data, or for special, indirect, consequential, incidental, or punitive damages however caused and regardless of the theory of liability arising out of the use of or inability to use the product even if Elitecore or its suppliers have been advised of the possibility of such damages. In the event shall Elitecores or its suppliers liability to the customer, whether in contract, tort (including negligence) or otherwise, exceed the price paid by the customer. The foregoing limitations shall apply even if the above stated warranty fails of its essential purpose. In no event shall Elitecore or its supplier be liable for any indirect, special, consequential, or incidental damages, including, without limitation, lost profits or loss or damage to data arising out of the use or inability to use this manual, even if Elitecore or its suppliers have been advised of the possibility of such damages. RESTRICTED RIGHTS Copyright 2000 Elitecore Technologies Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of Elitecore Technologies Ltd. Information supplies by Elitecore Technologies Ltd. Is believed to be accurate and reliable at the time of printing, but Elitecore Technologies assumes no responsibility for any errors that may appear in this documents. Elitecore Technologies reserves the right, without notice, to make changes in product design or specifications. Information is subject to change without notice CORPORATE HEADQUARTERS Elitecore Technologies Ltd. 904 Silicon Tower, Off. C.G. Road, Ahmedabad 380015, INDIA Phone: +91-79-66065606 Fax: +91-79-26407640 Web site: www.elitecore.com , www.cyberoam.com
Contents
Technical Support _________________________________________________________________________ 6 Typographic Conventions___________________________________________________________________ 7
Preface ____________________________________________________________________________ 8
Guide Organization ________________________________________________________________________ 8
Cyberoam Basics___________________________________________________________________ 9
Benefits of Cyberoam ______________________________________________________________________ 9 Accessing Cyberoam ______________________________________________________________________ 9 Accessing the Web Admin Console _________________________________________________________ 11 Getting Started ______________________________________________________________________________ 14 Dashboard ______________________________________________________________________________ 16 Management ________________________________________________________________________________ 18
Policy Management________________________________________________________________ 69
Surfing Quota policy ______________________________________________________________________ Access Time policy _______________________________________________________________________ Internet Access policy _____________________________________________________________________ Bandwidth policy _________________________________________________________________________ Data Transfer policy ______________________________________________________________________ NAT Policy ______________________________________________________________________________ 70 73 76 82 93 97
Manage Servers __________________________________________________________________ 162 Monitoring Bandwidth Usage______________________________________________________ 163 Migrate Users ____________________________________________________________________ 168
Migration from PDC server________________________________________________________________ 168 Migration from External file________________________________________________________________ 169 Customization _____________________________________________________________________________ 171
Appendix B Network Traffic Log Fields ___________________________________________ 215 Appendix C Web Categories _____________________________________________________ 219 Appendix D Services ____________________________________________________________ 222 Appendix E Application Protocols _______________________________________________ 224 Menu wise Screen and Table Index ________________________________________________ 225
Technical Support
You may direct all questions, comments, or requests concerning the software you purchased, your registration status, or similar issues to Customer care/service department at the following address: Corporate Office eLitecore Technologies Ltd. 904, Silicon Tower Off C.G. Road Ahmedabad 380015 Gujarat, India. Phone: +91-79-66065606 Fax: +91-79-26407640 Web site: www.elitecore.com Cyberoam contact: Technical support (Corporate Office): +91-79-26400707 Email: support@cyberoam.com Web site: www.cyberoam.com Visit www.cyberoam.com for the regional and latest contact information.
Typographic Conventions
Material in this manual is presented in text, screen displays, or command-line notation.
Convention
Example Machine where Cyberoam Software - Server component is installed Machine where Cyberoam Software - Client component is installed The end user Username uniquely identifies the user of the system
Report
Introduction
Notation conventions
Group Management Groups Create it means, to open the required page click on Group management then on Groups and finally click Create tab Enter policy name, replace policy name with the specific name of a policy Or Click Name to select where Name denotes command button text which is to be clicked refer to Customizing User database Clicking on the link will open the particular topic
Topic titles
Subtitles
Navigation link
Name of a particular parameter / field / command button text Cross references Notes & points to remember Prerequisites
Hyperlink in different color Bold typeface between the black borders Bold typefaces between the black borders
Note
Prerequisite Prerequisite details
Preface
Welcome to Cyberoams - User guide. Cyberoam is an Identity-based UTM Appliance. Cyberoams solution is purpose-built to meet the security needs of corporates, government organizations, and educational institutions. Cyberoams perfect blend of best-of-breed solutions includes User based Firewall, Content filtering, Anti Virus, Anti Spam, Intrusion Detection and Prevention (IDP), and VPN. Cyberoam provides increased LAN security by providing separate port for connecting to the publicly accessible servers like Web server, Mail server, FTP server etc. hosted in DMZ which are visible the external world and still have firewall protection.
Default Web Admin Console username is cyberoam and password is cyber It is recommended that you change the default password immediately after installation to avoid unauthorized access.
Guide Organization
This Guide provides information regarding the administration, maintenance, and customization of Cyberoam and helps you manage and customize Cyberoam to meet your organizations various requirements including creating groups and users and assigning policies to control internet access.
It describes how to define groups and users to meet the specific requirements of your Organization. It also describes how to manage and customize Cyberoam. 1. Define Authentication process and firewall rule. 2. Manage Groups and Users. Describes how to add, edit and delete Users and User Groups 3. Manage & Customize Policies. Describes how to define and manage Surfing Quota policy, Access Time policy, Internet Access policy, Bandwidth policy and Data transfer policy 4. Manage Logon Pools. Describes how to add, edit and delete Logon Pools 5. Manage Cyberoam server
Part III Customization
Customize Services, Schedules and Categories. Describes how to create and manage Categories, Schedules and Services and Cyberoam upgrade process.
Cyberoam Basics
Cyberoam is an Identity-based UTM Appliance. Cyberoams solution is purpose-built to meet the security needs of corporates, government organizations, and educational institutions. Cyberoams perfect blend of best-of-breed solutions includes Identity based Firewall, Content filtering, Anti Virus, Anti Spam, Intrusion Detection and Prevention (IDP), and VPN. Cyberoam provides increased LAN security by providing separate port for connecting to the publicly accessible servers like Web server, Mail server, FTP server etc. hosted in DMZ which are visible the external world and still have firewall protection. It also provides assistance in improving Bandwidth management, increasing Employee productivity and reducing legal liability associated with undesirable Internet content access.
Benefits of Cyberoam
1. Boost Employee productivity by a. Blocking access to the sites like Gaming, Shopping, news, Pornography 2. Conserve bandwidth by a. Controlling access to non-productive site access during working hours b. Controlling rate of uploading & downloading of data 3. Load balancing over multiple links a. Improved User response time b. Failover solution c. Continuous availability of Internet d. Reduced bandwidth bottlenecks 4. Enforce acceptable Internet usage policies 5. Comprehensive, easy-to-use reporting tool enabling the IT managers to compile reports on Internet and other resources usage and consumption patterns
Accessing Cyberoam
Two ways to access Cyberoam: 1. Web Admin Console Managing Firewall rules Used for policy configuration Managing users, groups and policies Managing Bandwidth Viewing bandwidth graphs as well as reports 2. Telnet Console Used for Network and System configuration (setting up IP Addresses, setting up gateway) Managing Cyberoam application a) Using Console Interface via remote login utility TELNET b) Direct Console connection - attaching a keyboard and monitor directly to Cyberoam server
10
Log on & log off from the Cyberoam Web Admin Console
The Log on procedure verifies validity of user and creates a session until the user logs off.
Log on procedure
To get the log in window, open the browser and type IP Address in browsers URL box. A dialog box appears prompting you to enter username and password to log on. Use the default user name cyberoam and password cyber if you are logging in for the first time after installation. Asterisks are the placeholders in the password field.
Log on Methods
HTTP log in To open unencrypted login page, in the browsers Address box, type http://<IP address of Cyberoam>
Screen - HTTP login screen HTTPS log in Cyberoam provides secured communication method which encrypts the User log on information and which prevents unauthorized users from viewing the user information. For this, Cyberoam uses https protocol. The secure Hypertext Transfer Protocol (HTTPS) is a communication protocol designed to transfer encrypted information between computers over the World Wide Web. HTTPS is http using a Secure Socket Layer (SSL). A secure socket layer is an encryption protocol invoked on a Web server that uses HTTPS.
11
Cyberoam User Guide HTTPS protocol opens a secure hypertext transfer session with the specified site address. To open login over secure HTTP, type https://<IP address of Cyberoam>
Description Specify user login name. If you are logging on for the first time after installation, please use default username cyberoam Specify user account Password
Password
12
Cyberoam User Guide If you are logging on for the first time after installation, please use default password cyber To administer Cyberoam, select Web Admin Console Logs on to Web Admin Console Click Login Table - Login screen elements
Log in as Administrator group User to maintain, control and administer Cyberoam. Administrator group User can create, update and delete system configuration and user information. Administrator can create multiple administrator level users.
Manager group
User group User is the user who accesses the resources through Cyberoam.
Clientless group
Clientless User group User who can bypass Cyberoam Client login to access resources. Cyberoam itself takes care of login of this level user. Refer to Access Configuration to implement IP address based access restriction/control for administrators and managers.
13
Getting Started
Once you have configured network, you can start using Cyberoam. 1. Start monitoring
Once you have installed Cyberoam successfully, you can monitor user activity in your Network. Depending on the Internet Access policy configured at the time of installation, certain categories will be blocked or allowed for LAN to WAN traffic with or without authentication. 2. View Cyberoam Reports Monitor your Network activities using Cyberoam Reports. To view Reports, log on to Reports from Web Admin Console using following URL: http://<Internal IP Address> and log on with default username cyberoam and password cyber. View your organizations surfing pattern from Web Surfing Organization wise report View your organizations general surfing trends from Trends Web Trends report View your organizations Category wise surfing trends from Trends Category Trends report 3. Discover Network Application Traffic Detect your network traffic i.e. applications and protocols accessed by your users. To view traffic pattern of your network, log on to Cyberoam Web Admin Console using following URL: http://<Internal IP Address> and log on with default username cyberoam and password cyber. View amount of network traffic generated by various applications from Traffic Discovery Connections Application wise 4. Configure for User name based monitoring As Cyberoam monitors and logs user activity based on IP address, all the reports generated are also IP address based. To monitor and log user activities based on User names, you have to configure Cyberoam for integrating user information and authentication process. Integration will identify access request based on User names and generate reports based on Usernames. If your Network uses Active Directory Services, configure Cyberoam to communicate your ADS. Refer to Cyberoam ADS Integration guide for more details. If your Network uses LDAP, configure Cyberoam to communicate your LDAP. Refer to Cyberoam LDAP Integration guide for more details. If your Network uses Windows NT Domain Controller, configure for Cyberoam to communicate with Windows Domain Controller. If your Network uses RADIUS, configure for Cyberoam to communicate with RADIUS. Live
PART
14
5. Customize Cyberoam creates default firewall rules based on the Internet Access configuration done at the time of installation. You can create additional firewall rules and other policies to meet your organizations requirement. Cyberoam allows you to: 1. Control user based per zone traffic by creating firewall rule. Refer to Firewall for more details. 2. Control individual user surfing time by defining Surfing quota policy. Refer to Policy ManagementSurfing Quota policy for more details. 3. Schedule Internet access for individual users by defining Access time policy. Refer to Policy Management-Access time policy for more details. 4. Control web access by defining Internet Access policy. Refer to Policy Management-Internet Access policy for more details. 5. Allocate and restrict the bandwidth usage by defining Bandwidth policy. Refer to Policy ManagementBandwidth policy for more details. 6. Limit total as well as individual upload and/or download data transfer by defining data transfer policy. Refer Data transfer policy for more details.
15
Dashboard
Cyberoam displays Dashboard as soon as you logon to the Web Admin Console. Dashboard provides a quick and fast overview of all the important parameters of Cyberoam appliance that requires special attention such as password, access to critical security services, system resources usage, IDP alerts, and notifications of subscription expirations etc. are displayed. Dashboard page is completely customizable. Minimize or reposition each section (System Information, License Information, Gateway status information, Usage summary etc.) by dragging and dropping. Each section has an icon associated with it for easy recognition when minimized. Optionally click Reset to restore the default dashboard setting. Customizable Dashboard allows to place the sections that are pertinent to the user and requires special attention for managing Cyberoam on the top and the information used less often moved to the bottom. Available sections on Dashboard are as follows: Alert Messages Appliance Information License Information Installation Information. Use Check for Upgrades link to check for the upgrade availability. HTTP Traffic Analysis User Surfing pattern Usage Summary Recent Mail Viruses detected Recent HTTP and FTP Viruses detected System Resources System Status DoS attack status Recent IDP Alerts Gateway status Dashboard displays following Alerts: The default Web Admin Console password has not been changed. Default Telnet Console password is not changed. <Service name(s)> base management is allowed from WAN. This is not a secure configuration. We recommend to use a good password. Your Cyberoam Appliance is not registered. <module name(s)> modules will expire within 5/10/20 days. Be sure to buy the subscription to stay protected. <module name(s)> module(s) expired
Note
Use F10 key to return to Dashboard from any of the pages
16
Screen - Dashboard
17
Management
Setting up Zones
A Zone is a logical grouping of ports/physical interfaces and/or virtual subinterfaces if defined. Zones provide flexible layer of security for the firewall. With the zone-based security, the administrator can group similar ports and apply the same policies to them, instead of having to write the same policy for each interface.
Cyberoam provides single zone of each type. These are called System Zones. Administrator can add LAN and DMZ zone types. By default, entire traffic except LAN to Local zone service likes Administration, Authentication and Network is blocked.
PART
18
Create Zone
Select System Zone Create to open the create page
Description Specify name of the Zone Select zone type LAN Depending on the appliance in use and on your network design, Cyberoam allows to group one to six physical ports in this zone. Group multiple interfaces with different network subnets to manage them as a single entity. Group all the LAN networks under this zone By default the traffic to and from this zone is blocked and hence the highest secured zone. DMZ (DeMilitarized Zone) - This zone is normally used for publicly accessible servers. Depending on the appliance in use and on your network design, Cyberoam allows to group one to five physical ports in this zone. WAN Zone for the Internet services. Only one WAN zone is allowed, hence additional WAN zones cannot be created. Multiple LAN is not possible if Cyberoam is placed deployed as Bridge Click the port to be included in from the Available Port(s) list and click to move to the Member Port(s) list. Selected port will be the member of the zone. Virtual Interfaces will also be available for selection if defined. Specify zone description Saves the configuration and creates zone Table Create Zone
Select Port
19
Setting up Users
Define Authentication
Cyberoam provides policy-based filtering that allows defining individual filtering plans for various users of your organization. You can assign individual policies to users (identified by IP address), or a single policy to number of users (Group). Cyberoam detects users as they log on to Windows domains in your network via client machines. Cyberoam can be configured to allow or disallow users based on username and password. In order to use User Authentication, you must select at least one database against which Cyberoam should authenticate users. Cyberoam supports user authentication against: an Active Directory an Windows NT Domain controller an LDAP server an RADIUS server an internal database defined in Cyberoam To filter Internet requests based on policies assigned, Cyberoam must be able to identify a user making a request. When the user attempts to access, Cyberoam requests a user name and password and authenticates the user's credentials before giving access. User level authentication can be performed using the local user database on the Cyberoam, an External ADS server, RADIUS server, LDAP or Windows NT Domain Controller. For external authentication, integrate Cyberoam with ADS, LDAP or Windows NT Domain Controller. If your network uses an Active Directory service, configure Cyberoam to communicate with ADS. If your network uses a Windows Domain controller, configure Cyberoam to communicate with Domain controller. If your Network uses LDAP, configure Cyberoam to communicate with LDAP server. If your Network uses RADIUS server, configure Cyberoam to communicate with RADIUS server. Cyberoam can prompt for user identification if your network does not use Windows environment.
Cyberoam Authentication
It is necessary to create users and groups in Cyberoam if installed Non PDC environment. Before users log on to Cyberoam, Administrator has to create all the users in Cyberoam, assign them to a Group and configure for Cyberoam authentication. Refer to Define Group and Define User for details on creating groups and users. When user attempts to log on, Cyberoam authenticates user.
20
Select User
Screen Elements
Description
Configure Authentication & Integration parameters Integrate with Select Cyberoam as the authentication server Default Group Allows to select default group for users Click Default Group list to select Updates and saves the configuration
Update button
21
Define User
User
Users are identified by an IP address or a user name and assigned to a group. All the users in a group inherit all the group policies. Refer to Policy Management to define new policies.
User types
Cyberoam supports three types of Users: 1. Normal 2. Clientless 3. Single Sign on Normal User has to logon to Cyberoam. Requires Cyberoam client (client.exe) on the User machine or user can use HTTP Client component and all the policy-based restriction can be applied. Clientless Does not require Cyberoam client component (client.exe) on the User machines. Symbolically represented as User name (C) Single Sign On If User is configured for Single Sign On, whenever User logs on to Windows, he/she is automatically logged to the Cyberoam. Symbolically represented as User name (S) Use the given decision matrix below to decide which type of the user should be created.
22
Add a User
Prerequisite Group created for Normal Users only Select User User Add User to open add user page
Description Specify name of the User Specify a name that uniquely identifies user & used for logging Specify Password Specify password again for conformation Should be same as typed in the Password field Displays Authentication Server IP Address
Windows Domain Controller Only if Authentication is done by Windows NT Domain Controller User Type
Specify the user group type. Depending on user group type default web console access control will be applied. Refer to Web console Authorization and Access control for more details. Available option: Administrator, Manager, User Click User type list to select
23
Refer to Add Clientless User on how to create clientless user Customize the maximum number of concurrent logins allowed to the user Specify number of concurrent logins allowed to the user OR Allows unlimited concurrent logins to the user The setting specified will override the setting specified in client preference. For example, If in Client preferences, the number of concurrent logins allowed is 5 and here you have specified 3, then this particular user will be allowed to login from 3 machines concurrently and not from 5 machines.
Specify in Group in which user is to be added. User will inherit all the group policies. Click Group list to select Open a new Window and displays details of the selected Group Refer to View Group details table for more details
Allows to apply login restriction Available options 1) All Nodes Allows Users to login from all the nodes in the network 2) Group Nodes only Allows Users to login only from the nodes assigned to the group 3) Selected Nodes only Allows Users to login from the selected nodes only. Refer to Apply Login Node Restriction for details. Nodes from which the User is allowed login can be specified after creating the user also. Click to select Allows to enter personal details of the user
Personal details link Personal information Only if Personal details link is clicked Birth date Specify date of birth of user
Click Calendar to select date Specify Email Id of User Adds user Click to add Opens a new page and displays the user details for reviewing. Review details before adding to make sure details entered are correct. Click to review Click Submit to add user Table - Add User screen elements
Review button
24
Cyberoam User Guide View Group details table Screen Elements Group name Surfing Quota policy Access Time policy Internet Access policy Bandwidth policy Data transfer policy Allotted time (HH:mm) Expiry date Used minutes Description Displays name of the Group Displays name of the Surfing Quota policy assigned to the group Displays name of the Access Time policy assigned to the group Displays name of the Internet Access policy assigned to the group Displays name of the Bandwidth policy assigned to the group Displays name of the Data Transfer policy assigned to the group Displays total allotted surfing time to User Displays User policy Expiry date Displays total time used by the user in minutes At the time of creation of user, it will be displayed as 0:0 Closes window
Close button
Table - View Group details screen elements Apply Login Node Restriction
Screen Elements Select Node(s) button Only if the option Selected Node(s) Only is selected Logon Pool name
Description Opens a new page and allows to select the node Click to select the Node for restriction Logon Pool from which the Node/IP address is to be added Click Logon Pool name list to select Selects the Node Multiple nodes can also be selected Click to apply restriction Cancels the current operation Table - Apply Login Node Restriction screen elements
Select
25
Screen Elements Host Group Details Host Group name Is Host Group public
Description Specify name of Logon Pool Public IP address is routable over the Internet and do not need Network Address Translation (NAT) Click to Select, if IP addresses assigned to the Users are public IP addresses By default, group bandwidth policy is applied to the user but you can override this policy. Specify Bandwidth Policy to be applied.
Bandwidth policy
26
Cyberoam User Guide Click Bandwidth Policy list to select Click View details link to view details of the policy Specify full description Specify range of IP Address that will be used by Users to login Specify Machine name Specify Group in which User is to be added Click Group list to select Adds multiple Clientless Users Table - Add multiple Clientless users screen elements
Create button
Description Specify name of the User Specify a unique name used for logging Specifies whether user should be logged in automatically after registration Options:
27
Cyberoam User Guide Yes Automatically logs in as soon as registered successfully i.e. becomes a live user No User is registered but is in De-active mode. Activate user before first log in. Refer to Activate Clientless User for more details User type Displays User type User Group Information Group Specify Group in which User is to be added Click Group list to select Open a new window and displays details of the selected group Click to view details Login Restriction Allowed Login from IP Address Specifies IP address from where User can login Click Select Node, opens a new window and allows to select IP Address Refer to Select Node table for more details Personal details link Allows to enter the personal details of the user Personal information Only if Personal details link is clicked Birth date Specify date of birth of User Use Popup Calendar to enter date Specify Email Id of User Registers a clientless user Cancels current operation Table - Create single Clientless user screen elements
Select Node table
Description Allows to select the Logon Pool Click Logon Pool name list to select Selects the Node User will be allowed to login from the selected node only. Click to apply login restriction Closes window Table - Select Node screen elements
Close button
NOTE
Duplicate Usernames cannot be created Make sure that subnets or individually defined IP addresses do not overlap Create Group before assigning it to a User. Refer to Create Groups to create new groups
28
Setting up Groups
Group
Group is a collection of users having common policies and a mechanism of assigning access of resources to a number of users in one operation/step. Instead of attaching individual policies to the user, create group of policies and simply assign the appropriate Group to the user and user will automatically inherit all the policies added to the group. This simplifies user configuration. A group can contain default as well as custom policies. Various policies that can be grouped are: 1. Surfing Quota policy which specifies the duration of surfing time and the period of subscription 2. Access Time policy which specifies the time period during which the user will be allowed access 3. Internet Access policy which specifies the access strategy for the user and sites 4. Bandwidth policy which specifies the bandwidth usage limit of the user 5. Data Transfer policy which specifies the data transfer quota of the user Refer to Policy Management for more details on various policies.
