User Guide

Version 9

Document version 95314-1.0-31/01/2008

Cyberoam User Guide

IMPORTANT NOTICE Elitecore has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Elitecore assumes no responsibility for any errors that may appear in this document. Elitecore reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice. USERS LICENSE The Appliance described in this document is furnished under the terms of Elitecores End User license agreement. Please read these terms and conditions carefully before using the Appliance. By using this Appliance, you agree to be bound by the terms and conditions of this license. If you do not agree with the terms of this license, promptly return the unused Appliance and manual (with proof of payment) to the place of purchase for a full refund. LIMITED WARRANTY Software: Elitecore warrants for a period of ninety (90) days from the date of shipment from Elitecore: (1) the media on which the Software is furnished will be free of defects in materials and workmanship under normal use; and (2) the Software substantially conforms to its published specifications except for the foregoing, the software is provided AS IS. This limited warranty extends only to the customer as the original licenses. Customers exclusive remedy and the entire liability of Elitecore and its suppliers under this warranty will be, at Elitecore or its service centers option, repair, replacement, or refund of the software if reported (or, upon, request, returned) to the party supplying the software to the customer. In no event does Elitecore warrant that the Software is error free, or that the customer will be able to operate the software without problems or interruptions. Elitecore hereby declares that the anti virus and anti spam modules are powered by Kaspersky Labs and the performance thereof is under warranty provided by Kaspersky Labs. It is specified that Kaspersky Lab does not warrant that the Software identifies all known viruses, nor that the Software will not occasionally erroneously report a virus in a title not infected by that virus. Hardware: Elitecore warrants that the Hardware portion of the Elitecore Products excluding power supplies, fans and electrical components will be free from material defects in workmanship and materials for a period of One (1) year. Elitecore's sole obligation shall be to repair or replace the defective Hardware at no charge to the original owner. The replacement Hardware need not be new or of an identical make, model or part; Elitecore may, in its discretion, replace the defective Hardware (or any part thereof) with any reconditioned product that Elitecore reasonably determines is substantially equivalent (or superior) in all material respects to the defective Hardware. DISCLAIMER OF WARRANTY Except as specified in this warranty, all expressed or implied conditions, representations, and warranties including, without limitation, any implied warranty or merchantability, fitness for a particular purpose, non-infringement or arising from a course of dealing, usage, or trade practice, and hereby excluded to the extent allowed by applicable law. In no event will Elitecore or its supplier be liable for any lost revenue, profit, or data, or for special, indirect, consequential, incidental, or punitive damages however caused and regardless of the theory of liability arising out of the use of or inability to use the product even if Elitecore or its suppliers have been advised of the possibility of such damages. In the event shall Elitecores or its suppliers liability to the customer, whether in contract, tort (including negligence) or otherwise, exceed the price paid by the customer. The foregoing limitations shall apply even if the above stated warranty fails of its essential purpose. In no event shall Elitecore or its supplier be liable for any indirect, special, consequential, or incidental damages, including, without limitation, lost profits or loss or damage to data arising out of the use or inability to use this manual, even if Elitecore or its suppliers have been advised of the possibility of such damages. RESTRICTED RIGHTS Copyright 2000 Elitecore Technologies Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of Elitecore Technologies Ltd. Information supplies by Elitecore Technologies Ltd. Is believed to be accurate and reliable at the time of printing, but Elitecore Technologies assumes no responsibility for any errors that may appear in this documents. Elitecore Technologies reserves the right, without notice, to make changes in product design or specifications. Information is subject to change without notice CORPORATE HEADQUARTERS Elitecore Technologies Ltd. 904 Silicon Tower, Off. C.G. Road, Ahmedabad 380015, INDIA Phone: +91-79-66065606 Fax: +91-79-26407640 Web site: www.elitecore.com , www.cyberoam.com

Cyberoam User Guide

Contents
Technical Support _________________________________________________________________________ 6 Typographic Conventions___________________________________________________________________ 7

Preface ____________________________________________________________________________ 8
Guide Organization ________________________________________________________________________ 8

Cyberoam Basics___________________________________________________________________ 9
Benefits of Cyberoam ______________________________________________________________________ 9 Accessing Cyberoam ______________________________________________________________________ 9 Accessing the Web Admin Console _________________________________________________________ 11 Getting Started ______________________________________________________________________________ 14 Dashboard ______________________________________________________________________________ 16 Management ________________________________________________________________________________ 18

Setting up Zones __________________________________________________________________ 18

Create Zone _____________________________________________________________________________ 19

Setting up Users __________________________________________________________________ 20

Define Authentication _____________________________________________________________________ 20 Define User______________________________________________________________________________ 22

Setting up Groups _________________________________________________________________ 29 Firewall ___________________________________________________________________________ 37

Create Firewall rule _______________________________________________________________________ 39 Manage Firewall__________________________________________________________________________ 43 Host Management ________________________________________________________________________ 50

Virtual Host _______________________________________________________________________ 54

Create Virtual host________________________________________________________________________ 54 Delete Virtual host ________________________________________________________________________ 57

Setting up Logon Pools ____________________________________________________________ 58 Traffic Discovery __________________________________________________________________ 59

Live Connections report ___________________________________________________________________ 59 Todays Connection History ________________________________________________________________ 65

Policy Management________________________________________________________________ 69
Surfing Quota policy ______________________________________________________________________ Access Time policy _______________________________________________________________________ Internet Access policy _____________________________________________________________________ Bandwidth policy _________________________________________________________________________ Data Transfer policy ______________________________________________________________________ NAT Policy ______________________________________________________________________________ 70 73 76 82 93 97

Zone Management _________________________________________________________________ 99

Manage Zone ____________________________________________________________________________ 99 Delete Zone ____________________________________________________________________________ 100

Group Management_______________________________________________________________ 101

Manage Group __________________________________________________________________________ 101

User Management ________________________________________________________________ 108

Search User ____________________________________________________________________________ 108 Live User _______________________________________________________________________________ 109 Manage User ___________________________________________________________________________ 110

Logon Pool Management__________________________________________________________ 120

Search Node____________________________________________________________________________ 120

Cyberoam User Guide Update Logon Pool ______________________________________________________________________ 121

System Management _____________________________________________________________ 124

Configure Network_______________________________________________________________________ Configure DNS __________________________________________________________________________ Dynamic Host Configuration Protocol (DHCP) _______________________________________________ View Interface details ____________________________________________________________________ Configuring Dynamic DNS service _________________________________________________________ PPPoE _________________________________________________________________________________ Manage Gateway________________________________________________________________________ DoS Settings____________________________________________________________________________ Bypass DoS Settings ____________________________________________________________________ Reset Console Password _________________________________________________________________ System Module Configuration _____________________________________________________________ Client Services __________________________________________________________________________ Customize Access Deny messages ________________________________________________________ Upload Corporate logo ___________________________________________________________________ Customize Login message ________________________________________________________________ Disable Warning messages _______________________________________________________________ HTTP Client Login page template __________________________________________________________ 124 124 126 129 131 133 135 136 140 142 143 149 154 155 156 156 157

Manage Data _____________________________________________________________________ 144

HTTP Proxy Management _________________________________________________________ 159

Manage HTTP Proxy_____________________________________________________________________ 159 Configure HTTP Proxy ___________________________________________________________________ 160 Set Default Internet Access Policy _________________________________________________________ 161

Manage Servers __________________________________________________________________ 162 Monitoring Bandwidth Usage______________________________________________________ 163 Migrate Users ____________________________________________________________________ 168
Migration from PDC server________________________________________________________________ 168 Migration from External file________________________________________________________________ 169 Customization _____________________________________________________________________________ 171

Schedule ________________________________________________________________________ 171

Define Schedule_________________________________________________________________________ 171 Manage Schedule _______________________________________________________________________ 173

Services _________________________________________________________________________ 175

Define Custom Service ___________________________________________________________________ Manage Custom Service _________________________________________________________________ Create Service Group ____________________________________________________________________ Update Service Group ___________________________________________________________________ Delete Service Group ____________________________________________________________________ 175 176 179 180 181

Categories _______________________________________________________________________ 182

Web Category __________________________________________________________________________ 183 File Type Category ______________________________________________________________________ 191 Application Protocol Category _____________________________________________________________ 194

Access Control___________________________________________________________________ 199 Syslog Configuration _____________________________________________________________ 201

Log configuration ________________________________________________________________________ 202

Product Licensing & Updates _____________________________________________________ 204

Product Version information_______________________________________________________________ 204 Upgrade Cyberoam ______________________________________________________________________ 205

Download ________________________________________________________________________ 208

Clients _________________________________________________________________________________ 208

Appendix A Audit Log___________________________________________________________ 209

Cyberoam User Guide

Appendix B Network Traffic Log Fields ___________________________________________ 215 Appendix C Web Categories _____________________________________________________ 219 Appendix D Services ____________________________________________________________ 222 Appendix E Application Protocols _______________________________________________ 224 Menu wise Screen and Table Index ________________________________________________ 225

Cyberoam User Guide

Technical Support
You may direct all questions, comments, or requests concerning the software you purchased, your registration status, or similar issues to Customer care/service department at the following address: Corporate Office eLitecore Technologies Ltd. 904, Silicon Tower Off C.G. Road Ahmedabad 380015 Gujarat, India. Phone: +91-79-66065606 Fax: +91-79-26407640 Web site: www.elitecore.com Cyberoam contact: Technical support (Corporate Office): +91-79-26400707 Email: support@cyberoam.com Web site: www.cyberoam.com Visit www.cyberoam.com for the regional and latest contact information.

Cyberoam User Guide

Typographic Conventions
Material in this manual is presented in text, screen displays, or command-line notation.

Item Server Client User Username Part titles

Convention

Example Machine where Cyberoam Software - Server component is installed Machine where Cyberoam Software - Client component is installed The end user Username uniquely identifies the user of the system

Bold and shaded font typefaces

Report
Introduction
Notation conventions
Group Management Groups Create it means, to open the required page click on Group management then on Groups and finally click Create tab Enter policy name, replace policy name with the specific name of a policy Or Click Name to select where Name denotes command button text which is to be clicked refer to Customizing User database Clicking on the link will open the particular topic

Topic titles

Shaded font typefaces

Subtitles

Bold & Black typefaces Bold typeface

Navigation link

Name of a particular parameter / field / command button text Cross references Notes & points to remember Prerequisites

Lowercase italic type

Hyperlink in different color Bold typeface between the black borders Bold typefaces between the black borders

Note
Prerequisite Prerequisite details

Cyberoam User Guide

Preface
Welcome to Cyberoams - User guide. Cyberoam is an Identity-based UTM Appliance. Cyberoams solution is purpose-built to meet the security needs of corporates, government organizations, and educational institutions. Cyberoams perfect blend of best-of-breed solutions includes User based Firewall, Content filtering, Anti Virus, Anti Spam, Intrusion Detection and Prevention (IDP), and VPN. Cyberoam provides increased LAN security by providing separate port for connecting to the publicly accessible servers like Web server, Mail server, FTP server etc. hosted in DMZ which are visible the external world and still have firewall protection.

Default Web Admin Console username is cyberoam and password is cyber It is recommended that you change the default password immediately after installation to avoid unauthorized access.

Guide Organization
This Guide provides information regarding the administration, maintenance, and customization of Cyberoam and helps you manage and customize Cyberoam to meet your organizations various requirements including creating groups and users and assigning policies to control internet access.

How do I search for relevant content?

For help on how to perform certain task use Contents For help on a specific menu or screen function use Menu wise Screen and Table Index

This Guide is organized into three parts:

Part I Getting started

It describes how to start using Cyberoam after successful installation.

Part II Management

It describes how to define groups and users to meet the specific requirements of your Organization. It also describes how to manage and customize Cyberoam. 1. Define Authentication process and firewall rule. 2. Manage Groups and Users. Describes how to add, edit and delete Users and User Groups 3. Manage & Customize Policies. Describes how to define and manage Surfing Quota policy, Access Time policy, Internet Access policy, Bandwidth policy and Data transfer policy 4. Manage Logon Pools. Describes how to add, edit and delete Logon Pools 5. Manage Cyberoam server
Part III Customization

Customize Services, Schedules and Categories. Describes how to create and manage Categories, Schedules and Services and Cyberoam upgrade process.

Cyberoam User Guide

Cyberoam Basics
Cyberoam is an Identity-based UTM Appliance. Cyberoams solution is purpose-built to meet the security needs of corporates, government organizations, and educational institutions. Cyberoams perfect blend of best-of-breed solutions includes Identity based Firewall, Content filtering, Anti Virus, Anti Spam, Intrusion Detection and Prevention (IDP), and VPN. Cyberoam provides increased LAN security by providing separate port for connecting to the publicly accessible servers like Web server, Mail server, FTP server etc. hosted in DMZ which are visible the external world and still have firewall protection. It also provides assistance in improving Bandwidth management, increasing Employee productivity and reducing legal liability associated with undesirable Internet content access.

Benefits of Cyberoam
1. Boost Employee productivity by a. Blocking access to the sites like Gaming, Shopping, news, Pornography 2. Conserve bandwidth by a. Controlling access to non-productive site access during working hours b. Controlling rate of uploading & downloading of data 3. Load balancing over multiple links a. Improved User response time b. Failover solution c. Continuous availability of Internet d. Reduced bandwidth bottlenecks 4. Enforce acceptable Internet usage policies 5. Comprehensive, easy-to-use reporting tool enabling the IT managers to compile reports on Internet and other resources usage and consumption patterns

Accessing Cyberoam
Two ways to access Cyberoam: 1. Web Admin Console Managing Firewall rules Used for policy configuration Managing users, groups and policies Managing Bandwidth Viewing bandwidth graphs as well as reports 2. Telnet Console Used for Network and System configuration (setting up IP Addresses, setting up gateway) Managing Cyberoam application a) Using Console Interface via remote login utility TELNET b) Direct Console connection - attaching a keyboard and monitor directly to Cyberoam server

Accessing Console via remote login utility - TELNET

Access Cyberoam Console with the help of TELNET utility. To use TELNET, IP Address of the Cyberoam server is required. Use command telnet <Cyberoam IP address> to start TELNET utility from command prompt and log on with default password admin

Cyberoam User Guide

Screen - Console login screen

Accessing Console using SSH client

Access Cyberoam Console using any of the SSH client. Cyberoam server IP Address is required. Start SSH client and create new Connection with the following parameters: Hostname - <Cyberoam server IP Address> Username admin Password admin

10

Cyberoam User Guide

Accessing the Web Admin Console

Cyberoam Web Admin Console (GUI) access requires Microsoft Internet Explorer 5.5+ or Mozilla Firefox 1.5+ and Display settings as True color (32 bits)

Log on & log off from the Cyberoam Web Admin Console
The Log on procedure verifies validity of user and creates a session until the user logs off.

Log on procedure
To get the log in window, open the browser and type IP Address in browsers URL box. A dialog box appears prompting you to enter username and password to log on. Use the default user name cyberoam and password cyber if you are logging in for the first time after installation. Asterisks are the placeholders in the password field.
Log on Methods

HTTP log in To open unencrypted login page, in the browsers Address box, type http://<IP address of Cyberoam>

Screen - HTTP login screen HTTPS log in Cyberoam provides secured communication method which encrypts the User log on information and which prevents unauthorized users from viewing the user information. For this, Cyberoam uses https protocol. The secure Hypertext Transfer Protocol (HTTPS) is a communication protocol designed to transfer encrypted information between computers over the World Wide Web. HTTPS is http using a Secure Socket Layer (SSL). A secure socket layer is an encryption protocol invoked on a Web server that uses HTTPS.

11

Cyberoam User Guide HTTPS protocol opens a secure hypertext transfer session with the specified site address. To open login over secure HTTP, type https://<IP address of Cyberoam>

Screen - HTTPS login

Screen Elements Login User name

Description Specify user login name. If you are logging on for the first time after installation, please use default username cyberoam Specify user account Password

Password

12

Cyberoam User Guide If you are logging on for the first time after installation, please use default password cyber To administer Cyberoam, select Web Admin Console Logs on to Web Admin Console Click Login Table - Login screen elements

Log on to Login button

Web console Authorization and Access control

By default, Cyberoam has four types of user groups:
Administrator group

Log in as Administrator group User to maintain, control and administer Cyberoam. Administrator group User can create, update and delete system configuration and user information. Administrator can create multiple administrator level users.
Manager group

Manager group User can only view the reports.

User group

User group User is the user who accesses the resources through Cyberoam.
Clientless group

Clientless User group User who can bypass Cyberoam Client login to access resources. Cyberoam itself takes care of login of this level user. Refer to Access Configuration to implement IP address based access restriction/control for administrators and managers.

Log out procedure

To avoid un-authorized users from accessing Cyberoam, log off after you have finished working. This will end the session and exit from Cyberoam.

13

Cyberoam User Guide

Getting Started
Once you have configured network, you can start using Cyberoam. 1. Start monitoring

Once you have installed Cyberoam successfully, you can monitor user activity in your Network. Depending on the Internet Access policy configured at the time of installation, certain categories will be blocked or allowed for LAN to WAN traffic with or without authentication. 2. View Cyberoam Reports Monitor your Network activities using Cyberoam Reports. To view Reports, log on to Reports from Web Admin Console using following URL: http://<Internal IP Address> and log on with default username cyberoam and password cyber. View your organizations surfing pattern from Web Surfing Organization wise report View your organizations general surfing trends from Trends Web Trends report View your organizations Category wise surfing trends from Trends Category Trends report 3. Discover Network Application Traffic Detect your network traffic i.e. applications and protocols accessed by your users. To view traffic pattern of your network, log on to Cyberoam Web Admin Console using following URL: http://<Internal IP Address> and log on with default username cyberoam and password cyber. View amount of network traffic generated by various applications from Traffic Discovery Connections Application wise 4. Configure for User name based monitoring As Cyberoam monitors and logs user activity based on IP address, all the reports generated are also IP address based. To monitor and log user activities based on User names, you have to configure Cyberoam for integrating user information and authentication process. Integration will identify access request based on User names and generate reports based on Usernames. If your Network uses Active Directory Services, configure Cyberoam to communicate your ADS. Refer to Cyberoam ADS Integration guide for more details. If your Network uses LDAP, configure Cyberoam to communicate your LDAP. Refer to Cyberoam LDAP Integration guide for more details. If your Network uses Windows NT Domain Controller, configure for Cyberoam to communicate with Windows Domain Controller. If your Network uses RADIUS, configure for Cyberoam to communicate with RADIUS. Live

PART

14

Cyberoam User Guide

5. Customize Cyberoam creates default firewall rules based on the Internet Access configuration done at the time of installation. You can create additional firewall rules and other policies to meet your organizations requirement. Cyberoam allows you to: 1. Control user based per zone traffic by creating firewall rule. Refer to Firewall for more details. 2. Control individual user surfing time by defining Surfing quota policy. Refer to Policy ManagementSurfing Quota policy for more details. 3. Schedule Internet access for individual users by defining Access time policy. Refer to Policy Management-Access time policy for more details. 4. Control web access by defining Internet Access policy. Refer to Policy Management-Internet Access policy for more details. 5. Allocate and restrict the bandwidth usage by defining Bandwidth policy. Refer to Policy ManagementBandwidth policy for more details. 6. Limit total as well as individual upload and/or download data transfer by defining data transfer policy. Refer Data transfer policy for more details.

15

Cyberoam User Guide

Dashboard
Cyberoam displays Dashboard as soon as you logon to the Web Admin Console. Dashboard provides a quick and fast overview of all the important parameters of Cyberoam appliance that requires special attention such as password, access to critical security services, system resources usage, IDP alerts, and notifications of subscription expirations etc. are displayed. Dashboard page is completely customizable. Minimize or reposition each section (System Information, License Information, Gateway status information, Usage summary etc.) by dragging and dropping. Each section has an icon associated with it for easy recognition when minimized. Optionally click Reset to restore the default dashboard setting. Customizable Dashboard allows to place the sections that are pertinent to the user and requires special attention for managing Cyberoam on the top and the information used less often moved to the bottom. Available sections on Dashboard are as follows: Alert Messages Appliance Information License Information Installation Information. Use Check for Upgrades link to check for the upgrade availability. HTTP Traffic Analysis User Surfing pattern Usage Summary Recent Mail Viruses detected Recent HTTP and FTP Viruses detected System Resources System Status DoS attack status Recent IDP Alerts Gateway status Dashboard displays following Alerts: The default Web Admin Console password has not been changed. Default Telnet Console password is not changed. <Service name(s)> base management is allowed from WAN. This is not a secure configuration. We recommend to use a good password. Your Cyberoam Appliance is not registered. <module name(s)> modules will expire within 5/10/20 days. Be sure to buy the subscription to stay protected. <module name(s)> module(s) expired

Note
Use F10 key to return to Dashboard from any of the pages

16

Cyberoam User Guide

Screen - Dashboard

17

Cyberoam User Guide

Management
Setting up Zones

A Zone is a logical grouping of ports/physical interfaces and/or virtual subinterfaces if defined. Zones provide flexible layer of security for the firewall. With the zone-based security, the administrator can group similar ports and apply the same policies to them, instead of having to write the same policy for each interface.

Default Zones Types

LAN Depending on the appliance in use and on your network design, Cyberoam allows to group one to six physical ports in this zone. Group multiple interfaces with different network subnets to manage them as a single entity. Group all the LAN networks under this zone. By default the traffic to and from this zone is blocked and hence the highest secured zone. However, Cyberoam allows traffic between the ports belonging to the same zone. DMZ (DeMilitarized Zone) - This zone is normally used for publicly accessible servers. Depending on the appliance in use and on your network design, Cyberoam allows to group one to five physical ports in this zone. WAN Zone used for Internet services. It can also be referred as Internet zone. Local - Entire set of physical ports available on the Cyberoam appliance including their configured aliases are grouped in LOCAL zone. In other words, IP addresses assigned to all the ports fall under the LOCAL zone.

Cyberoam provides single zone of each type. These are called System Zones. Administrator can add LAN and DMZ zone types. By default, entire traffic except LAN to Local zone service likes Administration, Authentication and Network is blocked.