Group types
Two types of groups: 1. Normal 2. Clientless Normal A user of this group need to logon to Cyberoam using the Cyberoam Client to access the Internet Clientless A user of this group need not logon to Cyberoam using the Cyberoam Client to access the Internet. Access control is placed on the IP address. Symbolically represented as Group name (C) Use the below given decision matrix to decide which type of group will best suited for your network configuration.
29
Description Specify Group name. Choose a name that best describes the Group. Specify type of Group Click Group type to select Select Normal if Group members are required to log on using Cyberoam Client Select Clientless if Group members are not required to log on using Cyberoam Client Specify Surfing Quota Policy for Group Click Surfing Quota Policy list to select By default, Unlimited policy is assigned to the Clientless Group type Refer to Surfing Quota Policy for more details Specify Access Time policy for Group Click Access Time Policy list to select
30
Cyberoam User Guide is Normal By default, Unlimited policy is assigned to Clientless Group type Refer to Access Time Policy for more details Specify Internet Access policy for Group Click Internet Access policy list to select Refer Internet Access policy for details Specify Bandwidth Policy for Group Click Bandwidth Policy list to select Refer Bandwidth Policy for details Specify data transfer policy for Group Click Data Transfer policy list to select Refer Data Transfer Policy for details Authentication Session timeout is the number of minutes that an authenticated connection can be idle before the user must authenticate again. Click to enable session timeout on per-group basis. By default, this option is disabled. The minimum timeout that can be configured is 3 minutes and maximum is 1440 minutes (24 hours) Login Restriction Select any one option Apply login restriction if required for the users defined under the Group Available options 1) Allowed login from all nodes Allows Users defined under the Group to login from all the nodes 2) Allowed login from the selected nodes Allow Users defined under the Group to login from the selected nodes only.
Internet policy
Access
Bandwidth Policy
Specifies IP address from where User can login Click Select Node, opens a new window and allows to select IP Address Refer to Select Node table for more details Refer to Apply Login Node restriction for more details Click to select Opens a new page and allows to select the node Click to select the Node
Select Node button Only if Allowed Login from selected node option is selected for Login restriction Create button Cancel button
Creates Group Cancels the current operation and returns to the Manage Group page Table - Create Group screen elements
31
Note
It is not necessary to add user at the time of the creation of Group. Users can be added even after the creation the group.
Description Logon Pool from which the Node/IP address is to be added Click Logon Pool name list to select User will be allowed to login from the selected nodes only. Click to select Node Multiple nodes can also be selected Applies login restriction and closes the window Click to apply restriction Cancels the current operation
Select
OK button
Cancel button
32
Screen Import Group Wizard Follow the on-screen steps: Step 1. Specify Base DN. Cyberoam will fetch AD groups from the specified Base DN.
33
Step 2. Select Groups that are to be imported in Cyberoam. Use <Ctrl> + Click to select multiple groups.
Step 3. Select various policies (Surfing Quota, Access time, Bandwidth, Internet Access and Data transfer) and user authentication time out to be applied on the group members. By default, Attach to all the Groups is enabled, hence Cyberoam will attach same policies to all the imported Groups i.e. common policies across the imported groups. Do not enable Attach to all the Groups for the policy if you want to specify: different policy for all the groups specific policy to all the groups specific policy to a specific group . For example if you want to specify different Internet Access policy to different groups, do not enable Attach to all the Groups
34
Screen Define different policies to different Groups Step 4. If you have disabled Attach to all the Groups, specify policies to be applied to each group
35
Step 5. View Results page displays successful message if groups are imported and policies are successfully attached else appropriate error message will be displayed. Once you close the Wizard, Manage Groups page will be opened. All the imported groups are appended at the end of the list.
Screen Groups imported and specific policies attached to specific Group If user is the member of multiple AD groups, Cyberoam will decide the user group based on the order of the groups defined in Cyberoam. Cyberoam searches Group ordered list from top to bottom to determine the user group membership. The first group that matches is considered as the group of the user and that group policies are applied to the user. Re-ordering of groups to change the membership preference is possible using Wizard.
36
Firewall
A firewall protects the network from unauthorized access and typically guards the LAN and DMZ networks against malicious access; however, firewalls may also be configured to limit the access to harmful sites for LAN users. The responsibility of firewall is to grant access from Internet to DMZ or Service Network according to the Rules and Policies configured. It also keeps watch on state of connection and denies any traffic that is out of connection state. Firewall rules control traffic passing through the Cyberoam. Depending on the instruction in the rule, Cyberoam decides on how to process the access request. When Cyberoam receives the request, it checks for the source address, destination address and the services and tries to match with the firewall rule. If Identity match is also specified then firewall will search in the Live Users Connections for the Identity check. If Identity (User) found in the Live User Connections and all other matching criteria fulfills then action specified in the rule will be applied. Action can be allow or deny. You can also apply different protection settings to the traffic controlled by firewall: Enable load balancing between multiple links Configure antivirus protection and spam filtering for SMTP, IMAP, POP3, and HTTP traffic. To apply antivirus protection and spam filtering, you need to subscribe for Gateway Anti Virus and Gateway Anti Spam modules individually. Refer to Licensing section for details. Implement Intrusion detection and prevention. To apply IDP policy you need to subscribe for Intrusion Detection and Prevention module. Refer to Licensing section for details. Configure content filtering policies. To apply content filtering you need to subscribe for Web and Application Filter module. Refer to Licensing section for details. Apply bandwidth policy restriction By default, Cyberoam blocks any traffic to LAN.
Default firewall rules for General Internet policy IAP 1. Masquerade and Allow entire LAN to WAN traffic for all the authenticated users after applying following policies: Internet Access policy User specific
37
Cyberoam User Guide Bandwidth policy User specific Anti Virus & Anti Spam policy - Scan SMTP, POP3, IMAP and HTTP traffic 2. Masquerade and Allow entire LAN to WAN traffic for all the users after applying following policies: Internet Access policy Applies General Corporate Policy to block Porn, Nudity, AdultContent, URL TranslationSites, Drugs, CrimeandSuicide, Gambling, MilitancyandExtremist, PhishingandFraud, Violence, Weapons categories IDP General policy Anti Virus & Anti Spam policy - Scan SMTP, POP3, IMAP and HTTP traffic Default firewall rules for Strict Internet policy IAP 1. Masquerade and Allow entire LAN to WAN traffic for all the authenticated users after applying following policies: Internet Access policy User specific Bandwidth policy User specific IDP policy General policy Anti Virus & Anti Spam policy - Scan SMTP, POP3, IMAP and HTTP traffic 2. Drop entire LAN to WAN traffic for all the users
Note
Default Firewall rules can be modified as per the requirement but cannot be deleted IDP policy will not be effective until the Intrusion Detection and Prevention (IDP) module is subscribed. Virus and Spam policy will not be effective until the Gateway Anti Virus and Gateway Anti-spam modules are subscribed respectively. If Internet Access Policy is not set through Network Configuration Wizard at the time of deployment, the entire traffic is dropped.
Additional firewall rules can be defined to extend or override the default rules. For example, rules can be created that block certain types of traffic such as FTP from the LAN to the WAN, or allow certain types of traffic from specific WAN hosts to specific LAN hosts, or restrict use of certain protocols such as Telnet to authorized users on the LAN. Custom rules evaluate network traffics source IP addresses, destination IP addresses, User, IP protocol types, and compare the information to access rules created on the Cyberoam appliance. Custom rules take precedence, and override the default Cyberoam firewall rules.
38
39
Description Specify source zone and host IP address/network address to which the rule applies. To define host group based firewall rule you need to define host group. Under Select Address, click Create Host Group to define host group from firewall rule itself or from Firewall Host Group Create Under Select Address, click Add Host to define host group from firewall rule itself rule itself or from Firewall Host Add Host
Check identity allows you to check whether the specified user/user group from the selected zone is allowed the access of the selected service or not.
40
Cyberoam User Guide zone LAN/DMZ) is Click Enable to check the user identity. Enable check identity to apply following policies per user: Internet Access policy for Content Filtering (Users Internet access policy will be applied automatically but will not be effective till the Web and Application Filtering module is subscribed) Schedule Access IDP (Users IDP policy will be applied automatically but will not be effective till the IDP module is subscribed) Anti Virus scanning (Users anti virus scanning policy will be applied automatically but it will not be effective till the Gateway Anti Virus module is subscribed) Anti Spam scanning (Users anti spam scanning policy will be applied automatically but it will not be effective till the Gateway Anti Spam module is subscribed) Bandwidth policy - Users bandwidth policy will be applied automatically policy selected in the Route through Gateway field is the static routing policy that is applicable only if more then one gateway is defined and used for load balancing. limit access to available services. Specify destination zone and host IP address /network address to which the rule applies. Under Select Address, click Create Host Group to define host group from firewall rule itself or from Firewall Host Group Create Under Select Address, click Add Host to define host group from firewall rule itself rule itself or from Firewall Host Add Host Services represent types of Internet data transmitted via particular protocols or applications. is if is as Select service/service group to which the rule applies. Under Select Here, click Create Service Group to define service group from firewall rule itself rule itself or from Firewall Service Create Service Group Cyberoam provides several standard services and allows creating the custom services also. Under Select Here, click Create Service to define service from firewall rule itself rule itself or from Firewall Service Create Service
Destination
Service/Service group (This option not available virtual host configured Destination host)
Protect by configuring rules to block services at specific zone limit some or all users from accessing certain services allow only specific user to communicate using specific service Apply Schedule Select Schedule for the rule Firewall Action When Criteria Match Action Select rule action
41
Accept Allow access Drop Silently discards Reject Denies access and ICMP port unreachable message will be sent to the source When sending response it might be possible that response is sent using a different interface than the one on which request was received. This may happen depending on the Routing configuration done on Cyberoam. For example, If the request is received on the LAN port using a spoofed IP address (public IP address or the IP address not in the LAN zone network) and specific route is not defined, Cyberoam will send a response to these hosts using default route. Hence, response will be sent through the WAN port. Select the NAT policy to be applied It allows access but after changing source IP address i.e. source IP address is substituted by the IP address specified in the NAT policy. You can create NAT policy from firewall rule itself or from Firewall Policy Create This option is not available if Cyberoam is deployed as Bridge Advanced Settings Click to apply different protection settings to the traffic controlled by firewall. You can: Enable load balancing and failover when multiple links are configured. Applicable only if Destination Zone is WAN Configure antivirus protection and spam filtering for SMTP, IMAP, POP3, and HTTP policies. To apply antivirus protection and spam filtering, you need to subscribe for Gateway Anti Virus and Gateway Anti Spam modules individually. Refer to Licensing section for details. Implement Intrusion detection and prevention. To apply IDP policy you need to subscribe for Intrusion Detection and Prevention module. Refer to Licensing section for details. Configure content filtering policies. To apply content filtering you need to subscribe for Web and Application Filter module. Refer to Licensing section for details. Apply bandwidth policy Policy Settings IDP Policy Select IDP policy for the rule. To use IDP, you have to subscribe for the module. Refer to Licensing for more details. Refer to IDP, Policy for details on creating IDP policy Select Internet access policy for the rule. One can apply IAP on LAN to WAN rule only. Internet Access policy controls web access. Refer to Policies, Internet Access Policy for details on creating Internet Access policy. Select Bandwidth policy for the rule. Only the Firewall Rule based Bandwidth policy can be applied. Bandwidth policy allocates & limits the maximum bandwidth usage of the user. Refer to Policies, Bandwidth Policy for details on creating Bandwidth policy. Select routing policy NAT
Internet Policy
Access
Bandwidth Policy
Route
Through
42
Cyberoam User Guide Gateway Can be applied only if more than one gateway is defined. This option is not available if Cyberoam is deployed as Bridge Refer to Multiple Gateway Implementation Guide for more details. Virus & Spam Settings Scan Protocol(s) Click the protocol for which the virus and spam scanning is to be enabled By default, HTTP scanning is enabled. To implement Anti Virus and Anti Spam scanning, you have to subscribe for the Gateway Anti Virus and Anti Spam modules individually. Refer to Licensing for more details. Refer to Anti Virus Implementation Guide and Anti Spam Implementation Guide for details. Log Traffic Log Traffic Click to enable traffic logging for the rule i.e. traffic permitted and denied by the firewall rule. Make sure, firewall rule logging in ON/Enable from the Logging Management. Refer to Cyberoam Console Guide, Cyberoam Management for more details. To log the traffic permitted and denied by the firewall rule, you need to ON/Enable the firewall rule logging from the Web Admin Console Firewall rule and from the Telnet Console Cyberoam Management. Refer to Cyberoam Console Guide for more details. Refer to Appendix B - Network Traffic Logging Entry for more details. Description Description Save button Specify full description of the rule Saves the rule Table - Create Firewall rule screen elements
Manage Firewall
Use to: Enable/disable SMTP, POP3, IMAP, FTP and HTTP scanning Deactivate rule Delete rule Change rule order Append rule (zone to zone) Insert rule Select display columns
Note
From this version i.e. 9.5.3.07, Cyberoam does not support of DNAT policy. On upgrading to this version, Cyberoam will preserve all the DNAT policy but will not allow to modify them. This will not affect functioning of Cyberoam. To stop the usage of DNAT policy: 1. Create Virtual host to forward the request i.e. for the same service/server for which DNAT policy is created 2. Create firewall rule for Virtual host 3. Delete firewall rule for DNAT policy
43
Firewall rule for Virtual host will take precedence if firewall rule for DNAT policy is not deleted.
Select Firewall
Mov
Append Rule button - Click to add zone to zone rule Select Column button Click to customize the number of columns to be displayed on the page Subscription icon - Indicates subscription module. To implement the functionality of the subscription module you need to subscribe the respective module. Click to open the licensing page. Enable/Disable rule icon - Click to activate/deactive the rule. If you do not want to apply the firewall rule temporarily, disable rule instead of deleting. Green Active Rule Red Deactive Rule Edit icon Insert icon details. Move icon details. Delete icon - Click to edit the rule. Refer to Edit Firewall rule for more details. - Click to insert a new rule before the existing rule. Refer to Define Firewall Rule for more - Click to change the order of the selected rule. Refer to Change the firewall rule order for - Click to delete the rule. Refer to Delete Firewall Rule for more details.
- Virtual host. It is the loopback firewall rule automatically created for virtual host.
Update Rule
Select Firewall Manage Firewall to view the list of rules. Click the rule to be modified.
44
Description Displays source zone and host IP address /network address to which the rule applies. Zone Type cannot be modified Modify host/network address if required To define host group based firewall rule you need to define host group. Under Select Address, click Create Host Group to define host group from firewall rule itself or from Firewall Host Group Create Under Select Address, click Add Host to define host group from firewall rule itself rule itself or from Firewall Host Add Host
45
Cyberoam User Guide Check Identity (Only if source zone is LAN or DMZ) Destination Check identity allows you to check whether the specified user/user group from the selected zone is allowed the access of the selected service or not. Click Enable to check the user identity Displays destination zone and host IP address /network address to which the rule applies. Zone Type cannot be modified Modify host/network address if required. To define host group based firewall rule you need to define host group. Under Select Address, click Create Host Group to define host group from firewall rule itself or from Firewall Host Group Create Under Select Address, click Add Host to define host group from firewall rule itself rule itself or from Firewall Host Add Host Services represent types of Internet data transmitted via particular protocols or applications. is if is as Displays service/service group to which the rule applies, modify if required Under Select Here, click Create Service Group to define service group from firewall rule itself rule itself or from Firewall Service Create Service
Service/Service group (This option not available virtual host configured Destination host)
Cyberoam provides several standard services and allows creating the custom services also. Under Select Here, click Create Service to define service from firewall rule itself rule itself or from Firewall Service Create Service
Protect by configuring rules to block services at specific zone limit some or all users from accessing certain services allow only specific user to communicate using specific service Apply Schedule Displays rules schedule, modify if required Firewall Action When Criteria Match Action Displays rule action, modify if required Accept Allow access Drop Silently discards i.e. without sending ICMP port unreachable message to the source Reject Denies access and sends ICMP port unreachable message to the source Displays the NAT policy applied to the rule, modify if required It allows access but after changing source IP address i.e. source IP address is substituted by the specified IP address in the NAT policy. You can create NAT policy from firewall rule itself or from Firewall Policy Create This option is not available if Cyberoam is deployed as Bridge NAT
46
Cyberoam User Guide Advanced Settings Click to apply different protection settings to the traffic controlled by firewall. You can: Enable load balancing between multiple links Configure antivirus protection and spam filtering for SMTP, IMAP, POP3, and HTTP policies Apply bandwidth policy Configure content filtering policies Policy Settings IDP Policy Displays IDP policy for the rule, modify if required To use IDP, you have to subscribe for the module. Refer to Licensing for more details. Refer to IDP, Policy for details on creating IDP policy Displays Internet access policy for the rule, modify if required Internet Access policy controls web access. Refer to Policies, Internet Access Policy for details on creating Internet Access policy. Displays Bandwidth policy for the rule, modify if required. Only the Firewall Rule based Bandwidth policy can be applied. Bandwidth policy allocates & limits the maximum bandwidth usage of the user. Refer to Policies, Bandwidth Policy for details on creating Bandwidth policy. Displays routing policy, modify if required Can be applied only if more than one gateway is defined. This option is not available if Cyberoam is deployed as Bridge Refer to Multiple Gateway Implementation Guide for more details. Virus & Spam Settings Scan Protocol(s) Displays protocols for which the virus and spam scanning is to be enabled, modify if required By default, HTTP scanning is enabled. To implement Anti Virus and Anti Spam scanning, you have to subscribe for the Gateway Anti Virus and Anti Spam modules individually. Refer to Licensing for more details. Refer to Anti Virus Implementation Guide and Anti Spam Implementation Guide for details. Click to enable traffic logging for the rule Make sure, firewall rule logging in ON/Enable from the Logging Management. Refer to Cyberoam Console Guide, Cyberoam Management for more details. To log the traffic permitted and denied by the firewall rule, you need to ON/Enable the firewall rule logging from the Web Admin Console Firewall rule and from the Telnet Console Cyberoam Management. Refer to Cyberoam Console Guide for more details. Refer to Appendix B - Network Traffic Logging Entry for more details. Displays full description of the rule, modify if required Saves the rule Table Edit Firewall Rule
Bandwidth Policy
Log Traffic
47
Select Before or After as per the need Click the rule to be moved and then click where it is to be moved. Click Done to save the order
Append rule
Append Rule adds the new rule above the default rules if zone-to-zone rule set exists else append new rule as new zone-to-zone rule set in the end. For example, consider the screen given below. If the new rule is for DMZ to LAN then a new rule set DMZ LAN is created at the end and rule is added to it. If the new rule is for LAN to WAN then rule will be added above Rule ID 4 as Rule ID 3 and ID 4 are default rules. Select Firewall Manage Firewall Rules and click Append Rule
48
Screen Default Screen Display of Manage Firewall Rules page Select Firewall Manage Firewall to open the manage page. Click Select Columns. It opens the new window. Available Columns list displays the columns that can be displayed on the page. Click the required column and use Right arrow button to move the selected column to the Selected Columns list and Click Done
Note
Default rules cannot be deleted or deactivated.
49
Host Management
Firewall rule can be created for the individual host or host groups. By default, the numbers of hosts equal to the ports in the appliance are already created.
Screen Elements
Description
Create Host Group Host Group Name Specify host group name Description Specify full description Create button Add a new host. If host group is created successfully, click Add to add hosts to the host group. Host list is displayed for selection. Refer to Manage Host Groups for details. Table Create Host Group screen elements
50
Cyberoam User Guide Click host group to which host is to be added. Host Group details are displayed. Click Add. Host list displayed. Click Sel against the host to be added Click Add
51
Description Select host to be removed from the group Click Del to select More than one host can also be selected Select all the hosts for deletion Click Select All to select all the hosts Deletes all the selected hosts
Select All
Delete button
Description Select host group for deletion Click Del to select More than one group can also be selected Select all the groups for deletion Click Select All to select all the groups Deletes all the selected groups
Select All
Delete button
52
Add Host
Select Firewall Host Add to open the add page
Screen Elements Add Host Host Name Host Type Network Select Host Group Create button
Description Specify host name Select host type i.e. single IP address with subnet or range of IP address Specify network address or range of IP address Select host group Add a new host Table Add Host screen elements
Manage Host
Select Firewall Host Manage to view the list of hosts
Description Select host to be deleted Click Del to select More than one host can also be selected Select all the hosts for deletion Click Select All to select all the hosts Deletes all the selected hosts
Select All
Delete button
53
Virtual Host
Virtual Host maps services of a public IP address to services on an internal host. Virtual hosts can be used to allow connections through Cyberoam using NAT firewall policies. Virtual hosts use Proxy ARP so that the Cyberoam can respond to ARP requests for public IP address. Cyberoam automatically enables Proxy ARP for the IP addresses belonging to the WAN interface subnet. For example, you can add a virtual host for WAN interface so that the WAN interface can respond to connection requests for users who are actually connecting to a server on the DMZ or LAN. A Virtual host can be a single IP address or an IP address range bound to a Cyberoam interface. When you bind an IP address or IP address range to a Cyberoam interface using a virtual host, the interface responds to ARP requests for the bound IP address or IP address range. Firewall rules to allow servers from the Internet to access a virtual host that maps to internal servers, such as Web servers, Mail servers or FTP servers. You must add the virtual host to a firewall policy to actually implement the mapping configured in the virtual host i.e. create firewall rule that allows or denies inbound traffic to virtual host.