PART

18

Cyberoam User Guide

Create Zone
Select System Zone Create to open the create page

Screen - Create Zone

Screen Elements Create Zone Zone Name Zone Type

Description Specify name of the Zone Select zone type LAN Depending on the appliance in use and on your network design, Cyberoam allows to group one to six physical ports in this zone. Group multiple interfaces with different network subnets to manage them as a single entity. Group all the LAN networks under this zone By default the traffic to and from this zone is blocked and hence the highest secured zone. DMZ (DeMilitarized Zone) - This zone is normally used for publicly accessible servers. Depending on the appliance in use and on your network design, Cyberoam allows to group one to five physical ports in this zone. WAN Zone for the Internet services. Only one WAN zone is allowed, hence additional WAN zones cannot be created. Multiple LAN is not possible if Cyberoam is placed deployed as Bridge Click the port to be included in from the Available Port(s) list and click to move to the Member Port(s) list. Selected port will be the member of the zone. Virtual Interfaces will also be available for selection if defined. Specify zone description Saves the configuration and creates zone Table Create Zone

Select Port

Description Create button

19

Cyberoam User Guide

Setting up Users
Define Authentication
Cyberoam provides policy-based filtering that allows defining individual filtering plans for various users of your organization. You can assign individual policies to users (identified by IP address), or a single policy to number of users (Group). Cyberoam detects users as they log on to Windows domains in your network via client machines. Cyberoam can be configured to allow or disallow users based on username and password. In order to use User Authentication, you must select at least one database against which Cyberoam should authenticate users. Cyberoam supports user authentication against: an Active Directory an Windows NT Domain controller an LDAP server an RADIUS server an internal database defined in Cyberoam To filter Internet requests based on policies assigned, Cyberoam must be able to identify a user making a request. When the user attempts to access, Cyberoam requests a user name and password and authenticates the user's credentials before giving access. User level authentication can be performed using the local user database on the Cyberoam, an External ADS server, RADIUS server, LDAP or Windows NT Domain Controller. For external authentication, integrate Cyberoam with ADS, LDAP or Windows NT Domain Controller. If your network uses an Active Directory service, configure Cyberoam to communicate with ADS. If your network uses a Windows Domain controller, configure Cyberoam to communicate with Domain controller. If your Network uses LDAP, configure Cyberoam to communicate with LDAP server. If your Network uses RADIUS server, configure Cyberoam to communicate with RADIUS server. Cyberoam can prompt for user identification if your network does not use Windows environment.

Cyberoam Authentication
It is necessary to create users and groups in Cyberoam if installed Non PDC environment. Before users log on to Cyberoam, Administrator has to create all the users in Cyberoam, assign them to a Group and configure for Cyberoam authentication. Refer to Define Group and Define User for details on creating groups and users. When user attempts to log on, Cyberoam authenticates user.

20

Cyberoam User Guide

Select User

Authentication Settings to open configuration page

Screen Cyberoam Authentication

Screen Elements

Description

Configure Authentication & Integration parameters Integrate with Select Cyberoam as the authentication server Default Group Allows to select default group for users Click Default Group list to select Updates and saves the configuration

Update button

Table Cyberoam Authentication screen elements

21

Cyberoam User Guide

Define User
User
Users are identified by an IP address or a user name and assigned to a group. All the users in a group inherit all the group policies. Refer to Policy Management to define new policies.

User types
Cyberoam supports three types of Users: 1. Normal 2. Clientless 3. Single Sign on Normal User has to logon to Cyberoam. Requires Cyberoam client (client.exe) on the User machine or user can use HTTP Client component and all the policy-based restriction can be applied. Clientless Does not require Cyberoam client component (client.exe) on the User machines. Symbolically represented as User name (C) Single Sign On If User is configured for Single Sign On, whenever User logs on to Windows, he/she is automatically logged to the Cyberoam. Symbolically represented as User name (S) Use the given decision matrix below to decide which type of the user should be created.

Decision matrix for creation of User

Feature User Login required Type of Group Normal Clientless Apply Login restriction Apply Surfing Quota policy Apply Access Time policy Apply Bandwidth policy Apply Internet Access policy Apply Data Transfer policy Normal User Yes Yes No Yes Yes Yes Yes Yes Yes Clientless User No No Yes Yes No No Yes Yes No Single Sign on User No Yes No Yes No No Yes Yes Yes

Table - Create User - Decision matrix

22

Cyberoam User Guide

Add a User
Prerequisite Group created for Normal Users only Select User User Add User to open add user page

Screen - Add User

Screen Elements User Information Name Username Password Confirm Password

Description Specify name of the User Specify a name that uniquely identifies user & used for logging Specify Password Specify password again for conformation Should be same as typed in the Password field Displays Authentication Server IP Address

Windows Domain Controller Only if Authentication is done by Windows NT Domain Controller User Type

Specify the user group type. Depending on user group type default web console access control will be applied. Refer to Web console Authorization and Access control for more details. Available option: Administrator, Manager, User Click User type list to select

23

Cyberoam User Guide

Number of simultaneous login(s) allowed OR Unlimited

Refer to Add Clientless User on how to create clientless user Customize the maximum number of concurrent logins allowed to the user Specify number of concurrent logins allowed to the user OR Allows unlimited concurrent logins to the user The setting specified will override the setting specified in client preference. For example, If in Client preferences, the number of concurrent logins allowed is 5 and here you have specified 3, then this particular user will be allowed to login from 3 machines concurrently and not from 5 machines.

Group Information Group

Specify in Group in which user is to be added. User will inherit all the group policies. Click Group list to select Open a new Window and displays details of the selected Group Refer to View Group details table for more details

View details link

Login Restriction Select any one option

Allows to apply login restriction Available options 1) All Nodes Allows Users to login from all the nodes in the network 2) Group Nodes only Allows Users to login only from the nodes assigned to the group 3) Selected Nodes only Allows Users to login from the selected nodes only. Refer to Apply Login Node Restriction for details. Nodes from which the User is allowed login can be specified after creating the user also. Click to select Allows to enter personal details of the user

Personal details link Personal information Only if Personal details link is clicked Birth date Specify date of birth of user

Email Add button

Click Calendar to select date Specify Email Id of User Adds user Click to add Opens a new page and displays the user details for reviewing. Review details before adding to make sure details entered are correct. Click to review Click Submit to add user Table - Add User screen elements

Review button

24

Cyberoam User Guide View Group details table Screen Elements Group name Surfing Quota policy Access Time policy Internet Access policy Bandwidth policy Data transfer policy Allotted time (HH:mm) Expiry date Used minutes Description Displays name of the Group Displays name of the Surfing Quota policy assigned to the group Displays name of the Access Time policy assigned to the group Displays name of the Internet Access policy assigned to the group Displays name of the Bandwidth policy assigned to the group Displays name of the Data Transfer policy assigned to the group Displays total allotted surfing time to User Displays User policy Expiry date Displays total time used by the user in minutes At the time of creation of user, it will be displayed as 0:0 Closes window

Close button

Table - View Group details screen elements Apply Login Node Restriction

Screen Elements Select Node(s) button Only if the option Selected Node(s) Only is selected Logon Pool name

Description Opens a new page and allows to select the node Click to select the Node for restriction Logon Pool from which the Node/IP address is to be added Click Logon Pool name list to select Selects the Node Multiple nodes can also be selected Click to apply restriction Cancels the current operation Table - Apply Login Node Restriction screen elements

Select

OK button Cancel button

25

Cyberoam User Guide

Add Clientless users

Clientless Users are the Users who can bypass Cyberoam Client login to access resources. It is possible to add a single clientless user as well as more than one clientless user at a time. When you add multiple clientless users, users are represented by IP addresses and not by the name.

Add multiple clientless users

Creates Clientless users with given IP addresses as their username. Change the Username of the clientless users if required. Prerequisite Clientless Group created Select User Clientless Users Add Multiple Clientless Users to open create user page

Screen - Add multiple Clientless users

Screen Elements Host Group Details Host Group name Is Host Group public

Description Specify name of Logon Pool Public IP address is routable over the Internet and do not need Network Address Translation (NAT) Click to Select, if IP addresses assigned to the Users are public IP addresses By default, group bandwidth policy is applied to the user but you can override this policy. Specify Bandwidth Policy to be applied.

Bandwidth policy

26

Cyberoam User Guide Click Bandwidth Policy list to select Click View details link to view details of the policy Specify full description Specify range of IP Address that will be used by Users to login Specify Machine name Specify Group in which User is to be added Click Group list to select Adds multiple Clientless Users Table - Add multiple Clientless users screen elements

Description Machine details From To Machine name Select Group Group

Create button

Add single Clientless user

Prerequisite Group created Logon Pool created Select User Clientless Users Add Single Clientless User to open create user page

Screen - Add single Clientless user

Screen Elements User Information Name Username Activate on Creation

Description Specify name of the User Specify a unique name used for logging Specifies whether user should be logged in automatically after registration Options:

27

Cyberoam User Guide Yes Automatically logs in as soon as registered successfully i.e. becomes a live user No User is registered but is in De-active mode. Activate user before first log in. Refer to Activate Clientless User for more details User type Displays User type User Group Information Group Specify Group in which User is to be added Click Group list to select Open a new window and displays details of the selected group Click to view details Login Restriction Allowed Login from IP Address Specifies IP address from where User can login Click Select Node, opens a new window and allows to select IP Address Refer to Select Node table for more details Personal details link Allows to enter the personal details of the user Personal information Only if Personal details link is clicked Birth date Specify date of birth of User Use Popup Calendar to enter date Specify Email Id of User Registers a clientless user Cancels current operation Table - Create single Clientless user screen elements
Select Node table

View details link

Email Register Cancel button

Screen Elements Logon Pool name

Description Allows to select the Logon Pool Click Logon Pool name list to select Selects the Node User will be allowed to login from the selected node only. Click to apply login restriction Closes window Table - Select Node screen elements

Select Apply Restriction button

Close button

NOTE
Duplicate Usernames cannot be created Make sure that subnets or individually defined IP addresses do not overlap Create Group before assigning it to a User. Refer to Create Groups to create new groups

28

Cyberoam User Guide

Setting up Groups
Group
Group is a collection of users having common policies and a mechanism of assigning access of resources to a number of users in one operation/step. Instead of attaching individual policies to the user, create group of policies and simply assign the appropriate Group to the user and user will automatically inherit all the policies added to the group. This simplifies user configuration. A group can contain default as well as custom policies. Various policies that can be grouped are: 1. Surfing Quota policy which specifies the duration of surfing time and the period of subscription 2. Access Time policy which specifies the time period during which the user will be allowed access 3. Internet Access policy which specifies the access strategy for the user and sites 4. Bandwidth policy which specifies the bandwidth usage limit of the user 5. Data Transfer policy which specifies the data transfer quota of the user Refer to Policy Management for more details on various policies.

Group types
Two types of groups: 1. Normal 2. Clientless Normal A user of this group need to logon to Cyberoam using the Cyberoam Client to access the Internet Clientless A user of this group need not logon to Cyberoam using the Cyberoam Client to access the Internet. Access control is placed on the IP address. Symbolically represented as Group name (C) Use the below given decision matrix to decide which type of group will best suited for your network configuration.

Decision matrix for creation of Group

Feature Logon into Cyberoam required Type of User Normal Clientless Apply Login restriction Apply Surfing Quota policy Apply Access Time policy Apply Bandwidth policy Apply Internet Access policy Apply Data transfer policy Normal Group Yes Yes No Yes Yes Yes Yes Yes Yes Clientless Group No No Yes No No No Yes Yes No

Table - Group creation - Decision matrix

29

Cyberoam User Guide

Add a New Group

Prerequisite All the policies which are to be added to the Group are created Logon Pool created if login is to be restricted from a particular Node/IP Address Select Group Add Group to open add group page

Screen - Create Group

Screen Elements Create Group Group name Group type

Description Specify Group name. Choose a name that best describes the Group. Specify type of Group Click Group type to select Select Normal if Group members are required to log on using Cyberoam Client Select Clientless if Group members are not required to log on using Cyberoam Client Specify Surfing Quota Policy for Group Click Surfing Quota Policy list to select By default, Unlimited policy is assigned to the Clientless Group type Refer to Surfing Quota Policy for more details Specify Access Time policy for Group Click Access Time Policy list to select

Surfing Quota Policy Only if Group type is Normal

Access Time Policy Only if Group type

30

Cyberoam User Guide is Normal By default, Unlimited policy is assigned to Clientless Group type Refer to Access Time Policy for more details Specify Internet Access policy for Group Click Internet Access policy list to select Refer Internet Access policy for details Specify Bandwidth Policy for Group Click Bandwidth Policy list to select Refer Bandwidth Policy for details Specify data transfer policy for Group Click Data Transfer policy list to select Refer Data Transfer Policy for details Authentication Session timeout is the number of minutes that an authenticated connection can be idle before the user must authenticate again. Click to enable session timeout on per-group basis. By default, this option is disabled. The minimum timeout that can be configured is 3 minutes and maximum is 1440 minutes (24 hours) Login Restriction Select any one option Apply login restriction if required for the users defined under the Group Available options 1) Allowed login from all nodes Allows Users defined under the Group to login from all the nodes 2) Allowed login from the selected nodes Allow Users defined under the Group to login from the selected nodes only.

Internet policy

Access

Bandwidth Policy

Data Transfer policy Only if Group type is Normal

User Authentication Session time out

Specifies IP address from where User can login Click Select Node, opens a new window and allows to select IP Address Refer to Select Node table for more details Refer to Apply Login Node restriction for more details Click to select Opens a new page and allows to select the node Click to select the Node

Select Node button Only if Allowed Login from selected node option is selected for Login restriction Create button Cancel button

Creates Group Cancels the current operation and returns to the Manage Group page Table - Create Group screen elements

31

Cyberoam User Guide

Note
It is not necessary to add user at the time of the creation of Group. Users can be added even after the creation the group.

Apply Login Node Restriction

Screen Apply Login Node Restriction

Screen Elements Logon Pool name

Description Logon Pool from which the Node/IP address is to be added Click Logon Pool name list to select User will be allowed to login from the selected nodes only. Click to select Node Multiple nodes can also be selected Applies login restriction and closes the window Click to apply restriction Cancels the current operation

Select

OK button

Cancel button

Table - Apply Login Node Restriction screen elements

32

Cyberoam User Guide

Import AD group (only if Active Directory authentication is implemented)

If Active Directory authentitcation is implemented and Cyberoam is configured to communicate with AD server, Administrator can import user groups created in AD server. Once you have configured and added AD details, select User Authentication Settings and click Import Group Wizard button to import AD groups.

Screen Import Group Wizard Follow the on-screen steps: Step 1. Specify Base DN. Cyberoam will fetch AD groups from the specified Base DN.

33

Cyberoam User Guide

Step 2. Select Groups that are to be imported in Cyberoam. Use <Ctrl> + Click to select multiple groups.

Step 3. Select various policies (Surfing Quota, Access time, Bandwidth, Internet Access and Data transfer) and user authentication time out to be applied on the group members. By default, Attach to all the Groups is enabled, hence Cyberoam will attach same policies to all the imported Groups i.e. common policies across the imported groups. Do not enable Attach to all the Groups for the policy if you want to specify: different policy for all the groups specific policy to all the groups specific policy to a specific group . For example if you want to specify different Internet Access policy to different groups, do not enable Attach to all the Groups

34

Cyberoam User Guide

Screen Define same policy to all the imported Groups

Screen Define different policies to different Groups Step 4. If you have disabled Attach to all the Groups, specify policies to be applied to each group

Screen Define specific policy for a Group

35

Cyberoam User Guide

Step 5. View Results page displays successful message if groups are imported and policies are successfully attached else appropriate error message will be displayed. Once you close the Wizard, Manage Groups page will be opened. All the imported groups are appended at the end of the list.

Screen Groups imported and common policies attached successfully

Screen Groups imported and specific policies attached to specific Group If user is the member of multiple AD groups, Cyberoam will decide the user group based on the order of the groups defined in Cyberoam. Cyberoam searches Group ordered list from top to bottom to determine the user group membership. The first group that matches is considered as the group of the user and that group policies are applied to the user. Re-ordering of groups to change the membership preference is possible using Wizard.

36

Cyberoam User Guide

Firewall
A firewall protects the network from unauthorized access and typically guards the LAN and DMZ networks against malicious access; however, firewalls may also be configured to limit the access to harmful sites for LAN users. The responsibility of firewall is to grant access from Internet to DMZ or Service Network according to the Rules and Policies configured. It also keeps watch on state of connection and denies any traffic that is out of connection state. Firewall rules control traffic passing through the Cyberoam. Depending on the instruction in the rule, Cyberoam decides on how to process the access request. When Cyberoam receives the request, it checks for the source address, destination address and the services and tries to match with the firewall rule. If Identity match is also specified then firewall will search in the Live Users Connections for the Identity check. If Identity (User) found in the Live User Connections and all other matching criteria fulfills then action specified in the rule will be applied. Action can be allow or deny. You can also apply different protection settings to the traffic controlled by firewall: Enable load balancing between multiple links Configure antivirus protection and spam filtering for SMTP, IMAP, POP3, and HTTP traffic. To apply antivirus protection and spam filtering, you need to subscribe for Gateway Anti Virus and Gateway Anti Spam modules individually. Refer to Licensing section for details. Implement Intrusion detection and prevention. To apply IDP policy you need to subscribe for Intrusion Detection and Prevention module. Refer to Licensing section for details. Configure content filtering policies. To apply content filtering you need to subscribe for Web and Application Filter module. Refer to Licensing section for details. Apply bandwidth policy restriction By default, Cyberoam blocks any traffic to LAN.

Default Firewall rules

At the time of deployment, Cyberoam allows to define one of the following Internet Access policies using Network Configuration Wizard: Monitor only General Internet policy Strict Internet policy Default firewall rules for Monitor only IAP 1. Masquerade and Allow entire LAN to WAN traffic for all the authenticated users after applying following policies: Internet Access policy User specific Bandwidth policy User specific Anti Virus & Anti Spam policy Allows SMTP, POP3, IMAP and HTTP traffic without scanning 2. Masquerade and Allow entire LAN to WAN traffic for all the users without scanning SMTP, POP3, IMAP and HTTP traffic

Default firewall rules for General Internet policy IAP 1. Masquerade and Allow entire LAN to WAN traffic for all the authenticated users after applying following policies: Internet Access policy User specific

37

Cyberoam User Guide Bandwidth policy User specific Anti Virus & Anti Spam policy - Scan SMTP, POP3, IMAP and HTTP traffic 2. Masquerade and Allow entire LAN to WAN traffic for all the users after applying following policies: Internet Access policy Applies General Corporate Policy to block Porn, Nudity, AdultContent, URL TranslationSites, Drugs, CrimeandSuicide, Gambling, MilitancyandExtremist, PhishingandFraud, Violence, Weapons categories IDP General policy Anti Virus & Anti Spam policy - Scan SMTP, POP3, IMAP and HTTP traffic Default firewall rules for Strict Internet policy IAP 1. Masquerade and Allow entire LAN to WAN traffic for all the authenticated users after applying following policies: Internet Access policy User specific Bandwidth policy User specific IDP policy General policy Anti Virus & Anti Spam policy - Scan SMTP, POP3, IMAP and HTTP traffic 2. Drop entire LAN to WAN traffic for all the users

Note
Default Firewall rules can be modified as per the requirement but cannot be deleted IDP policy will not be effective until the Intrusion Detection and Prevention (IDP) module is subscribed. Virus and Spam policy will not be effective until the Gateway Anti Virus and Gateway Anti-spam modules are subscribed respectively. If Internet Access Policy is not set through Network Configuration Wizard at the time of deployment, the entire traffic is dropped.

Additional firewall rules can be defined to extend or override the default rules. For example, rules can be created that block certain types of traffic such as FTP from the LAN to the WAN, or allow certain types of traffic from specific WAN hosts to specific LAN hosts, or restrict use of certain protocols such as Telnet to authorized users on the LAN. Custom rules evaluate network traffics source IP addresses, destination IP addresses, User, IP protocol types, and compare the information to access rules created on the Cyberoam appliance. Custom rules take precedence, and override the default Cyberoam firewall rules.

38

Cyberoam User Guide

Create Firewall rule

Previous versions allowed creating firewall rules based on source and destination IP addresses and services but now Cyberoams Identity based firewall allows to create firewall rules embedding user identity into the firewall rule matching criteria. Firewall rule matching criteria now includes: Source and Destination Zone and Host User Service Prior to this version, all the Unified Threat Control policies were to be enabled individually from their respective pages. Now one can attach the following policies to the firewall rule as per the defined matching criteria: Intrusion Detection and Prevention (IDP) Anti Virus Anti Spam Internet Access Bandwidth Management Routing policy i.e. define user and application based routing To create a firewall rule, you should: Define matching criteria Associate action to the matching criteria Attach the threat management policies For example, now you can: Restrict the bandwidth usage to 256kb for the user John every time he logs on from the IP 192.168.2.22 Restrict the bandwidth usage to 1024kb for the user Mac if he logs on in working hours from the IP 192.168.2.22 Processing of firewall rules is top downwards and the first suitable rule found is applied. Hence, while adding multiple rules, it is necessary to put specific rules before general rules. Otherwise, a general rule might allow a packet that you specifically have a rule written to deny later in the list. When a packet matches the rule, the packet is immediately dropped or forwarded without being tested by the rest of the rules in the list. Select Firewall Create Rule

39

Cyberoam User Guide

Screen - Create Firewall rule

Screen Elements Matching Criteria Source

Description Specify source zone and host IP address/network address to which the rule applies. To define host group based firewall rule you need to define host group. Under Select Address, click Create Host Group to define host group from firewall rule itself or from Firewall Host Group Create Under Select Address, click Add Host to define host group from firewall rule itself rule itself or from Firewall Host Add Host

Check Identity (Only if source

Check identity allows you to check whether the specified user/user group from the selected zone is allowed the access of the selected service or not.