Screen Elements Create Virtual Host Virtual Host Name Public IP Address Type and Public IP Address
Description Specify unique name to identify virtual host Select public IP address type and configure IP address. The configured IP address is mapped to the destination host/network and used as the IP address of the virtual host. Cyberoam automatically enables proxy ARP for the configured
54
Cyberoam User Guide public IP address if it belongs to WAN interface subnet. Available option: Cyberoam IP - Select when any of the Cyberoam Port, Alias or Virtual LAN (VLAN) subinterface is required to be mapped to the destination host or network. IP address - Specified IP address is mapped to a corresponding mapped single or range of IP address. If single IP address is mapped to a range of IP address, Cyberoam uses round robin algorithm to load balance the requests. IP address range - Specified IP address range is mapped to a corresponding range of mapped IP address. The IP range defines the start and end of an address range. The start of the range must be lower than the end of the range. Select mapped IP address type and configure IP address. The public IP address is mapped to the specified IP address. This is the actual private IP address of the host being accessed using the virtual host. Available option: IP address Public IP address is mapped to the specified IP address. IP address range Public IP address range is mapped to the specified IP Address range Select zone of the mapped IP addresses. For example, if mapped IP address represents any internal server then the zone in which server resides physically. By default, LAN zone is configured but can be changed if required. Click Port Forward to enable service port forwarding Following configuration is available only if port forwarding is enabled Select the protocol TCP or UDP that you want the forwarded packets to use Click to specify whether port mapping should be single or range of ports. Specify public port number for which you want to configure port forwarding. Specify mapped port number on the destination network to which the public port number is mapped. Specify description Creates a virtual host
Port Forward
Once the virtual host is created successfully, Cyberoam automatically creates a loopback firewall rule for the zone of the mapped IP address. For example, if virtual host is created for the WAN mapped IP zone then WAN to WAN firewall rule is created for the virtual host. Firewall rule is created for the service specified in virtual host. If port forwarding is not enabled in virtual host then firewall rule with All Services is created. Check creation of loopback rule from Firewall Manage Firewall. Cyberoam automatically enabled proxy ARP for the public IP address if it belongs to the WAN interface subnet. If proxy ARP is not enabled automatically, message will be displayed to enable proxy ARP manually. Check creation of proxy ARP from Cyberoam Console option of Telnet Console.
55
Virtual host restrictions: Virtual host name cannot be same as host or host group name. Public IP address range cannot be mapped with a single Mapped IP address. The number of IP addresses in mapped Public address range and Mapped IP address range must be same. The number of port in mapped Public ports range and Mapped port range must be same. Virtual host with the same pair of Public IP and Port cannot be created. Different virtual hosts can have same public IP address only if port forwarding is enabled for different public port. For example, Virtual_host1 Public IP address - 192.168.1.1 Mapped IP address 10.10.10.12 Port forward Public port 25 Mapped port 35 Virtual_host2 Public IP address - 192.168.1.1 Mapped IP address 10.10.10.1 Port forward Public port 42 Mapped port - 48 Different virtual hosts cannot have same public IP address if port forwarding in enabled in one virtual host and disabled in another virtual host. For example, Cyberoam will not allow you creation of: Virtual_host1 Public IP address - 192.168.1.15 Mapped IP address 10.10.10.1 Virtual_host2 Public IP address - 192.168.1.15 Mapped IP address 10.10.10.2 Port forward Public port 42 Mapped port - 48
56
Description Select virtual host to be deleted Click Del to select More than one virtual host can also be selected Select all the virtual hosts for deletion Click Select All to select all the virtual hosts Deletes all the selected virtual hosts
Select All
Delete button
Note
Virtual host can be deleted but cannot be updated. On deletion of virtual host, Proxy ARP and loopback firewall rule are deleted automatically. If loopback firewall rule is deleted without deleting virtual host, traffic between virtual host and the zone for in which mapped IP address lies is dropped. If proxy ARP is deleted without deleting virtual host, the service/server for which virtual host is created will become in-accessible as Cyberoam will not know on which Interface the request is to be forwarded.
57
Screen Elements
Description
Logon Pool Details Logon Pool name Specify name of Logon Pool Is Logon Pool Public IP address is routable over the Internet and do not need Network public Address Translation (NAT) Click to Select, if the IP Addresses assigned to Users are Public IP addresses Specify Bandwidth Policy for Logon Pool Click Bandwidth Policy list to select Click View details link to view details of the policy Specify full description Specify range of IP Address that will be used by Users to login Specify machine name Add a new Logon Pool Table - Add Logon Pool screen elements
Bandwidth policy
58
Traffic Discovery
"Network security" is controlling who can do what on your network. Control is all about detecting and resolving any activity that does not align with your organization's policies. Traffic discovery provides a comprehensive, integrated tool to tackle all your Network issues. It performs network traffic monitoring by aggregating the traffic passing through Cyberoam. It helps in determining the amount of network traffic generated by an application, IP address or user. View your network's traffic statistics, including protocol mix, top senders, top broadcasters, and error sources. Identify and locate bandwidth hogs and isolate them from the network if necessary. Analyze performance trends with baseline data reports. The discovered traffic pattern is presented in terms of Application User LAN IP Address Apart from details of live connections traffic pattern, Cyberoam also provides current dates connection history.
59
Description Applications running on network Click Total Connections to view the connection details for selected Application. Refer to Connection details for selected Application Click to view list of Users using respective Applications
Click Total Connections to view the connection details for selected Application. Refer to Connection details for selected Application to view WAN IP Address wise Connection details for selected Click Application to view Destination Port wise Connection details for selected Click Application Data Transfer details Upload Transfer Download Transfer Upstream Bandwidth (Kbit/sec) Downstream Bandwidth (Kbits/sec) Connection Details Total Connections Displays data uploaded using the Application Displays data downloaded using the Application Displays upstream bandwidth used by Application Displays downstream bandwidth used by Application
Displays number of connections initiating/requesting the Application Click to view the connection details for the respective Application for each connection Displays number of connections initiated by LAN IP Address for the Application Displays number of connections initiated by WAN IP Address for the Application
Report columns Established Time LAN IP Address LAN PORT WAN IP Address WAN PORT Direction Upload Transfer
Description Time when connection was established LAN IP Address from which the connection for the application was established LAN port through which connection was established for the application WAN IP Address to which connection was established WAN port to which connection was established for the application Traffic direction Data uploaded using the Application
60
Cyberoam User Guide Download Transfer Upstream Bandwidth Downstream Bandwidth Data downloaded using the Application Upstream bandwidth used by Application Downstream bandwidth used by Application
Report columns Established Time LAN IP Address LAN Port WAN IP Address WAN Port Direction Upload Transfer Download Transfer Upstream Bandwidth Downstream Bandwidth
Description Time when connection was established LAN IP Address from which the connection for the application was established LAN port through which connection was established for the application WAN IP Address to which connection was established WAN port to which connection was established for the application Traffic direction Data uploaded using the Application Data downloaded using the Application Upstream bandwidth used by Application Downstream bandwidth used by Application
Report columns WAN IP Address Total Connections LAN Initiated WAN Initiated Upload Transfer Download Transfer Upstream Bandwidth Downstream Bandwidth
Description WAN IP Addresses to which Connection was established by the selected Application Number of connections established to the WAN IP Address Number of connections initiated from LAN Number of connections initiated from WAN Data uploaded during the connection Data downloaded during the connection Upstream bandwidth used by Application Downstream bandwidth used by Application
61
Report columns Destination Port Total Connections LAN Initiated WAN Initiated Upload Transfer Download Transfer Upstream Bandwidth Downstream Bandwidth
Description Destination ports to which Connection was established by the selected Application Number of connections established through the destination port Number of connections initiated from LAN Number of connections initiated from WAN Data uploaded during the connection Data downloaded using the connection Upstream bandwidth used by Application Downstream bandwidth used by Application
User wise
User wise Live Connections displays which user is using which Application and is consuming how much bandwidth currently. Select Traffic Discovery Live Connections User wise
Description Network Users requesting various Applications Click Total Connections to view the connection details for selected User. Click to view list of Applications used by the respective users
Click Total Connections to view the connection details for selected User
62
Cyberoam User Guide and Application Click User Click User Data Transfer details Upload Transfer Download Transfer Upstream Bandwidth (Kbit/sec) Downstream Bandwidth (Kbits/sec) Connection Details Total Connections to view WAN IP Addresses wise Connection details for selected
Displays data uploaded by the User Displays data downloaded by the User Displays upstream bandwidth used by User Displays downstream bandwidth used by User
Displays number of connections initiated by the User Click to view connection details initiated by the User for each connection Displays number of connections initiated from LAN IP Address by the User Displays number of connections initiated from WAN IP Address by the User
Description LAN IP Address requesting various Applications Click Total Connections to view the connection details for selected LAN
63
Cyberoam User Guide IP Address. to view list of Applications requested by the respective LAN IP Click Address Click Total Connections to view the connection details for selected LAN IP Address and Application to view WAN IP Addresses wise Connection details for selected Click LAN IP Address to view Destination ports wise Connection details for selected Click LAN IP Address Data Transfer details Upload Transfer Download Transfer Upstream Bandwidth (Kbit/sec) Downstream Bandwidth (Kbits/sec) Connection Details Total Connections Displays data uploaded from the LAN IP Address Displays data downloaded from the LAN IP Address Displays upstream bandwidth used by LAN IP Address Displays downstream bandwidth used by the LAN IP Address
Displays number of connections initiated by the LAN IP Address Click to view connection details initiated by the LAN IP Address for each connection Displays number of connections initiated from LAN IP Address Displays total number of connections initiated from WAN IP Address
Table LAN IP Address wise Live connection screen elements Apart from the live connection details, details of the connections that are closed can be also be viewed. The details for all the connections that are closed during last 24 hours are shown. You can also select the history duration.
64
Screen Elements
Description
Select Start time and Stop time Start time & Stop time Select the history duration Refresh Data button Click to refresh the data after the start time or stop time is changed to get the latest data Application Name Applications running on network Click Total Connections to view the connection details for selected Application. Refer to Connection details for selected Application Click to view list of users using respective Applications
Click Total Connections to view the connection details for selected LAN IP Address and Application. Refer to Connection details for selected LAN IP Address and Application to view WAN IP Address wise Connection details for selected Click Application to view Destination Port wise Connection details for selected Click Application Data Transfer details Upload Transfer Download Transfer Upstream Bandwidth (Kbit/sec) Downstream Bandwidth (Kbits/sec) Connection Details Total Connections Displays data uploaded using the Application Displays data downloaded using the Application Displays upstream bandwidth used by Application Displays downstream bandwidth used by Application
65
Cyberoam User Guide Click to view the connection details for the respective Application for each connection Displays number of connections initiated by LAN IP Address for the Application Displays number of connections initiated by WAN IP Address for the Application Table Todays Connection History Application screen elements
User wise
It displays list of Users who has logged on to network during the selected duration and accessed which applications. Select Traffic Discovery Todays Connection History User wise
Screen Elements
Description
Select Start time and Stop time Start time & Stop time Select the history duration Refresh Data button Click to refresh the data after the start time or stop time is changed to get the latest data User Name Network Users requesting various Applications Click Total Connections to view the connection details for selected User. Click to view list of Applications used by the respective users
Click Total Connections to view the connection details for selected User and Application Click User to view WAN IP Addresses wise Connection details for selected
66
Cyberoam User Guide Click User Data Transfer details Upload Transfer Download Transfer Upstream Bandwidth (Kbit/sec) Downstream Bandwidth (Kbits/sec) Connection Details Total Connections to view Destination ports wise Connection details for selected
Displays data uploaded by the User Displays data downloaded by the User Displays upstream bandwidth used by User Displays downstream bandwidth used by User
Displays number of connections initiated by the User Click to view connection details initiated by the User for each connection Displays number of connections initiated from LAN IP Address by the User Displays number of connections initiated from WAN IP Address by the User
Screen Elements
Description
Select Start time and Stop time Start time & Stop time Select the history duration Refresh Data button Click to refresh the data after the start time or stop time is changed to get the latest data LAN IP Address LAN IP Address requesting various Applications Click Total Connections to view the connection details for selected LAN IP Address. Click to view list of Applications requested by the respective LAN IP
67
Cyberoam User Guide Address Click Total Connections to view the connection details for selected LAN IP Address and Application to view WAN IP Addresses wise Connection details for selected Click LAN IP Address to view Destination ports wise Connection details for selected LAN Click IP Address Data Transfer details Upload Transfer Download Transfer Upstream Bandwidth (Kbit/sec) Downstream Bandwidth (Kbits/sec) Connection Details Total Connections Displays data uploaded from the LAN IP Address Displays data downloaded from the LAN IP Address Displays upstream bandwidth used by LAN IP Address Displays downstream bandwidth used by the LAN IP Address
Displays number of connections initiated by the LAN IP Address Click to view connection details initiated by the LAN IP Address for each connection Displays number of connections initiated from LAN IP Address Displays total number of connections initiated from WAN IP Address
68
Policy Management
Cyberoam allows controlling access to various resources with the help of Policy. Cyberoam allows defining following types of policies: 1. Control individual user surfing time by defining Surfing quota policy. See Surfing Quota policy for more details. 2. Schedule Internet access for individual users by defining Access time policy. See Access time policy for more details. 3. Control web access by defining Internet Access policy. See Internet Access policy for more details. 4. Allocate and restrict the bandwidth usage by defining Bandwidth policy. See Bandwidth policy for more details. 5. Limit total as well as individual upload and/or download data transfer by defining data transfer policy. See Data Transfer policy for more details. Cyberoam comes with several predefined policies. These predefined policies are immediately available for use until configured otherwise. Cyberoam also lets you define customized policies to define different levels of access for different users to meet your organizations requirements.
69
Screen Elements
Description
Create Surfing Quota policy Name Specify policy name. Choose a name that best describes the policy. One cannot create multiple policies with the same name. Cycle type Specify cycle type Available options Daily restricts surfing hours up to cycle hours defined on daily basis Weekly restricts surfing hours up to cycle hours defined on weekly basis Monthly restricts surfing hours up to cycle hours defined on monthly basis Yearly restricts surfing hours up to cycle hours defined on yearly basis Non-cyclic no restriction Specify upper limit of surfing hours for cyclic type policies At the end of each Cycle, cycle hours are reset to zero i.e. for Weekly Cycle type, cycle hours will to reset to zero every week even if cycle hours are unused Restricts surfing days Specify total surfing days allowed to limit surfing hours
Allotted Days
70
Allotted Time
Click Unlimited Days if you do not want to restrict surfing days and create Unlimited Surfing Quota policy. Allotted time defined the upper limit of the total surfing time allowed i.e. restricts total surfing time to allotted time Specify surfing time in Hours & minutes Click Unlimited Time if you do not want to restrict the total surfing time Specify whether the allotted time will be shared among all the group members or not Click to share Specify full description of the policy Creates policy Table - Create Surfing Quota policy screen elements
Shared allotted time with group members Policy Description Create button
71
Edit Surfing Quota policy Name Displays policy name, modify if required Cycle Type Displays Cycle type, modify if required Cycle Hours Displays allotted Cycle hours Allotted Days Displays allotted days, modify if required Or Unlimited Days Allotted time Displays allotted time in hours, minutes, modify if required Or Unlimited time Shared allotted time Displays whether the total allotted time is shared among the with group members group members or not, modify if required Policy Description Displays description of the policy, modify if required Update button Updates and saves the policy. The changes made in the policy become effective immediately on updating the changes. Cancel button Cancels the current operation and returns to Manage Surfing Quota policy page Table - Update Surfing Quota policy screen elements
Description Select policy for deletion Click Del to select More than one policy can also be selected Select all the policies for deletion Click Select All to select all the policies Deletes all the selected policies
Select All
Delete button
72
Screen Elements
Description
Access Time policy details Name Specify policy name. Choose a name that best describes the policy to be created. One cannot create multiple policies with the same name. Schedule Specify policy schedule Users will be allowed/disallowed access during the time specified in the schedule. Click Schedule list to select Click View details link to view the details of selected schedule Refer to Define Schedule on how to create a new schedule Specify strategy to policy
73
Cyberoam User Guide Schedule Allow Allows the Internet access during the scheduled time interval Disallow - Does not allow the Internet access during the scheduled time interval Click to select Specify full description of policy Creates policy Table - Create Access Time policy screen elements
74
Screen Elements
Description
Access Time policy details Name Displays policy name, modify if required Schedule Displays selected policy schedule To modify, Click Schedule list and select new schedule Click View details link to view details of the selected schedule Displays Schedule strategy Cannot be modified Displays description of the policy, modify if required Saves the modified details. Changes made in the policy become effective immediately on saving the changes. Cancels current operation and returns to Manage Access Time policy Table - Update Access Time policy screen elements
selected
Description Select policy for deletion Click Del to select More than one policy can also be selected Select all the policies for deletion Click Select All to select all the policies Deletes all the selected policies
Select All
Delete button
75
76
Screen Elements
Description
Internet Access policy details Name Specify policy name. Choose a name that best describes the policy to be created. One cannot create multiple policies with the same name. Using Template Select a template if you want to create a new policy based on an existing policy and want to inherit all the categories restrictions from the existing policy Select Blank template, if you want to create a fresh policy without any restrictions. After creation, you can always customize the category restrictions according to the requirement. Select default policy type Available options Allow Allows access to all the Internet sites except the sites and files specified in the Categories Deny Allows access to only those sites and files that are specified in the Categories Specify full description of policy By default, Internet usage report is generated for all the users. However, Cyberoam allows to bypass reporting of certain users. Click Off to create Bypass reporting Internet access policy. Internet usage reports will not include access details of all the users to whom this policy will be applied. Click On to create policy that will include access details of all the users in Internet usage reports to whom this policy is applied. Creates policy and allows to add Category restriction
Description Reporting
Create button
Refer to Add Category for more details Internet Access policy Rules Add button Allows to define Internet Access policy rules and assign Web, File Type and Application Protocol Categories to Internet Access policy Click to add Refer to Add Internet Access policy rule for more details Saves policy Opens a new page and displays list of policy members Cancels the current operation and return to Manage Internet Access policy page Table - Create Internet Access policy screen elements
77
Description Displays list of custom Web, File Type and Application Protocol Categories Displays list of Categories assigned to policy In Category Name column, W represents Web Category F represents File Type Category A represents Application Protocol Category D represents Default Category C represents Customized i.e. User defined Category Select Categories to be assigned to policy. In Web Category list, click to select In File Type list, click to select In Application Protocol list, click to select Use Ctrl/Shift and click to select multiple Categories If Web and Application Filter subscription module is registered, all the default categories will also be listed and can be for restriction. Allows/Disallows access to the selected Categories during the period defined in the schedule Click Strategy box to see options and select Allows/Disallows access to the selected Categories according to the strategy defined during the period defined in the schedule Allow/Disallow will depend on the strategy selected Click Schedule box to see options and select Opens a new window and displays details of the selected schedule Click to view
Strategy
During Schedule
78
Cyberoam User Guide Click Close to close the window Add rule to Internet Access policy Click to add rule Cancels the current operation Table Add Internet Access policy rule screen elements
Add button
Cancel button
Screen Elements
Description
Internet Access policy details Name Displays policy name which cannot be modified Policy Type Displays policy type which cannot be modified Description Displays policy description, modify if required Reporting By default, Internet usage report is generated for all the users. However, Cyberoam allows to bypass reporting of certain users. Click Off to bypass reporting. Internet usage reports will not include access details of all the users to whom this policy will be applied. Click On to create policy that will include access details of all the users in Internet usage reports to whom this policy is applied. Internet Access policy Rules Displays list of Categories assigned to policy In Category Name column, W represents Web Category F represents File Type Category A represents Application Protocol Category
79
Cyberoam User Guide D represents Default Category C represents Customized i.e. User defined Category Allows to define a new rule Click to add Refer to Add Internet Access policy rule for more details Allows to delete the selected rule(s) Refer to Delete Internet Access policy rule for more details Moves the selected rule one step up Click rule that is to be moved one-step up. This will highlight selected rule. Click MoveUp to move the selected rule one step upwards Moves the selected rule one step down Click rule, which is to be moved one-step down. This will highlight selected rule. Click Move Down to move the selected rule one step downwards Saves the modified sequence of the rules
Add button
Delete button
Update button Only when more than one rule is defined Save button Show Policy members button Cancel button
Saves the modifications Opens a new page and displays list of policy members Cancels the current operation and returns to Manage Internet Access policy page
Description Select rule to be deleted Click Del to select More than one rule can also be selected
80
Cyberoam User Guide Select All Selects all rules for deletion Click Select All to select all rules for deletion Delete(s) selected rules
Delete button
Note
Do not forget to update after changing the order
Description Select policy for deletion Click Del to select More than one policy can also be selected Selects all policies for deletion Click Select All to select all policies for deletion Delete(s) selected policies
Select All
Delete button
81
Bandwidth policy
Bandwidth is the amount of data passing through a media over a period of time and is measured in terms of kilobytes per second (kbps) or kilobits per second (kbits) (1 Byte = 8 bits). The primary objective of bandwidth policy is to manage and distribute total bandwidth on certain parameters and user attributes. Bandwidth policy allocates & limits the maximum bandwidth usage of the user and controls web and network traffic. Policy can be defined/created for: Logon Pool - It restricts the bandwidth of a Logon Pool i.e. all the users defined under the Logon Pool share the allocated bandwidth. User - It restricts the bandwidth of a particular user. Firewall Rule - It restricts the bandwidth of any entity to which the firewall rule is applied.
In this type of bandwidth restriction, user cannot exceed the defined bandwidth limit. Two ways to implement strict policy: Total (Upstream + Downstream) Individual Upstream and Individual Downstream
Example Total bandwidth is 20 kbps and upstream and downstream combined cannot cross 20 kbps Upstream and Downstream bandwidth is 20 kbps then either cannot cross 20 kbps
Table - Implementation types for Strict - Bandwidth policy Strict policy Bandwidth usage Bandwidth usage Individual Shared Bandwidth specified For a particular user Shared among all the users who have been assigned this policy Table - Bandwidth usage for Strict - Bandwidth policy
Committed
In this type of bandwidth restriction, user is allocated the guaranteed amount of bandwidth and user can draw bandwidth up to the defined burstable limit, if available.