40

Cyberoam User Guide zone LAN/DMZ) is Click Enable to check the user identity. Enable check identity to apply following policies per user: Internet Access policy for Content Filtering (Users Internet access policy will be applied automatically but will not be effective till the Web and Application Filtering module is subscribed) Schedule Access IDP (Users IDP policy will be applied automatically but will not be effective till the IDP module is subscribed) Anti Virus scanning (Users anti virus scanning policy will be applied automatically but it will not be effective till the Gateway Anti Virus module is subscribed) Anti Spam scanning (Users anti spam scanning policy will be applied automatically but it will not be effective till the Gateway Anti Spam module is subscribed) Bandwidth policy - Users bandwidth policy will be applied automatically policy selected in the Route through Gateway field is the static routing policy that is applicable only if more then one gateway is defined and used for load balancing. limit access to available services. Specify destination zone and host IP address /network address to which the rule applies. Under Select Address, click Create Host Group to define host group from firewall rule itself or from Firewall Host Group Create Under Select Address, click Add Host to define host group from firewall rule itself rule itself or from Firewall Host Add Host Services represent types of Internet data transmitted via particular protocols or applications. is if is as Select service/service group to which the rule applies. Under Select Here, click Create Service Group to define service group from firewall rule itself rule itself or from Firewall Service Create Service Group Cyberoam provides several standard services and allows creating the custom services also. Under Select Here, click Create Service to define service from firewall rule itself rule itself or from Firewall Service Create Service

Destination

Service/Service group (This option not available virtual host configured Destination host)

Protect by configuring rules to block services at specific zone limit some or all users from accessing certain services allow only specific user to communicate using specific service Apply Schedule Select Schedule for the rule Firewall Action When Criteria Match Action Select rule action

41

Cyberoam User Guide

Accept Allow access Drop Silently discards Reject Denies access and ICMP port unreachable message will be sent to the source When sending response it might be possible that response is sent using a different interface than the one on which request was received. This may happen depending on the Routing configuration done on Cyberoam. For example, If the request is received on the LAN port using a spoofed IP address (public IP address or the IP address not in the LAN zone network) and specific route is not defined, Cyberoam will send a response to these hosts using default route. Hence, response will be sent through the WAN port. Select the NAT policy to be applied It allows access but after changing source IP address i.e. source IP address is substituted by the IP address specified in the NAT policy. You can create NAT policy from firewall rule itself or from Firewall Policy Create This option is not available if Cyberoam is deployed as Bridge Advanced Settings Click to apply different protection settings to the traffic controlled by firewall. You can: Enable load balancing and failover when multiple links are configured. Applicable only if Destination Zone is WAN Configure antivirus protection and spam filtering for SMTP, IMAP, POP3, and HTTP policies. To apply antivirus protection and spam filtering, you need to subscribe for Gateway Anti Virus and Gateway Anti Spam modules individually. Refer to Licensing section for details. Implement Intrusion detection and prevention. To apply IDP policy you need to subscribe for Intrusion Detection and Prevention module. Refer to Licensing section for details. Configure content filtering policies. To apply content filtering you need to subscribe for Web and Application Filter module. Refer to Licensing section for details. Apply bandwidth policy Policy Settings IDP Policy Select IDP policy for the rule. To use IDP, you have to subscribe for the module. Refer to Licensing for more details. Refer to IDP, Policy for details on creating IDP policy Select Internet access policy for the rule. One can apply IAP on LAN to WAN rule only. Internet Access policy controls web access. Refer to Policies, Internet Access Policy for details on creating Internet Access policy. Select Bandwidth policy for the rule. Only the Firewall Rule based Bandwidth policy can be applied. Bandwidth policy allocates & limits the maximum bandwidth usage of the user. Refer to Policies, Bandwidth Policy for details on creating Bandwidth policy. Select routing policy NAT

Apply NAT (Only if Action is ACCEPT)

Internet Policy

Access

Bandwidth Policy

Route

Through

42

Cyberoam User Guide Gateway Can be applied only if more than one gateway is defined. This option is not available if Cyberoam is deployed as Bridge Refer to Multiple Gateway Implementation Guide for more details. Virus & Spam Settings Scan Protocol(s) Click the protocol for which the virus and spam scanning is to be enabled By default, HTTP scanning is enabled. To implement Anti Virus and Anti Spam scanning, you have to subscribe for the Gateway Anti Virus and Anti Spam modules individually. Refer to Licensing for more details. Refer to Anti Virus Implementation Guide and Anti Spam Implementation Guide for details. Log Traffic Log Traffic Click to enable traffic logging for the rule i.e. traffic permitted and denied by the firewall rule. Make sure, firewall rule logging in ON/Enable from the Logging Management. Refer to Cyberoam Console Guide, Cyberoam Management for more details. To log the traffic permitted and denied by the firewall rule, you need to ON/Enable the firewall rule logging from the Web Admin Console Firewall rule and from the Telnet Console Cyberoam Management. Refer to Cyberoam Console Guide for more details. Refer to Appendix B - Network Traffic Logging Entry for more details. Description Description Save button Specify full description of the rule Saves the rule Table - Create Firewall rule screen elements

Manage Firewall
Use to: Enable/disable SMTP, POP3, IMAP, FTP and HTTP scanning Deactivate rule Delete rule Change rule order Append rule (zone to zone) Insert rule Select display columns

Note
From this version i.e. 9.5.3.07, Cyberoam does not support of DNAT policy. On upgrading to this version, Cyberoam will preserve all the DNAT policy but will not allow to modify them. This will not affect functioning of Cyberoam. To stop the usage of DNAT policy: 1. Create Virtual host to forward the request i.e. for the same service/server for which DNAT policy is created 2. Create firewall rule for Virtual host 3. Delete firewall rule for DNAT policy

43

Cyberoam User Guide

Firewall rule for Virtual host will take precedence if firewall rule for DNAT policy is not deleted.

Select Firewall

Manage Firewall to display the list of rules

Last Action Status

Schedule Enable/Disable Screen components Edit Inser Delete

Mov

Append Rule button - Click to add zone to zone rule Select Column button Click to customize the number of columns to be displayed on the page Subscription icon - Indicates subscription module. To implement the functionality of the subscription module you need to subscribe the respective module. Click to open the licensing page. Enable/Disable rule icon - Click to activate/deactive the rule. If you do not want to apply the firewall rule temporarily, disable rule instead of deleting. Green Active Rule Red Deactive Rule Edit icon Insert icon details. Move icon details. Delete icon - Click to edit the rule. Refer to Edit Firewall rule for more details. - Click to insert a new rule before the existing rule. Refer to Define Firewall Rule for more - Click to change the order of the selected rule. Refer to Change the firewall rule order for - Click to delete the rule. Refer to Delete Firewall Rule for more details.

- Virtual host. It is the loopback firewall rule automatically created for virtual host.

Update Rule
Select Firewall Manage Firewall to view the list of rules. Click the rule to be modified.

44

Cyberoam User Guide

Screen- Edit Firewall Rule

Screen Elements Matching Criteria Source

Description Displays source zone and host IP address /network address to which the rule applies. Zone Type cannot be modified Modify host/network address if required To define host group based firewall rule you need to define host group. Under Select Address, click Create Host Group to define host group from firewall rule itself or from Firewall Host Group Create Under Select Address, click Add Host to define host group from firewall rule itself rule itself or from Firewall Host Add Host

45

Cyberoam User Guide Check Identity (Only if source zone is LAN or DMZ) Destination Check identity allows you to check whether the specified user/user group from the selected zone is allowed the access of the selected service or not. Click Enable to check the user identity Displays destination zone and host IP address /network address to which the rule applies. Zone Type cannot be modified Modify host/network address if required. To define host group based firewall rule you need to define host group. Under Select Address, click Create Host Group to define host group from firewall rule itself or from Firewall Host Group Create Under Select Address, click Add Host to define host group from firewall rule itself rule itself or from Firewall Host Add Host Services represent types of Internet data transmitted via particular protocols or applications. is if is as Displays service/service group to which the rule applies, modify if required Under Select Here, click Create Service Group to define service group from firewall rule itself rule itself or from Firewall Service Create Service

Service/Service group (This option not available virtual host configured Destination host)

Cyberoam provides several standard services and allows creating the custom services also. Under Select Here, click Create Service to define service from firewall rule itself rule itself or from Firewall Service Create Service

Protect by configuring rules to block services at specific zone limit some or all users from accessing certain services allow only specific user to communicate using specific service Apply Schedule Displays rules schedule, modify if required Firewall Action When Criteria Match Action Displays rule action, modify if required Accept Allow access Drop Silently discards i.e. without sending ICMP port unreachable message to the source Reject Denies access and sends ICMP port unreachable message to the source Displays the NAT policy applied to the rule, modify if required It allows access but after changing source IP address i.e. source IP address is substituted by the specified IP address in the NAT policy. You can create NAT policy from firewall rule itself or from Firewall Policy Create This option is not available if Cyberoam is deployed as Bridge NAT

Apply NAT (Only if Action is ACCEPT)

46

Cyberoam User Guide Advanced Settings Click to apply different protection settings to the traffic controlled by firewall. You can: Enable load balancing between multiple links Configure antivirus protection and spam filtering for SMTP, IMAP, POP3, and HTTP policies Apply bandwidth policy Configure content filtering policies Policy Settings IDP Policy Displays IDP policy for the rule, modify if required To use IDP, you have to subscribe for the module. Refer to Licensing for more details. Refer to IDP, Policy for details on creating IDP policy Displays Internet access policy for the rule, modify if required Internet Access policy controls web access. Refer to Policies, Internet Access Policy for details on creating Internet Access policy. Displays Bandwidth policy for the rule, modify if required. Only the Firewall Rule based Bandwidth policy can be applied. Bandwidth policy allocates & limits the maximum bandwidth usage of the user. Refer to Policies, Bandwidth Policy for details on creating Bandwidth policy. Displays routing policy, modify if required Can be applied only if more than one gateway is defined. This option is not available if Cyberoam is deployed as Bridge Refer to Multiple Gateway Implementation Guide for more details. Virus & Spam Settings Scan Protocol(s) Displays protocols for which the virus and spam scanning is to be enabled, modify if required By default, HTTP scanning is enabled. To implement Anti Virus and Anti Spam scanning, you have to subscribe for the Gateway Anti Virus and Anti Spam modules individually. Refer to Licensing for more details. Refer to Anti Virus Implementation Guide and Anti Spam Implementation Guide for details. Click to enable traffic logging for the rule Make sure, firewall rule logging in ON/Enable from the Logging Management. Refer to Cyberoam Console Guide, Cyberoam Management for more details. To log the traffic permitted and denied by the firewall rule, you need to ON/Enable the firewall rule logging from the Web Admin Console Firewall rule and from the Telnet Console Cyberoam Management. Refer to Cyberoam Console Guide for more details. Refer to Appendix B - Network Traffic Logging Entry for more details. Displays full description of the rule, modify if required Saves the rule Table Edit Firewall Rule

Internet Access Policy (Only if source zone is LAN)

Bandwidth Policy

Route Through Gateway

Log Traffic

Description Save button

47

Cyberoam User Guide

Change Firewall Rule order

Rule order defines the rule processing priority. When the rules are applied, they are processed from the top down and the first suitable rule found is applied. Hence, while adding multiple rules, it is necessary to put specific rules before general rules. Otherwise, a general rule might allow a packet that you specifically have a rule written to deny later in the list. When a packet matches the rule, the packet is immediately dropped or forwarded without being tested by the rest of the rules in the list. Select Firewall Manage Firewall against the rule whose order is to be changed

Click the move button

Select Before or After as per the need Click the rule to be moved and then click where it is to be moved. Click Done to save the order

Append rule
Append Rule adds the new rule above the default rules if zone-to-zone rule set exists else append new rule as new zone-to-zone rule set in the end. For example, consider the screen given below. If the new rule is for DMZ to LAN then a new rule set DMZ LAN is created at the end and rule is added to it. If the new rule is for LAN to WAN then rule will be added above Rule ID 4 as Rule ID 3 and ID 4 are default rules. Select Firewall Manage Firewall Rules and click Append Rule

Customize Display Columns

By default, Manage Firewall Rules page displays details of the rule in the following eight columns: ID, Enable, Source, Identity, Destination, Service, Action and Manage. You can customize the number of columns to be displayed as per your requirement.

48

Cyberoam User Guide

Screen Default Screen Display of Manage Firewall Rules page Select Firewall Manage Firewall to open the manage page. Click Select Columns. It opens the new window. Available Columns list displays the columns that can be displayed on the page. Click the required column and use Right arrow button to move the selected column to the Selected Columns list and Click Done

Screen Customized Screen Display of Manage Firewall Rules page

Delete Firewall Rule

Select Firewall Manage Firewall Rules and click the delete icon against the rule to deleted

Screen - Delete Firewall rule

Note
Default rules cannot be deleted or deactivated.

49

Cyberoam User Guide

Host Management
Firewall rule can be created for the individual host or host groups. By default, the numbers of hosts equal to the ports in the appliance are already created.

Create Host Group

Host group is the grouping on hosts. Select Firewall Host Group Create to open the create page

Screen Create Host Group

Screen Elements

Description

Create Host Group Host Group Name Specify host group name Description Specify full description Create button Add a new host. If host group is created successfully, click Add to add hosts to the host group. Host list is displayed for selection. Refer to Manage Host Groups for details. Table Create Host Group screen elements

Manage Host Group

Use to: Add host to Group Remove host from the Group Delete Host Group

Add Host to Host Group

Select Firewall Host Group Manage to view the list of groups created.

50

Cyberoam User Guide Click host group to which host is to be added. Host Group details are displayed. Click Add. Host list displayed. Click Sel against the host to be added Click Add

Remove Host from Host Group

Select Firewall removed Host Group Manage and click host group from which the host is to be

51

Cyberoam User Guide

Screen Remove Host from Host Group

Screen Elements Del

Description Select host to be removed from the group Click Del to select More than one host can also be selected Select all the hosts for deletion Click Select All to select all the hosts Deletes all the selected hosts

Select All

Delete button

Table Remove Host from Host Group screen elements

Delete Host Group

Select Firewall Host Group Manage

Screen Delete Host Group

Screen Elements Del

Description Select host group for deletion Click Del to select More than one group can also be selected Select all the groups for deletion Click Select All to select all the groups Deletes all the selected groups

Select All

Delete button

Table Delete host Group screen elements

52

Cyberoam User Guide

Add Host
Select Firewall Host Add to open the add page

Screen Add Host

Screen Elements Add Host Host Name Host Type Network Select Host Group Create button

Description Specify host name Select host type i.e. single IP address with subnet or range of IP address Specify network address or range of IP address Select host group Add a new host Table Add Host screen elements

Manage Host
Select Firewall Host Manage to view the list of hosts

Screen Delete Host

Screen Elements Del

Description Select host to be deleted Click Del to select More than one host can also be selected Select all the hosts for deletion Click Select All to select all the hosts Deletes all the selected hosts

Select All

Delete button

Table Delete Host screen elements

53

Cyberoam User Guide

Virtual Host
Virtual Host maps services of a public IP address to services on an internal host. Virtual hosts can be used to allow connections through Cyberoam using NAT firewall policies. Virtual hosts use Proxy ARP so that the Cyberoam can respond to ARP requests for public IP address. Cyberoam automatically enables Proxy ARP for the IP addresses belonging to the WAN interface subnet. For example, you can add a virtual host for WAN interface so that the WAN interface can respond to connection requests for users who are actually connecting to a server on the DMZ or LAN. A Virtual host can be a single IP address or an IP address range bound to a Cyberoam interface. When you bind an IP address or IP address range to a Cyberoam interface using a virtual host, the interface responds to ARP requests for the bound IP address or IP address range. Firewall rules to allow servers from the Internet to access a virtual host that maps to internal servers, such as Web servers, Mail servers or FTP servers. You must add the virtual host to a firewall policy to actually implement the mapping configured in the virtual host i.e. create firewall rule that allows or denies inbound traffic to virtual host.

Create Virtual host

Select Firewall Virtual Host Create

Screen Create Virtual host

Screen Elements Create Virtual Host Virtual Host Name Public IP Address Type and Public IP Address

Description Specify unique name to identify virtual host Select public IP address type and configure IP address. The configured IP address is mapped to the destination host/network and used as the IP address of the virtual host. Cyberoam automatically enables proxy ARP for the configured

54

Cyberoam User Guide public IP address if it belongs to WAN interface subnet. Available option: Cyberoam IP - Select when any of the Cyberoam Port, Alias or Virtual LAN (VLAN) subinterface is required to be mapped to the destination host or network. IP address - Specified IP address is mapped to a corresponding mapped single or range of IP address. If single IP address is mapped to a range of IP address, Cyberoam uses round robin algorithm to load balance the requests. IP address range - Specified IP address range is mapped to a corresponding range of mapped IP address. The IP range defines the start and end of an address range. The start of the range must be lower than the end of the range. Select mapped IP address type and configure IP address. The public IP address is mapped to the specified IP address. This is the actual private IP address of the host being accessed using the virtual host. Available option: IP address Public IP address is mapped to the specified IP address. IP address range Public IP address range is mapped to the specified IP Address range Select zone of the mapped IP addresses. For example, if mapped IP address represents any internal server then the zone in which server resides physically. By default, LAN zone is configured but can be changed if required. Click Port Forward to enable service port forwarding Following configuration is available only if port forwarding is enabled Select the protocol TCP or UDP that you want the forwarded packets to use Click to specify whether port mapping should be single or range of ports. Specify public port number for which you want to configure port forwarding. Specify mapped port number on the destination network to which the public port number is mapped. Specify description Creates a virtual host

Mapped IP Address Type and Mapped IP Address

Physical Zone of Mapped IP

Port Forward

Description Create button

Once the virtual host is created successfully, Cyberoam automatically creates a loopback firewall rule for the zone of the mapped IP address. For example, if virtual host is created for the WAN mapped IP zone then WAN to WAN firewall rule is created for the virtual host. Firewall rule is created for the service specified in virtual host. If port forwarding is not enabled in virtual host then firewall rule with All Services is created. Check creation of loopback rule from Firewall Manage Firewall. Cyberoam automatically enabled proxy ARP for the public IP address if it belongs to the WAN interface subnet. If proxy ARP is not enabled automatically, message will be displayed to enable proxy ARP manually. Check creation of proxy ARP from Cyberoam Console option of Telnet Console.

55

Cyberoam User Guide

Virtual host restrictions: Virtual host name cannot be same as host or host group name. Public IP address range cannot be mapped with a single Mapped IP address. The number of IP addresses in mapped Public address range and Mapped IP address range must be same. The number of port in mapped Public ports range and Mapped port range must be same. Virtual host with the same pair of Public IP and Port cannot be created. Different virtual hosts can have same public IP address only if port forwarding is enabled for different public port. For example, Virtual_host1 Public IP address - 192.168.1.1 Mapped IP address 10.10.10.12 Port forward Public port 25 Mapped port 35 Virtual_host2 Public IP address - 192.168.1.1 Mapped IP address 10.10.10.1 Port forward Public port 42 Mapped port - 48 Different virtual hosts cannot have same public IP address if port forwarding in enabled in one virtual host and disabled in another virtual host. For example, Cyberoam will not allow you creation of: Virtual_host1 Public IP address - 192.168.1.15 Mapped IP address 10.10.10.1 Virtual_host2 Public IP address - 192.168.1.15 Mapped IP address 10.10.10.2 Port forward Public port 42 Mapped port - 48

56

Cyberoam User Guide

Delete Virtual host

Select Firewall Virtual Host Manage

Screen Delete Virtual Host

Screen Elements Del

Description Select virtual host to be deleted Click Del to select More than one virtual host can also be selected Select all the virtual hosts for deletion Click Select All to select all the virtual hosts Deletes all the selected virtual hosts

Select All

Delete button

Table Delete Virtual host screen elements

Note
Virtual host can be deleted but cannot be updated. On deletion of virtual host, Proxy ARP and loopback firewall rule are deleted automatically. If loopback firewall rule is deleted without deleting virtual host, traffic between virtual host and the zone for in which mapped IP address lies is dropped. If proxy ARP is deleted without deleting virtual host, the service/server for which virtual host is created will become in-accessible as Cyberoam will not know on which Interface the request is to be forwarded.

57

Cyberoam User Guide

Setting up Logon Pools

Logon Pool is a collection of a single IP addresses or range of IP addresses. Add IP addresses/Nodes at the time of creation of Logon Pool or after the creation.

Create a new Logon Pool

Prerequisite Bandwidth policy created Select Group Logon Pool Add Logon Pool

Screen - Create Logon Pool

Screen Elements

Description

Logon Pool Details Logon Pool name Specify name of Logon Pool Is Logon Pool Public IP address is routable over the Internet and do not need Network public Address Translation (NAT) Click to Select, if the IP Addresses assigned to Users are Public IP addresses Specify Bandwidth Policy for Logon Pool Click Bandwidth Policy list to select Click View details link to view details of the policy Specify full description Specify range of IP Address that will be used by Users to login Specify machine name Add a new Logon Pool Table - Add Logon Pool screen elements

Bandwidth policy

Description Machine details From To Machine name Create button

58

Cyberoam User Guide

Traffic Discovery
"Network security" is controlling who can do what on your network. Control is all about detecting and resolving any activity that does not align with your organization's policies. Traffic discovery provides a comprehensive, integrated tool to tackle all your Network issues. It performs network traffic monitoring by aggregating the traffic passing through Cyberoam. It helps in determining the amount of network traffic generated by an application, IP address or user. View your network's traffic statistics, including protocol mix, top senders, top broadcasters, and error sources. Identify and locate bandwidth hogs and isolate them from the network if necessary. Analyze performance trends with baseline data reports. The discovered traffic pattern is presented in terms of Application User LAN IP Address Apart from details of live connections traffic pattern, Cyberoam also provides current dates connection history.