82
It enables to assign fixed minimum and maximum amounts of bandwidth to users. By borrowing excess bandwidth when it is available, users are able to burst above guaranteed minimum limits, up to the burstable rate. Guaranteed rates also assure minimum bandwidth to critical users to receive constant levels of bandwidth during peak and non-peak traffic periods. Guaranteed represents the minimum guaranteed bandwidth and burstable represents the maximum bandwidth that a user can use, if available. Two ways to implement committed policy: Total (Upstream + Downstream) Individual Upstream and Individual Downstream
Example Guaranteed bandwidth is 20 kbps then upstream and downstream combined will get 20 kbps guaranteed (minimum) bandwidth Burstable bandwidth is 50 kbps then upstream and downstream combined can get up to 50 kbps of bandwidth (maximum), if available Individual guaranteed bandwidth is 20 kbps then upstream and downstream get 20 kbps guaranteed (minimum) bandwidth individually Individual brustable bandwidth is 50 kbps then upstream and downstream get maximum bandwidth up to 50 kbps, if available individually
Burstable bandwidth Individual Upstream and Individual Downstream Individual Guaranteed and Brustable bandwidth i.e. separate for both
Table - Implementation types for Committed - Bandwidth policy Committed policy Bandwidth usage Bandwidth usage Individual Shared Bandwidth specified For a particular user Shared among all the users who have been assigned this policy Table - Bandwidth usage for Committed - Bandwidth policy
83
Bandwidth Policy Details Name Specify policy name. Choose a name that best describes the policy to be created. One cannot create multiple policies with the same name. Description Specify full description of policy Priority Set the bandwidth priority Priority can be set from 0 (highest) to 7 (lowest) Set the priority for SSH/Voice/Telnet traffic to be highest as this traffic is more of the interaction Creates policy Cancels the current operation
84
Screen Elements Bandwidth Policy Details Policy based on Total Bandwidth (in KB)
Description Click Logon Pool to create Logon Pool based policy Specify maximum amount of total bandwidth, expressed in terms of kbps. Specified bandwidth will be shared by all the users of the Logon Pool Maximum bandwidth limit is 4096 kbps
Screen Elements
Description
Bandwidth Policy Details Policy based on Based on the selection creates policy for User or IP address Click User to create User based policy Click IP Address to create IP Address based policy Based on the selection bandwidth restriction will be applied In Strict type of bandwidth restriction, user cannot exceed the defined bandwidth limit In Committed type of bandwidth restriction, user is allocated the guaranteed amount of bandwidth and can draw bandwidth up to the defined burst-able limit, if available. Specify implementation type of Bandwidth restriction Click Total to implement bandwidth restriction on the Total usage Click Individual to implement bandwidth restriction on the Individual Upstream and Individual Downstream bandwidth usage Specify maximum amount of Total bandwidth, expressed in terms of kbps Minimum bandwidth allowed is 2 kbps and maximum is 4096 kbps
Policy Type
Implementation on
85
Cyberoam User Guide Upload Bandwidth (Only for INDIVIDUAL implementation type) Download Bandwidth (Only for INDIVIDUAL implementation type) Bandwidth usage Specify maximum amount of Upstream Bandwidth, expressed in terms of kbps Minimum bandwidth allowed is 2 kbps and maximum is 4096 kbps Specify maximum amount of Downstream Bandwidth, expressed in terms of kbps Minimum bandwidth allowed is 2 kbps and maximum is 4096 kbps Specify whether the Bandwidth allocated is for particular user or shared among all the policy users
Description Creates policy based on the selection Click User to create User based policy Click IP Address to create IP address based policy Based on the selection bandwidth restriction will be applied In Strict type of bandwidth restriction, user cannot exceed the defined bandwidth limit In Committed type of bandwidth restriction, user is allocated the guaranteed amount of bandwidth and can draw bandwidth up to the defined burst-able limit, if available. Click Committed to apply committed policy Specify implementation type for Bandwidth restriction Click Total to implement bandwidth restriction on Total Click Individual to implement bandwidth restriction on Individual Upstream and Individual Downstream bandwidth Specify Guaranteed and Burstable amount of Total bandwidth, expressed in terms of kbps Minimum bandwidth allowed is 2 kbps and maximum is 4096 kbps
Policy Type
Implementation on
86
Cyberoam User Guide Guaranteed (Min)/ Burstable (Max) Upload Bandwidth (Only for INDIVIDUAL implementation type) Guaranteed (Min)/ Burstable(Max) Download Bandwidth (Only for INDIVIDUAL implementation type) Bandwidth usage Specifies Guaranteed and Burstable amount of Upstream Bandwidth, expressed in terms of kbps Minimum bandwidth allowed is 2 kbps and maximum is 4096 kbps Specifies Guaranteed and Burstable amount of Downstream Bandwidth, expressed in terms of kbps Minimum bandwidth allowed is 2 kbps and maximum is 4096 kbps Specify whether bandwidth specified is for a particular User or Shared among all the policy users
Screen Elements
Description
Bandwidth Policy details Name Displays Bandwidth policy name, modify if required Priority Displays the bandwidth priority, modify if required Priority can be set from 0 (highest) to 7 (lowest) Set the priority for SSH/Voice/Telnet traffic to be highest as this traffic is more of the interaction Displays policy description, modify if required Updates and saves the policy Cancels current operation and returns to the Manage Bandwidth policy page
87
Screen Elements
Description
Bandwidth Policy Details Show Members link Opens a new browser window and displays bandwidth restriction details and the member Logon Pools of the policy Click Close to close the window Displays type of policy
Policy Based On
Cannot be modified Default values to be applied all the time Implementation on Displays Implementation type of the policy Cannot be modified Displays total bandwidth for the group, modify if required Maximum bandwidth limit is 4096 kbps Table - Update Logon Pool based Bandwidth policy screen elements
88
Description Opens a new browser window and displays bandwidth restriction details, schedule details and the members/users of the policy Click Close to close the window Displays type of policy Cannot be modified
Policy based on
Displays implementation type of policy Cannot be modified Displays total bandwidth assigned, modify if required
Total Bandwidth (Only for TOTAL implementation type) Upload Bandwidth (in KB) (Only for STRICT policy type and INDIVIDUAL implementation type) Download Bandwidth (in KB) (Only for STRICT policy type and INDIVIDUAL implementation type) Guaranteed Brustable Upload Bandwidth (in KB) (Only for COMMITTED policy type and INDIVIDUAL implementation type) Guaranteed Brustable Download Bandwidth (in KB) (Only for COMMITTED policy type and INDIVIDUAL implementation type) Policy type Update button Add details button
Displays policy type i.e. committed or strict which cannot be modified Updates the changes made in Bandwidth restriction details and Default values to be applied all the time Allows to attach schedule to override default bandwidth restriction Click Add details. Refer to Attach Schedule details for more details
Strict
89
Screen Elements
Description
Bandwidth Policy Schedule wise details Name Displays policy name Policy Type Displays Type of bandwidth restriction Click Strict to apply strict policy Specify whether bandwidth restriction implementation is on Total or Upstream & downstream individually For Total Total Bandwidth - Specify maximum amount of Total bandwidth, expressed in terms of kbps For Individual Upload Bandwidth - Specify maximum amount of Upstream bandwidth, expressed in terms of kbps Download Bandwidth - Specify maximum amount of Downstream bandwidth, expressed in terms of kbps Specify Schedule Click Schedule list to select Opens the new browser window and displays the details of the schedule selected Click Close to close the window Assigns schedule Cancels the current operation
Implementation on
Schedule
Table Assign Schedule to User based Strict Bandwidth policy screen elements Committed
Screen Elements
Description
Bandwidth Policy Schedule wise details Name Displays policy name Policy Type Displays Type of bandwidth restriction
90
Cyberoam User Guide Click Committed to apply committed policy Specify whether bandwidth restriction implementation is on Total or Upstream & downstream individually For Total Guaranteed(Min) Bandwidth - Specify minimum guaranteed amount of Total bandwidth, expressed in terms of kbps Brustable(Max) Bandwidth - Specify maximum amount of Total bandwidth, expressed in terms of kbps For Individual Guaranteed(Min) Upload Bandwidth - Specify minimum guaranteed amount of Upstream bandwidth, expressed in terms of kbps Brustable(Max) Upload Bandwidth - Specify maximum amount of Upstream bandwidth, expressed in terms of kbps Guaranteed(Min) Download Bandwidth - Specify minimum guaranteed amount of Downstream bandwidth, expressed in terms of kbps Brustable(Max) Download Bandwidth - Specify maximum amount of Downstream bandwidth, expressed in terms of kbps Specify Schedule Click Schedule list to select Opens new browser window and displays the details of the schedule selected Click Close to close the window Assigns schedule to the bandwidth policy Cancels the current operation
Implementation on
Schedule
Table Assign Schedule to User based Committed Bandwidth policy screen elements
Remove Schedule details
Description Select Schedule detail(s) for deletion Click Select to select More than one schedule details can also be selected Select all details for deletion Click Select All to select all details Removes the selected schedule detail(s)
Select All
Table - Remove Schedule from User based Bandwidth policy screen elements
91
Description Select policy for deletion Click Del to select More than one policy can also be selected Selects all polices for deletion Click Select All to select all policies Deletes selected policies
Select All
Delete button
92
Screen Elements
Description
Create Data Transfer policy Name Specify policy name. Choose a name that best describes the policy Cycle type Specify cycle type Available options Daily restricts data transfer up to cycle hours defined on daily basis Weekly restricts data transfer up to cycle hours defined on weekly basis Monthly restricts data transfer up to cycle hours defined on monthly basis Yearly restricts data transfer up to cycle hours defined on yearly basis Non-cyclic data restriction is defined by the Total data transfer limit Specify whether the data transfer restriction is on total data transfer or on individual upload or download
Restriction based on
93
Cyberoam User Guide Click Total Data Transfer to apply data transfer restriction on the Total (Upload + Download) data transfer Click Individual Data Transfer to apply data transfer restriction on the Individual Upload and Individual Download data transfer Specify whether the allotted data transfer will be shared among all the group members or not Click to share Specify full description of the policy Specify Cycle Total Data transfer limit It is the upper limit of total data transfer allowed to the user per cycle. User gets disconnected if limit is reached.
Shared allotted data transfer with group members Only if Cycle Type is Non-cyclic Policy Description Restriction Details Cycle Total Data Transfer Limit (MB) Only if Cycle Type is not Non-cyclic and Restriction is based on Total Data Transfer Cycle Upload Data Transfer Limit (MB) Only if Cycle Type is not Non-cyclic and Restriction is based on Individual Data Transfer Cycle Download Data Transfer Limit (MB) Only if Cycle Type is not Non-cyclic and Restriction is based on Individual Data Transfer Total Data Transfer Limit (MB) Only if Restriction is based on Total Data Transfer Upload Data Transfer Limit (MB) Only if Restriction is based on Individual Data Transfer Download Data Transfer Limit (MB) Only if Restriction is based on Individual Data Transfer Create button Cancel button
Specify Cycle Upload Data transfer limit. It is the upper limit of upload data transfer allowed to the user per cycle. User will be disconnected if limit is reached OR if you do not want to restrict upload data transfer per cycle, click Unlimited Cycle Upload Data transfer
Enter Cycle Download Data transfer limit. It is the upper limit of download data transfer allowed to the user per cycle. User will be disconnected if limit is reached OR if you do not want to restrict download data transfer per cycle, click Unlimited Cycle Download Data transfer
Specify Total Data transfer limit. It is the data transfer allowed to the user and if the limit is reached user will not be able to log on until the policy is renewed OR if you do not want to restrict total data transfer, click Unlimited Total Data Transfer Specify Upload Data transfer limit. It is the total upload data transfer allowed to the user and if the limit is reached user will not be able to log on until the policy is renewed OR if you do not want to restrict total upload data transfer, click Unlimited Upload Data Transfer Specify Download Data transfer limit. It is the upper download data transfer allowed to the user and if the limit is reached user will not be able to log on until the policy is renewed OR if you do not want to restrict total download data transfer, click Unlimited Download Data Transfer Creates policy Cancels the current operation and returns to Manage Data transfer policy page
94
Screen Elements Edit Data Transfer policy Name Cycle type Restriction based on Shared allotted data transfer with group members Policy Description Restriction Details Cycle Total Data Transfer Limit (MB) Only if Restriction is based on Total Data Transfer Cycle Upload Data Transfer Limit (MB) Only if Restriction is based on Individual Data Transfer Cycle Download Data Transfer Limit (MB) Only if Restriction is based on Individual Data Transfer Total Data Transfer Limit (MB)
Description Displays policy name, modify if required. Displays cycle type Displays whether the data transfer restriction is on total data transfer or on individual upload or download Displays whether the allotted data transfer is shared among all the group members or not Displays full description of the policy, modify if required. Displays Cycle Total Data transfer limit It is the upper limit of total data transfer allowed to the user per cycle. User will be disconnected if limit is reached. Displays Cycle Upload Data transfer limit. It is the upper limit of upload data transfer allowed to the user per cycle. User will be disconnected if limit is reached.
Displays Cycle Download Data transfer limit. It is the upper limit of download data transfer allowed to the user per cycle. User will be disconnected if limit is reached.
95
Cyberoam User Guide It is the data transfer allowed to the user and if the limit is reached user will not be able to log on until the policy is renewed.
Only if Restriction is based on Total Data Transfer Upload Data Transfer Limit (MB) Only if Restriction is based on Individual Data Transfer Download Data Transfer Limit (MB) Only if Restriction is based on Individual Data Transfer Update button Cancel button
Displays Upload Data transfer limit. It is the total upload data transfer allowed to the user and if the limit is reached user will not be able to log on until the policy is renewed.
Displays Download Data transfer limit. It is the upper download data transfer allowed to the user and if the limit is reached user will not be able to log on until the policy is renewed. Updates policy Cancels the current operation and returns to Manage Data transfer policy page
Description Select policy for deletion Click Del to select More than one policy can also be selected Select all the policies for deletion Click Select All to select all the policies Deletes all the selected policy/policies
Select All
Delete button
96
NAT Policy
NAT policy tells firewall rule to allow access but after changing source IP address i.e. source IP address is substituted by the IP address specified in the NAT policy.
Screen Elements NAT policy NAT Policy Name Description Source Translation Map Source IP with
Description Specify policy name. One cannot create multiple policies with the same name. Specify description Specify IP address MASQUERADE will replace source IP address with Cyberoams WAN IP address IP will replace source IP address with the specified IP address IP Range will replace source IP address with any of the IP address from the specified range Creates NAT policy Table Create NAT policy screen elements
Create button
97
Screen Elements NAT policy NAT Policy Name Description Source Translation Map Source IP with
Description Displays policy name, modify if required Displays description, modify if required Specify IP address MASQUERADE will replace source IP address with Cyberoams WAN IP address IP will replace source IP address with the specified IP address IP Range will replace source IP address with any of the IP address from the specified range Saves the modifications Table Update NAT policy screen elements
Update button
Description Select policy for deletion Click Del to select More than one policy can also be selected Select all the policies for deletion Click Select All to select all the policies Deletes all the selected policy/policies
Select All
Delete button
98
Zone Management
Use to Update Zone details Delete Zone
Manage Zone
Select System Zone Manage to open the manage zone page
Description Displays zone name Displays zone type LAN Depending on the appliance in use and network design, Cyberoam allows to group one to six physical ports in this zone. Group multiple interfaces with different network subnets to manage them as a single entity. Group all the LAN networks under this zone. By default the traffic to and from this zone is blocked and hence the highest secured zone. DMZ (DeMilitarized Zone) - This zone is normally used for publicly accessible servers. Depending on the appliance in use and network design, Cyberoam allows to group one to five ports in this zone. WAN Zone for the Internet services. Only one WAN zone is allowed, hence additional WAN zones cannot be created. Multiple LAN zones are not possible if Cyberoam is deployed as Bridge.
99
Cyberoam User Guide Select Port Displays the ports bound to the zone, modify if required Available Ports list displays the list of ports that can be included in the selected zone. Member Port list displays the list of ports included in the zone Using arrow buttons to move ports between the lists Displays zone description, modify if required Saves the zone configuration Table Edit Zone
Delete Zone
Prerequisite No hosts attached to the zone Select System Zone Manage to open the manage zone page
Description Select Zone(s) for deletion Click Del to select More than one zone can also be selected Selects all the zones Click Select All to select all the zones for deletion Delete the selected zone(s) Table Delete Zone
Select All
Note
Default Zones cannot be deleted
100
Group Management
Manage Group
Update Group to: Order of the group Change policies - Surfing time policy, Access time policy, Internet Access policy, Bandwidth policy and Data transfer policy Change the login restriction for the users of the group Add new users to the group Select Group Manage Group to view the list of groups
Screen components Select Column button Click to customize the number of columns to be displayed on the page Edit icon Insert icon details. Move icon details. Delete icon - Click to edit the group details. Refer to Update Group for more details. - Click to insert a new group before the existing group. Refer to Add a new Group for more - Click to change the order of the selected group. Refer to Change the group order for - Click to delete the group. Refer to Delete Group for more details.
101
Select Group
Select Before or After as per the need Click the rule to be moved and then click where it is to be moved. Click Done to save the order
Update Group
Need may arise to change the Group setting after the creation of Group. Select Group Group and click the Group to be modified Manage
Click Show Group Members button Refer to View Group members for details Change Policy button
102
Cyberoam User Guide Change Access Time Policy Change Internet Access policy Change Bandwidth Policy Change Data transfer policy Change Login Restriction Access Time Policy list Internet Access policy list Bandwidth Policy list Data transfer policy list Change Login Restriction button
Screen Elements Group Information Group Name Show Group Members button Surfing Quota policy Change policy button Only for Normal Group type
Description Displays Group name, modify if required Opens a new window and displays list of group members Displays currently attached Surfing Quota policy to the Group Click to change the attached Surfing Quota policy Opens a new window and allows to select a new Surfing Quota policy Click Change policy Click Select to select from available policy Click Done to confirm the selection Click Cancel to cancel the operation Surfing quota policy, Time allotted & Expiry date changes accordingly Displays total surfing time allotted by Surfing Quota policy to the Group Cannot be modified Displays Expiry date of the Surfing Quota policy Cannot be modified Displays cycle hours Cannot be modified
allotted
103
Cyberoam User Guide Period Cycle Only if Surfing Quota policy is Non-Cyclic Used Surfing Time Displays type of cycle Cannot be modified Displays total time used by the Group members Cannot be modified Displays currently attached Access Time policy to the Group To change Click Access Time policy list to select Click View details to view the details of the policy Displays currently attached Internet Access policy to the Group To change Click Internet Access policy list to select Click View details to view the details of the policy Displays currently attached Bandwidth policy to the Group To change Click Bandwidth policy list to select Click View details to view the details of the policy Displays currently attached Data Transfer policy to the Group To change Click Data Transfer policy list to select Click View details to view the details of the policy Authentication Session timeout is the number of minutes that an authenticated connection can be idle before the user must authenticate again. Click to enable session timeout on per-group basis. By default, this option is disabled. The minimum timeout that can be configured is 3 minutes and maximum is 1440 minutes (24 hours) Login Restriction Change Login Restriction button Save button Add Members Display login restriction applied to the Group members Click to change login restriction Refer to Change Login Restriction for more details Saves the modified details. Any changes made are applicable to all the group members. Allows to add members to the group Click to add Refer to Add Group Members for details Renews data transfer policy of all the group members
Internet policy
Access
Bandwidth policy
Renew Data Transfer (Only if Data transfer policy is Non-cyclic and shared) Cancel button
104
Description Displays Group name Displays Total Group members/users User name Name with which the Employee logs in Employee name Total Allotted time to the user Refer to Access Time policy for details Expiry date of the policy attached to the User Refer to Surfing time policy for details Total time used by the User Closes the window
Expiry Date
105
Description List of members belonging to the selected group will be displayed Click to select the Group Search user Specify username or * to display all the users Search user from the selected Group Displays list of users in the selected Group Click Add against the user to be added Adds selected user(s) to the group Closes the window and returns to Edit Group page Table Add Group Member screen elements
106
Screen Elements
Description
Login Restriction Displays the current login restriction - Click to change the current restriction Save button Saves if the restriction is changed Cancel button Cancels the current operation Select Node(s) button Click to select the Node for restriction Only if the option Allowed login from selected nodes is selected IP address Displays IP address Machine name Displays Machine name if given Allowed from Click to select Multiple nodes can be selected Applies the login restriction for the group members i.e. Group members will be able to login from the above selected nodes only Cancels the current operation
Cancel button
Delete Group
Prerequisite No Group members defined Select Group Manage Group and click the delete icon against the rule to deleted
107
User Management
Search User
You can search user based on username/login name or user ID. It searches from all the registered users i.e. Normal and Clientless active/deactive users. It searches the specified name and displays user details along with the status. You can change status, delete user, or update user details. Select User Search User
Description Specify Search criteria Searches all types of users based on the entered criteria Click to search Table - Search User screen elements
Result Details of the user Mark Details of all the users whose User name or Name contains a Details of the user 192.9.203.102 Details of all the users whose User name or Name contains 8 Table - Search User Result
108
Live User
Use Live users page to view list of all the currently logged on Users modify user details send message to any live user disconnect any live user Select User Manage Live Users
Report Columns Concurrent Sessions Current System time ID and User name Click to change the display order Name
Description Displays currently connected total users (Normal, Clientless, and Single sign on client Users) Displays current system time in the format - Day, Month Date,HH:MM Displays ID and name with which user has logged in Click User name link to View/Update user details Displays User name Click Name link to view Group and policies details attached to the User Displays IP address of the machine from which user has logged in Displays Public IP address if User has logged in using public IP address Displays login time
Connected from Click to change the display order Public IP Start time Click to change the display order Time (HH:mm) Upload Data transfer Click to change the display order Download Data transfer Click to change the display order Bandwidth (bits/sec) Select
Displays total time used in hours and minutes Displays Data uploaded
Displays Bandwidth used Select User for sending message or disconnecting More than one User can be selected Sends message to the selected User(s) Disconnects the selected User(s)
109
Manage User
Update User
Manage Normal & Single Sign on Client Users Select User OR Select User modified User User Manage Active to view the list of Users and click User name to be modified Manage Deactive to view the list of Users and click User name to be
Manage Clientless Users Select User Clientless Users User name to be modified Manage Clientless Users to view list of Users and click
Need may arise to change the User setting after the creation of User.