Live Connections report

Application wise
Application wise Live Connections displays list of Applications running on the network currently. It also displays which user is using the application currently and total data transferred using the application. Select Traffic Discovery Live Connections Application wise

Screen Application wise Live connections

59

Cyberoam User Guide

Screen Elements Application Name

Description Applications running on network Click Total Connections to view the connection details for selected Application. Refer to Connection details for selected Application Click to view list of Users using respective Applications

Click Total Connections to view the connection details for selected Application. Refer to Connection details for selected Application to view WAN IP Address wise Connection details for selected Click Application to view Destination Port wise Connection details for selected Click Application Data Transfer details Upload Transfer Download Transfer Upstream Bandwidth (Kbit/sec) Downstream Bandwidth (Kbits/sec) Connection Details Total Connections Displays data uploaded using the Application Displays data downloaded using the Application Displays upstream bandwidth used by Application Displays downstream bandwidth used by Application

Displays number of connections initiating/requesting the Application Click to view the connection details for the respective Application for each connection Displays number of connections initiated by LAN IP Address for the Application Displays number of connections initiated by WAN IP Address for the Application

LAN Initiated WAN Initiated

Table Application wise Live connections screen elements

Connection details for selected Application

Report columns Established Time LAN IP Address LAN PORT WAN IP Address WAN PORT Direction Upload Transfer

Description Time when connection was established LAN IP Address from which the connection for the application was established LAN port through which connection was established for the application WAN IP Address to which connection was established WAN port to which connection was established for the application Traffic direction Data uploaded using the Application

60

Cyberoam User Guide Download Transfer Upstream Bandwidth Downstream Bandwidth Data downloaded using the Application Upstream bandwidth used by Application Downstream bandwidth used by Application

Connection details for selected LAN IP Address and Application

Report columns Established Time LAN IP Address LAN Port WAN IP Address WAN Port Direction Upload Transfer Download Transfer Upstream Bandwidth Downstream Bandwidth

Description Time when connection was established LAN IP Address from which the connection for the application was established LAN port through which connection was established for the application WAN IP Address to which connection was established WAN port to which connection was established for the application Traffic direction Data uploaded using the Application Data downloaded using the Application Upstream bandwidth used by Application Downstream bandwidth used by Application

WAN IP Address wise Connection details for selected Application

Report columns WAN IP Address Total Connections LAN Initiated WAN Initiated Upload Transfer Download Transfer Upstream Bandwidth Downstream Bandwidth

Description WAN IP Addresses to which Connection was established by the selected Application Number of connections established to the WAN IP Address Number of connections initiated from LAN Number of connections initiated from WAN Data uploaded during the connection Data downloaded during the connection Upstream bandwidth used by Application Downstream bandwidth used by Application

61

Cyberoam User Guide

Destination Port wise Connection details for selected Application

Report columns Destination Port Total Connections LAN Initiated WAN Initiated Upload Transfer Download Transfer Upstream Bandwidth Downstream Bandwidth

Description Destination ports to which Connection was established by the selected Application Number of connections established through the destination port Number of connections initiated from LAN Number of connections initiated from WAN Data uploaded during the connection Data downloaded using the connection Upstream bandwidth used by Application Downstream bandwidth used by Application

User wise
User wise Live Connections displays which user is using which Application and is consuming how much bandwidth currently. Select Traffic Discovery Live Connections User wise

Screen User wise Live connections

Screen Elements User Name

Description Network Users requesting various Applications Click Total Connections to view the connection details for selected User. Click to view list of Applications used by the respective users

Click Total Connections to view the connection details for selected User

62

Cyberoam User Guide and Application Click User Click User Data Transfer details Upload Transfer Download Transfer Upstream Bandwidth (Kbit/sec) Downstream Bandwidth (Kbits/sec) Connection Details Total Connections to view WAN IP Addresses wise Connection details for selected

to view Destination ports wise Connection details for selected

Displays data uploaded by the User Displays data downloaded by the User Displays upstream bandwidth used by User Displays downstream bandwidth used by User

Displays number of connections initiated by the User Click to view connection details initiated by the User for each connection Displays number of connections initiated from LAN IP Address by the User Displays number of connections initiated from WAN IP Address by the User

LAN Initiated WAN Initiated

Table User wise Live connections screen elements

LAN IP Address wise

LAN IP Address wise Live Connections displays list of Applications currently accessed by LAN IP Address. Select Traffic Discovery Live Connections LAN IP Address wise

Screen LAN IP Address wise Live connections

Screen Elements LAN IP Address

Description LAN IP Address requesting various Applications Click Total Connections to view the connection details for selected LAN

63

Cyberoam User Guide IP Address. to view list of Applications requested by the respective LAN IP Click Address Click Total Connections to view the connection details for selected LAN IP Address and Application to view WAN IP Addresses wise Connection details for selected Click LAN IP Address to view Destination ports wise Connection details for selected Click LAN IP Address Data Transfer details Upload Transfer Download Transfer Upstream Bandwidth (Kbit/sec) Downstream Bandwidth (Kbits/sec) Connection Details Total Connections Displays data uploaded from the LAN IP Address Displays data downloaded from the LAN IP Address Displays upstream bandwidth used by LAN IP Address Displays downstream bandwidth used by the LAN IP Address

Displays number of connections initiated by the LAN IP Address Click to view connection details initiated by the LAN IP Address for each connection Displays number of connections initiated from LAN IP Address Displays total number of connections initiated from WAN IP Address

LAN Initiated WAN Initiated

Table LAN IP Address wise Live connection screen elements Apart from the live connection details, details of the connections that are closed can be also be viewed. The details for all the connections that are closed during last 24 hours are shown. You can also select the history duration.

64

Cyberoam User Guide

Todays Connection History

Application wise
It displays list of Applications accessed during the selected duration and by user and/or LAN IP Address. Select Traffic Discovery Todays Connection History Application wise

Screen Todays Connection History Application wise

Screen Elements

Description

Select Start time and Stop time Start time & Stop time Select the history duration Refresh Data button Click to refresh the data after the start time or stop time is changed to get the latest data Application Name Applications running on network Click Total Connections to view the connection details for selected Application. Refer to Connection details for selected Application Click to view list of users using respective Applications

Click Total Connections to view the connection details for selected LAN IP Address and Application. Refer to Connection details for selected LAN IP Address and Application to view WAN IP Address wise Connection details for selected Click Application to view Destination Port wise Connection details for selected Click Application Data Transfer details Upload Transfer Download Transfer Upstream Bandwidth (Kbit/sec) Downstream Bandwidth (Kbits/sec) Connection Details Total Connections Displays data uploaded using the Application Displays data downloaded using the Application Displays upstream bandwidth used by Application Displays downstream bandwidth used by Application

Displays number of connections initiating/requesting the Application

65

Cyberoam User Guide Click to view the connection details for the respective Application for each connection Displays number of connections initiated by LAN IP Address for the Application Displays number of connections initiated by WAN IP Address for the Application Table Todays Connection History Application screen elements

LAN Initiated WAN Initiated

User wise
It displays list of Users who has logged on to network during the selected duration and accessed which applications. Select Traffic Discovery Todays Connection History User wise

Screen Todays Connection History User wise

Screen Elements

Description

Select Start time and Stop time Start time & Stop time Select the history duration Refresh Data button Click to refresh the data after the start time or stop time is changed to get the latest data User Name Network Users requesting various Applications Click Total Connections to view the connection details for selected User. Click to view list of Applications used by the respective users

Click Total Connections to view the connection details for selected User and Application Click User to view WAN IP Addresses wise Connection details for selected

66

Cyberoam User Guide Click User Data Transfer details Upload Transfer Download Transfer Upstream Bandwidth (Kbit/sec) Downstream Bandwidth (Kbits/sec) Connection Details Total Connections to view Destination ports wise Connection details for selected

Displays data uploaded by the User Displays data downloaded by the User Displays upstream bandwidth used by User Displays downstream bandwidth used by User

Displays number of connections initiated by the User Click to view connection details initiated by the User for each connection Displays number of connections initiated from LAN IP Address by the User Displays number of connections initiated from WAN IP Address by the User

LAN Initiated WAN Initiated

Table Todays Connection History User wise screen elements

LAN IP Address wise

It displays list of Applications accessed during the selected duration by each LAN IP Address. Select Traffic Discovery Todays Connection History LAN IP Address wise

Screen Todays Connection History LAN IP Address wise

Screen Elements

Description

Select Start time and Stop time Start time & Stop time Select the history duration Refresh Data button Click to refresh the data after the start time or stop time is changed to get the latest data LAN IP Address LAN IP Address requesting various Applications Click Total Connections to view the connection details for selected LAN IP Address. Click to view list of Applications requested by the respective LAN IP

67

Cyberoam User Guide Address Click Total Connections to view the connection details for selected LAN IP Address and Application to view WAN IP Addresses wise Connection details for selected Click LAN IP Address to view Destination ports wise Connection details for selected LAN Click IP Address Data Transfer details Upload Transfer Download Transfer Upstream Bandwidth (Kbit/sec) Downstream Bandwidth (Kbits/sec) Connection Details Total Connections Displays data uploaded from the LAN IP Address Displays data downloaded from the LAN IP Address Displays upstream bandwidth used by LAN IP Address Displays downstream bandwidth used by the LAN IP Address

Displays number of connections initiated by the LAN IP Address Click to view connection details initiated by the LAN IP Address for each connection Displays number of connections initiated from LAN IP Address Displays total number of connections initiated from WAN IP Address

LAN Initiated WAN Initiated

Table Todays Connection History LAN IP Address wise screen elements

68

Cyberoam User Guide

Policy Management
Cyberoam allows controlling access to various resources with the help of Policy. Cyberoam allows defining following types of policies: 1. Control individual user surfing time by defining Surfing quota policy. See Surfing Quota policy for more details. 2. Schedule Internet access for individual users by defining Access time policy. See Access time policy for more details. 3. Control web access by defining Internet Access policy. See Internet Access policy for more details. 4. Allocate and restrict the bandwidth usage by defining Bandwidth policy. See Bandwidth policy for more details. 5. Limit total as well as individual upload and/or download data transfer by defining data transfer policy. See Data Transfer policy for more details. Cyberoam comes with several predefined policies. These predefined policies are immediately available for use until configured otherwise. Cyberoam also lets you define customized policies to define different levels of access for different users to meet your organizations requirements.

69

Cyberoam User Guide

Surfing Quota policy

Surfing quota policy defines the duration of Internet surfing time. Surfing time duration is the allowed time in hours for a Group or an Individual User to access Internet. Surfing quota policy: Allocates Internet access time on cyclic or non-cyclic basis Single policy can be applied to number of Groups or Users Cyberoam comes with several predefined policies. These predefined policies are immediately available for use until configured otherwise. Cyberoam also lets you define customized policies to define different levels of access for different users to meet your organizations requirements.

Create Surfing Quota policy

Select Policies Surfing Quota Policy Create policy to open the create page

Screen - Create Surfing Quota policy

Screen Elements

Description

Create Surfing Quota policy Name Specify policy name. Choose a name that best describes the policy. One cannot create multiple policies with the same name. Cycle type Specify cycle type Available options Daily restricts surfing hours up to cycle hours defined on daily basis Weekly restricts surfing hours up to cycle hours defined on weekly basis Monthly restricts surfing hours up to cycle hours defined on monthly basis Yearly restricts surfing hours up to cycle hours defined on yearly basis Non-cyclic no restriction Specify upper limit of surfing hours for cyclic type policies At the end of each Cycle, cycle hours are reset to zero i.e. for Weekly Cycle type, cycle hours will to reset to zero every week even if cycle hours are unused Restricts surfing days Specify total surfing days allowed to limit surfing hours

Cycle hours Only if cycle type is not Non cyclic

Allotted Days

70

Cyberoam User Guide

Allotted Time

Click Unlimited Days if you do not want to restrict surfing days and create Unlimited Surfing Quota policy. Allotted time defined the upper limit of the total surfing time allowed i.e. restricts total surfing time to allotted time Specify surfing time in Hours & minutes Click Unlimited Time if you do not want to restrict the total surfing time Specify whether the allotted time will be shared among all the group members or not Click to share Specify full description of the policy Creates policy Table - Create Surfing Quota policy screen elements

Shared allotted time with group members Policy Description Create button

Update Surfing Quota policy

Select Policies Surfing Quota policy Manage policy and click Policy name to be modified

Screen - Update Surfing Quota policy

71

Cyberoam User Guide Screen Elements Description

Edit Surfing Quota policy Name Displays policy name, modify if required Cycle Type Displays Cycle type, modify if required Cycle Hours Displays allotted Cycle hours Allotted Days Displays allotted days, modify if required Or Unlimited Days Allotted time Displays allotted time in hours, minutes, modify if required Or Unlimited time Shared allotted time Displays whether the total allotted time is shared among the with group members group members or not, modify if required Policy Description Displays description of the policy, modify if required Update button Updates and saves the policy. The changes made in the policy become effective immediately on updating the changes. Cancel button Cancels the current operation and returns to Manage Surfing Quota policy page Table - Update Surfing Quota policy screen elements

Delete Surfing Quota policy

Prerequisite Not assigned to any User or Group Select Policies Surfing Quota policy Manage policy to view list of policies

Screen - Delete Surfing Quota policy

Screen Elements Del

Description Select policy for deletion Click Del to select More than one policy can also be selected Select all the policies for deletion Click Select All to select all the policies Deletes all the selected policies

Select All

Delete button

Table - Delete Surfing Quota policy screen elements

72

Cyberoam User Guide

Access Time policy

Access time is the time period during which user is allowed/denied the Internet access. An example would be only office hours access for a certain set of users. Access time policy enables to set time interval - days and time - for the Internet access with the help of schedules. See Schedules for more details. A time interval defines days of the week and times of each day of the week when the user will be allowed or denied the Internet access. Access time policy strategies: Allow strategy - By default, allows access during the schedule Deny strategy - By default, disallows access during the schedule

Create Access Time policy

Prerequisite Schedule created Select Policies Access Time Policy Create policy to open create policy page

Screen - Create Access Time policy

Screen Elements

Description

Access Time policy details Name Specify policy name. Choose a name that best describes the policy to be created. One cannot create multiple policies with the same name. Schedule Specify policy schedule Users will be allowed/disallowed access during the time specified in the schedule. Click Schedule list to select Click View details link to view the details of selected schedule Refer to Define Schedule on how to create a new schedule Specify strategy to policy

Strategy for selected

73

Cyberoam User Guide Schedule Allow Allows the Internet access during the scheduled time interval Disallow - Does not allow the Internet access during the scheduled time interval Click to select Specify full description of policy Creates policy Table - Create Access Time policy screen elements

Description Create button

Update Access Time policy

Select Policies Access Time policy Manage policy and Click Policy name to be modified

Screen - Update Access Time policy

74

Cyberoam User Guide

Screen Elements

Description

Access Time policy details Name Displays policy name, modify if required Schedule Displays selected policy schedule To modify, Click Schedule list and select new schedule Click View details link to view details of the selected schedule Displays Schedule strategy Cannot be modified Displays description of the policy, modify if required Saves the modified details. Changes made in the policy become effective immediately on saving the changes. Cancels current operation and returns to Manage Access Time policy Table - Update Access Time policy screen elements

Strategy for Schedule Description Save button Cancel button

selected

Delete Access Time policy

Prerequisite Not assigned to any User or Group Select Policies Access Time policy Manage policy to view the list of policies

Screen - Delete Access Time policy

Screen Elements Del

Description Select policy for deletion Click Del to select More than one policy can also be selected Select all the policies for deletion Click Select All to select all the policies Deletes all the selected policies

Select All

Delete button

Table - Delete Access Time policy screen elements

75

Cyberoam User Guide

Internet Access policy

Internet Access policy controls users web access. It helps to manage web access specific to the organizations need. It specifies which user has access to which sites or applications and allows defining policy based on almost limitless parameters like: Individual users Groups of users Time of day Location/Port/Protocol type Content type Bandwidth usage (for audio, video and streaming content) When defining a policy, you can deny or allow access to an entire application category, or to individual file extensions within a category. For example, you can define a policy that blocks access to all audio files with .mp3 extensions. Internet Access policy types: Allow - By default, allows user to view everything except the sites and files specified in the web categories. E.g. To allow access to all sites except Mail sites Disallow - By default, prevents user from viewing everything except the sites and files specified in the web categories. E.g. To disallow access to all sites except certain sites

Create a new Internet Access policy

Select Policies Internet Access Policy Create Policy to open the create policy page

Screen - Create Internet Access policy

76

Cyberoam User Guide

Screen Elements

Description

Internet Access policy details Name Specify policy name. Choose a name that best describes the policy to be created. One cannot create multiple policies with the same name. Using Template Select a template if you want to create a new policy based on an existing policy and want to inherit all the categories restrictions from the existing policy Select Blank template, if you want to create a fresh policy without any restrictions. After creation, you can always customize the category restrictions according to the requirement. Select default policy type Available options Allow Allows access to all the Internet sites except the sites and files specified in the Categories Deny Allows access to only those sites and files that are specified in the Categories Specify full description of policy By default, Internet usage report is generated for all the users. However, Cyberoam allows to bypass reporting of certain users. Click Off to create Bypass reporting Internet access policy. Internet usage reports will not include access details of all the users to whom this policy will be applied. Click On to create policy that will include access details of all the users in Internet usage reports to whom this policy is applied. Creates policy and allows to add Category restriction

Policy Type Only for Blank option in Using Template field

Description Reporting

Create button

Refer to Add Category for more details Internet Access policy Rules Add button Allows to define Internet Access policy rules and assign Web, File Type and Application Protocol Categories to Internet Access policy Click to add Refer to Add Internet Access policy rule for more details Saves policy Opens a new page and displays list of policy members Cancels the current operation and return to Manage Internet Access policy page Table - Create Internet Access policy screen elements

Save button Show Policy Members button Cancel button

77

Cyberoam User Guide

Add Internet Access policy rule

Screen Add Internet Access policy rule

Screen Elements Rule details Select Category

Description Displays list of custom Web, File Type and Application Protocol Categories Displays list of Categories assigned to policy In Category Name column, W represents Web Category F represents File Type Category A represents Application Protocol Category D represents Default Category C represents Customized i.e. User defined Category Select Categories to be assigned to policy. In Web Category list, click to select In File Type list, click to select In Application Protocol list, click to select Use Ctrl/Shift and click to select multiple Categories If Web and Application Filter subscription module is registered, all the default categories will also be listed and can be for restriction. Allows/Disallows access to the selected Categories during the period defined in the schedule Click Strategy box to see options and select Allows/Disallows access to the selected Categories according to the strategy defined during the period defined in the schedule Allow/Disallow will depend on the strategy selected Click Schedule box to see options and select Opens a new window and displays details of the selected schedule Click to view

Strategy

During Schedule

View details link

78

Cyberoam User Guide Click Close to close the window Add rule to Internet Access policy Click to add rule Cancels the current operation Table Add Internet Access policy rule screen elements

Add button

Cancel button

Update Internet Access policy

Select Policy modified Internet Access policy Manage Policy and click policy name to be

Screen - Update Internet Access policy

Screen Elements

Description

Internet Access policy details Name Displays policy name which cannot be modified Policy Type Displays policy type which cannot be modified Description Displays policy description, modify if required Reporting By default, Internet usage report is generated for all the users. However, Cyberoam allows to bypass reporting of certain users. Click Off to bypass reporting. Internet usage reports will not include access details of all the users to whom this policy will be applied. Click On to create policy that will include access details of all the users in Internet usage reports to whom this policy is applied. Internet Access policy Rules Displays list of Categories assigned to policy In Category Name column, W represents Web Category F represents File Type Category A represents Application Protocol Category

79

Cyberoam User Guide D represents Default Category C represents Customized i.e. User defined Category Allows to define a new rule Click to add Refer to Add Internet Access policy rule for more details Allows to delete the selected rule(s) Refer to Delete Internet Access policy rule for more details Moves the selected rule one step up Click rule that is to be moved one-step up. This will highlight selected rule. Click MoveUp to move the selected rule one step upwards Moves the selected rule one step down Click rule, which is to be moved one-step down. This will highlight selected rule. Click Move Down to move the selected rule one step downwards Saves the modified sequence of the rules

Add button

Delete button

MoveUp button Only when more than one rule is defined

MoveDown button Only when more than one rule is defined

Update button Only when more than one rule is defined Save button Show Policy members button Cancel button

Saves the modifications Opens a new page and displays list of policy members Cancels the current operation and returns to Manage Internet Access policy page

Table - Update Internet Access policy screen elements

Delete Internet Access policy rule

Screen - Delete Internet Access policy rule

Screen Elements Del

Description Select rule to be deleted Click Del to select More than one rule can also be selected

80

Cyberoam User Guide Select All Selects all rules for deletion Click Select All to select all rules for deletion Delete(s) selected rules

Delete button

Table - Delete Internet Access policy rule screen elements

Note
Do not forget to update after changing the order

Delete Internet Access policy

Prerequisite Not assigned to any User or Group Select Policies Internet Access policy Manage Policy

Screen - Delete Internet Access policy

Screen Elements Del

Description Select policy for deletion Click Del to select More than one policy can also be selected Selects all policies for deletion Click Select All to select all policies for deletion Delete(s) selected policies

Select All

Delete button

Table - Delete Internet Access policy screen elements

81

Cyberoam User Guide

Bandwidth policy
Bandwidth is the amount of data passing through a media over a period of time and is measured in terms of kilobytes per second (kbps) or kilobits per second (kbits) (1 Byte = 8 bits). The primary objective of bandwidth policy is to manage and distribute total bandwidth on certain parameters and user attributes. Bandwidth policy allocates & limits the maximum bandwidth usage of the user and controls web and network traffic. Policy can be defined/created for: Logon Pool - It restricts the bandwidth of a Logon Pool i.e. all the users defined under the Logon Pool share the allocated bandwidth. User - It restricts the bandwidth of a particular user. Firewall Rule - It restricts the bandwidth of any entity to which the firewall rule is applied.

Logon Pool based bandwidth policy

Policy restricts the bandwidth for a Logon Pool i.e. all the users defined under the Logon Pool will share the allocated bandwidth.

User based bandwidth policy

Policy restricts the bandwidth for a particular user. There are two types of bandwidth restriction Strict Committed
Strict

In this type of bandwidth restriction, user cannot exceed the defined bandwidth limit. Two ways to implement strict policy: Total (Upstream + Downstream) Individual Upstream and Individual Downstream

Implementation on Total (Upstream Downstream) +

Bandwidth specified Total bandwidth

Example Total bandwidth is 20 kbps and upstream and downstream combined cannot cross 20 kbps Upstream and Downstream bandwidth is 20 kbps then either cannot cross 20 kbps

Individual Upstream and Individual Downstream

Individual bandwidth i.e. separate for both

Table - Implementation types for Strict - Bandwidth policy Strict policy Bandwidth usage Bandwidth usage Individual Shared Bandwidth specified For a particular user Shared among all the users who have been assigned this policy Table - Bandwidth usage for Strict - Bandwidth policy
Committed

In this type of bandwidth restriction, user is allocated the guaranteed amount of bandwidth and user can draw bandwidth up to the defined burstable limit, if available.

82

Cyberoam User Guide

It enables to assign fixed minimum and maximum amounts of bandwidth to users. By borrowing excess bandwidth when it is available, users are able to burst above guaranteed minimum limits, up to the burstable rate. Guaranteed rates also assure minimum bandwidth to critical users to receive constant levels of bandwidth during peak and non-peak traffic periods. Guaranteed represents the minimum guaranteed bandwidth and burstable represents the maximum bandwidth that a user can use, if available. Two ways to implement committed policy: Total (Upstream + Downstream) Individual Upstream and Individual Downstream

Implementation on Total (Upstream Downstream) +

Bandwidth specified Guaranteed bandwidth

Example Guaranteed bandwidth is 20 kbps then upstream and downstream combined will get 20 kbps guaranteed (minimum) bandwidth Burstable bandwidth is 50 kbps then upstream and downstream combined can get up to 50 kbps of bandwidth (maximum), if available Individual guaranteed bandwidth is 20 kbps then upstream and downstream get 20 kbps guaranteed (minimum) bandwidth individually Individual brustable bandwidth is 50 kbps then upstream and downstream get maximum bandwidth up to 50 kbps, if available individually

Burstable bandwidth Individual Upstream and Individual Downstream Individual Guaranteed and Brustable bandwidth i.e. separate for both

Table - Implementation types for Committed - Bandwidth policy Committed policy Bandwidth usage Bandwidth usage Individual Shared Bandwidth specified For a particular user Shared among all the users who have been assigned this policy Table - Bandwidth usage for Committed - Bandwidth policy

Firewall Rule based bandwidth policy

Policy restricts the bandwidth for a particular IP address. It is similar to the User based policy with the same type of restrictions on Implementation type & Bandwidth usage.

83

Cyberoam User Guide

Create Bandwidth policy

Select Policies Bandwidth Policy Create policy to open the create policy pane

Screen - Create Bandwidth policy

Common Screen Elements

Screen Elements Description

Bandwidth Policy Details Name Specify policy name. Choose a name that best describes the policy to be created. One cannot create multiple policies with the same name. Description Specify full description of policy Priority Set the bandwidth priority Priority can be set from 0 (highest) to 7 (lowest) Set the priority for SSH/Voice/Telnet traffic to be highest as this traffic is more of the interaction Creates policy Cancels the current operation

Create button Cancel button

Table - Create Bandwidth policy - Common screen elements

Create Logon Pool based bandwidth policy

Select Policies Bandwidth Policy Create policy to open the create policy page

Screen - Create Logon Pool based Bandwidth policy

84

Cyberoam User Guide

Screen Elements Bandwidth Policy Details Policy based on Total Bandwidth (in KB)

Description Click Logon Pool to create Logon Pool based policy Specify maximum amount of total bandwidth, expressed in terms of kbps. Specified bandwidth will be shared by all the users of the Logon Pool Maximum bandwidth limit is 4096 kbps

Table - Create Logon Pool based Bandwidth policy screen elements

Create User/Firewall Rule based Strict bandwidth policy

Screen - Create User/IP based Strict Bandwidth policy

Screen Elements

Description

Bandwidth Policy Details Policy based on Based on the selection creates policy for User or IP address Click User to create User based policy Click IP Address to create IP Address based policy Based on the selection bandwidth restriction will be applied In Strict type of bandwidth restriction, user cannot exceed the defined bandwidth limit In Committed type of bandwidth restriction, user is allocated the guaranteed amount of bandwidth and can draw bandwidth up to the defined burst-able limit, if available. Specify implementation type of Bandwidth restriction Click Total to implement bandwidth restriction on the Total usage Click Individual to implement bandwidth restriction on the Individual Upstream and Individual Downstream bandwidth usage Specify maximum amount of Total bandwidth, expressed in terms of kbps Minimum bandwidth allowed is 2 kbps and maximum is 4096 kbps

Policy Type

Implementation on

Total bandwidth (Only for TOTAL implementation type)

85

Cyberoam User Guide Upload Bandwidth (Only for INDIVIDUAL implementation type) Download Bandwidth (Only for INDIVIDUAL implementation type) Bandwidth usage Specify maximum amount of Upstream Bandwidth, expressed in terms of kbps Minimum bandwidth allowed is 2 kbps and maximum is 4096 kbps Specify maximum amount of Downstream Bandwidth, expressed in terms of kbps Minimum bandwidth allowed is 2 kbps and maximum is 4096 kbps Specify whether the Bandwidth allocated is for particular user or shared among all the policy users

Table - Create User/IP based Strict Bandwidth policy screen elements

Create User/Firewall Rule based Committed bandwidth policy

Screen - Create User/IP based Committed Bandwidth policy

Screen Elements Bandwidth Policy Details Policy based on

Description Creates policy based on the selection Click User to create User based policy Click IP Address to create IP address based policy Based on the selection bandwidth restriction will be applied In Strict type of bandwidth restriction, user cannot exceed the defined bandwidth limit In Committed type of bandwidth restriction, user is allocated the guaranteed amount of bandwidth and can draw bandwidth up to the defined burst-able limit, if available. Click Committed to apply committed policy Specify implementation type for Bandwidth restriction Click Total to implement bandwidth restriction on Total Click Individual to implement bandwidth restriction on Individual Upstream and Individual Downstream bandwidth Specify Guaranteed and Burstable amount of Total bandwidth, expressed in terms of kbps Minimum bandwidth allowed is 2 kbps and maximum is 4096 kbps

Policy Type

Implementation on

Guaranteed (Min)/ Burstable (Max) (Only for TOTAL implementation type)

86

Cyberoam User Guide Guaranteed (Min)/ Burstable (Max) Upload Bandwidth (Only for INDIVIDUAL implementation type) Guaranteed (Min)/ Burstable(Max) Download Bandwidth (Only for INDIVIDUAL implementation type) Bandwidth usage Specifies Guaranteed and Burstable amount of Upstream Bandwidth, expressed in terms of kbps Minimum bandwidth allowed is 2 kbps and maximum is 4096 kbps Specifies Guaranteed and Burstable amount of Downstream Bandwidth, expressed in terms of kbps Minimum bandwidth allowed is 2 kbps and maximum is 4096 kbps Specify whether bandwidth specified is for a particular User or Shared among all the policy users

Table - Create User/IP based Committed Bandwidth policy screen elements

Update Bandwidth policy

Use to Add/remove schedule based details to User/IP address based policy Update bandwidth values Select Policies Bandwidth policy Manage policy and click Policy name to be updated

Screen - Update Bandwidth policy

Common Screen Elements

Screen Elements

Description

Bandwidth Policy details Name Displays Bandwidth policy name, modify if required Priority Displays the bandwidth priority, modify if required Priority can be set from 0 (highest) to 7 (lowest) Set the priority for SSH/Voice/Telnet traffic to be highest as this traffic is more of the interaction Displays policy description, modify if required Updates and saves the policy Cancels current operation and returns to the Manage Bandwidth policy page

Description Update button Cancel button

Table - Update Bandwidth policy Common screen elements

87

Cyberoam User Guide

Update Logon Pool based bandwidth policy

Screen - Update Logon Pool based Bandwidth policy

Screen Elements

Description

Bandwidth Policy Details Show Members link Opens a new browser window and displays bandwidth restriction details and the member Logon Pools of the policy Click Close to close the window Displays type of policy

Policy Based On

Cannot be modified Default values to be applied all the time Implementation on Displays Implementation type of the policy Cannot be modified Displays total bandwidth for the group, modify if required Maximum bandwidth limit is 4096 kbps Table - Update Logon Pool based Bandwidth policy screen elements

Total Bandwidth (in KB)

Update User/Firewall Rule based Bandwidth policy

Screen - Update User based Bandwidth policy

88

Cyberoam User Guide

Screen Elements Bandwidth Policy Details Show members link

Description Opens a new browser window and displays bandwidth restriction details, schedule details and the members/users of the policy Click Close to close the window Displays type of policy Cannot be modified

Policy based on

Default values to be applied all the time Implementation on

Displays implementation type of policy Cannot be modified Displays total bandwidth assigned, modify if required

Total Bandwidth (Only for TOTAL implementation type) Upload Bandwidth (in KB) (Only for STRICT policy type and INDIVIDUAL implementation type) Download Bandwidth (in KB) (Only for STRICT policy type and INDIVIDUAL implementation type) Guaranteed Brustable Upload Bandwidth (in KB) (Only for COMMITTED policy type and INDIVIDUAL implementation type) Guaranteed Brustable Download Bandwidth (in KB) (Only for COMMITTED policy type and INDIVIDUAL implementation type) Policy type Update button Add details button

Modify Upstream bandwidth value

Modify Downstream bandwidth value

Modify Upstream bandwidth value

Modify Downstream bandwidth value

Displays policy type i.e. committed or strict which cannot be modified Updates the changes made in Bandwidth restriction details and Default values to be applied all the time Allows to attach schedule to override default bandwidth restriction Click Add details. Refer to Attach Schedule details for more details

Table - Update User based Bandwidth policy screen elements

Attach Schedule details

Strict

Screen Assign Schedule to User based Strict Bandwidth policy

89

Cyberoam User Guide

Screen Elements

Description

Bandwidth Policy Schedule wise details Name Displays policy name Policy Type Displays Type of bandwidth restriction Click Strict to apply strict policy Specify whether bandwidth restriction implementation is on Total or Upstream & downstream individually For Total Total Bandwidth - Specify maximum amount of Total bandwidth, expressed in terms of kbps For Individual Upload Bandwidth - Specify maximum amount of Upstream bandwidth, expressed in terms of kbps Download Bandwidth - Specify maximum amount of Downstream bandwidth, expressed in terms of kbps Specify Schedule Click Schedule list to select Opens the new browser window and displays the details of the schedule selected Click Close to close the window Assigns schedule Cancels the current operation

Implementation on

Schedule

View details link

Add button Cancel button

Table Assign Schedule to User based Strict Bandwidth policy screen elements Committed

Screen - Assign Schedule to User based Committed Bandwidth policy

Screen Elements

Description

Bandwidth Policy Schedule wise details Name Displays policy name Policy Type Displays Type of bandwidth restriction

90

Cyberoam User Guide Click Committed to apply committed policy Specify whether bandwidth restriction implementation is on Total or Upstream & downstream individually For Total Guaranteed(Min) Bandwidth - Specify minimum guaranteed amount of Total bandwidth, expressed in terms of kbps Brustable(Max) Bandwidth - Specify maximum amount of Total bandwidth, expressed in terms of kbps For Individual Guaranteed(Min) Upload Bandwidth - Specify minimum guaranteed amount of Upstream bandwidth, expressed in terms of kbps Brustable(Max) Upload Bandwidth - Specify maximum amount of Upstream bandwidth, expressed in terms of kbps Guaranteed(Min) Download Bandwidth - Specify minimum guaranteed amount of Downstream bandwidth, expressed in terms of kbps Brustable(Max) Download Bandwidth - Specify maximum amount of Downstream bandwidth, expressed in terms of kbps Specify Schedule Click Schedule list to select Opens new browser window and displays the details of the schedule selected Click Close to close the window Assigns schedule to the bandwidth policy Cancels the current operation

Implementation on

Schedule

View details link

Add button Cancel button

Table Assign Schedule to User based Committed Bandwidth policy screen elements
Remove Schedule details

Screen - Remove Schedule from User based Bandwidth policy

Screen Elements Select

Description Select Schedule detail(s) for deletion Click Select to select More than one schedule details can also be selected Select all details for deletion Click Select All to select all details Removes the selected schedule detail(s)

Select All

Remove Detail button

Table - Remove Schedule from User based Bandwidth policy screen elements

91

Cyberoam User Guide

Delete Bandwidth policy

Prerequisite Bandwidth policy not attached to any Logon Pool, user or IP address Select Policies Bandwidth policy Manage policy to view the list of policies

Screen - Delete Bandwidth policy

Screen Elements Del

Description Select policy for deletion Click Del to select More than one policy can also be selected Selects all polices for deletion Click Select All to select all policies Deletes selected policies

Select All

Delete button

Table - Delete Bandwidth policy screen elements

92

Cyberoam User Guide

Data Transfer policy

Data transfer policy: Limits data transfer on a cyclic or non-cyclic basis. Single policy can be applied to number of Groups or Users. Data transfer restriction can be based on: Total Data transfer (Upload + Download) Individual Upload and/or Download Cyberoam provides several predefined policies, which are available for use until configured otherwise. You can also define customized policies to define different limit for different users to meet your organizations requirements.

Create Data transfer policy

Select Policies Data Transfer Policy Create Policy to open the create policy page

Screen Create Data transfer policy

Screen Elements

Description

Create Data Transfer policy Name Specify policy name. Choose a name that best describes the policy Cycle type Specify cycle type Available options Daily restricts data transfer up to cycle hours defined on daily basis Weekly restricts data transfer up to cycle hours defined on weekly basis Monthly restricts data transfer up to cycle hours defined on monthly basis Yearly restricts data transfer up to cycle hours defined on yearly basis Non-cyclic data restriction is defined by the Total data transfer limit Specify whether the data transfer restriction is on total data transfer or on individual upload or download

Restriction based on

93

Cyberoam User Guide Click Total Data Transfer to apply data transfer restriction on the Total (Upload + Download) data transfer Click Individual Data Transfer to apply data transfer restriction on the Individual Upload and Individual Download data transfer Specify whether the allotted data transfer will be shared among all the group members or not Click to share Specify full description of the policy Specify Cycle Total Data transfer limit It is the upper limit of total data transfer allowed to the user per cycle. User gets disconnected if limit is reached.

Shared allotted data transfer with group members Only if Cycle Type is Non-cyclic Policy Description Restriction Details Cycle Total Data Transfer Limit (MB) Only if Cycle Type is not Non-cyclic and Restriction is based on Total Data Transfer Cycle Upload Data Transfer Limit (MB) Only if Cycle Type is not Non-cyclic and Restriction is based on Individual Data Transfer Cycle Download Data Transfer Limit (MB) Only if Cycle Type is not Non-cyclic and Restriction is based on Individual Data Transfer Total Data Transfer Limit (MB) Only if Restriction is based on Total Data Transfer Upload Data Transfer Limit (MB) Only if Restriction is based on Individual Data Transfer Download Data Transfer Limit (MB) Only if Restriction is based on Individual Data Transfer Create button Cancel button

Specify Cycle Upload Data transfer limit. It is the upper limit of upload data transfer allowed to the user per cycle. User will be disconnected if limit is reached OR if you do not want to restrict upload data transfer per cycle, click Unlimited Cycle Upload Data transfer

Enter Cycle Download Data transfer limit. It is the upper limit of download data transfer allowed to the user per cycle. User will be disconnected if limit is reached OR if you do not want to restrict download data transfer per cycle, click Unlimited Cycle Download Data transfer

Specify Total Data transfer limit. It is the data transfer allowed to the user and if the limit is reached user will not be able to log on until the policy is renewed OR if you do not want to restrict total data transfer, click Unlimited Total Data Transfer Specify Upload Data transfer limit. It is the total upload data transfer allowed to the user and if the limit is reached user will not be able to log on until the policy is renewed OR if you do not want to restrict total upload data transfer, click Unlimited Upload Data Transfer Specify Download Data transfer limit. It is the upper download data transfer allowed to the user and if the limit is reached user will not be able to log on until the policy is renewed OR if you do not want to restrict total download data transfer, click Unlimited Download Data Transfer Creates policy Cancels the current operation and returns to Manage Data transfer policy page

Table Create Data transfer policy screen elements

94

Cyberoam User Guide

Update Data transfer policy

Select Policies Data transfer policy Manage policy and click Policy name to be modified

Screen Update Data transfer policy screen

Screen Elements Edit Data Transfer policy Name Cycle type Restriction based on Shared allotted data transfer with group members Policy Description Restriction Details Cycle Total Data Transfer Limit (MB) Only if Restriction is based on Total Data Transfer Cycle Upload Data Transfer Limit (MB) Only if Restriction is based on Individual Data Transfer Cycle Download Data Transfer Limit (MB) Only if Restriction is based on Individual Data Transfer Total Data Transfer Limit (MB)

Description Displays policy name, modify if required. Displays cycle type Displays whether the data transfer restriction is on total data transfer or on individual upload or download Displays whether the allotted data transfer is shared among all the group members or not Displays full description of the policy, modify if required. Displays Cycle Total Data transfer limit It is the upper limit of total data transfer allowed to the user per cycle. User will be disconnected if limit is reached. Displays Cycle Upload Data transfer limit. It is the upper limit of upload data transfer allowed to the user per cycle. User will be disconnected if limit is reached.

Displays Cycle Download Data transfer limit. It is the upper limit of download data transfer allowed to the user per cycle. User will be disconnected if limit is reached.

Displays Total Data transfer limit.

95

Cyberoam User Guide It is the data transfer allowed to the user and if the limit is reached user will not be able to log on until the policy is renewed.

Only if Restriction is based on Total Data Transfer Upload Data Transfer Limit (MB) Only if Restriction is based on Individual Data Transfer Download Data Transfer Limit (MB) Only if Restriction is based on Individual Data Transfer Update button Cancel button

Displays Upload Data transfer limit. It is the total upload data transfer allowed to the user and if the limit is reached user will not be able to log on until the policy is renewed.

Displays Download Data transfer limit. It is the upper download data transfer allowed to the user and if the limit is reached user will not be able to log on until the policy is renewed. Updates policy Cancels the current operation and returns to Manage Data transfer policy page

Table Update Data transfer policy screen elements

Delete Data transfer policy

Prerequisite Not assigned to any User or Group Select Policies Data transfer policy Manage policy to view list of policies

Screen Delete Data transfer policy screen

Screen Elements Del

Description Select policy for deletion Click Del to select More than one policy can also be selected Select all the policies for deletion Click Select All to select all the policies Deletes all the selected policy/policies

Select All

Delete button

Table - Delete Data transfer policy screen element

96

Cyberoam User Guide

NAT Policy
NAT policy tells firewall rule to allow access but after changing source IP address i.e. source IP address is substituted by the IP address specified in the NAT policy.

Create NAT policy

Select Firewall NAT policy Create to open the create page

Screen Create NAT policy

Screen Elements NAT policy NAT Policy Name Description Source Translation Map Source IP with

Description Specify policy name. One cannot create multiple policies with the same name. Specify description Specify IP address MASQUERADE will replace source IP address with Cyberoams WAN IP address IP will replace source IP address with the specified IP address IP Range will replace source IP address with any of the IP address from the specified range Creates NAT policy Table Create NAT policy screen elements

Create button

Update NAT policy

Select Firewall NAT policy Manage to view the list of polices. Click the policy to be modified.

97

Cyberoam User Guide

Screen Update NAT policy

Screen Elements NAT policy NAT Policy Name Description Source Translation Map Source IP with

Description Displays policy name, modify if required Displays description, modify if required Specify IP address MASQUERADE will replace source IP address with Cyberoams WAN IP address IP will replace source IP address with the specified IP address IP Range will replace source IP address with any of the IP address from the specified range Saves the modifications Table Update NAT policy screen elements

Update button

Delete NAT policy

Select Firewall NAT policy Manage to view the list of polices.

Screen Delete NAT policy

Screen Elements Del

Description Select policy for deletion Click Del to select More than one policy can also be selected Select all the policies for deletion Click Select All to select all the policies Deletes all the selected policy/policies

Select All

Delete button

Table Delete NAT policy screen elements

98

Cyberoam User Guide

Zone Management
Use to Update Zone details Delete Zone

Manage Zone
Select System Zone Manage to open the manage zone page

Screen Edit Zone

Screen Elements Create Zone Zone Name Zone Type

Description Displays zone name Displays zone type LAN Depending on the appliance in use and network design, Cyberoam allows to group one to six physical ports in this zone. Group multiple interfaces with different network subnets to manage them as a single entity. Group all the LAN networks under this zone. By default the traffic to and from this zone is blocked and hence the highest secured zone. DMZ (DeMilitarized Zone) - This zone is normally used for publicly accessible servers. Depending on the appliance in use and network design, Cyberoam allows to group one to five ports in this zone. WAN Zone for the Internet services. Only one WAN zone is allowed, hence additional WAN zones cannot be created. Multiple LAN zones are not possible if Cyberoam is deployed as Bridge.

99

Cyberoam User Guide Select Port Displays the ports bound to the zone, modify if required Available Ports list displays the list of ports that can be included in the selected zone. Member Port list displays the list of ports included in the zone Using arrow buttons to move ports between the lists Displays zone description, modify if required Saves the zone configuration Table Edit Zone

Description Save button

Delete Zone
Prerequisite No hosts attached to the zone Select System Zone Manage to open the manage zone page

Screen Delete Zone

Screen Elements Del

Description Select Zone(s) for deletion Click Del to select More than one zone can also be selected Selects all the zones Click Select All to select all the zones for deletion Delete the selected zone(s) Table Delete Zone

Select All

Delete Group button

Note
Default Zones cannot be deleted

100

Cyberoam User Guide

Group Management
Manage Group
Update Group to: Order of the group Change policies - Surfing time policy, Access time policy, Internet Access policy, Bandwidth policy and Data transfer policy Change the login restriction for the users of the group Add new users to the group Select Group Manage Group to view the list of groups

Screen components Select Column button Click to customize the number of columns to be displayed on the page Edit icon Insert icon details. Move icon details. Delete icon - Click to edit the group details. Refer to Update Group for more details. - Click to insert a new group before the existing group. Refer to Add a new Group for more - Click to change the order of the selected group. Refer to Change the group order for - Click to delete the group. Refer to Delete Group for more details.

Change Group order

Ordering of group is important when Active Directory users are members of multiple groups. Cyberoam decides the group membership of the authenticated users based on group order. Based on the group membership the respective access control policies are applied to the users. Cyberoam searches Group ordered list from top to bottom and determines the user group membership. The first group that matches is considered as the group of the user and that group policies are applied to the user.