Click Edit personal details/Change Password Refer to Change Personal details for more details User My Account Refer to User My Account for more details Change Group Refer to Change Group for more details Access Time policy list Refer to Change Individual Policy for more details Internet Access policy list Refer to Change Individual Policy for more details Bandwidth policy list Refer to Change Individual Policy for more details Data Transfer policy list Refer to Change Individual Policy for more details Change Login restriction button Refer to Change Login Restriction for more details Table - Need to Update User
110
Description Displays username with which the user logs on Cannot be modified Allows to change the Users personal details and login password Click Edit Personal details to change Refer to Personal details table for more details Displays User/Employee name Cannot be modified Displays Birth date of User Displays Email ID of User Click to view/update the my account details Refer to User My Account Displays Authentication server address, modify if required
Name
Windows Domain Controller Only if Authentication is done by Windows Domain Controller User type
Displays User type Cannot be modified Displays whether simultaneous login is allowed or not, modify if required Displays Group in which User is defined
111
Cyberoam User Guide Change Group button Allows to change Group of the User Opens a new window and allows to select a new Group Displays total time allotted to User in the format Hours: Minutes Cannot be modified Displays Expiry date Cannot be modified Displays total time used by the User in the format Hours: Minutes Cannot be modified Displays allowed total cycle hours Displays cycle type Displays cycle time used Displays currently assigned Access Time policy to the User, modify if required To view the details of the policy Click View details Refer to Change Individual Policy on how to change the assigned policy Displays currently assigned Internet Access policy to the User To view the details of the policy Click View details Refer to Change Individual Policy on how to change the assigned policy Displays currently assigned Bandwidth policy to the User To view the details of the policy Click View details Refer to Change Individual Policy on how to change the assigned policy Displays currently assigned Data Transfer policy to the User To view the details of the policy Click View details Refer to Change Individual Policy on how to change the assigned policy Login Restriction Change login restriction button Display currently applied login restriction to the User Click to change user login restriction applied Refer to Change User Login restriction for details Saves the modified details Reapplies all the current policies at the time of renewal Cancels the current operation
Period time Period Cycle Cycle Time used Access Time Policy
Bandwidth policy
112
Screen Elements Personal Information Username Name New password Re-enter New password
Description Displays the name with which user has logged in User name, modify if required Type the new password Re-enter new password Should be same as typed in new password Displays birth date, modify if required Use Popup Calendar to change Displays Email ID of the user, modify if required Displays User type, modify if required Updates the changes made Cancels the current operation and returns to Edit User page
Birth date
User My Account gives details like Personal details and Internet usage of a particular user. User can change his/her password using this tab. Administrator and User both can view these details. 1. Administrator can view details of various users from User User Manage Active and click Username whose detail is to be checked. Click User My Account, it opens a new browser window.
Screen - User My Account 2. Normal Users can view their MyAccount details from task bar.
113
Cyberoam User Guide In the task bar, double click the Cyberoam client icon and click My Account. It opens a new window and prompts for MyAccount login Username and Password. Screen - User My Account
Opens a new window with following sub modules: Personal, Client, Account status, Logout Personal Allows viewing and updating password and personal details of the user Change Password Select Personal Change Password
Screen - Change Password Screen Elements Change Password Username Current Password New password Re-enter New password Description Displays the name with which user has logged in Type the current password Type the new password Re-enter new password Should be same as new password Update the changes made Table - Change password screen elements Change Personal details Select Personal Personal Detail
Update
114
Personal Information Username Displays the name with which user logs in Cannot be modified Displays User name, modify if required Displays birth date Use Popup Calendar to change Displays Email ID of the user Cannot be modified Update the changes made Table - Change Personal details screen elements Account status Allows viewing Internet usage of the user Internet Usage
Update
Screen Elements Policy Information Username Group Time allotted to User (HH:mm) Expiry date Time used by User (HH:mm) Usage Information Upload Data transfer
Description Displays the name with which user has logged in Displays the name of the User Group Displays total surfing time allotted to the user in the Surfing time policy Displays Expiry date Displays total time used by the User
Displays allotted, used and remaining upload data transfer Allotted upload data transfer is configured from Data transfer policy Displays allotted, used and remaining download data transfer Allotted download data transfer is configured from Data transfer policy Displays allotted, used and remaining total data transfer
115
Allotted total data transfer is configured from Data transfer policy Select Month and Year Click to view the Internet usage report for the selected period Table - Internet Usage screen elements
Report displays IP address from where user had logged in, session start and stop time, total used time, data uploaded and downloaded during the session and total data transferred during the session.
Change Group
Description Opens a new window and displays list of Groups Click to change the User group Click to select Adds User to the Group Cancels the current operation
Description Specify Access Time policy. It overrides the assigned Group Access time policy. Click Access policy list to select Specify Internet Access policy. It overrides the assigned Group Internet Access policy. Click Internet Access policy list to select Specify Bandwidth policy. It overrides the assigned Group Bandwidth policy Click Bandwidth policy list to select Specify Data Transfer policy. It overrides the assigned Group Data Transfer policy Click Data Transfer policy list to select Saves the changes Table - Change Individual policy
Bandwidth policy
Save
116
Screen Elements Login restriction Change login restriction button Allowed login from all the nodes Allowed login from Group node(s) Allowed login from selected node(s)
Description Click to change the login restriction Allows user to login from all the nodes of the Network Allows Users to login only from the nodes assigned to the group Allows user to login from the selected nodes only To select node Click Select node Select a Logon Pool from the Logon Pool name list Click Select to select the IP addresses to be added to the policy Click Select All to select all IP addresses Click OK to assign policy to the selected IP Addresses Click Close to cancel the operation Saves the above selection Cancel the current operation Table - Change User Login Restriction screen elements
Delete User
User can be deleted from Active list as well as from Deactive list To delete active user, click User User Manage Active
117
Screen - Delete Deactive User To delete Clientless user, click User Clientless User Manage Clientless User
Screen - Delete Clientless User Screen Elements Sel Description Select User to be deleted Click Select to select More than one user can also be selected Selects all the users for deletion Click Select All to select all Deletes all the selected User(s)
Select All
Delete button
Deactivate User
User is de-activated automatically in case he has overused one of the resources defined by policies assigned. In case, need arises to de-activate user manually, select User User Manage Active
118
Description Select User to be deactivated Click Select to select More than one user can be selected Select all the users Deactivates all the selected User(s)
Table - Deactivate User screen elements View the list of deactivated users by User User Manage Deactive
Activate User
To activate normal and Single sign on Client user, click User User Manage Deactive To activate Clientless user, click User Clientless Users Manage Clientless Users
Description Select User to be activated Click Activate to select More than one user can be selected Selects all the users Click Select All to select Activates all the selected User(s)
Select All
Activate button
119
Result list of nodes whose address contains 1 list of nodes whose address contains 192 node whose address is 192.9.203.203 list of nodes whose address contains B list of nodes whose address contains 4C list of nodes whose address contains B7
120
Screen Elements Logon Pool Details Logon Pool name Is Logon Pool Public Bandwidth policy
Description Displays Logon Pool name, modify if required Displays whether Logon Pool is of public IP addresses or not Displays bandwidth policy attached, modify if required Click View details link to view bandwidth restriction details and policy members Displays description of the Logon Pool, modify if required Displays IP addresses defined under the Logon Pool. Allows to Add or Delete node Click Show nodes Click Add Node Refer to Add node for more details Click Delete Node Refer to Delete node for more details Updates and saves the details Cancels the current Table - Update Logon Pool screen elements
121
Add Node
Description IP address of the Node to be added to the Logon Pool Click to add range of IP Address From To - IP addresses to be included in the Logon Pool Specify machine name Adds the nodes to the Logon Pool Cancels the current operation Table - Add Node screen elements
Delete Node
Prerequisite Not assigned to any User
Description Select the IP address of the node for deletion Click Select to select More than one node can also be selected Selects all the nodes for deletion Click Select All to select all the nodes Deletes the selected Node(s)
Select All
Delete button
122
Prerequisite IP address from Group not assigned to any User Select Group Logon Pool Manage Logon Pool
Description Select the Logon Pool(s) for deletion Click Del to select More than one Logon Pool can also be selected Select all the Logon Pools for deletion Click Select All to select all the Logon Pools for deletion Delete the selected Logon Pool(s)
Select All
123
System Management
Configure Network
Network setting consists of Interface Configuration, DHCP Configuration and DNS Configuration.
Configure DNS
A Domain Name Server translates domain names to IP addresses and is configured at the time of installation. You can add additional IP addresses of the DNS servers to which Cyberoam can connect for name resolution. In case of multiple DNS, they are queried in the order as they are entered. Select System Configure Network Configure DNS
Screen Configure DNS To add DNS Server IP address 1. Select System Configure Network Configure DNS 2. Click Obtain DNS from DHCP to override the appliance DNS with the DNS address received from DHCP server. Option is available only if enabled from Network Configuration Wizard. 3. Click Add. 4. Enter DNS server IP address 5. Click OK 6. Click Save to save the configuration List order indicates preference of DNS. If more than one Domain name server exists, query will be resolved according to the order specified. Use Move Up & Move Down buttons to change the order of DNS. To add multiple DNS repeat the above-described procedure.
124
Cyberoam User Guide To change the DNS order 1. 2. 3. 4. Select System Configure Network Configure DNS Click the Server IP address whose order is to be changed Click Move up or Move Down as per the requirement Click Save to save the changes
To remove DNS Server 1. 2. 3. 4. Select System Configure Network Configure DNS Click the Server IP address you want to remove Click Remove Click Save to save the changes
125
Description Select the interface that is to be used for leasing IP addresses i.e. act as a DHCP server. One can also select VLAN interface or Alias. Specify range of IP address or IP pool from which DHCP server has
126
Cyberoam User Guide to lease or assign IP address to the host Specify domain name for the specified subnet Specify subnet mask for the client/network Specify IP address of Gateway Specify IP address of Domain name server DHCP client must ask the DHCP server for new settings after the specified maximum lease time. The lease time can range from 600 minutes to 7200 minutes. Default lease time is 600 minutes while maximum lease time is 7200 minutes. Saves details Table - Configure DHCP screen elements
Domain name Subnet Mask Gateway Domain name server Default Lease Time and Max Lease Time
Save button
127
128
Manage Interface
Select System Configure Network Manage Interface to view port wise network (physical interface) and zone details. If virtual subinterfaces are configured for VLAN implementation, they are also nested and displayed beneath the physical interface. Interface - Physical interfaces/ports available on Cyberoam. If virtual subinterface is configured for the physical interface, it also displayed beneath the physical interface. Virtual subinterface configuration can be updated or deleted.
- Click to specify alias IP address for the interface. Refer Configure Alias IP
Add VLAN Subinterface button VLAN for more details Toggle Drill Down icon Edit icon
- Click to few the virtual subinterfaces defined for the said physical interface
Delete icon - Click to delete virtual subinterface. Virtual subinterface cannot be deleted, if virtual subinterface is member of any zone or firewall rule is defined for the virtual subinterface. Zone and Zone Type - Displays port to zone relationship i.e. zone membership of port. If PPPoE is configured, WAN port will be displayed as the PPPoE Interface.
129
Description Select the physical interface for which Alias is to be added. Alias cannot be added for the virtual interface. Click Single or Range to define one or multiple IP address for the Alias Specify IP address and Netmask Click to save the details
Screen Edit Alias Screen Elements Update Alias Interface IP Address and netmask Update button Description Displays physical interface for which Alias is added Modify IP address and Netmask Click to save the details
130
Description
Specify hostname you want to use on DDNS server i.e. domain name that you registered with your DDNS service provider Specify description Description Specify description Service Providers details Service name Select Service provider with whom you have registered your hostname. Login Name and Specify your DDNS accounts login name and password Password IP detail IP address Select WAN Interface if Cyberoam WAN interface is assigned Public IP
131
Cyberoam User Guide address. IP address of the selected interface will be binded with the specified host name. Select NATed Public IP if Cyberoam WAN interface is assigned private IP address and is behind NAT box. Enter the time interval after which DDNS server should check and update the IP address of your server if changed. For example if time interval is set to 10 minutes, after every 10 minutes, DDNS server will check for any changes in your server IP address Click Create to save the configuration Table Register hostname with DDNS
Create button
Testing your Dynamic DNS configuration You can test your Dynamic DNS by: Access your Cyberoam server using the host name you have registered with DDNS service provider - If you are able to access Cyberoam then your configuration is correct and DDNS is working properly. Ping your host - If you get the IP address of your external interface then your configuration is correct and DDNS is working properly.
Manage Account
Check the IP address updation status from the Manage Account page. It also displays the reason incase updation was not successful. Select System Dynamic DNS Configuration page and click the hostname to be updated. Manage Account to open configuration
132
PPPoE
PPPoE Client is a network protocol that uses Point to Point Protocol over Ethernet to connect with a remote site using various Remote Access Service products. This protocol is typically founding broadband network of service provider. The ISP may then allow you to obtain an IP address automatically or give you a specific IP address. PPPoE Access Concentrator is a router that acts as a server in a Point-to-Point Protocol over Ethernet (PPPoE) session and is used to: For Ethernet LANs, to assign IP addresses to workstations, e.g. Multi-apartment buildings, Offices, to provide user authentication and accounting Schools and universities, computer classes Connections to Wireless ISPs Connections to xDSL providers Access Concentrators (AC) also known as PPPoE Termination units, answer the PPPoE request coming from a client site PPPoE application for PPP negotiation and authentication. When using Cyberoam as a PPPoE client, computers on LAN are transparent to WAN side PPPoE link. This alleviates Administrator from having to manage the PPPoE clients on the individual computers.
View Interface
133
PPPoE Configuration Interface Displays the Port which configured as PPPoE Interface from Wizard User and Password Specify username and password. Username and password should be same as specified in the Network Configuration using Wizard Access Concentrator Specify Access Concentrator name (PPPoE server). Name Cyberoam will initiate sessions with the specified Access Concentrator only. In most of the cases, you can leave this field blank. Use it only if you know that there are multiple Access Concentrators. Service name Specify Service Name. Cyberoam will initiate only those sessions with Access Concentrator, which can provide the specified service. In most of the cases, you can leave this field blank. Use it only if you need a specific service. Specify LCP interval in seconds. Default is 20 seconds. Every 20 seconds LCP echo request is send to check whether the link is alive or not. Specify Failure. Default is 3 attempts. Cyberoam will wait for the LCP echo request response for the LCP interval defined after every attempt. Cyberoam declares PPPoE link as closed if it does not receive response after defined attempts. Click Update to save the configuration Table PPPoE configuration screen elements
LCP Interval
LCP Failure
Update button
Configure
134
Manage Gateway
Gateway routes traffic between the networks and if gateway fails, communication with outside Network is not possible. In this case, organization and its customers face significant downtime and financial loss. By default, Cyberoam supports only one gateway. However, since organizations opt for multiple gateways to cope with gateway failure problems, Cyberoam also provides an option for supporting multiple gateways. However, simply adding one more gateway is not an end to the problem. Optimal utilization of all the gateways is also necessary. Cyberoam not only supports multiple gateways but also provides a way to utilize total bandwidth of all the gateways optimally. At the time of installation, you configured the IP address for a default gateway. You can change this configuration any time and configure for additional gateways. Refer to Multi link Configuration Guide for source based static routing. Policy based routing can be done from firewall rule. To view the Gateway details, select System Gateway Manage Gateway(s)
Screen Elements Gateway Details Gateway Name Gateway IP address and port
Description Displays Gateway name Displays IP address and port of the Gateway configured IP address of a device Cyberoam uses to reach devices on different Network, typically a router Saves the modified details Click to save Cancels the current operation and returns to Manage Gateway page Click to cancel Table - Gateway Configuration screen elements
Save button
Cancel button
135
DoS Settings
Cyberoam provides several security options that cannot be defined by the firewall rules. This includes protection from several kinds of Denial of Service attacks. These attacks disable computers and circumvent security. Denial of Service (DoS) attack is a method hackers use to prevent or deny legitimate users access to a service. DoS attacks are typically executed by sending many request packets to a targeted server (usually Web, FTP, or Mail server), which floods the server's resources, making the system unusable. Their goal is not to steal the information but disable or deprive a device or network so that users no longer have access to the network services/resources. All servers can handle traffic volume up to a maximum, beyond which they become disabled. Hence, attackers send a very high volume of redundant traffic to a system so it cannot examine and allow permitted network traffic. Best way to protect against the DoS attack is to identify and block such redundant traffic. SYN Flood In this attack, huge amount of connections are send so that the backlog queue overflows. The connection is created when the victim host receives a connection request and allocates for it some memory resources. A SYN flood attack creates so many half-open connections that the system becomes overwhelmed and cannot handle incoming requests any more. Click Apply Flag to apply the SYN flood definition and control the allowed number of packets. To generate log, enable DoS Attack logging from System Syslog Configuration
User Datagram Protocol (UDP) Flood This attack links two systems. It hooks up one system's UDP character-generating service, with another system's UDP echo service. Once the link is made, the two systems are tied up exchanging a flood of meaningless data. Click Apply Flag to apply the UDP flood definition and control the allowed number of packets. To generate log, enable DoS Attack logging from System Syslog Configuration
TCP attack This attack sends huge amount of TCP packet than the host/victim computer can handle. Click Apply Flag to apply the TCP flood definition and control the allowed number of packets. To generate log, enable DoS Attack logging from System Syslog Configuration
ICMP attack This attack sends huge amount of packet/traffic than the protocol implementation can handle to the host/victim computer. Click Apply Flag to apply the ICMP flood definition and control the allowed number of packets. To generate log, enable DoS Attack logging from System Syslog Configuration
Drop Source Routed Packet This will block any source routed connections or any packets with internal address from entering your network. Click Apply Flag to enable blocking.
136
Syslog Configuration
Disable ICMP redirect packet An ICMP redirect packet is used by routers to inform the hosts what the correct route should be. If an attacker is able to forge ICMP redirect packets, he or she can alter the routing tables on the host and possibly weaken the security of the host by causing traffic to flow via another path. Set the flag to disable the ICMP redirection. To generate log, enable Dropped ICMP Redirected Packet Logging from System Configuration Syslog
ARP Flooding This attack sends ARP requests to the server at a very high. Because of this server is overloaded with requests and will not be able to respond to the valid requests. Cyberoam protects by dropping such invalid ARP requests.
Threshold values
Cyberoam uses threshold value to detect DoS attack. Threshold value depends on various factors like: Network bandwidth Nature of traffic Capacity of servers in the network Threshold = Total number of connections/packet rate allowed to a particular user at a given time When threshold value exceeds, Cyberoam detects it as an attack and the traffic from the said source/destination is blocked till the lockdown period. Threshold is applicable to the individual source/destination i.e. requests per user/IP address and not globally to the complete network traffic. For example, if source threshold is 2500 packets/minute and the network is of 100 users then each source is allowed packet rate of 2500 packets/minute. You can define different threshold values for source and destination. Configuring high values will degrade the performance and too low values will block the regular requests. Hence, it is very important to configure appropriate values for both source and destination IP address.
Source threshold
Source threshold is the total number of connections/packet rate allowed to a particular user at a given time.
Destination threshold
Destination threshold is the total number of connections/packet rate allowed from a particular user at a given time.
How it works
When threshold is crossed, Cyberoam detects it as an attack. Cyberoam provides DoS attack protection
137
Cyberoam User Guide by dropping all the excess packets from the particular source/destination. Cyberoam will continue to drop the packets till the attack subsides. Because Cyberoam applies threshold value per IP address, traffic from the particular source/destination will only be dropped while the rest of the network traffic will not be dropped at all i.e. traffic from the remaining IP addresses will not be affected at all. Time taken to re-allow traffic from the blocked source/destination = time taken to subside the attack + 30 seconds
Description Type of Attack Click to view the real time updates on flooding. It displays the source IP address used for flooding and IP address that was targeted. Allowed Packets per minute If the packet rate exceeds the specified rate, Cyberoam considers it as an attack and for the next 30 seconds drops rest of the packets. One can call this the lockdown period as Cyberoam blocks entire traffic from the destination IP address for the next 30 seconds. The specified packet rate is applicable to individual IP address i.e. requests per user and not globally to the complete traffic. Allowed Packets per second When the packet rate exceeds the specified rate, Cyberoam considers it as a flood and for the next 30 seconds drops rest of the packets. One can call this the lockdown period as Cyberoam blocks entire traffic from the destination IP address for the next 30 seconds. The specified packet rate is applicable to individual IP address i.e. requests per user and not globally to the complete traffic. Set flag to control allowed number of packets Displays number of packets dropped from the said source
per
Packets
138
per
Allowed Packets per minute When the packet rate exceeds the specified rate, Cyberoam considers it as a flood and for the next 30 seconds drops rest of the packets. One can call this the lockdown period as Cyberoam blocks entire traffic from the destination IP address for the next 30 seconds. As Cyberoam applies threshold value per IP address, the traffic from rest of the IP addresses is not blocked. The specified packet rate is applicable to individual IP address i.e. requests per user and not globally to the complete traffic. Allowed Packets per second When the packet rate exceeds the specified rate, Cyberoam considers it as a flood and for the next 30 seconds drops rest of the packets. One can call this the lockdown period as Cyberoam blocks entire traffic from the destination IP address for the next 30 seconds. As Cyberoam applies threshold value per IP address, the traffic from rest of the IP addresses is not blocked. The specified packet rate is applicable to individual IP address i.e. requests per user and not globally to the complete traffic. Set flag to control allowed number of packets Displays number of packets dropped at destination Updates Packet rate Updated details will be applied only after restarting the Management services from Console Table DoS Settings screen elements
per
139
Screen Elements
Description
Source and Destination Information Source Domain Source Domain name, IP address or Network on which the DoS rule is not name/IP Address to be applied Specify source information Specify * if you want to bypass the complete network Specify source port address. Specify * if you want to bypass all the ports DoS will not be applied on all the requests from the specified source IP address and port Destination Domain name or IP address on which the DoS rule is not to be applied Specify destination information Specify * if you want to bypass the complete network Specify destination port address.
Source Port
Destination Port
140
Cyberoam User Guide Specify * if you want to bypass all the ports DoS will not be applied on all the requests from the specified destination IP address and port Network Protocol Select protocol whose traffic is to be bypassed for specified source to destination. For example, If you select TCP protocol then DoS rules will not be applied on the TCP traffic from the specified source to destination. Creates the bypass rule Table Create DoS bypass rule screen elements
Create button
Description Select rule for deletion Click Del to select More than one rule can also be selected Select all rules Click Select All to select all rules Deletes all the selected rules Click to delete
Select All
Delete button
141
Screen Elements
Description
Reset Console Password GUI Admin Password Specify current GUI Admin password i.e. the password with which Administrator has logged on to Web Admin Console New password Specify new console password Confirm New password Type again the same password as entered in the New password field Submit button Saves new password Click Submit Table - Reset Console Password screen elements
142
143
Manage Data
Backup data
Backup is the essential part of data protection. No matter how well you treat your system, no matter how much care you take, you cannot guarantee that your data will be safe if it exists in only one place. Backups are necessary in order to recover data from the loss due to the disk failure, accidental deletion or file corruption. There are many ways of taking backup and just as many types of media to use as well. Cyberoam provides facility of taking regular and reliable data backup. Backup consists of all the policies, logs and all other user related information. Cyberoam maintains five logs: Web surfing log This log stores the information of all the websites visited by all the users User session log Every time the user logs in, session is created. This log stores the session entries of all the users and specifies the login and logout time. Audit log This log stores the details of all the actions performed the User administrating Cyberoam. Refer to Appendix A Audit Log for more details. Virus log This log stores the details of malicious traffic requests received.
Screen Elements
Description
Backup of Data only (Does not include Logs) Backup Frequency Backup schedule. Only data backup will be taken. Select any one Daily backup will be send daily
144
Cyberoam User Guide Weekly backup will be send weekly Monthly backup will be send monthly Never backup will never be send In general, it is best to schedule backup on regular basis. Depending on how much information you add or change will help you determine the schedule Incremental Backup of Log files only (in CSV format) Backup process only copies what has changed since the last backup. This creates a much smaller backup file. Log Select the logs for backup. Backup of log files will be taken in CSV format. Available logs for backup: Web surfing, Audit Select any one Daily backup will be send daily Weekly backup will be send weekly Never backup will never be send Specifies how backup should be taken and send Select FTP backup OR Mail backup Only for FTP backup FTP server User name Password Only for Mail backup To Mail Id Save button Specify IP address of FTP server Specify User name with which user has to logon to the FTP server Specify Password Specify email address to which the backup is to be mailed Saves the configuration Table Set Backup Schedule screen elements
Backup Frequency
Backup Data
Select System Manage Data Backup Data
Screen Elements Backup System Data (Does not include logs) Backup button
Description
145
Click Backup data to take backup Download the backup already taken. Also displays date and time of backup Click Download to download To download follow the screen instructions
Backup Log (in CSV format) Logs Backup of selected logs will be taken Select the logs for backup: Web surfing, Audit Takes the recent backup of logs and allows to download Click Backup data to take the recent backup Download the backup of logs already taken. Also displays date and time of backup Click Download to download To download follow the screen instructions Table Backup Data screen elements
Backup button
Restore Data
With the help of restore facility, restore data from the backup taken. Restoring data older than the current data will lead to the loss of current data. Select System Manage Data Restore Data
Screen Elements Upload Backup File to upload Browse button Upload button
Description Specify name of backup file to be uploaded Select the backup file Uploads the backup file
Note
Restore facility is version dependant i.e. it will work only if the backup and restore versions are same
146
Purge
Purging of data means periodic deletion of the data. Cyberoam provides Auto purge and Manual purge facility for deleting log records.
Screen Elements Purge Frequency Purge Web surfing logs every Save button Popup Notification Enable Alert Popup
Description Specify number of days after which web surfing log should be purged automatically Saves purging schedule configuration Enabling Popup Notification displays alert popup before purging the logs
Click to enable Save button Saves popup alert configuration Download Purged Logs Only if Logs have been Auto purged Download button Allows to download the purged log files Click to download Deletes the purged log files
Delete button
Note
System will preserve logs only for the specified number of days and automatically purges the logs generated there after.
Manual purge
Use manual purge to delete log records manually Select System Manage Data Purge Logs
147
Screen Elements
Description
Purge Select log for purging Web surfing logs User session logs Audit logs Appliance Audit logs Till Date Select the date from Calendar till which the selected log(s) is to be purged Purge button Purges the selected log till the specified date Click Purge to purge Table - Purge Logs screen elements
Note
Auto purge option is always on
148
Client Services
Client Messages
Message Management tab allows Administrator to send messages to the various users. Messages help Administrator to notify users about problems as well as Administrative alerts in areas such as access, user sessions, incorrect password, and successful log on and log off etc. Message is send to the User whenever the event occurs. Message can be up to 256 characters and send to the number of users at a time. Select System Configure Client Settings Customize Client Message
Description Message code Click Message link to customize the message which will be received by user
Click Save to save the changes Click Cancel to cancel the current operation Message Message description Configure Usage to Alert User before Expiration Enter Remaining Alert will be displayed to all the users when the specified data transfer is Usage in remaining Remaining usage can be entered in absolute value or in percentage Specify remaining data transfer usage when all the users should receive
149
Cyberoam User Guide alert. E.g. Absolute Remaining data transfer usage: 20 MB User1: Total Data transfer limit (as defined in Data transfer policy): 150 MB User2: Total Data transfer limit (as defined in Data transfer policy): 640 MB User1 will receive alert when he is left with 20 MB of data transfer i.e has done total data transfer of 130 MB User2 will receive alert when he is left with 20 MB of data transfer i.e has done total data transfer of 620 MB Percentage Remaining data transfer usage: 20% User1: Total Data transfer limit (as defined in Data transfer policy): 150 MB User2: Total Data transfer limit (as defined in Data transfer policy): 640 MB
User1 will receive alert when he is left with 30 MB (20% of 150 MB) of data transfer i.e. has done data transfer of 120 MB User2 will receive alert when he is left with 128 MB (20% of 640 MB) of data transfer i.e. has done data transfer of 512 MB Specify remaining cycle data transfer usage when all the users should receive alert. Cycle data transfer is the upper limit of total data transfer allowed to the user per cycle. User will be disconnected if the limit is reached. It is applicable the users to whom the cyclic data transfer policies are applied. E.g. Absolute Remaining cycle data transfer usage: 20 MB User1: Cycle Total Data transfer limit (as defined in Data transfer policy): 150 MB User2: Cycle Total Data transfer limit (as defined in Data transfer policy): 640 MB User1 will receive alert when he is left with 20 MB of data transfer per cycle i.e. has done data transfer of 130 MB User2 will receive alert when he is left with 20 MB of data transfer per cycle i.e. has done data transfer of 620 MB Percentage Remaining cycle data transfer usage: 20% User1: Cycle Total Data transfer limit (as defined in Data transfer policy): 150 MB User2: Cycle Total Data transfer limit (as defined in Data transfer policy): 640 MB
User1 will receive alert when he is left with 30 MB (20% of 150 MB) of data transfer per cycle i.e. has done data transfer of 120 MB User2 will receive alert when he is left with 128 MB (20% of 640 MB) of data transfer per cycle i.e. has done data transfer of 512 MB Saves the data transfer alert configuration Table - Customized Client Message screen elements
150
Messages AlertMessageWithCycleData
Description/Reason Message is sent to the user when the remaining cycle data transfer is equal to the configured value. Value can be configured from Customize Client Messages page. Refer to Client Messages for more details Message is sent to the user when the remaining data transfer is equal to the configured value. Value can be configured from Customize Client Messages page. Refer to Client Messages for more details Administrator has deactivated the User and the User will not be able to log on When the administrator disconnects the user from the live users page Message is sent if User tries to login from the IP address not assigned to him/her Message is sent when User logs off successfully Message is sent when User logs on successfully Message is sent if User has already logged in from other machine Message is sent if User has reached the maximum login limit Message is sent if User is not allowed multiple login Message is sent if User name or password are incorrect Message is sent if User is not permitted to access at this time Access Time policy applied to the User account defines the allowed access time and not allowed access at any other time. Message is sent if someone has already logged in on that particular machine Message is sent when User is disconnected because his/her allotted surfing time is exhausted The surfing time duration is the time in hours the User is allowed Internet access that is defined in Surfing time policy. If hours are exhausted, User is not allowed to access Administrator has temporarily deactivated the User and will not be able to log in because User surfing time policy has expired Message is sent if connection is requesting a public IP Address from the server that is already in use Message is sent if the maximum number of IP Addresses in the public Logon Pool at any given time has exceeded the limit Table - List of predefined messages
AlertMessageWithData
DeactiveUser DisconnectbyAdmin InvalidMachine LoggedoffsuccessfulMsg LoggedonsuccessfulMsg Loggedinfromsomewhereelse MaxLoginLimit MultipleLoginnotallowed NotAuthenticate NotCurrentlyAllowed
Someoneloggedin SurfingtimeExhausted
151
Client preferences
Use Client preference to specify which page to open every time user logs on to Cyberoam whether HTTP client log on page should pop up if user tries to surf without logging in port from which Web Administration Console can be accessed number of concurrent log on allowed
Screen Elements
Description
Open following site after client logs on to the server URL Specify URL which is to be opened every time user logs on Leave this field blank, if you do not want to open any specific page every time user logs in Updates configuration Whenever User tries to surf without logging, page with a message Cyberoam Access Denied displayed If HTTP client pop up option is selected, User will get a HTTP Client pop up along with the Cyberoam Access Denied' page. Once User logs on successfully using the HTTP client, user will be able to surf the requested site. Updates configuration
Update button
152
Cyberoam User Guide Web Admin Console Web Admin Console Port Update button Number of Logins Number of Logins Allowed OR Unlimited Login Update button
Specify Port number on which Web Admin Console is running Updates configuration Specify number of concurrent logins allowed to all the users OR Allows unlimited concurrent logins Updates configuration
Note
The preferences set are applicable to all the users by default i.e. by default, all the preferences set will be applicable when the user is created. Refer to Create User, for customizing number of concurrent logins allowed to the particular user.
153
Screen Customize Denied message screen elements 1. Select System Configure Customize Denied Message 2. Select category for which you want to customize access deny message Select All Web categories to display the same access deny message for all the web categories. The message specified for All Web Categories becomes the default message. Select a particular category for which you want to display a different message By default, the message specified for All Web Categories is displayed. Disable Use Default Message, if you want to display a different message for a particular category and modify the message Select All File type category to customize the access deny message for all the file type categories 3. In Denied Message, modify the message contents 4. Click Update to save if any changes are made
154
1. Select System Configure Customize Denied Message 2. In Top Bar, specify the image to be displayed at the top of the message page. 3. In the Bottom Bar, specify the image to be displayed at the bottom of the message page 4. Click Upload
Note
Dimension of Image should be 700 * 80 and jpg file only
155
1. Select System Configure Customize Login Message 2. Under Client Login Links, select Login Clients that you want to be displayed on Login page. In the login page, download links are provided so that user can download the required login client. If you do not want user to download a particular login client, deselect the link In the Login message box, specify the message to be displayed. You can further customize the message by using clientip address, category and URL 3. Enable Blink Message to display blinking message 4. Before saving the configuration, click Preview and see how message will be displayed to the user 5. Click Save to save the configuration
156
157
158
Note
HTTP proxy will enforce the Internet Access Policy and Anti Virus policy as configured in the User and the Firewall policy. IDP policy will be applicable on the traffic between proxy and the WAN, but not between the user and the proxy. Bandwidth policy will not be applicable on the direct proxy traffic.
Screen Elements Server Status Start button Only if Current Status is Stopped Stop button Only if Current Status is Running Restart button
Description Displays current status of Proxy server Click to start Proxy server Click to stop Proxy server Click to restart Proxy server
159
Screen Elements
Description
HTTP Proxy Port Setting HTTP Proxy port Specify proxy port to be used Save button Click to save the port setting Parent Proxy Setting Enable Parent Proxy If enabled all the HTTP requests will be sent to HTTP Proxy Server via Cyberoam. One needs to configure Parent Proxy when the HTTP traffic is blocked by the upstream Gateway. Click to enable Specify IP address of Parent proxy
IP address
160
Cyberoam User Guide HTTP Proxy Port Specify parent proxy port Save button Click to save the setting HTTP Proxy Trusted Ports Setting Cyberoam allows the access to those sites that are hosted on standard port only if deployed as HTTP proxy. To allow access to the sites hosted on the non-standard ports, you have to define non-standard ports as trusted ports. You can define individual port or range of ports for http and https protocols. Click Add to define non-standard ports Pharming Protection Configuration Enable Pharming Pharming attacks require no additional action from the user from Protection their regular web surfing activities. Pharming attack succeeds by redirecting the users from legitimate web sites instead of similar fraudulent web sites that has been created to look like the legitimate site. Enable to protect against pharming attacks and direct users to the legitimate web sites instead of fraudulent web sites. Click to enable/disable Click to save the port setting Table - Configure HTTP Proxy screen elements
Save button
161
Manage Servers
Use Services tab to Start/Stop and Enable/Disable Autostart various configured servers. According to the requirement, one can Start, Stop, Enable or Disable the services. Types of the servers available: DHCP Domain Name Server Cyberoam server Proxy servers HTTP, SMTP, POP3, IMAP, FTP Select System Manage Services
Description Name of the server Status of the respective server Running if server is on Stopped if server is off Starts or stops the respective servers Enables or disables Autostart Refer to Action table for details
Commands
Table - Manage Control Service screen elements Action table Button Start Stop Enable Autostart Disable Autostart Restart Usage Starts the Server whose status is Stopped Stops the server whose status is Started Automatically starts the configured server with the startup of Cyberoam Disables the Autostart process Restarts Cyberoam All the servers with Enable Autostart will restart Shuts down Cyberoam server and all the servers will be stopped Table - Manage Control Service Action
Shutdown
162
Description Generates graph Select any one Gateway wise Displays list of Gateways defined, click the Gateway whose data transfer report is to be generated Logon Pool wise Displays list of Logon Pools defined, click the Logon Pool whose data transfer report is to be generated Total Generates total (all gateways and Logon Pools) data transfer report. Also generates Live user report Gatewaywise breakup - Generates total (all gateways) data transfer report. Generates graph based on time interval selected Click Graph period to select Table - Bandwidth usage screen elements
Graph period
163
It generates eight types of graphical reports: 1. Live users - Graph shows time and live users connected to Internet. In addition, shows minimum, maximum and average no. of users connected during the selected graph period. This will help in knowing the peak hour of the day. X axis Hours Y axis No. of users Peak hour Maximum no. of live users
2. Total data transfer Graph shows total data transfer (upload + download) during the day. In addition, shows minimum, maximum and average data transfer. X axis Hours Y-axis Total data transfer (upload + download) in KB/Second
Minimum data
164
3. Composite data transfer Combined graph of Upload & Download data transfer. Colors differentiate upload & download data traffic. In addition, shows the minimum, maximum and average data transfer for upload & download individually X axis Hours Y-axis Upload + Download in Bits/Second Orange Color - Upload traffic Blue Color Download traffic
Screen - Bandwidth usage - Composite Data transfer graph 4. Download data transfer Graph shows only download traffic during the day. In addition, shows the minimum, maximum and average download data transfer. X axis Hours Y-axis Download data transfer in Bits/Second
165
5. Upload data transfer - Graph shows only upload traffic during the day. In addition, shows minimum, maximum and average upload data transfer. X axis Hours Y-axis Upload data transfer in Bits/Second
Screen - Bandwidth usage - Upload Data transfer graph 6. Integrated total data transfer for all Gateways Combined graph of total (Upload + Download) data transfer for all the gateways. Colors differentiate gateways. In addition, shows the minimum, maximum and average data transfer of individual gateway X axis Hours Y-axis Total (Upload + Download) data transfer in Bits/Second Orange Color Gateway1 Blue Color Gateway2
166
7. Integrated Download data transfer of all Gateways Graph shows only the download traffic of all the gateways during the day. In addition, shows the minimum, maximum and average download data transfer. X axis Hours Y-axis Download data transfer in Bits/Second Orange Color Gateway1 Blue Color Gateway2
8. Integrated Upload data transfer for all the Gateways - Graph shows only the upload traffic of all the gateways during the day. In addition, shows minimum, maximum and average upload data transfer. X axis Hours Y-axis Upload data transfer in Bits/Second Orange Color Gateway1 Blue Color Gateway2
167
Migrate Users
Cyberoam provides a facility to migrate the existing users from PDC or LDAP server. Alternately, you can also import user definition from an external file (CSV format file). If you do not want to migrate users, configure for Automatic User creation. This reduces Administrators burden of creating the same users again in Cyberoam.
Screen - Download User Migration Utility Step 2: Opens the File Download window and prompts to run or save the utility. Select the appropriate option and click OK button
Screen - Save User Migration Utility Step 3: Opens a new browser window and prompts for the login. Provide the administrator username and
168
Cyberoam User Guide password. E.g. Username: cyberoam and password: cyber Step 4: On successful authentication, following screen will be shown. Upload the specified file.
Screen Upload downloaded User Migration Utility Step 5: Change the group or status of the user at this stage, if required. To migrate all the users, click Select All or select the individual users and click Migrate Users.
Note
After migration, for Cyberoam login password will be same as the username
Once the users are migrated, configure for single sign on login utility.The configuration is required to be done on the Cyberoam server.
169
Screen Upload CVS file Step 2 Change Group or Active status of user at this stage, if required. To migrate all the users, click Select All or select the individual users and click Migrate Users.
Screen - Register migrated users from External file If migration is successful, Manage Active User page will be displayed with all the migrated users as Active users.
170
Customization
Schedule
Schedule defines a time schedule for applying firewall rule or Internet Access policy i.e. used to control when firewall rules or Internet Access policies are active or inactive. Types of Schedules: Recurring use to create policies that are effective only at the specified times of the day or on specified days of the week. One-time - use to create firewall rules/policies that are effective once for the period of time specified in the schedule.
Define Schedule
Select Firewall Schedule Define Schedule to open define schedule page
Description Specify schedule name. Choose a name that best describes schedule Specify type of schedule Recurring applied at specified times of the day or on specified days of the week One time applied only once for the period of time specified in the schedule Defines start and stop time for the schedule Start & stop time cannot be same Specify full description of schedule Creates schedule Refer to Add Schedule Entry details to add time details Table - Define Schedule screen elements
Start time & Stop time (only if Schedule Type is One Time) Description Create button
PART
171
Screen Elements Schedule Entry Weekday Start time & Stop time
Description Select weekday Defines the access hours/duration Start & stop time cannot be same Attaches the schedule details for the selected weekday to the schedule Cancels the current operation
detail
172
Manage Schedule
Use to modify: Schedule Name Description Add Schedule Entry details Delete Schedule Entry details Select Firewall Schedule Manage Schedule and click Schedule name to be updated
Screen Elements Schedule details Schedule name Schedule description Schedule Entry Add button
Description Displays schedule name, modify if required Displays schedule description, modify if required Allows to add the schedule entry details Refer to Add Schedule Entry details for more details Allows to delete the schedule entry details Refer to Delete Schedule Entry details for more details Saves schedule Cancels the current operation and returns to Manage Schedule page Table - Manage Schedule screen elements
Delete button
173
Description Select Schedule Entry detail to be deleted Click Del to select Schedule Entry details More than one Schedule Entry details can also be selected Selects all the Schedule Entry details Click Select All to select all the Schedule Entry details Deletes the selected Schedule Entry detail(s)
Select All
Delete button
Delete Schedule
Select Firewall Schedule Manage Schedule to view the list of Schedules
Description Select schedule to be deleted Click Del to select schedule More than one schedule can also be selected Selects all the schedules Click Select All to select all the schedules Deletes the selected schedule(s)
Select All
Delete button
174
Services
Services represent types of Internet data transmitted via particular protocols or applications. Protect your network by configuring firewall rules to block services for specific zone limit some or all users from accessing certain services allow only specific user to communicate using specific service Cyberoam provides several standard services and allows creating: Customized service definitions Firewall rule for customized service definitions
Description Specify service name Select the type of protocol For IP - Select Protocol No. For TCP - Specify Source and Destination port For UDP - Specify Source and Destination port For ICMP Select ICMP Type and Code Specify service description Creates a new service Cancels the current operation and returns Manage Service
175
Screen Elements Custom Service Service Name Description Protocol Details Add button
Description Displays service name Displays description, modify if required Allows to add protocol details Click to add Select protocol For IP - Select Protocol No. For TCP - Specify Source and Destination port For UDP - Specify Source and Destination port For ICMP Select ICMP Type and Code Click Add Allows to delete protocol details Click to delete against the protocol details to be deleted Click Delete Updates the modified details Cancels the current operation
Delete button
176
177
Cyberoam User Guide Screen Elements Del Description Select the Service for deletion More than one services can be selected Click to select Allows to select all the services for deletion Click to select Deletes all the selected service(s) Click to delete Table - Delete Custom Service screen elements
Select All
Delete button
Note
Default Services cannot be deleted
178
Screen Elements Create Service Group Service Group Name Select Service
Description Specify service group name Select the services to be grouped. Available Services column displays the services that can be grouped Using arrow buttons to move services between the lists Member Services column displays the services that will be grouped Specify group description Creates a new service group Cancels the current operation and returns Manage Service Group page Table Create Service Group screen elements
179
Screen Elements Edit Service Group Service Group Name Select Service
Description Displays service group name Displays grouped services Available Services column displays the services that can be grouped Using arrow buttons to move services between the lists Member Services column displays the services that will be grouped Displays group description, modify if required Saves the modified details Cancels the current operation and returns Manage Service Group page Table Edit Service Group screen elements
180
Description Select the group for deletion More than one groups can be selected Click to select Allows to select all the groups for deletion Click to select Deletes all the selected group(s) Click to delete Table Delete Service Group
Select All
Delete button
181
Categories
Cyberoams content filtering capabilities prevent Internet users from accessing non-productive or objectionable websites that take valuable system resources from your network at the same time prevents hackers and viruses that can gain access to your network through their Internet connections. Cyberoam lets you prevent Internet users from accessing URLs that contain content the company finds objectionable. Cyberoams Categories Database contains categories covering Web page subject matter as diverse as adult material, astrology, games, job search, and weapons. It is organized into general categories, many of which contain collections of related Internet sites with specific content focus. In other words, database is a collection of site/host names that are assigned a category based on the major theme or content of the site. Categories Database consists of three types: Web category Grouping of Domains and Keywords. Default web categories are available for use only if Web and Application Filter subscription module is registered. File Type category Grouping of File extensions Application protocol Grouping of protocols. Standard protocol definitions are available for use only if Web and Application Filter subscription module is registered. Apart from the default categories provided by Cyberoam, custom category can also be created if required. Creating custom category gives increased flexibility in managing Internet access for your organization. After creating a new category, it must be added to a policy so that Cyberoam knows when to enforce it and for which groups/users.