101

Cyberoam User Guide

Select Group

Manage Group against the rule whose order is to be changed

Click the move button

Select Before or After as per the need Click the rule to be moved and then click where it is to be moved. Click Done to save the order

Update Group
Need may arise to change the Group setting after the creation of Group. Select Group Group and click the Group to be modified Manage

To Show Group Members

Click Show Group Members button Refer to View Group members for details Change Policy button

Change Surfing Quota Policy Only for Normal Group type

102

Cyberoam User Guide Change Access Time Policy Change Internet Access policy Change Bandwidth Policy Change Data transfer policy Change Login Restriction Access Time Policy list Internet Access policy list Bandwidth Policy list Data transfer policy list Change Login Restriction button

Table - Need to Update group

Screen - Manage Group

Screen Elements Group Information Group Name Show Group Members button Surfing Quota policy Change policy button Only for Normal Group type

Description Displays Group name, modify if required Opens a new window and displays list of group members Displays currently attached Surfing Quota policy to the Group Click to change the attached Surfing Quota policy Opens a new window and allows to select a new Surfing Quota policy Click Change policy Click Select to select from available policy Click Done to confirm the selection Click Cancel to cancel the operation Surfing quota policy, Time allotted & Expiry date changes accordingly Displays total surfing time allotted by Surfing Quota policy to the Group Cannot be modified Displays Expiry date of the Surfing Quota policy Cannot be modified Displays cycle hours Cannot be modified

Time (HH:mm) Expiry date

allotted

Period Time (HH:mm) Only if Surfing Quota policy is Non-Cyclic

103

Cyberoam User Guide Period Cycle Only if Surfing Quota policy is Non-Cyclic Used Surfing Time Displays type of cycle Cannot be modified Displays total time used by the Group members Cannot be modified Displays currently attached Access Time policy to the Group To change Click Access Time policy list to select Click View details to view the details of the policy Displays currently attached Internet Access policy to the Group To change Click Internet Access policy list to select Click View details to view the details of the policy Displays currently attached Bandwidth policy to the Group To change Click Bandwidth policy list to select Click View details to view the details of the policy Displays currently attached Data Transfer policy to the Group To change Click Data Transfer policy list to select Click View details to view the details of the policy Authentication Session timeout is the number of minutes that an authenticated connection can be idle before the user must authenticate again. Click to enable session timeout on per-group basis. By default, this option is disabled. The minimum timeout that can be configured is 3 minutes and maximum is 1440 minutes (24 hours) Login Restriction Change Login Restriction button Save button Add Members Display login restriction applied to the Group members Click to change login restriction Refer to Change Login Restriction for more details Saves the modified details. Any changes made are applicable to all the group members. Allows to add members to the group Click to add Refer to Add Group Members for details Renews data transfer policy of all the group members

Access Time policy Only for Normal Group type

Internet policy

Access

Bandwidth policy

Data Transfer policy

User Authentication Session time out

Renew Data Transfer (Only if Data transfer policy is Non-cyclic and shared) Cancel button

Cancels the current operation Table - Manage Group screen elements

104

Cyberoam User Guide

Show Group Members

Screen - Show Group Members

Screen Elements Group name Total members User Name

Description Displays Group name Displays Total Group members/users User name Name with which the Employee logs in Employee name Total Allotted time to the user Refer to Access Time policy for details Expiry date of the policy attached to the User Refer to Surfing time policy for details Total time used by the User Closes the window

Employee Name Allotted Time

Expiry Date

Used Time Close button

Table - Show Group Members screen elements

Add Group Member(s)

Select Group Member(s) Manage Group and click the Group in which user is to be added. Click Add

105

Cyberoam User Guide

Screen Add Group Member

Screen Elements Select Group

Description List of members belonging to the selected group will be displayed Click to select the Group Search user Specify username or * to display all the users Search user from the selected Group Displays list of users in the selected Group Click Add against the user to be added Adds selected user(s) to the group Closes the window and returns to Edit Group page Table Add Group Member screen elements

Username/Name starting with (* for All) Search button

Add button Close button

Change Login Restriction

Select Group Manage Group and click the Group

106

Cyberoam User Guide

Screen - Change Login Restriction

Screen Elements

Description

Login Restriction Displays the current login restriction - Click to change the current restriction Save button Saves if the restriction is changed Cancel button Cancels the current operation Select Node(s) button Click to select the Node for restriction Only if the option Allowed login from selected nodes is selected IP address Displays IP address Machine name Displays Machine name if given Allowed from Click to select Multiple nodes can be selected Applies the login restriction for the group members i.e. Group members will be able to login from the above selected nodes only Cancels the current operation

Apply Restriction button

Cancel button

Table - Change Login Restriction screen elements

Delete Group
Prerequisite No Group members defined Select Group Manage Group and click the delete icon against the rule to deleted

107

Cyberoam User Guide

User Management
Search User
You can search user based on username/login name or user ID. It searches from all the registered users i.e. Normal and Clientless active/deactive users. It searches the specified name and displays user details along with the status. You can change status, delete user, or update user details. Select User Search User

Screen - Search User

Screen Elements Search User Enter Username Search User button

Description Specify Search criteria Searches all types of users based on the entered criteria Click to search Table - Search User screen elements

Search criteria Mark A 192.9.203.102 8

Result Details of the user Mark Details of all the users whose User name or Name contains a Details of the user 192.9.203.102 Details of all the users whose User name or Name contains 8 Table - Search User Result

108

Cyberoam User Guide

Live User
Use Live users page to view list of all the currently logged on Users modify user details send message to any live user disconnect any live user Select User Manage Live Users

Screen Manage Live Users

Report Columns Concurrent Sessions Current System time ID and User name Click to change the display order Name

Description Displays currently connected total users (Normal, Clientless, and Single sign on client Users) Displays current system time in the format - Day, Month Date,HH:MM Displays ID and name with which user has logged in Click User name link to View/Update user details Displays User name Click Name link to view Group and policies details attached to the User Displays IP address of the machine from which user has logged in Displays Public IP address if User has logged in using public IP address Displays login time

Connected from Click to change the display order Public IP Start time Click to change the display order Time (HH:mm) Upload Data transfer Click to change the display order Download Data transfer Click to change the display order Bandwidth (bits/sec) Select

Displays total time used in hours and minutes Displays Data uploaded

Displays Data downloaded

Displays Bandwidth used Select User for sending message or disconnecting More than one User can be selected Sends message to the selected User(s) Disconnects the selected User(s)

Send Message button Disconnect button

Table Manage Live User screen elements

109

Cyberoam User Guide

Manage User
Update User
Manage Normal & Single Sign on Client Users Select User OR Select User modified User User Manage Active to view the list of Users and click User name to be modified Manage Deactive to view the list of Users and click User name to be

Manage Clientless Users Select User Clientless Users User name to be modified Manage Clientless Users to view list of Users and click

Need may arise to change the User setting after the creation of User.

To Change the personal details or password of the User

Click Edit personal details/Change Password Refer to Change Personal details for more details User My Account Refer to User My Account for more details Change Group Refer to Change Group for more details Access Time policy list Refer to Change Individual Policy for more details Internet Access policy list Refer to Change Individual Policy for more details Bandwidth policy list Refer to Change Individual Policy for more details Data Transfer policy list Refer to Change Individual Policy for more details Change Login restriction button Refer to Change Login Restriction for more details Table - Need to Update User

View User Accounts details

Change the User Group

Change Access Time Policy assigned to the User

Change Internet Access Policy assigned to the User

Change Bandwidth Policy assigned to the User

Change Data Transfer policy assigned to the User

Change Login Restriction of the User

110

Cyberoam User Guide

Screen - Manage User

Screen Elements Personal Information Username

Description Displays username with which the user logs on Cannot be modified Allows to change the Users personal details and login password Click Edit Personal details to change Refer to Personal details table for more details Displays User/Employee name Cannot be modified Displays Birth date of User Displays Email ID of User Click to view/update the my account details Refer to User My Account Displays Authentication server address, modify if required

Edit Personal details/Change Password button

Name

Birth date Email User My Account button

Windows Domain Controller Only if Authentication is done by Windows Domain Controller User type

Displays User type Cannot be modified Displays whether simultaneous login is allowed or not, modify if required Displays Group in which User is defined

Number of simultaneous login(s) allowed Policy Information Group

111

Cyberoam User Guide Change Group button Allows to change Group of the User Opens a new window and allows to select a new Group Displays total time allotted to User in the format Hours: Minutes Cannot be modified Displays Expiry date Cannot be modified Displays total time used by the User in the format Hours: Minutes Cannot be modified Displays allowed total cycle hours Displays cycle type Displays cycle time used Displays currently assigned Access Time policy to the User, modify if required To view the details of the policy Click View details Refer to Change Individual Policy on how to change the assigned policy Displays currently assigned Internet Access policy to the User To view the details of the policy Click View details Refer to Change Individual Policy on how to change the assigned policy Displays currently assigned Bandwidth policy to the User To view the details of the policy Click View details Refer to Change Individual Policy on how to change the assigned policy Displays currently assigned Data Transfer policy to the User To view the details of the policy Click View details Refer to Change Individual Policy on how to change the assigned policy Login Restriction Change login restriction button Display currently applied login restriction to the User Click to change user login restriction applied Refer to Change User Login restriction for details Saves the modified details Reapplies all the current policies at the time of renewal Cancels the current operation

Time Allotted to User (HH:mm)

User Policy Expiry Date

Time used (HH:mm)

Period time Period Cycle Cycle Time used Access Time Policy

Internet Access policy

Bandwidth policy

Data Transfer policy

Save button Re-apply Current policy button Cancel button

Table - Manage User screen elements

112

Cyberoam User Guide

Change Personal details

Screen - Change User Personal details

Screen Elements Personal Information Username Name New password Re-enter New password

Description Displays the name with which user has logged in User name, modify if required Type the new password Re-enter new password Should be same as typed in new password Displays birth date, modify if required Use Popup Calendar to change Displays Email ID of the user, modify if required Displays User type, modify if required Updates the changes made Cancels the current operation and returns to Edit User page

Birth date

Email User type Update button Cancel button

Table - Change User personal details screen elements

User My Account

User My Account gives details like Personal details and Internet usage of a particular user. User can change his/her password using this tab. Administrator and User both can view these details. 1. Administrator can view details of various users from User User Manage Active and click Username whose detail is to be checked. Click User My Account, it opens a new browser window.

Screen - User My Account 2. Normal Users can view their MyAccount details from task bar.

113

Cyberoam User Guide In the task bar, double click the Cyberoam client icon and click My Account. It opens a new window and prompts for MyAccount login Username and Password. Screen - User My Account

Opens a new window with following sub modules: Personal, Client, Account status, Logout Personal Allows viewing and updating password and personal details of the user Change Password Select Personal Change Password

Screen - Change Password Screen Elements Change Password Username Current Password New password Re-enter New password Description Displays the name with which user has logged in Type the current password Type the new password Re-enter new password Should be same as new password Update the changes made Table - Change password screen elements Change Personal details Select Personal Personal Detail

Update

Screen - Change Personal details

114

Cyberoam User Guide Screen Elements Description

Personal Information Username Displays the name with which user logs in Cannot be modified Displays User name, modify if required Displays birth date Use Popup Calendar to change Displays Email ID of the user Cannot be modified Update the changes made Table - Change Personal details screen elements Account status Allows viewing Internet usage of the user Internet Usage

Name Birth Date

Email

Update

Screen - Internet Usage Status

Screen Elements Policy Information Username Group Time allotted to User (HH:mm) Expiry date Time used by User (HH:mm) Usage Information Upload Data transfer

Description Displays the name with which user has logged in Displays the name of the User Group Displays total surfing time allotted to the user in the Surfing time policy Displays Expiry date Displays total time used by the User

Displays allotted, used and remaining upload data transfer Allotted upload data transfer is configured from Data transfer policy Displays allotted, used and remaining download data transfer Allotted download data transfer is configured from Data transfer policy Displays allotted, used and remaining total data transfer

Download Data transfer

Total Data transfer

115

Cyberoam User Guide

Get Internet Usage information for month Submit button

Allotted total data transfer is configured from Data transfer policy Select Month and Year Click to view the Internet usage report for the selected period Table - Internet Usage screen elements

Report displays IP address from where user had logged in, session start and stop time, total used time, data uploaded and downloaded during the session and total data transferred during the session.
Change Group

Screen - Change Group

Screen Elements Policy Information Change Group button

Description Opens a new window and displays list of Groups Click to change the User group Click to select Adds User to the Group Cancels the current operation

Select Done button Cancel button

Table - Change Group screen elements

Change Individual Policy

Screen Elements Policy Information Access Time policy

Description Specify Access Time policy. It overrides the assigned Group Access time policy. Click Access policy list to select Specify Internet Access policy. It overrides the assigned Group Internet Access policy. Click Internet Access policy list to select Specify Bandwidth policy. It overrides the assigned Group Bandwidth policy Click Bandwidth policy list to select Specify Data Transfer policy. It overrides the assigned Group Data Transfer policy Click Data Transfer policy list to select Saves the changes Table - Change Individual policy

Internet Access policy

Bandwidth policy

Data Transfer policy

Save

116

Cyberoam User Guide

Change User Login Restriction

Screen - Change User Login Restriction

Screen Elements Login restriction Change login restriction button Allowed login from all the nodes Allowed login from Group node(s) Allowed login from selected node(s)

Description Click to change the login restriction Allows user to login from all the nodes of the Network Allows Users to login only from the nodes assigned to the group Allows user to login from the selected nodes only To select node Click Select node Select a Logon Pool from the Logon Pool name list Click Select to select the IP addresses to be added to the policy Click Select All to select all IP addresses Click OK to assign policy to the selected IP Addresses Click Close to cancel the operation Saves the above selection Cancel the current operation Table - Change User Login Restriction screen elements

Save button Cancel button

Delete User
User can be deleted from Active list as well as from Deactive list To delete active user, click User User Manage Active

Screen - Delete Active User

117

Cyberoam User Guide

To delete de-active user, click User User Manage Deactive

Screen - Delete Deactive User To delete Clientless user, click User Clientless User Manage Clientless User

Screen - Delete Clientless User Screen Elements Sel Description Select User to be deleted Click Select to select More than one user can also be selected Selects all the users for deletion Click Select All to select all Deletes all the selected User(s)

Select All

Delete button

Table - Delete clientless User screen elements

Deactivate User
User is de-activated automatically in case he has overused one of the resources defined by policies assigned. In case, need arises to de-activate user manually, select User User Manage Active

Screen - Deactivate User

118

Cyberoam User Guide

Screen Elements Select

Description Select User to be deactivated Click Select to select More than one user can be selected Select all the users Deactivates all the selected User(s)

Select All Deactivate button

Table - Deactivate User screen elements View the list of deactivated users by User User Manage Deactive

Activate User
To activate normal and Single sign on Client user, click User User Manage Deactive To activate Clientless user, click User Clientless Users Manage Clientless Users

Screen - Activate Normal User

Screen - Activate Clientless User

Screen Elements Select

Description Select User to be activated Click Activate to select More than one user can be selected Selects all the users Click Select All to select Activates all the selected User(s)

Select All

Activate button

Table - Activate User screen elements

119

Cyberoam User Guide

Logon Pool Management

Search Node
Use Search Node Tab to search the Node/IP address based on: IP address OR MAC address Select Group Logon Pool Search Node

Screen - Search Node

Example Search criteria 1 192 192.9.203.203 b 4C B7

Result list of nodes whose address contains 1 list of nodes whose address contains 192 node whose address is 192.9.203.203 list of nodes whose address contains B list of nodes whose address contains 4C list of nodes whose address contains B7

Table - Search Node results

120

Cyberoam User Guide

Update Logon Pool

Select Group Logon Pool Manage Logon Pool and click Logon Pool name to be modified

Screen - Update Logon Pool

Screen Elements Logon Pool Details Logon Pool name Is Logon Pool Public Bandwidth policy

Description Displays Logon Pool name, modify if required Displays whether Logon Pool is of public IP addresses or not Displays bandwidth policy attached, modify if required Click View details link to view bandwidth restriction details and policy members Displays description of the Logon Pool, modify if required Displays IP addresses defined under the Logon Pool. Allows to Add or Delete node Click Show nodes Click Add Node Refer to Add node for more details Click Delete Node Refer to Delete node for more details Updates and saves the details Cancels the current Table - Update Logon Pool screen elements

Description Show Nodes link

Update button Cancel button

121

Cyberoam User Guide

Add Node

Screen - Add Node

Screen Elements Machine details IP address Range link

Description IP address of the Node to be added to the Logon Pool Click to add range of IP Address From To - IP addresses to be included in the Logon Pool Specify machine name Adds the nodes to the Logon Pool Cancels the current operation Table - Add Node screen elements

Machine name Create button Cancel button

Delete Node
Prerequisite Not assigned to any User

Screen - Delete Node

Screen Elements Select

Description Select the IP address of the node for deletion Click Select to select More than one node can also be selected Selects all the nodes for deletion Click Select All to select all the nodes Deletes the selected Node(s)

Select All

Delete button

Table - Delete Node screen elements

122

Cyberoam User Guide

Delete Logon Pool

Prerequisite IP address from Group not assigned to any User Select Group Logon Pool Manage Logon Pool

Screen - Delete Logon Pool

Screen Elements Del

Description Select the Logon Pool(s) for deletion Click Del to select More than one Logon Pool can also be selected Select all the Logon Pools for deletion Click Select All to select all the Logon Pools for deletion Delete the selected Logon Pool(s)

Select All

Delete Logon Pool button

Table - Delete Logon Pool screen elements

123

Cyberoam User Guide

System Management
Configure Network
Network setting consists of Interface Configuration, DHCP Configuration and DNS Configuration.

Configure DNS
A Domain Name Server translates domain names to IP addresses and is configured at the time of installation. You can add additional IP addresses of the DNS servers to which Cyberoam can connect for name resolution. In case of multiple DNS, they are queried in the order as they are entered. Select System Configure Network Configure DNS

Screen Configure DNS To add DNS Server IP address 1. Select System Configure Network Configure DNS 2. Click Obtain DNS from DHCP to override the appliance DNS with the DNS address received from DHCP server. Option is available only if enabled from Network Configuration Wizard. 3. Click Add. 4. Enter DNS server IP address 5. Click OK 6. Click Save to save the configuration List order indicates preference of DNS. If more than one Domain name server exists, query will be resolved according to the order specified. Use Move Up & Move Down buttons to change the order of DNS. To add multiple DNS repeat the above-described procedure.

124

Cyberoam User Guide To change the DNS order 1. 2. 3. 4. Select System Configure Network Configure DNS Click the Server IP address whose order is to be changed Click Move up or Move Down as per the requirement Click Save to save the changes

To remove DNS Server 1. 2. 3. 4. Select System Configure Network Configure DNS Click the Server IP address you want to remove Click Remove Click Save to save the changes

125

Cyberoam User Guide

Dynamic Host Configuration Protocol (DHCP)

Dynamic Host Configuration Protocol (DHCP) automatically assigns IP address for the hosts on a network reducing the Administrators configuration task. Instead of requiring administrators to assign, track and change (when necessary) for every host on a network, DHCP does it all automatically. Furthermore, DHCP ensures that duplicate addresses are not used. Cyberoam acts as a DHCP server and assigns a unique IP address to a host, releases the address as host leaves and re-joins the network. Host can have different IP address every time it connects to the network. In other words, it provides a mechanism for allocating IP address dynamically so that addresses can be re-used. This section describes: Configuring DHCP services Viewing current IP leases Disabling DHCP services Updating DHCP services

Enable DHCP service on an Interface

Select System Configure Network Configure DHCP

Screen - Configure DHCP

Screen Elements DHCP Details Network Interface Lease IP From

Description Select the interface that is to be used for leasing IP addresses i.e. act as a DHCP server. One can also select VLAN interface or Alias. Specify range of IP address or IP pool from which DHCP server has

126

Cyberoam User Guide to lease or assign IP address to the host Specify domain name for the specified subnet Specify subnet mask for the client/network Specify IP address of Gateway Specify IP address of Domain name server DHCP client must ask the DHCP server for new settings after the specified maximum lease time. The lease time can range from 600 minutes to 7200 minutes. Default lease time is 600 minutes while maximum lease time is 7200 minutes. Saves details Table - Configure DHCP screen elements

Domain name Subnet Mask Gateway Domain name server Default Lease Time and Max Lease Time

Save button

View DHCP leased IP address list

Cyberoam acting as a DHCP server assigns or leases an IP address from an address pool to a host DHCP client. The IP address is leased for a determined period of time or until the client relinquishes the address. View a list of leased IP addresses from System Configure Network Configure DHCP The following information is available in the leased IP list: Leased IP address Lease start and end time Physical address or MAC address and name of the host

Screen View DHCP leased IP list

Update DHCP configuration

To update the DHCP services, go to System Configure Network Configure DHCP and click the Interface

127

Cyberoam User Guide

Screen Update DHCP configuration

Disable DHCP services

To disable the DHCP services from an interface, go to System Configure Network Configure DHCP and click Del checkbox against the Interface and click Delete button.

Screen - Disable DHCP service

128

Cyberoam User Guide

View Interface details

Use to view the Interface configuration add interface alias

Manage Interface
Select System Configure Network Manage Interface to view port wise network (physical interface) and zone details. If virtual subinterfaces are configured for VLAN implementation, they are also nested and displayed beneath the physical interface. Interface - Physical interfaces/ports available on Cyberoam. If virtual subinterface is configured for the physical interface, it also displayed beneath the physical interface. Virtual subinterface configuration can be updated or deleted.

Add Alias button address for more details

- Click to specify alias IP address for the interface. Refer Configure Alias IP

Add VLAN Subinterface button VLAN for more details Toggle Drill Down icon Edit icon

Click to add VLAN interface. Refer Define

- Click to few the virtual subinterfaces defined for the said physical interface

- Click to edit IP address and netmask of physical or virtual subinterface

Delete icon - Click to delete virtual subinterface. Virtual subinterface cannot be deleted, if virtual subinterface is member of any zone or firewall rule is defined for the virtual subinterface. Zone and Zone Type - Displays port to zone relationship i.e. zone membership of port. If PPPoE is configured, WAN port will be displayed as the PPPoE Interface.

Screen Manage Interface

Add Interface Alias

Select System Configure Network Manage Interface to open page

Screen Add Alias

129

Cyberoam User Guide

Screen Elements Add Alias Physical Interface

Description Select the physical interface for which Alias is to be added. Alias cannot be added for the virtual interface. Click Single or Range to define one or multiple IP address for the Alias Specify IP address and Netmask Click to save the details

Alias IP Address and netmask Add button

Table Add Alias screen elements

Edit Interface Alias details

Select System Configure Network Manage Interface to open page

Screen Edit Alias Screen Elements Update Alias Interface IP Address and netmask Update button Description Displays physical interface for which Alias is added Modify IP address and Netmask Click to save the details

Table Edit Alias screen elements

Delete Interface Alias details

Select System Configure Network icon against the alias to be deleted Manage Interface to open page and click Delete

Screen Delete Alias

130

Cyberoam User Guide

Configuring Dynamic DNS service

Dynamic DNS (Domain Name Service) is a method of keeping a static domain/host name linked to a dynamically assigned IP address allowing your server to be more easily accessible from various locations on the Internet. Powered by Dynamic Domain Name System (DDNS), you can now access your Cyberoam server by the domain name, not the dynamic IP address. DDNS will tie a domain name (e.g. mycyberoam.com, or elitecore.cyberoam.com) to your dynamic IP address.

Register hostname with DDNS service provider

Select System page Dynamic DNS Configuration Create Account to open configuration

Screen Register Hostname with DDNS

Screen Elements Host Name Detail Hostname

Description

Specify hostname you want to use on DDNS server i.e. domain name that you registered with your DDNS service provider Specify description Description Specify description Service Providers details Service name Select Service provider with whom you have registered your hostname. Login Name and Specify your DDNS accounts login name and password Password IP detail IP address Select WAN Interface if Cyberoam WAN interface is assigned Public IP

131

Cyberoam User Guide address. IP address of the selected interface will be binded with the specified host name. Select NATed Public IP if Cyberoam WAN interface is assigned private IP address and is behind NAT box. Enter the time interval after which DDNS server should check and update the IP address of your server if changed. For example if time interval is set to 10 minutes, after every 10 minutes, DDNS server will check for any changes in your server IP address Click Create to save the configuration Table Register hostname with DDNS

IP Update Checking Interval

Create button

Testing your Dynamic DNS configuration You can test your Dynamic DNS by: Access your Cyberoam server using the host name you have registered with DDNS service provider - If you are able to access Cyberoam then your configuration is correct and DDNS is working properly. Ping your host - If you get the IP address of your external interface then your configuration is correct and DDNS is working properly.