182
Web Category
Web category is the grouping of Domains and Keywords used for Internet site filtering. Domains and any URL containing the keywords defined in the Web category will be blocked. Each category is grouped according to the type of sites. Categories are grouped into four types and specify whether accessing sites specified those categories are considered as productive or not: Neutral Productive Non-working Un-healthy For your convenience, Cyberoam provides a database of default Web categories. You can use these or even create new web categories to suit your needs. To use the default web categories, the subscription module Web and Application Filter should be registered. Depending on the organization requirement, allow or deny access to the categories with the help of policies by groups, individual user, time of day, and many other criteria. Custom web category is given priority over default category while allowing/restricting the access.
Search URL
Use Search URL to search whether the URL is categorized or not. It searches the specified URL and displays Category name under which the URL is categorized and category description. When a custom category is created with a domain/URL which is already categorized in default category then the custom category overrides the default category and the search result displays custom category name and not the default category name. Select Categories Web Category Search URL
183
Note
Default Web categories cannot be modified or deleted. Custom web category is given the priority over the default category while allowing/restricting access.
184
Screen Elements
Description
Create Custom Web Category Name Specify Web category name Description Specify full description Category type Categories are grouped into four types and specifies whether accessing sites specified in those categories is considered as Neutral, Productive, Non-working or Un-healthy Select category type Create button Creates a new custom Web Category. Web Category configuration is incomplete until domain names or keywords are attached Domain Management
185
Cyberoam User Guide Add button Use to define domains for the web category. Depending on the users Internet access policy, accessing specified domain(s) will be allowed or denied. Click to add Refer to Add Domain(s) for more details Keywords Management Add button Use to define keywords for the web category. Depending on the users Internet access policy, accessing sites with the specified keyword(s) will be allowed or denied. Click to add Refer to Add Keyword(s) for details Saves the web category Cancels the current operation and returns to View Web Category page Table - Create Web Category screen elements
Note
Custom category name cannot be same as default category name.
Add Domain
Screen Elements
Description
Domains Management Domains Specify domains for the category. Depending upon the Internet access policy and schedule strategy any site falling under the specified domain will be allowed or blocked access. Add Domain button Assigns domains to the web category Cancel button Cancels the current operation Table - Add Domain screen elements
Note
Domains can be added at the time of creation of web category or whenever required.
186
Screen Elements
Description
Keywords Management Keywords Specify domains for the category. Depending on the Internet access policy and schedule strategy any site falling under the specified domain will be allowed or blocked access Add button Assigns keywords to the Web Category Cancel button Cancels the current operation Table - Add keyword screen elements
Note
Keywords can be added at the time of creation of web category or whenever required.
187
Screen Elements
Description
Update Custom Web Category Name Displays name of the web category, modify if required Description Displays description of the Category Category type Categories are grouped into four types and specifies whether accessing sites specified in those categories is considered as Neutral, Productive, Non-working or Un-healthy Select category type Domain Management Add button Allows to add domain name(s) to the web category Click to add Refer to Add Domains for details Allows to remove domain name(s) from the web category Click to remove
Delete button
188
Cyberoam User Guide Refer to Delete Domains for details Keywords Management Add button Allows to add keyword(s) to the web category Click to add Refer to Add Keywords for details Allows to remove keywords from the web category Click to remove Refer to Delete Keywords for details Modifies and saves the updated details Click to Update Cancels the current operation and returns to the Manage Custom Web Category page Table - Update Custom Web category screen elements
Delete Domain
Delete button
Update button
Cancel button
Description Click all the domains required to be removed Allows to select all the domains for deletion Click Select All to select all domains Remove(s) domains from the web category Click to remove
Delete button
189
Description Click all the keywords required to be removed Allows to select all the keywords for deletion Click Select All to select all keywords Remove(s) keywords from the web category Click to remove Table - Delete keywords screen elements
Delete button
Description Select web category to be deleted More than one web category can be selected Click to select Allows to select all the web categories for deletion Click to select Deletes all the selected web categories Click to delete
Select All
Delete button
190
191
Screen Elements
Description
Custom File Type details Name Assign name to File Type Category File Extensions Specify file extensions to be included in the File Type Category Extensions defined here will be blocked or filtered Specify full description Creates a new File Type Category Cancels the current operation and returns to Manage Custom File Type Category page
192
Screen Elements
Description
Update Custom File Type Category Name Displays name of the File Type Category, modify if necessary File Extensions Displays file extension(s) added to the Category, modify if required Description Displays description of Category Update button Modifies and saves the updated details Click to Update Cancels the current operation and returns to the Manage Custom File Type Category page Screen - Manage Custom File Type Category
Cancel button
Description Click all the File Types required to be deleted Allows to select all the File Types for deletion Click Select All to select all File Types Delete(s) the File Type Category Click to delete
Delete button
193
194
Screen Elements
Description
Custom Application Protocol Category Name Specify name to Application Protocol Category. Custom category and default category cannot have same names. Description Specify full description Create button Creates a new custom Application Protocol Category Application Protocol details Add button Use to assign application protocols to Category for blocking. Select application protocol you want to include in a Category. Cyberoam gives access to the Category based on the Schedule. Allows to add application protocol(s) to Category Click to add Refer to Add Custom Application Protocol details for more details Saves Application Protocol Category Cancels the current operation and returns to View Custom Application Protocol Category page
195
Screen Elements
Description
Custom Application Protocol details Application Select Application Protocols that are to be grouped in the Category. Custom and Default both can be grouped in a single Application Protocol Category Specify destination IP Address Groups the application protocols in the Category Cancels the current operation
IP
196
Screen Elements
Description
Update Custom Application Protocol Category Name Displays name of Application Protocol Category, modify if necessary Description Displays description of the Category Application Protocol Details Add button Allows to add Application Protocol(s) to Category Click to add Refer to Add Custom Application Protocols for details Allows to remove Application Protocol(s) from Category Click to remove Refer to Delete Custom Application Protocol for details Modifies and saves the updated details Click to Update Cancels the current operation and returns to the Manage Custom Application Protocol Category page
Delete button
Update button
Cancel button
197
Description Click Application Protocol(s) required to be deleted Allows to select all Application Protocol(s) for deletion Click Select All to select all Application Protocol(s) Delete(s) Application Protocol(s) Click to delete
Delete button
Description Select Category to be deleted More than one Category can be selected Click to select Allows to select all the Categories for deletion Click to select Deletes all the selected Categories Click to delete
Select All
Delete button
198
Access Control
Use Local ACLs to limit the Administrative access to the following Cyberoam services from LAN/WAN/DMZ: Admin Services Authentication Services Proxy Services Network Services Default Access Control configuration When Cyberoam is connected and powered up for the first time, it will have a default Access configuration as specified below: Admin Services HTTPS (TCP port 443) and SSH (TCP port 22) services will be open for administrative functions for LAN zone Authentication Services Cyberoam (UDP port 6060) and HTTP Authentication (TCP port 8090) will be open for User Authentication Services for LAN zone. User Authentication Services are not required for any of the Administrative functions but required to apply user based internet surfing, bandwidth and data transfer restrictions. Customize Access Control configuration Use access control to limit the access to Cyberoam for administrative purposes from the specific authenticated/trusted networks only. You can also limit access to administrative services within the specific authenticated/trusted network. Select Firewall Local ACL
199
Admin Services Enable/disable access to Cyberoam using following service from the specified zone and network: HTTP HTTPS Telnet Authentication Services Enable/disable following service from the specified zone and network: Cyberoam HTTP Proxy Services Enable/disable HTTP service from the specified zone and network Network Services Enable/disable following service from the specified zone and network: DNS ICMP Update button Add button Saves configuration Allows to add the trusted networks from which the above specified services will be allowed/disallowed Click Add to add network details Specify Network IP address and Zone Click Add Table Access Configuration screen elements
200
Syslog Configuration
Syslog is an industry standard protocol/method for collecting and forwarding messages from devices to a server running a syslog daemon usually via UDP Port 514. The syslog is a remote computer running a syslog server. Logging to a central syslog server helps in aggregation of logs and alerts. Cyberoam appliance can also send a detailed log to an external Syslog server in addition to the standard event log. The Cyberoam Syslog support requires an external server running a Syslog daemon on any of the UDP Port. The Cyberoam captures all log activity and includes every connection source and destination IP address, IP service, and number of bytes transferred. A SYSLOG service simply accepts messages, and stores them in files or prints. This form of logging is the best as it provides a Central logging facility and a protected long-term storage for logs. This is useful both in routine troubleshooting and in incident handling. Select System Syslog Configuration
Description Click to enable syslog service Specify IP address of the syslog server. Messages from the Cyberoam will be sent to the server. Default: 192.168.1.254 Specify the port number for communication with the syslog server. Default: 514
Syslog Port
201
Cyberoam User Guide Syslog Facility Select facility to be used. Cyberoam supports following facilities for log messages received from remote servers and network devices. DAEMON - Daemon logs (Information of Services running in Cyberoam as daemon) KERN Kernel log LOCAL0 LOCAL7 Log level USER - Logging on the basis of users who are connected to Server Specify the level of the messages logged. Cyberoam logs all messages at and above the logging severity level you select. EMERGENCY - System is not usable ALERT - Action must be taken immediately CRITICAL - Critical condition ERROR - Error condition WARNING - Warning condition NOTICE - Normal but significant condition INFORMATION - Informational DEBUG Debug - level messages Click to save the configuration
Syslog Level
Update button
Log configuration
Cyberoam can log many different network activities and traffic including: DoS Attack traffic Invalid traffic Firewall traffic Local ACL traffic Dropped Source Routed packets Dropped ICMP Redirected packets IDP reports Traffic Discovery reports Cyberoam can either store logs locally or send logs to external syslog server for storage and archival purposes. IDP reports can be stored locally or can be send to syslog server also while Traffic Discovery logs can be stored locally only. To record logs you must enable the respective log and specify logging location. Administrator can choose between on-appliance logging, Syslog logging or disabling logging temporarily. Once you add the server, configure logs to be send to the syslog sever System Logging Log configuration page. Cyberoam logs many different network activities and traffic including: DoS attack Log The DoS Attack Log records attacks detected and prevented by the Cyberoam i.e. dropped TCP, UDP and ICMP packets.
202
To generate log, go to Firewall Denial of Service DoS Settings and click Apply Flag against SYN Flood, UDP flood, TCP flood, and ICMP flood individually Invalid Traffic Log Log records the dropped traffic that does not follow the protocol standards, invalid fragmented traffic and traffic whose packets Cyberoam is not able to relate to any connection. Firewall traffic Log records the traffic, both permitted and denied by the firewall rule. To generate firewall rule logs, enable logging from Network Logging Management (Telnet Console). Local ACL Log Log records the entire (allowed and dropped) incoming traffic and traffic for the firewall Dropped Source Routed Packet Log Log records all the dropped source routed packets. To generate log, go to Firewall Denial of Service DoS Settings and click Apply Flag against Drop Source Routed Packets Dropped ICMP Redirected Packet Log Log records all the dropped ICMP redirect packets. To generate log, go to Firewall Denial of Service DoS Settings and click Apply Flag against Disable ICMP redirect Packets' Dropped Fragmented traffic Log records the dropped fragmented traffic IDP reports Logs detected and dropped attacks based on unknown or suspicious patterns (anomaly) and signatures Traffic Discovery reports Cyberoam generates various traffic discovery reports which include user specific and organization specific traffic reports. You can view reports from Reports Traffic Discovery
203
204
Upgrade Cyberoam
Cyberoam provides two types of upgrades: Automatic Correction to any critical software errors, performance improvement or changes in system behavior leads to automatic upgrade of Cyberoam without manual intervention or notification. Manual Manual upgrades requires human intervention.
Automatic Upgrade
By default, AutoUpgrade mode is ON. It is possible to disable the automatic upgrades. Follow the procedure to disable the AutoUpgrade mode: 1. Log on to Telnet Console 2. Go to option 4 Cyberoam Console
205
Page displays the list of available upgrades and the upgrade details like release date and size. Order specifies the sequence in which Cyberoam should be upgraded.
Type the file name with full path or select using Browse and click Upload
206
Step 4. Upgrade
Once the upgrade file is uploaded successfully, log on to Console to upgrade the version. Log on to Cyberoam Telnet Console. Type 6 to upgrade from the Main menu and follow the on-screen instructions. Successful message will displayed if upgraded successfully.
Repeat above steps if more than one upgrade is available. If more than one upgrade is available, please upgrade in the same sequence as displayed on the Available Upgrades page.
207
Download
Clients
Cyberoam Client supports Users using following platforms: Windows Enables Users using Windows Operating System to log-on to Cyberoam Server Linux Enables Users using Linux Operating System to log-on to Cyberoam server HTTP Enables Users using any other Operating System than Windows & Linux to log-on to Cyberoam Server Single Sign on Client Enables Windows-migrated Users to log on to Cyberoam using Windows Username and password. Single Sign on Client Auto Setup Download the setup. Guides Opens the Cyberoam Documentation site (http://docs.cyberoam.com) and download or view complete documentation set available for all the versions. Depending on the requirement, download the Cyberoam Client from Help Downloads
208
Screen - Reports 2. Log on to Reports, click on the Reports link to open the reports login page in a new window
209
Viewing Log details Tailor the report by setting filters on data by arbitrary date range. Use the Calendar to select the date range of the report.
210
Audit Log Components Entity Cyberoam Component through which the event was generated/Audit Resource Type Entity Name Unique Identifier of Entity Action Operation requested by entity/Audit Action Action By User who initiated the action/Accessor name Action Status Action result/Audit Outcome
Action Status Successful IP Address <IP address>
Entity Name
Action Login
Action By <username>
Message -
Explanation Login attempt to Report GUI by User <username> was successful Login attempt to Report GUI by User <username> was not successful because of wrong username and password Login attempt to Management GUI by User <username> was successful Login attempt to Management GUI by User <username> was not successful because system did not find the User <username> Login attempt to Management GUI by User <username> was not successful as user does not have administrative privileges User <username>s request to start Configuration Wizard was successful User <username>s request to close Configuration Wizard was successful Cyberoam was successfully started by the User <username> <username> trying to log on from <ip address> using SSH client was successfully authenticated Authentication of <username> trying to log on from <ip address> using SSH client was not successful Log on to account <username> using SSH client was not successful
Report GUI
Login
<username>
Failed
or
<IP address>
Management GUI
Login
<username>
Successful
<IP address>
Management GUI
Login
<username>
Failed
<IP address>
Management GUI
Login
<username>
Failed
<IP address>
Configuration Wizard
Started
<username>
Successful
<IP address>
Configuration Wizard
Finished
<username>
Successful
<IP address>
System
Started
<username>
Successful
CyberoamSystem Started User admin, coming from 192.168.1.241, authenticated. Login Attempt failed from 192.168.1.241 by user root
SSh
authentication
<username>
Successful
SSh
authentication
<username>
Failed
<IP address>
SSh
authentication
<username>
Failed
Password authentication failed. Login to account hello not allowed or account nonexistent Login
<IP address>
telnet
authentication
<username>
Successful
<IP
211
telnet
authentication
<username>
Failed
Authentication Failure
<IP address>
console
authentication
<username>
Successful
Login Successful
ttyS0
console
authentication
<username>
Successful
Login Successful
tty1
console
authentication
<username>
Failed
Authentication Failure
<IP address>
Firewall
Started
System
Successful
Firewall Rule
<firewall rule id> e.g. 7 <firewall rule id> e.g. 6 <firewall rule id> e.g. 21 <firewall rule id> e.g. 10 N/A
Create
<username>
Successful
Firewall Rule
Update
<username>
Successful
<IP address>
Firewall Rule
Update
System
Successful
<IP address>
Firewall Rule
Delete
System
Successful
<IP address>
Host
Delete
<username>
Failed
Host
<host name> e.g. 192.168.1.68, #Port D <host name> e.g. 192.168.1.66, #Port D <host group name> e.g. mkt group <host group name> e.g. sys group <host group name> e.g. Trainee <service name> e.g. vypress chat
Delete
<username>
Successful
Host
Insert
<username>
Successful
<IP address>
HostGroup
Delete
<username>
Successful
<IP address>
HostGroup
Update
<username>
Successful
<IP address>
HostGroup
Insert
<username>
Successful
<IP address>
Service
Delete
<username>
Successful
<IP address>
212
Service
Insert
<username>
Successful
<IP address>
ServiceGroup
Insert
<username>
Successful
<IP address>
ServiceGroup
Update
<username>
Successful
<IP address>
ServiceGroup
Delete
<username>
Successful
<IP address>
NAT Policy
Insert
<username>
Successful
<IP address>
NAT Policy
<policy name>
Update
<username>
Successful
<IP address>
NAT Policy
<policy name>
Delete
<username>
Successful
<IP address>
DNAT Policy
<policy name>
Insert
<username>
Successful
<IP address>
DNAT Policy
<policy name>
Update
<username>
Successful
<IP address>
DNAT Policy
<policy name>
Delete
<username>
Successful
<IP address>
Schedule
<schedule name>
Insert
<username>
Successful
<IP address>
Schedule
<schedule name>
Update
<username>
Successful
<IP address>
Schedule
<schedule name>
Delete
<username>
Successful
<IP address>
Schedule Detail
<schedule name>
Insert
<username>
Successful
<IP address>
Local ACLs
Local ACLs
Update
<username>
Successful
DoS Bypass
DoS Bypass
Delete
<username>
Successful
213
DoS Settings
DoS Settings
Update
<username>
Successful
Online Registraion
Register
<username>
Successful
<username>
Successful
<username>
Successful
System time changed from 2006-06-19 23:15:50 IST to 2006-07-19 23:15:03 IST
Apart from the tabular format, Cyberoam allows to view the log details in: to open a new window and display the report in the printer Printable format Click friendly format. Report can be printed from File -> Print.
to export and save the report in CSV Export as CSV (Comma Separated Value) Click format. Report can be very easily exported to MS Excel and all the Excel functionalities can be used to analyze the data.
214
TYPE date
DESCRIPTION Date (yyyy-mm-dd) when the event occurred For the allowed traffic - the date on which connection was started on Cyberoam For the dropped traffic - the date when the packet was dropped by Cyberoam Time (hh:mm:ss) when the event occurred For the allowed traffic - the tome when the connection was started on Cyberoam For the dropped traffic - the time when the packet was dropped by Cyberoam Model Number of the Cyberoam Appliance Unique Identifier of the Cyberoam Appliance Unique 7 characters code (c1c2c3c4c5c6c7) e.g. 0101011, 0102011 c1c2 represents Log Type e.g. 01 c3c4 represents Log Component e.g. Firewall, local ACL c5c6 represents Log Sub Type e.g. allow, violation c7 represents Priority e.g. 1 Section of the system where event occurred e.g. Traffic for traffic logging. Possible values: 01 Traffic - Entire traffic intended for Cyberoam Component responsible for logging Possible values: 01 - Firewall rule
2.
Time
time
3. 4. 5.
4.
Log Type
string
5.
Log Component
string
215
Cyberoam User Guide Event due to any traffic allowed or dropped based on the firewall rule created 02 - Local ACL Event due to any traffic allowed or dropped based on the local ACL configuration or all other traffic intended for the firewall 03 - DoS Attack Event due to any packets dropped based on the dos attack settings i.e. Dropped tcp, udp and icmp packets. 04 - Invalid traffic Event due to any traffic dropped which does not follow the protocol standards, invalid fragmented traffic and traffic whose packets Cyberoam is not able to relate to any connection. Refer to Invalid traffic list for more details. 05 - Invalid Fragmented traffic Event when any invalid fragmented traffic is dropped. Refer to Invalid Fragmented traffic list for more details. 06 - ICMP redirect Event due to any ICMP Redirected packets dropped based on the DoS attack setting
07 - Source routed packet Event due to any source routed packets dropped based on the DoS attack setting 08 Fragmented traffic Event when any fragmented traffic is dropped due to Advanced Firewall settings. Refer to Console Guide Page no. 59 for more details. Decision taken on traffic Possible values: 01 Allowed Traffic permitted to and through Cyberoam based on the firewall rule settings 02 Violation Traffic dropped based on the firewall rule settings, local ACL settings, DOS settings or due to invalid traffic. Ultimate state of traffic (accept/deny) Severity level of traffic Possible values: 01 Notice Durability of traffic Firewall rule id of traffic User Id Group Id of user Internet Access policy Id applied for traffic Interface for incoming traffic e.g. eth0 Blank for outgoing traffic Interface for outgoing traffic e.g. eth1 Blank for incoming traffic
6.
string
7. 8.
Status Priority
string string
15.
Out Interface
string
216
Cyberoam User Guide 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. Source IP Destination IP Protocol Source Port Destination Port ICMP Type ICMP Code Sent Packets Received Packets Sent Bytes Received Bytes Translated Source IP string string integer integer integer integer integer integer integer integer integer integer Source IP address of traffic Destination IP address of traffic Protocol number of traffic Source Port of TCP and UDP traffic Destination Port of TCP and UDP traffic ICMP type of ICMP traffic ICMP code of ICMP traffic Total number of packets sent Total number of packets received Total number of bytes sent Total number of bytes received Translated Source IP address if Cyberoam is deployed as Gateway "N/A" - if Cyberoam is deployed as Bridge Translated Source port if Cyberoam is deployed as Gateway "N/A" - if Cyberoam is deployed as Bridge Translated Destination IP address if Cyberoam is deployed as Gateway "N/A" - if Cyberoam is deployed as Bridge Translated Destination port if Cyberoam is deployed as Gateway "N/A" - if Cyberoam is deployed as Bridge
28.
integer
29.
integer
30.
integer
Invalid traffic Cyberoam will define following traffic as Invalid traffic: Short IP Packet IP Packets with bad IP checksum IP Packets with invalid header and/or data length Truncated/malformed IP packet Packets of Ftp-bounce Attack Short ICMP packet ICMP packets with bad ICMP checksum ICMP packets with wrong ICMP type/code Short UDP packet Truncated/malformed UDP packet UDP Packets with bad UDP checksum Short TCP packet Truncated/malformed TCP packet TCP Packets with bad TCP checksum TCP Packets with invalid flag combination Cyberoam TCP connection subsystem not able to relate TCP Packets to any connection If Strict Internet Access Policy is applied then Cyberoam will define following traffic also as Invalid traffic: UDP Packets with Destination Port 0 TCP Packets with Source Port and/or Destination Port 0
217
Cyberoam User Guide Land Attack Winnuke Attack TCP Syn Packets contains Data IP Packet with Protocol Number 0 IP Packet with TTL Value 0 Invalid Fragmented traffic Cyberoam will define following traffic as Invalid Fragmented traffic: Fragment Queue out of memory while reassembling IP fragments Fragment Queue Timeout while reassembling IP fragments Fragment too far ahead while reassembling IP fragments Oversized IP Packet while reassembling IP fragments Fragmentation failure while creating fragments
218
Astrology BusinessAndEconomy
Chat CommercialBanks
Communication
Neutral
CrimeAndSuicide
UnHealthy
CulturalInstitutions DatingAndMatrimonials
UnHealthy
UnHealthy Productive
EducationAndReferenceMate rial
Productive
219
Entertainment
Non Working
Finance
Non Working
Hacking
Neutral
HealthAndMedicines
Productive
HobbiesAndRecreation
Non Working
NewsAndMedia
Neutral
None Nudity
Neutral UnHealthy
PersonalAndBisographySites PhishingAndFraud
220
PoliticalOrganizations Porn
Neutral UnHealthy
Portals
Non Working
PropertyAndRealEstate Science
Neutral Productive
SearchEngines SeXHealthAndEducation
Neutral Neutral
SharesAndStockMarket
Non Working
Shopping
Non Working
Spirituality
Non Working
Sites featuring articles on healing solutions in wellness, personal growth, relationship, workplace, prayer, articles on God, Society, Religion, and ethics Sites providing any information about or promoting sports, active games, and recreation. All types of Sites providing information about Sports except Cricket Sites or pages that download software that, without the user's knowledge, generates http traffic (other than simple user identification and validation) and Sites providing client software to enable peer-topeer file sharing and transfer Sites showing images of models and magazines offering lingerie/swimwear but not Nude or sexual images. It also includes Arts pertaining Adult images and shopping of lingerie Sites providing information about traveling i.e. Airlines and Railway sites. Sites providing details about Hotels, Restaurants, Resorts, and information about worth seeing places. Sites that list, review, advertise, or promote food, dining, or catering services. Sites providing Visa, Immigration, Work Permit and Holiday & Work Visa details, procedures and services Sites offering Online translation of URLs. These sites access the URL to be translated in a way that bypasses the proxy server, potentially allowing unauthorized access Sites providing information regarding manufacturing and shopping of vehicles and their parts Sites featuring or promoting violence or bodily harm, including selfinflicted harm; or that gratuitously displaying images of death, gore, or injury; or featuring images or descriptions that are grotesque or frightening and of no redeeming value. These do not include news, historical, or press incidents that may include the above criteria Sites providing information about, promote, or support the sale of weapons and related items Sites providing Web based E-mail services or information regarding email services
Sports
Non Working
SpywareAndP2P
UnHealthy
SwimwareAndLingerie
Non Working
TravelFoodAndImmigration
Non Working
URLTranslationSites
UnHealthy
Vehicles Violence
Weapons WebBasedEmail
221
Appendix D Services
Service Name All Services Cyberoam AH AOL BGP DHCP DNS ESP FINGER FTP FTP_GET FTP_PUT GOPHER GRE H323 HTTP HTTPS ICMP_ANY IKE IMAP INFO_ADDRESS INFO_REQUEST IRC Internet-Locator-Service L2TP LDAP NFS NNTP NTP NetMeeting OSPF PC-Anywhere PING POP3 PPTP QUAKE RAUDIO RIP RLOGIN SAMBA SIP SIP-MSNmessenger SMTP SNMP SSH SYSLOG TALK TCP TELNET TFTP TIMESTAMP UDP UUCP Details All Services UDP (1024:65535) / (6060) IP Protocol No 51 (IPv6-Auth) TCP (1:65535) / (5190:5194) TCP (1:65535) / (179) UDP (1:65535) / (67:68) TCP (1:65535) / (53), UDP (1:65535) / (53) IP Protocol No 50 (IPv6-Crypt) TCP (1:65535) / (79) TCP (1:65535) / (21) TCP (1:65535) / (21) TCP (1:65535) / (21) TCP (1:65535) / (70) IP Protocol No 47 TCP (1:65535) / (1720), TCP (1:65535) / (1503), UDP (1:65535) / (1719) TCP (1:65535) / (80) TCP (1:65535) / (443) ICMP any / any UDP (1:65535) / (500), UDP (1:65535) / (4500) TCP (1:65535) / (143) ICMP 17 / any ICMP 15 / any TCP (1:65535) / (6660:6669) TCP (1:65535) / (389) TCP (1:65535) / (1701), UDP (1:65535) / (1701) TCP (1:65535) / (389) TCP (1:65535) / (111),TCP (1:65535) / (2049), UDP (1:65535) / (111), UDP (1:65535) / (2049) TCP (1:65535) / (119) TCP (1:65535) / (123), UDP (1:65535) / (123) TCP (1:65535) / (1720) IP Protocol No 89 (OSPFIGP) TCP (1:65535) / (5631), UDP (1:65535) / (5632) ICMP 8 / any TCP (1:65535) / (110) IP Protocol No 47, TCP (1:65535) / (1723) UDP (1:65535) / (26000),UDP (1:65535)/(27000),UDP(1:65535)/(27910),UDP (1:65535)/ (27960) UDP (1:65535) / (7070) UDP (1:65535) / (520) TCP (1:65535) / (513) TCP (1:65535) / (139) UDP (1:65535) / (5060) TCP (1:65535) / (1863) TCP (1:65535) / (25) TCP (1:65535) / (161:162), UDP (1:65535) / (161:162) TCP (1:65535) / (22), UDP (1:65535) / (22) UDP (1:65535) / (514) TCP (1:65535) / (517:518) TCP (1:65535) / (1:65535) TCP (1:65535) / (23) UDP (1:65535) / (69) ICMP 13 / any UDP (1:65535) / (1:65535) TCP (1:65535) / (540)
222
223
Kazaa directconnect Mail Protocol POP3 SMTP IMAP Chat ymsgr msnmessenger AOL indiatimes Media Player Voice over IP wmplayer quickplayer SIP
H323
Network
DHCP SNMP
DNS RDP
224
225
Cyberoam User Guide Screen - Delete Firewall rule.....................................................................................................................................49 Screen Create Host Group.....................................................................................................................................50 Table Create Host Group screen elements .......................................................................................................50 Screen Remove Host from Host Group..............................................................................................................52 Table Remove Host from Host Group screen elements ................................................................................52 Screen Delete Host Group .....................................................................................................................................52 Table Delete host Group screen elements ........................................................................................................52 Screen Add Host ......................................................................................................................................................53 Table Add Host screen elements .........................................................................................................................53 Screen Delete Host ..................................................................................................................................................53 Table Delete Host screen elements.....................................................................................................................53 Screen Create Virtual host.....................................................................................................................................54 Screen Delete Virtual Host.....................................................................................................................................57 Table Delete Virtual host screen elements........................................................................................................57 Screen - Create Logon Pool......................................................................................................................................58 Table - Add Logon Pool screen elements.............................................................................................................58 Screen Application wise Live connections .......................................................................................................59 Table Application wise Live connections screen elements..........................................................................60 Screen User wise Live connections ....................................................................................................................62 Table User wise Live connections screen elements.......................................................................................63 Screen LAN IP Address wise Live connections................................................................................................63 Table LAN IP Address wise Live connection screen elements.....................................................................64 Screen Todays Connection History Application wise................................................................................65 Table Todays Connection History Application screen elements ............................................................66 Screen Todays Connection History User wise ............................................................................................66 Table Todays Connection History User wise screen elements ...............................................................67 Screen Todays Connection History LAN IP Address wise .......................................................................67 Table Todays Connection History LAN IP Address wise screen elements..........................................68 Screen - Create Surfing Quota policy ....................................................................................................................70 Table - Create Surfing Quota policy screen elements .......................................................................................71 Screen - Update Surfing Quota policy ...................................................................................................................71 Table - Update Surfing Quota policy screen elements ......................................................................................72 Screen - Delete Surfing Quota policy.....................................................................................................................72 Table - Delete Surfing Quota policy screen elements........................................................................................72 Screen - Create Access Time policy.......................................................................................................................73 Table - Create Access Time policy screen elements .........................................................................................74 Screen - Update Access Time policy......................................................................................................................74 Table - Update Access Time policy screen elements ........................................................................................75 Screen - Delete Access Time policy .......................................................................................................................75 Table - Delete Access Time policy screen elements..........................................................................................75
226
Cyberoam User Guide Screen - Create Internet Access policy .................................................................................................................76 Table - Create Internet Access policy screen elements ....................................................................................77 Screen Add Internet Access policy rule.............................................................................................................78 Table Add Internet Access policy rule screen elements ...............................................................................79 Screen - Update Internet Access policy ................................................................................................................79 Table - Update Internet Access policy screen elements...................................................................................80 Screen - Delete Internet Access policy rule .........................................................................................................80 Table - Delete Internet Access policy rule screen elements ............................................................................81 Screen - Delete Internet Access policy..................................................................................................................81 Table - Delete Internet Access policy screen elements ....................................................................................81 Table - Implementation types for Strict - Bandwidth policy .............................................................................82 Table - Bandwidth usage for Strict - Bandwidth policy.....................................................................................82 Table - Implementation types for Committed - Bandwidth policy ..................................................................83 Table - Bandwidth usage for Committed - Bandwidth policy ..........................................................................83 Screen - Create Bandwidth policy...........................................................................................................................84 Table - Create Bandwidth policy - Common screen elements.........................................................................84 Screen - Create Logon Pool based Bandwidth policy .......................................................................................84 Table - Create Logon Pool based Bandwidth policy screen elements..........................................................85 Screen - Create User/IP based Strict Bandwidth policy ....................................................................................85 Table - Create User/IP based Strict Bandwidth policy screen elements.......................................................86 Screen - Create User/IP based Committed Bandwidth policy .........................................................................86 Table - Create User/IP based Committed Bandwidth policy screen elements ............................................87 Screen - Update Bandwidth policy .........................................................................................................................87 Table - Update Bandwidth policy Common screen elements..........................................................................87 Screen - Update Logon Pool based Bandwidth policy ......................................................................................88 Table - Update Logon Pool based Bandwidth policy screen elements.........................................................88 Screen - Update User based Bandwidth policy ...................................................................................................88 Table - Update User based Bandwidth policy screen elements......................................................................89 Screen Assign Schedule to User based Strict Bandwidth policy................................................................89 Table Assign Schedule to User based Strict Bandwidth policy screen elements ..................................90 Screen - Assign Schedule to User based Committed Bandwidth policy......................................................90 Table Assign Schedule to User based Committed Bandwidth policy screen elements........................91 Screen - Remove Schedule from User based Bandwidth policy ....................................................................91 Table - Remove Schedule from User based Bandwidth policy screen elements .......................................91 Screen - Delete Bandwidth policy ...........................................................................................................................92 Table - Delete Bandwidth policy screen elements..............................................................................................92 Screen Create Data transfer policy .....................................................................................................................93 Table Create Data transfer policy screen elements ........................................................................................94 Screen Update Data transfer policy screen.......................................................................................................95 Table Update Data transfer policy screen elements .......................................................................................96
227
Cyberoam User Guide Screen Delete Data transfer policy screen ........................................................................................................96 Table - Delete Data transfer policy screen element............................................................................................96 Screen Create NAT policy......................................................................................................................................97 Table Create NAT policy screen elements.........................................................................................................97 Screen Update NAT policy.....................................................................................................................................98 Table Update NAT policy screen elements .......................................................................................................98 Screen Delete NAT policy ......................................................................................................................................98 Table Delete NAT policy screen elements .........................................................................................................98 Screen Edit Zone ......................................................................................................................................................99 Table Edit Zone.......................................................................................................................................................100 Screen Delete Zone................................................................................................................................................100 Table Delete Zone ..................................................................................................................................................100 Table - Need to Update group ................................................................................................................................103 Screen - Manage Group ...........................................................................................................................................103 Table - Manage Group screen elements..............................................................................................................104 Screen - Show Group Members.............................................................................................................................105 Table - Show Group Members screen elements ...............................................................................................105 Screen Add Group Member .................................................................................................................................106 Table Add Group Member screen elements....................................................................................................106 Screen - Change Login Restriction.......................................................................................................................107 Table - Change Login Restriction screen elements .........................................................................................107 Screen - Search User................................................................................................................................................108 Table - Search User screen elements ..................................................................................................................108 Table - Search User Result ..................................................................................................................................108 Screen Manage Live Users ..................................................................................................................................109 Table Manage Live User screen elements .......................................................................................................109 Table - Need to Update User...................................................................................................................................110 Screen - Manage User ..............................................................................................................................................111 Table - Manage User screen elements.................................................................................................................112 Screen - Change User Personal details...............................................................................................................113 Table - Change User personal details screen elements..................................................................................113 Screen - User My Account ......................................................................................................................................113 Screen - User My Account ......................................................................................................................................114 Screen - Change Password ....................................................................................................................................114 Table - Change password screen elements .......................................................................................................114 Screen - Change Personal details.........................................................................................................................114 Table - Change Personal details screen elements ...........................................................................................115 Screen - Internet Usage Status ..............................................................................................................................115 Table - Internet Usage screen elements ..............................................................................................................116 Screen - Change Group ...........................................................................................................................................116
228
Cyberoam User Guide Table - Change Group screen elements ..............................................................................................................116 Table - Change Individual policy ...........................................................................................................................116 Screen - Change User Login Restriction.............................................................................................................117 Table - Change User Login Restriction screen elements ...............................................................................117 Screen - Delete Active User ....................................................................................................................................117 Screen - Delete Deactive User................................................................................................................................118 Screen - Delete Clientless User .............................................................................................................................118 Table - Delete clientless User screen elements.................................................................................................118 Screen - Deactivate User .........................................................................................................................................118 Table - Deactivate User screen elements............................................................................................................119 Screen - Activate Normal User...............................................................................................................................119 Screen - Activate Clientless User..........................................................................................................................119 Table - Activate User screen elements ................................................................................................................119 Screen - Search Node...............................................................................................................................................120 Table - Search Node results ...................................................................................................................................120 Screen - Update Logon Pool...................................................................................................................................121 Table - Update Logon Pool screen elements .....................................................................................................121 Screen - Add Node ....................................................................................................................................................122 Table - Add Node screen elements.......................................................................................................................122 Screen - Delete Node ................................................................................................................................................122 Table - Delete Node screen elements...................................................................................................................122 Screen - Delete Logon Pool ....................................................................................................................................123 Table - Delete Logon Pool screen elements.......................................................................................................123 Screen Configure DNS..........................................................................................................................................124 Screen - Configure DHCP........................................................................................................................................126 Table - Configure DHCP screen elements ..........................................................................................................127 Screen View DHCP leased IP list .......................................................................................................................127 Screen Update DHCP configuration..................................................................................................................128 Screen - Disable DHCP service..............................................................................................................................128 Screen Manage Interface......................................................................................................................................129 Screen Add Alias....................................................................................................................................................129 Table Add Alias screen elements ......................................................................................................................130 Screen Edit Alias ....................................................................................................................................................130 Table Edit Alias screen elements.......................................................................................................................130 Screen Delete Alias ...............................................................................................................................................130 Screen Register Hostname with DDNS ............................................................................................................131 Table Register hostname with DDNS................................................................................................................132 Screen PPPoE configuration...............................................................................................................................134 Table PPPoE configuration screen elements .................................................................................................134 Screen Gateway Configuration...........................................................................................................................135
229
Cyberoam User Guide Table - Gateway Configuration screen elements ..............................................................................................135 Screen DoS Settings .............................................................................................................................................138 Table DoS Settings screen elements ................................................................................................................139 Screen Create DoS bypass rule .........................................................................................................................140 Table Create DoS bypass rule screen elements ............................................................................................141 Screen Delete DoS bypass rule..........................................................................................................................141 Table Delete DoS bypass rule screen elements.............................................................................................141 Screen - Reset Console Password .......................................................................................................................142 Table - Reset Console Password screen elements ..........................................................................................142 Screen System Modules Configuration............................................................................................................143 Screen Set Backup schedule ..............................................................................................................................144 Table Set Backup Schedule screen elements ................................................................................................145 Screen Backup Data ..............................................................................................................................................145 Table Backup Data screen elements.................................................................................................................146 Screen Restore Data screen................................................................................................................................146 Table - Restore Data screen elements .................................................................................................................146 Screen Configure Auto purge Utility screen ...................................................................................................147 Table Configure Auto purge Utility screen elements....................................................................................147 Screen Purge Logs screen ..................................................................................................................................148 Table - Purge Logs screen elements....................................................................................................................148 Screen Customized Client Messages screen .................................................................................................149 Table - Customized Client Message screen elements .....................................................................................150 Table - List of predefined messages ....................................................................................................................151 Screen Customized Client Preferences screen..............................................................................................152 Table Customized Client Preferences screen elements ..............................................................................153 Screen Customize Denied message screen elements .................................................................................154 Screen - Manage HTTP Proxy.................................................................................................................................159 Table - Manage HTTP Proxy screen elements ...................................................................................................159 Screen - Configure HTTP Proxy.............................................................................................................................160 Table - Configure HTTP Proxy screen elements ...............................................................................................161 Screen - Manage Services.......................................................................................................................................162 Table - Manage Control Service screen elements ............................................................................................162 Table - Manage Control Service Action............................................................................................................162 Screen View Bandwidth Usage...........................................................................................................................163 Table - Bandwidth usage screen elements.........................................................................................................163 Screen - Bandwidth usage - Live Users graph ..................................................................................................164 Screen - Bandwidth usage - Total Data transfer graph ...................................................................................164 Screen - Bandwidth usage - Composite Data transfer graph ........................................................................165 Screen - Bandwidth usage - Download Data transfer graph..........................................................................165 Screen - Bandwidth usage - Upload Data transfer graph ...............................................................................166
230
Cyberoam User Guide Screen - Download User Migration Utility ...........................................................................................................168 Screen - Save User Migration Utility.....................................................................................................................168 Screen Upload downloaded User Migration Utility .......................................................................................169 Screen Upload CVS file ........................................................................................................................................170 Screen - Register migrated users from External file ........................................................................................170 Screen - Define One Time Schedule.....................................................................................................................171 Table - Define Schedule screen elements...........................................................................................................171 Screen Add Schedule Entry details...................................................................................................................172 Table Add Schedule Entry details screen elements .....................................................................................172 Screen - Manage Schedule .....................................................................................................................................173 Table - Manage Schedule screen elements ........................................................................................................173 Screen Delete Schedule Entry details ..............................................................................................................174 Table - Delete Schedule Entry details screen elements ..................................................................................174 Screen - Delete Schedule ........................................................................................................................................174 Table - Delete Schedule screen elements...........................................................................................................174 Screen - Define Custom Service............................................................................................................................175 Table Define Custom Service screen elements .............................................................................................175 Screen - Update Custom Service ..........................................................................................................................176 Table - Update Custom Service screen elements .............................................................................................176 Screen - Delete Custom Service............................................................................................................................177 Table - Delete Custom Service screen elements...............................................................................................178 Screen Create Service Group screen................................................................................................................179 Table Create Service Group screen elements ................................................................................................179 Screen Edit Service Group ..................................................................................................................................180 Table Edit Service Group screen elements.....................................................................................................180 Screen Delete Service Group..............................................................................................................................181 Table Delete Service Group.................................................................................................................................181 Screen Search URL................................................................................................................................................183 Screen - Manage Default Web Category..............................................................................................................184 Screen - Create Custom Web Category ...............................................................................................................185 Table - Create Web Category screen elements .................................................................................................186 Screen - Add Domain................................................................................................................................................186 Table - Add Domain screen elements ..................................................................................................................186 Screen - Add keyword ..............................................................................................................................................187 Table - Add keyword screen elements.................................................................................................................187 Screen - Manage Custom Web category .............................................................................................................188 Table - Update Custom Web category screen elements .................................................................................189 Screen Delete Domain ..........................................................................................................................................189 Table Delete Domain screen elements .............................................................................................................189 Screen - Delete keyword..........................................................................................................................................190
231
Cyberoam User Guide Table - Delete keywords screen elements ..........................................................................................................190 Screen - Delete Custom Web Category ...............................................................................................................190 Table - Delete Custom Web Category screen elements ..................................................................................190 Screen Manage Custom File Type Category...................................................................................................191 Screen - Create Custom File Type Category ......................................................................................................192 Table - Create Custom File Type screen elements ...........................................................................................192 Screen - Manage Custom File Type Category....................................................................................................192 Screen - Manage Custom File Type Category....................................................................................................193 Screen - Delete Custom File Type Category.......................................................................................................193 Table - Delete Custom File Type screen elements ...........................................................................................193 Screen - Manage Default Application Protocol Category ...............................................................................194 Screen - Create Custom Application Protocol Category ................................................................................195 Table Create Custom Application Category screen elements ...................................................................195 Screen Add Custom Application Protocol Category details.......................................................................196 Table Add Custom Application Protocol Category details .........................................................................196 Screen Manage Custom Application Protocol Category .............................................................................197 Table Manage Custom Application Protocol Category screen elements................................................197 Screen Delete Application Protocol Category details ..................................................................................197 Table Delete Application Protocol Category screen elements...................................................................198 Screen - Delete Custom Application Protocol Category.................................................................................198 Table - Delete Custom Application Protocol Category screen elements....................................................198 Screen Access Configuration .............................................................................................................................199 Table Access Configuration screen elements................................................................................................200 Screen Syslog Configuration..............................................................................................................................201 Screen About Cyberoam ......................................................................................................................................204 Screen - Upload Upgrade version .........................................................................................................................207 Screen Download Clients.....................................................................................................................................208 Screen - Reports........................................................................................................................................................209 Screen Reports Login ...........................................................................................................................................209 Screen Audit Log report .......................................................................................................................................210 Screen Sample Audit Log Report ......................................................................................................................210
232