Manage Account
Check the IP address updation status from the Manage Account page. It also displays the reason incase updation was not successful. Select System Dynamic DNS Configuration page and click the hostname to be updated. Manage Account to open configuration

132

Cyberoam User Guide

PPPoE
PPPoE Client is a network protocol that uses Point to Point Protocol over Ethernet to connect with a remote site using various Remote Access Service products. This protocol is typically founding broadband network of service provider. The ISP may then allow you to obtain an IP address automatically or give you a specific IP address. PPPoE Access Concentrator is a router that acts as a server in a Point-to-Point Protocol over Ethernet (PPPoE) session and is used to: For Ethernet LANs, to assign IP addresses to workstations, e.g. Multi-apartment buildings, Offices, to provide user authentication and accounting Schools and universities, computer classes Connections to Wireless ISPs Connections to xDSL providers Access Concentrators (AC) also known as PPPoE Termination units, answer the PPPoE request coming from a client site PPPoE application for PPP negotiation and authentication. When using Cyberoam as a PPPoE client, computers on LAN are transparent to WAN side PPPoE link. This alleviates Administrator from having to manage the PPPoE clients on the individual computers.

To configure PPPoE Interface

Before configuring the Interface for PPPoE: 1. Run Wizard from Web Admin Console 2. In the Network Configuration, for the WAN port: Enable option Obtain an IP from PPPoE Under PPPoE Details, specify PPPoE username and password 3. Click Finish to exit from Wizard 4. To confirm log on to Web Admin Console, go to System Configure Network Details. PPPoE Interface will be defined under the WAN zone. Note: A new dynamic IP address will be leased to the PPPoE Interface, each time a new PPP session is establish with Access Concentrator IP address in Firewall rules will automatically change when the new IP address is leased If multiple gateways are defined then IP address in the failover condition will automatically change when the new IP address is leased As IP address to PPPoE interface is assigned dynamically: a) Network Configuration from Telnet Console will not display the PPPoE interface configuration b) You will not be able to change the IP address of the PPPoE interface from Telnet Console using Network Configuration Select System Configure Network View Interface Details and click PPPoE Interface

View Interface

133

Cyberoam User Guide

Screen PPPoE configuration Screen Elements Description

PPPoE Configuration Interface Displays the Port which configured as PPPoE Interface from Wizard User and Password Specify username and password. Username and password should be same as specified in the Network Configuration using Wizard Access Concentrator Specify Access Concentrator name (PPPoE server). Name Cyberoam will initiate sessions with the specified Access Concentrator only. In most of the cases, you can leave this field blank. Use it only if you know that there are multiple Access Concentrators. Service name Specify Service Name. Cyberoam will initiate only those sessions with Access Concentrator, which can provide the specified service. In most of the cases, you can leave this field blank. Use it only if you need a specific service. Specify LCP interval in seconds. Default is 20 seconds. Every 20 seconds LCP echo request is send to check whether the link is alive or not. Specify Failure. Default is 3 attempts. Cyberoam will wait for the LCP echo request response for the LCP interval defined after every attempt. Cyberoam declares PPPoE link as closed if it does not receive response after defined attempts. Click Update to save the configuration Table PPPoE configuration screen elements

LCP Interval

LCP Failure

Update button

Establish PPPoE session

1. Select System Configure Network View Interface Details and click PPPoE Interface through which you want to establish connection 2. Click Reconnect. It establishes 128 bit tunnel with Access Concentrator. Cyberoam will automatically detect the presence of PPPoE server on the WAN interface.

Remove PPPoE Interface configuration

1. Run Wizard from Web Admin Console 2. In the Network Configuration, for the WAN port: Enable option Use Static IP 3. Click Finish to exit from Wizard. To confirm log on to Web Admin Console, go to System Network View Interface Details and check under WAN zone

Configure

134

Cyberoam User Guide

Manage Gateway
Gateway routes traffic between the networks and if gateway fails, communication with outside Network is not possible. In this case, organization and its customers face significant downtime and financial loss. By default, Cyberoam supports only one gateway. However, since organizations opt for multiple gateways to cope with gateway failure problems, Cyberoam also provides an option for supporting multiple gateways. However, simply adding one more gateway is not an end to the problem. Optimal utilization of all the gateways is also necessary. Cyberoam not only supports multiple gateways but also provides a way to utilize total bandwidth of all the gateways optimally. At the time of installation, you configured the IP address for a default gateway. You can change this configuration any time and configure for additional gateways. Refer to Multi link Configuration Guide for source based static routing. Policy based routing can be done from firewall rule. To view the Gateway details, select System Gateway Manage Gateway(s)

Screen Gateway Configuration

Screen Elements Gateway Details Gateway Name Gateway IP address and port

Description Displays Gateway name Displays IP address and port of the Gateway configured IP address of a device Cyberoam uses to reach devices on different Network, typically a router Saves the modified details Click to save Cancels the current operation and returns to Manage Gateway page Click to cancel Table - Gateway Configuration screen elements

Save button

Cancel button

135

Cyberoam User Guide

DoS Settings
Cyberoam provides several security options that cannot be defined by the firewall rules. This includes protection from several kinds of Denial of Service attacks. These attacks disable computers and circumvent security. Denial of Service (DoS) attack is a method hackers use to prevent or deny legitimate users access to a service. DoS attacks are typically executed by sending many request packets to a targeted server (usually Web, FTP, or Mail server), which floods the server's resources, making the system unusable. Their goal is not to steal the information but disable or deprive a device or network so that users no longer have access to the network services/resources. All servers can handle traffic volume up to a maximum, beyond which they become disabled. Hence, attackers send a very high volume of redundant traffic to a system so it cannot examine and allow permitted network traffic. Best way to protect against the DoS attack is to identify and block such redundant traffic. SYN Flood In this attack, huge amount of connections are send so that the backlog queue overflows. The connection is created when the victim host receives a connection request and allocates for it some memory resources. A SYN flood attack creates so many half-open connections that the system becomes overwhelmed and cannot handle incoming requests any more. Click Apply Flag to apply the SYN flood definition and control the allowed number of packets. To generate log, enable DoS Attack logging from System Syslog Configuration

User Datagram Protocol (UDP) Flood This attack links two systems. It hooks up one system's UDP character-generating service, with another system's UDP echo service. Once the link is made, the two systems are tied up exchanging a flood of meaningless data. Click Apply Flag to apply the UDP flood definition and control the allowed number of packets. To generate log, enable DoS Attack logging from System Syslog Configuration

TCP attack This attack sends huge amount of TCP packet than the host/victim computer can handle. Click Apply Flag to apply the TCP flood definition and control the allowed number of packets. To generate log, enable DoS Attack logging from System Syslog Configuration

ICMP attack This attack sends huge amount of packet/traffic than the protocol implementation can handle to the host/victim computer. Click Apply Flag to apply the ICMP flood definition and control the allowed number of packets. To generate log, enable DoS Attack logging from System Syslog Configuration

Drop Source Routed Packet This will block any source routed connections or any packets with internal address from entering your network. Click Apply Flag to enable blocking.

136

Cyberoam User Guide

To generate log, enable Dropped Source Routed Packet Logging System

Syslog Configuration

Disable ICMP redirect packet An ICMP redirect packet is used by routers to inform the hosts what the correct route should be. If an attacker is able to forge ICMP redirect packets, he or she can alter the routing tables on the host and possibly weaken the security of the host by causing traffic to flow via another path. Set the flag to disable the ICMP redirection. To generate log, enable Dropped ICMP Redirected Packet Logging from System Configuration Syslog

ARP Flooding This attack sends ARP requests to the server at a very high. Because of this server is overloaded with requests and will not be able to respond to the valid requests. Cyberoam protects by dropping such invalid ARP requests.

Threshold values
Cyberoam uses threshold value to detect DoS attack. Threshold value depends on various factors like: Network bandwidth Nature of traffic Capacity of servers in the network Threshold = Total number of connections/packet rate allowed to a particular user at a given time When threshold value exceeds, Cyberoam detects it as an attack and the traffic from the said source/destination is blocked till the lockdown period. Threshold is applicable to the individual source/destination i.e. requests per user/IP address and not globally to the complete network traffic. For example, if source threshold is 2500 packets/minute and the network is of 100 users then each source is allowed packet rate of 2500 packets/minute. You can define different threshold values for source and destination. Configuring high values will degrade the performance and too low values will block the regular requests. Hence, it is very important to configure appropriate values for both source and destination IP address.

Source threshold
Source threshold is the total number of connections/packet rate allowed to a particular user at a given time.

Destination threshold
Destination threshold is the total number of connections/packet rate allowed from a particular user at a given time.

How it works
When threshold is crossed, Cyberoam detects it as an attack. Cyberoam provides DoS attack protection

137

Cyberoam User Guide by dropping all the excess packets from the particular source/destination. Cyberoam will continue to drop the packets till the attack subsides. Because Cyberoam applies threshold value per IP address, traffic from the particular source/destination will only be dropped while the rest of the network traffic will not be dropped at all i.e. traffic from the remaining IP addresses will not be affected at all. Time taken to re-allow traffic from the blocked source/destination = time taken to subside the attack + 30 seconds

Configure DoS Settings

Select Firewall DoS Setting

Screen DoS Settings

Screen Elements Attack type

Description Type of Attack Click to view the real time updates on flooding. It displays the source IP address used for flooding and IP address that was targeted. Allowed Packets per minute If the packet rate exceeds the specified rate, Cyberoam considers it as an attack and for the next 30 seconds drops rest of the packets. One can call this the lockdown period as Cyberoam blocks entire traffic from the destination IP address for the next 30 seconds. The specified packet rate is applicable to individual IP address i.e. requests per user and not globally to the complete traffic. Allowed Packets per second When the packet rate exceeds the specified rate, Cyberoam considers it as a flood and for the next 30 seconds drops rest of the packets. One can call this the lockdown period as Cyberoam blocks entire traffic from the destination IP address for the next 30 seconds. The specified packet rate is applicable to individual IP address i.e. requests per user and not globally to the complete traffic. Set flag to control allowed number of packets Displays number of packets dropped from the said source

Packets Rate Source (packets/minute)

per

Burst Rate per Source (packets/second)

Apply flag Source

Packets

138

Cyberoam User Guide dropped Packets Rate Destination (packets/minute)

per

Allowed Packets per minute When the packet rate exceeds the specified rate, Cyberoam considers it as a flood and for the next 30 seconds drops rest of the packets. One can call this the lockdown period as Cyberoam blocks entire traffic from the destination IP address for the next 30 seconds. As Cyberoam applies threshold value per IP address, the traffic from rest of the IP addresses is not blocked. The specified packet rate is applicable to individual IP address i.e. requests per user and not globally to the complete traffic. Allowed Packets per second When the packet rate exceeds the specified rate, Cyberoam considers it as a flood and for the next 30 seconds drops rest of the packets. One can call this the lockdown period as Cyberoam blocks entire traffic from the destination IP address for the next 30 seconds. As Cyberoam applies threshold value per IP address, the traffic from rest of the IP addresses is not blocked. The specified packet rate is applicable to individual IP address i.e. requests per user and not globally to the complete traffic. Set flag to control allowed number of packets Displays number of packets dropped at destination Updates Packet rate Updated details will be applied only after restarting the Management services from Console Table DoS Settings screen elements

Burst Rate Destination (packets/second)

per

Apply flag Destination Packets dropped Update button

139

Cyberoam User Guide

Bypass DoS Settings

Cyberoam allows bypassing the DoS rule in case you are sure that the specified source/destination will never be used for flooding or want to ignore if flooding occurs from the specified source.

Create DoS bypass rule

Select Firewall Bypass DoS

Screen Create DoS bypass rule

Screen Elements

Description

Source and Destination Information Source Domain Source Domain name, IP address or Network on which the DoS rule is not name/IP Address to be applied Specify source information Specify * if you want to bypass the complete network Specify source port address. Specify * if you want to bypass all the ports DoS will not be applied on all the requests from the specified source IP address and port Destination Domain name or IP address on which the DoS rule is not to be applied Specify destination information Specify * if you want to bypass the complete network Specify destination port address.

Source Port

Destination Domain name/IP Address

Destination Port

140

Cyberoam User Guide Specify * if you want to bypass all the ports DoS will not be applied on all the requests from the specified destination IP address and port Network Protocol Select protocol whose traffic is to be bypassed for specified source to destination. For example, If you select TCP protocol then DoS rules will not be applied on the TCP traffic from the specified source to destination. Creates the bypass rule Table Create DoS bypass rule screen elements

Create button

Delete DoS bypass rule

Select Firewall Bypass DoS

Screen Delete DoS bypass rule

Screen Elements Select

Description Select rule for deletion Click Del to select More than one rule can also be selected Select all rules Click Select All to select all rules Deletes all the selected rules Click to delete

Select All

Delete button

Table Delete DoS bypass rule screen elements

141

Cyberoam User Guide

Reset Console Password

You can change Telnet Console password from Web based Console or Telnet Console itself. To change password from Telnet Console, refer to Cyberoam Console guide. Select System Reset Console Password

Screen - Reset Console Password

Screen Elements

Description

Reset Console Password GUI Admin Password Specify current GUI Admin password i.e. the password with which Administrator has logged on to Web Admin Console New password Specify new console password Confirm New password Type again the same password as entered in the New password field Submit button Saves new password Click Submit Table - Reset Console Password screen elements

142

Cyberoam User Guide

System Module Configuration

Enable/disable services to enhance the network performance and reduce the potential security risk. Do not enable any local services that are not in use. Any enabled services could present a potential security risk. A hacker might find a way to misuse the enabled services to access your network. By default, all the services are enabled. Cyberoam allows enabling/disabling of following services and VPN and Traffic Discovery modules: TFTP - Trivial File Transfer Protocol (TFTP) is a simple form of the File Transfer Protocol (FTP). TFTP uses the User Datagram Protocol (UDP) and provides no security features. PPTP - PPTP (Point to Point Tunneling Protocol) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a VPN tunnel using a TCP/IP based network IRC - IRC (Internet Relay Chat) is a multi-user, multi-channel chatting system based on a client-server model. Single Server links with many other servers to make up an IRC network, which transport messages from one user (client) to another. In this manner, people from all over the world can talk to each other live and simultaneously. DoS attacks are very common as it is an open network and with no control on file sharing, performance is affected. H323 - The H.323 standard provides a foundation for audio, video, and data communications across IPbased networks, including the Internet. H.323 is an umbrella recommendation from the International Telecommunications Union (ITU) that sets standards for multimedia communications over Local Area Networks (LANs) that do not provide a guaranteed Quality of Service (QoS). It enables users to participate in the same conference even though they are using different videoconferencing applications. P2P Traffic Modules - Identifies peer-to-peer (P2P) data in IP traffic. It works together with connection tracking and connection marking which helps in identifying the bigger part of all P2P packets and limit the bandwidth rate. Select Firewall System Modules and enable or disable the required service and modules.

Screen System Modules Configuration

143

Cyberoam User Guide

Manage Data
Backup data
Backup is the essential part of data protection. No matter how well you treat your system, no matter how much care you take, you cannot guarantee that your data will be safe if it exists in only one place. Backups are necessary in order to recover data from the loss due to the disk failure, accidental deletion or file corruption. There are many ways of taking backup and just as many types of media to use as well. Cyberoam provides facility of taking regular and reliable data backup. Backup consists of all the policies, logs and all other user related information. Cyberoam maintains five logs: Web surfing log This log stores the information of all the websites visited by all the users User session log Every time the user logs in, session is created. This log stores the session entries of all the users and specifies the login and logout time. Audit log This log stores the details of all the actions performed the User administrating Cyberoam. Refer to Appendix A Audit Log for more details. Virus log This log stores the details of malicious traffic requests received.

Set Backup Schedule

Select System Manage Data Set Backup Schedule

Screen Set Backup schedule

Screen Elements

Description

Backup of Data only (Does not include Logs) Backup Frequency Backup schedule. Only data backup will be taken. Select any one Daily backup will be send daily

144

Cyberoam User Guide Weekly backup will be send weekly Monthly backup will be send monthly Never backup will never be send In general, it is best to schedule backup on regular basis. Depending on how much information you add or change will help you determine the schedule Incremental Backup of Log files only (in CSV format) Backup process only copies what has changed since the last backup. This creates a much smaller backup file. Log Select the logs for backup. Backup of log files will be taken in CSV format. Available logs for backup: Web surfing, Audit Select any one Daily backup will be send daily Weekly backup will be send weekly Never backup will never be send Specifies how backup should be taken and send Select FTP backup OR Mail backup Only for FTP backup FTP server User name Password Only for Mail backup To Mail Id Save button Specify IP address of FTP server Specify User name with which user has to logon to the FTP server Specify Password Specify email address to which the backup is to be mailed Saves the configuration Table Set Backup Schedule screen elements

Backup Frequency

Set Backup Mode Backup mode

Backup Data
Select System Manage Data Backup Data

Screen Backup Data

Screen Elements Backup System Data (Does not include logs) Backup button

Description

Takes the recent backup and allows to download

145

Cyberoam User Guide

Download button Only if backup is taken previously

Click Backup data to take backup Download the backup already taken. Also displays date and time of backup Click Download to download To download follow the screen instructions

Backup Log (in CSV format) Logs Backup of selected logs will be taken Select the logs for backup: Web surfing, Audit Takes the recent backup of logs and allows to download Click Backup data to take the recent backup Download the backup of logs already taken. Also displays date and time of backup Click Download to download To download follow the screen instructions Table Backup Data screen elements

Backup button

Download button Only if backup is taken previously

Restore Data
With the help of restore facility, restore data from the backup taken. Restoring data older than the current data will lead to the loss of current data. Select System Manage Data Restore Data

Screen Restore Data screen

Screen Elements Upload Backup File to upload Browse button Upload button

Description Specify name of backup file to be uploaded Select the backup file Uploads the backup file

Table - Restore Data screen elements

Note
Restore facility is version dependant i.e. it will work only if the backup and restore versions are same

146

Cyberoam User Guide

Purge
Purging of data means periodic deletion of the data. Cyberoam provides Auto purge and Manual purge facility for deleting log records.

Configure Auto purge Utility

Select System Manage Data Configure Auto purge utility

Screen Configure Auto purge Utility screen

Screen Elements Purge Frequency Purge Web surfing logs every Save button Popup Notification Enable Alert Popup

Description Specify number of days after which web surfing log should be purged automatically Saves purging schedule configuration Enabling Popup Notification displays alert popup before purging the logs

Click to enable Save button Saves popup alert configuration Download Purged Logs Only if Logs have been Auto purged Download button Allows to download the purged log files Click to download Deletes the purged log files

Delete button

Table Configure Auto purge Utility screen elements

Note
System will preserve logs only for the specified number of days and automatically purges the logs generated there after.

Manual purge
Use manual purge to delete log records manually Select System Manage Data Purge Logs

147

Cyberoam User Guide

Screen Purge Logs screen

Screen Elements

Description

Purge Select log for purging Web surfing logs User session logs Audit logs Appliance Audit logs Till Date Select the date from Calendar till which the selected log(s) is to be purged Purge button Purges the selected log till the specified date Click Purge to purge Table - Purge Logs screen elements

Note
Auto purge option is always on

148

Cyberoam User Guide

Client Services
Client Messages
Message Management tab allows Administrator to send messages to the various users. Messages help Administrator to notify users about problems as well as Administrative alerts in areas such as access, user sessions, incorrect password, and successful log on and log off etc. Message is send to the User whenever the event occurs. Message can be up to 256 characters and send to the number of users at a time. Select System Configure Client Settings Customize Client Message

Screen Customized Client Messages screen

Screen Elements Message Key

Description Message code Click Message link to customize the message which will be received by user

Click Save to save the changes Click Cancel to cancel the current operation Message Message description Configure Usage to Alert User before Expiration Enter Remaining Alert will be displayed to all the users when the specified data transfer is Usage in remaining Remaining usage can be entered in absolute value or in percentage Specify remaining data transfer usage when all the users should receive

Data Transfer (MB)

149

Cyberoam User Guide alert. E.g. Absolute Remaining data transfer usage: 20 MB User1: Total Data transfer limit (as defined in Data transfer policy): 150 MB User2: Total Data transfer limit (as defined in Data transfer policy): 640 MB User1 will receive alert when he is left with 20 MB of data transfer i.e has done total data transfer of 130 MB User2 will receive alert when he is left with 20 MB of data transfer i.e has done total data transfer of 620 MB Percentage Remaining data transfer usage: 20% User1: Total Data transfer limit (as defined in Data transfer policy): 150 MB User2: Total Data transfer limit (as defined in Data transfer policy): 640 MB

User1 will receive alert when he is left with 30 MB (20% of 150 MB) of data transfer i.e. has done data transfer of 120 MB User2 will receive alert when he is left with 128 MB (20% of 640 MB) of data transfer i.e. has done data transfer of 512 MB Specify remaining cycle data transfer usage when all the users should receive alert. Cycle data transfer is the upper limit of total data transfer allowed to the user per cycle. User will be disconnected if the limit is reached. It is applicable the users to whom the cyclic data transfer policies are applied. E.g. Absolute Remaining cycle data transfer usage: 20 MB User1: Cycle Total Data transfer limit (as defined in Data transfer policy): 150 MB User2: Cycle Total Data transfer limit (as defined in Data transfer policy): 640 MB User1 will receive alert when he is left with 20 MB of data transfer per cycle i.e. has done data transfer of 130 MB User2 will receive alert when he is left with 20 MB of data transfer per cycle i.e. has done data transfer of 620 MB Percentage Remaining cycle data transfer usage: 20% User1: Cycle Total Data transfer limit (as defined in Data transfer policy): 150 MB User2: Cycle Total Data transfer limit (as defined in Data transfer policy): 640 MB

Cycle Data Transfer (MB)

User1 will receive alert when he is left with 30 MB (20% of 150 MB) of data transfer per cycle i.e. has done data transfer of 120 MB User2 will receive alert when he is left with 128 MB (20% of 640 MB) of data transfer per cycle i.e. has done data transfer of 512 MB Saves the data transfer alert configuration Table - Customized Client Message screen elements

Save details button

150

Cyberoam User Guide

List of Predefined messages

Messages AlertMessageWithCycleData

Description/Reason Message is sent to the user when the remaining cycle data transfer is equal to the configured value. Value can be configured from Customize Client Messages page. Refer to Client Messages for more details Message is sent to the user when the remaining data transfer is equal to the configured value. Value can be configured from Customize Client Messages page. Refer to Client Messages for more details Administrator has deactivated the User and the User will not be able to log on When the administrator disconnects the user from the live users page Message is sent if User tries to login from the IP address not assigned to him/her Message is sent when User logs off successfully Message is sent when User logs on successfully Message is sent if User has already logged in from other machine Message is sent if User has reached the maximum login limit Message is sent if User is not allowed multiple login Message is sent if User name or password are incorrect Message is sent if User is not permitted to access at this time Access Time policy applied to the User account defines the allowed access time and not allowed access at any other time. Message is sent if someone has already logged in on that particular machine Message is sent when User is disconnected because his/her allotted surfing time is exhausted The surfing time duration is the time in hours the User is allowed Internet access that is defined in Surfing time policy. If hours are exhausted, User is not allowed to access Administrator has temporarily deactivated the User and will not be able to log in because User surfing time policy has expired Message is sent if connection is requesting a public IP Address from the server that is already in use Message is sent if the maximum number of IP Addresses in the public Logon Pool at any given time has exceeded the limit Table - List of predefined messages

AlertMessageWithData

DeactiveUser DisconnectbyAdmin InvalidMachine LoggedoffsuccessfulMsg LoggedonsuccessfulMsg Loggedinfromsomewhereelse MaxLoginLimit MultipleLoginnotallowed NotAuthenticate NotCurrentlyAllowed

Someoneloggedin SurfingtimeExhausted

SurfingtimeExpired LiveIPinuse Nmpoolexceedlimit

151

Cyberoam User Guide

Client preferences
Use Client preference to specify which page to open every time user logs on to Cyberoam whether HTTP client log on page should pop up if user tries to surf without logging in port from which Web Administration Console can be accessed number of concurrent log on allowed

Select System Configure Client Settings Customize Client preferences

Screen Customized Client Preferences screen

Screen Elements

Description

Open following site after client logs on to the server URL Specify URL which is to be opened every time user logs on Leave this field blank, if you do not want to open any specific page every time user logs in Updates configuration Whenever User tries to surf without logging, page with a message Cyberoam Access Denied displayed If HTTP client pop up option is selected, User will get a HTTP Client pop up along with the Cyberoam Access Denied' page. Once User logs on successfully using the HTTP client, user will be able to surf the requested site. Updates configuration

Update button HTTP Client Pop up HTTP client

Update button

152

Cyberoam User Guide Web Admin Console Web Admin Console Port Update button Number of Logins Number of Logins Allowed OR Unlimited Login Update button

Specify Port number on which Web Admin Console is running Updates configuration Specify number of concurrent logins allowed to all the users OR Allows unlimited concurrent logins Updates configuration

Table Customized Client Preferences screen elements

Note
The preferences set are applicable to all the users by default i.e. by default, all the preferences set will be applicable when the user is created. Refer to Create User, for customizing number of concurrent logins allowed to the particular user.

153

Cyberoam User Guide

Customize Access Deny messages

Use to customize Access deny message for: all web categories individual web category all file type categories This customized message will be displayed when user tries to access the site, which is not allowed.

Screen Customize Denied message screen elements 1. Select System Configure Customize Denied Message 2. Select category for which you want to customize access deny message Select All Web categories to display the same access deny message for all the web categories. The message specified for All Web Categories becomes the default message. Select a particular category for which you want to display a different message By default, the message specified for All Web Categories is displayed. Disable Use Default Message, if you want to display a different message for a particular category and modify the message Select All File type category to customize the access deny message for all the file type categories 3. In Denied Message, modify the message contents 4. Click Update to save if any changes are made

154

Cyberoam User Guide

Upload Corporate logo

Use to display your companys logo in all the messages displayed to the user.

1. Select System Configure Customize Denied Message 2. In Top Bar, specify the image to be displayed at the top of the message page. 3. In the Bottom Bar, specify the image to be displayed at the bottom of the message page 4. Click Upload

Note
Dimension of Image should be 700 * 80 and jpg file only

155

Cyberoam User Guide

Customize Login message

Use to customize login page messages and client login links provided on login page.

1. Select System Configure Customize Login Message 2. Under Client Login Links, select Login Clients that you want to be displayed on Login page. In the login page, download links are provided so that user can download the required login client. If you do not want user to download a particular login client, deselect the link In the Login message box, specify the message to be displayed. You can further customize the message by using clientip address, category and URL 3. Enable Blink Message to display blinking message 4. Before saving the configuration, click Preview and see how message will be displayed to the user 5. Click Save to save the configuration

Disable Warning messages

Alert messages displayed on the Dashboard Alert Messages section can be enabled or disabled as per the need. By default, all the messages are enabled. Messages can be enabled/disabled from System Configure Warning Messaging - indicates that alert is disabled - indicates that alert is enabled

156

Cyberoam User Guide

HTTP Client Login page template

Cyberoam provides flexibility to customize the HTTP Client Login page. This page can include your organization name and logo. Cyberoam has included a fully integrated Template Editor to design the page. It supports numerous placement and arrangement options for each field and a provision to add a personalized message or inserting logo or any other image. Cyberoam also supports customized page in languages other then English. Cyberoam provides a default template that can be modified to customize the HTTP Client login page.

157

Cyberoam User Guide

158

Cyberoam User Guide

HTTP Proxy Management

Cyberoam can also act as a HTTP proxy server and enable access to the HTTP proxy services from the local ACL section. You can configure Cyberoam's LAN IP address as a proxy server IP address in your browser settings.

Note
HTTP proxy will enforce the Internet Access Policy and Anti Virus policy as configured in the User and the Firewall policy. IDP policy will be applicable on the traffic between proxy and the WAN, but not between the user and the proxy. Bandwidth policy will not be applicable on the direct proxy traffic.

Manage HTTP Proxy

Select System HTTP Proxy Manage HTTP Proxy

Screen - Manage HTTP Proxy

Screen Elements Server Status Start button Only if Current Status is Stopped Stop button Only if Current Status is Running Restart button

Description Displays current status of Proxy server Click to start Proxy server Click to stop Proxy server Click to restart Proxy server

Table - Manage HTTP Proxy screen elements

159

Cyberoam User Guide

Configure HTTP Proxy

Use to configure http proxy port configure trusted ports Select System HTTP Proxy Configure HTTP Proxy

Screen - Configure HTTP Proxy

Screen Elements

Description

HTTP Proxy Port Setting HTTP Proxy port Specify proxy port to be used Save button Click to save the port setting Parent Proxy Setting Enable Parent Proxy If enabled all the HTTP requests will be sent to HTTP Proxy Server via Cyberoam. One needs to configure Parent Proxy when the HTTP traffic is blocked by the upstream Gateway. Click to enable Specify IP address of Parent proxy

IP address

160

Cyberoam User Guide HTTP Proxy Port Specify parent proxy port Save button Click to save the setting HTTP Proxy Trusted Ports Setting Cyberoam allows the access to those sites that are hosted on standard port only if deployed as HTTP proxy. To allow access to the sites hosted on the non-standard ports, you have to define non-standard ports as trusted ports. You can define individual port or range of ports for http and https protocols. Click Add to define non-standard ports Pharming Protection Configuration Enable Pharming Pharming attacks require no additional action from the user from Protection their regular web surfing activities. Pharming attack succeeds by redirecting the users from legitimate web sites instead of similar fraudulent web sites that has been created to look like the legitimate site. Enable to protect against pharming attacks and direct users to the legitimate web sites instead of fraudulent web sites. Click to enable/disable Click to save the port setting Table - Configure HTTP Proxy screen elements

Save button

Set Default Internet Access Policy

Go to System HTTP Proxy Default Policy to specify default internet access policy when Cyberoam is being used as HTTP Proxy

161

Cyberoam User Guide

Manage Servers
Use Services tab to Start/Stop and Enable/Disable Autostart various configured servers. According to the requirement, one can Start, Stop, Enable or Disable the services. Types of the servers available: DHCP Domain Name Server Cyberoam server Proxy servers HTTP, SMTP, POP3, IMAP, FTP Select System Manage Services

Screen - Manage Services

Screen Elements Service name Status

Description Name of the server Status of the respective server Running if server is on Stopped if server is off Starts or stops the respective servers Enables or disables Autostart Refer to Action table for details

Commands

Table - Manage Control Service screen elements Action table Button Start Stop Enable Autostart Disable Autostart Restart Usage Starts the Server whose status is Stopped Stops the server whose status is Started Automatically starts the configured server with the startup of Cyberoam Disables the Autostart process Restarts Cyberoam All the servers with Enable Autostart will restart Shuts down Cyberoam server and all the servers will be stopped Table - Manage Control Service Action

Shutdown

162

Cyberoam User Guide

Monitoring Bandwidth Usage

Bandwidth is the amount of data passing through a media over a period. In other words, it is the amount of data accessed by the Users. Each time the data is accessed uploaded or downloaded, the amount is added to the total bandwidth. Because of the limited resource, it needs periodic monitoring. Bandwidth usage graphical report allows Administrator to monitor the amount of data uploaded or downloaded by the Users. Administrator can use this information to help determine: Whether to increase or decrease the bandwidth limit? Whether all the gateways are utilized optimally? Which gateway is underutilized? What type of traffic is consuming the majority of the Bandwidth? Which inbound/ outbound traffic has consumed the most Bandwidth in the last week/month? Select System View Bandwidth usage

Screen View Bandwidth Usage

Screen Elements Bandwidth report Graph type

Description Generates graph Select any one Gateway wise Displays list of Gateways defined, click the Gateway whose data transfer report is to be generated Logon Pool wise Displays list of Logon Pools defined, click the Logon Pool whose data transfer report is to be generated Total Generates total (all gateways and Logon Pools) data transfer report. Also generates Live user report Gatewaywise breakup - Generates total (all gateways) data transfer report. Generates graph based on time interval selected Click Graph period to select Table - Bandwidth usage screen elements

Graph period

163

Cyberoam User Guide

It generates eight types of graphical reports: 1. Live users - Graph shows time and live users connected to Internet. In addition, shows minimum, maximum and average no. of users connected during the selected graph period. This will help in knowing the peak hour of the day. X axis Hours Y axis No. of users Peak hour Maximum no. of live users

Screen - Bandwidth usage - Live Users graph

2. Total data transfer Graph shows total data transfer (upload + download) during the day. In addition, shows minimum, maximum and average data transfer. X axis Hours Y-axis Total data transfer (upload + download) in KB/Second

Maximum data transfer

Minimum data

Screen - Bandwidth usage - Total Data transfer graph

164

Cyberoam User Guide

3. Composite data transfer Combined graph of Upload & Download data transfer. Colors differentiate upload & download data traffic. In addition, shows the minimum, maximum and average data transfer for upload & download individually X axis Hours Y-axis Upload + Download in Bits/Second Orange Color - Upload traffic Blue Color Download traffic

Screen - Bandwidth usage - Composite Data transfer graph 4. Download data transfer Graph shows only download traffic during the day. In addition, shows the minimum, maximum and average download data transfer. X axis Hours Y-axis Download data transfer in Bits/Second

Screen - Bandwidth usage - Download Data transfer graph

165

Cyberoam User Guide

5. Upload data transfer - Graph shows only upload traffic during the day. In addition, shows minimum, maximum and average upload data transfer. X axis Hours Y-axis Upload data transfer in Bits/Second

Screen - Bandwidth usage - Upload Data transfer graph 6. Integrated total data transfer for all Gateways Combined graph of total (Upload + Download) data transfer for all the gateways. Colors differentiate gateways. In addition, shows the minimum, maximum and average data transfer of individual gateway X axis Hours Y-axis Total (Upload + Download) data transfer in Bits/Second Orange Color Gateway1 Blue Color Gateway2

166

Cyberoam User Guide

7. Integrated Download data transfer of all Gateways Graph shows only the download traffic of all the gateways during the day. In addition, shows the minimum, maximum and average download data transfer. X axis Hours Y-axis Download data transfer in Bits/Second Orange Color Gateway1 Blue Color Gateway2

8. Integrated Upload data transfer for all the Gateways - Graph shows only the upload traffic of all the gateways during the day. In addition, shows minimum, maximum and average upload data transfer. X axis Hours Y-axis Upload data transfer in Bits/Second Orange Color Gateway1 Blue Color Gateway2

167

Cyberoam User Guide

Migrate Users
Cyberoam provides a facility to migrate the existing users from PDC or LDAP server. Alternately, you can also import user definition from an external file (CSV format file). If you do not want to migrate users, configure for Automatic User creation. This reduces Administrators burden of creating the same users again in Cyberoam.

Migration from PDC server

All the migrated users will be created under Group type Normal and default policies will be applied. Administrator can change the assigned group or status at the time of migration or later. After migration, Username will be set as password in Cyberoam. Select User Migrate Users to open migration page

Step 1: Click Download User Migration Utility link

Screen - Download User Migration Utility Step 2: Opens the File Download window and prompts to run or save the utility. Select the appropriate option and click OK button

Screen - Save User Migration Utility Step 3: Opens a new browser window and prompts for the login. Provide the administrator username and
168

Cyberoam User Guide password. E.g. Username: cyberoam and password: cyber Step 4: On successful authentication, following screen will be shown. Upload the specified file.

Screen Upload downloaded User Migration Utility Step 5: Change the group or status of the user at this stage, if required. To migrate all the users, click Select All or select the individual users and click Migrate Users.

Note
After migration, for Cyberoam login password will be same as the username

Once the users are migrated, configure for single sign on login utility.The configuration is required to be done on the Cyberoam server.

Migration from External file

Instead of creating user again in Cyberoam, if you already have User details in a CSV file then you can upload CSV file. CSV file should be in the following format: 1. Header (first) row should contain field names. Format of header row: Compulsory first field: username Optional fields in any order: password, name, groupname 2. Subsequent rows should contain values corresponding to the each field in header row 3. Number of fields in each row should be same as in the header row 4. Error will be displayed if data is not provided for any field specified in the header 5. Blank rows will be ignored 6. If password field is not included in the header row then it will set same as username 7. If name field is not included in the header row then it will set same as username 8. If groupname is not included in the header row, administrator will be able to configure group at the time of migration Step 1 Upload CSV file Select System Migrate User to open migration page

169

Cyberoam User Guide

Screen Upload CVS file Step 2 Change Group or Active status of user at this stage, if required. To migrate all the users, click Select All or select the individual users and click Migrate Users.

Screen - Register migrated users from External file If migration is successful, Manage Active User page will be displayed with all the migrated users as Active users.

170

Cyberoam User Guide

Customization
Schedule

Schedule defines a time schedule for applying firewall rule or Internet Access policy i.e. used to control when firewall rules or Internet Access policies are active or inactive. Types of Schedules: Recurring use to create policies that are effective only at the specified times of the day or on specified days of the week. One-time - use to create firewall rules/policies that are effective once for the period of time specified in the schedule.

Define Schedule
Select Firewall Schedule Define Schedule to open define schedule page

Screen - Define One Time Schedule

Screen Elements Schedule details Name Schedule Type

Description Specify schedule name. Choose a name that best describes schedule Specify type of schedule Recurring applied at specified times of the day or on specified days of the week One time applied only once for the period of time specified in the schedule Defines start and stop time for the schedule Start & stop time cannot be same Specify full description of schedule Creates schedule Refer to Add Schedule Entry details to add time details Table - Define Schedule screen elements

Start time & Stop time (only if Schedule Type is One Time) Description Create button

PART

171

Cyberoam User Guide

Add Schedule Entry details

Select Firewall Schedule Manage Schedule to view the list of schedule and click the Schedule name in which the schedule entry details is to be added.

Screen Add Schedule Entry details

Screen Elements Schedule Entry Weekday Start time & Stop time

Description Select weekday Defines the access hours/duration Start & stop time cannot be same Attaches the schedule details for the selected weekday to the schedule Cancels the current operation

Add Schedule button Cancel button

detail

Table Add Schedule Entry details screen elements

172

Cyberoam User Guide

Manage Schedule
Use to modify: Schedule Name Description Add Schedule Entry details Delete Schedule Entry details Select Firewall Schedule Manage Schedule and click Schedule name to be updated

Screen - Manage Schedule

Screen Elements Schedule details Schedule name Schedule description Schedule Entry Add button

Description Displays schedule name, modify if required Displays schedule description, modify if required Allows to add the schedule entry details Refer to Add Schedule Entry details for more details Allows to delete the schedule entry details Refer to Delete Schedule Entry details for more details Saves schedule Cancels the current operation and returns to Manage Schedule page Table - Manage Schedule screen elements

Delete button

Save button Cancel button

173

Cyberoam User Guide

Delete Schedule Entry details

Screen Delete Schedule Entry details

Screen Elements Del

Description Select Schedule Entry detail to be deleted Click Del to select Schedule Entry details More than one Schedule Entry details can also be selected Selects all the Schedule Entry details Click Select All to select all the Schedule Entry details Deletes the selected Schedule Entry detail(s)

Select All

Delete button

Table - Delete Schedule Entry details screen elements

Delete Schedule
Select Firewall Schedule Manage Schedule to view the list of Schedules

Screen - Delete Schedule

Screen Elements Del

Description Select schedule to be deleted Click Del to select schedule More than one schedule can also be selected Selects all the schedules Click Select All to select all the schedules Deletes the selected schedule(s)

Select All

Delete button

Table - Delete Schedule screen elements

174

Cyberoam User Guide

Services
Services represent types of Internet data transmitted via particular protocols or applications. Protect your network by configuring firewall rules to block services for specific zone limit some or all users from accessing certain services allow only specific user to communicate using specific service Cyberoam provides several standard services and allows creating: Customized service definitions Firewall rule for customized service definitions

Define Custom Service

Select Firewall Services Create to open the create page

Screen - Define Custom Service

Screen Elements Create Service Service Name Select Protocol

Description Specify service name Select the type of protocol For IP - Select Protocol No. For TCP - Specify Source and Destination port For UDP - Specify Source and Destination port For ICMP Select ICMP Type and Code Specify service description Creates a new service Cancels the current operation and returns Manage Service

Description Create button Cancel button

Table Define Custom Service screen elements

175

Cyberoam User Guide

Manage Custom Service

Use to modify: Description Add Protocol details Delete Protocol details Select Firewall modified Services Manage to view the list of custom services. Click service to be

Screen - Update Custom Service

Screen Elements Custom Service Service Name Description Protocol Details Add button

Description Displays service name Displays description, modify if required Allows to add protocol details Click to add Select protocol For IP - Select Protocol No. For TCP - Specify Source and Destination port For UDP - Specify Source and Destination port For ICMP Select ICMP Type and Code Click Add Allows to delete protocol details Click to delete against the protocol details to be deleted Click Delete Updates the modified details Cancels the current operation

Delete button

Save button Cancel button

Table - Update Custom Service screen elements

176

Cyberoam User Guide

Delete Custom Service

Select Firewall services Manage to view the list of services.

Screen - Delete Custom Service

177

Cyberoam User Guide Screen Elements Del Description Select the Service for deletion More than one services can be selected Click to select Allows to select all the services for deletion Click to select Deletes all the selected service(s) Click to delete Table - Delete Custom Service screen elements

Select All

Delete button

Note
Default Services cannot be deleted

178

Cyberoam User Guide

Create Service Group

Service Group is the grouping of services. Custom and default services can be grouped in a single group. Use to configure firewall rules to block group of services for specific zone limit some or all users from accessing group of services allow only specific user to communicate using group of service Select Firewall Service Group Create to open the create page

Screen Create Service Group screen

Screen Elements Create Service Group Service Group Name Select Service

Description Specify service group name Select the services to be grouped. Available Services column displays the services that can be grouped Using arrow buttons to move services between the lists Member Services column displays the services that will be grouped Specify group description Creates a new service group Cancels the current operation and returns Manage Service Group page Table Create Service Group screen elements

Description Create button Cancel button

179

Cyberoam User Guide

Update Service Group

Select Firewall be modified Service Group Manage to view the list of groups created. Click the group to

Screen Edit Service Group

Screen Elements Edit Service Group Service Group Name Select Service

Description Displays service group name Displays grouped services Available Services column displays the services that can be grouped Using arrow buttons to move services between the lists Member Services column displays the services that will be grouped Displays group description, modify if required Saves the modified details Cancels the current operation and returns Manage Service Group page Table Edit Service Group screen elements

Description Save button Cancel button

180

Cyberoam User Guide

Delete Service Group

Select Firewall Service Group Manage to view the list of groups created.

Screen Delete Service Group

Screen Elements Del

Description Select the group for deletion More than one groups can be selected Click to select Allows to select all the groups for deletion Click to select Deletes all the selected group(s) Click to delete Table Delete Service Group

Select All

Delete button

181

Cyberoam User Guide

Categories
Cyberoams content filtering capabilities prevent Internet users from accessing non-productive or objectionable websites that take valuable system resources from your network at the same time prevents hackers and viruses that can gain access to your network through their Internet connections. Cyberoam lets you prevent Internet users from accessing URLs that contain content the company finds objectionable. Cyberoams Categories Database contains categories covering Web page subject matter as diverse as adult material, astrology, games, job search, and weapons. It is organized into general categories, many of which contain collections of related Internet sites with specific content focus. In other words, database is a collection of site/host names that are assigned a category based on the major theme or content of the site. Categories Database consists of three types: Web category Grouping of Domains and Keywords. Default web categories are available for use only if Web and Application Filter subscription module is registered. File Type category Grouping of File extensions Application protocol Grouping of protocols. Standard protocol definitions are available for use only if Web and Application Filter subscription module is registered. Apart from the default categories provided by Cyberoam, custom category can also be created if required. Creating custom category gives increased flexibility in managing Internet access for your organization. After creating a new category, it must be added to a policy so that Cyberoam knows when to enforce it and for which groups/users.

182

Cyberoam User Guide

Web Category
Web category is the grouping of Domains and Keywords used for Internet site filtering. Domains and any URL containing the keywords defined in the Web category will be blocked. Each category is grouped according to the type of sites. Categories are grouped into four types and specify whether accessing sites specified those categories are considered as productive or not: Neutral Productive Non-working Un-healthy For your convenience, Cyberoam provides a database of default Web categories. You can use these or even create new web categories to suit your needs. To use the default web categories, the subscription module Web and Application Filter should be registered. Depending on the organization requirement, allow or deny access to the categories with the help of policies by groups, individual user, time of day, and many other criteria. Custom web category is given priority over default category while allowing/restricting the access.

Search URL
Use Search URL to search whether the URL is categorized or not. It searches the specified URL and displays Category name under which the URL is categorized and category description. When a custom category is created with a domain/URL which is already categorized in default category then the custom category overrides the default category and the search result displays custom category name and not the default category name. Select Categories Web Category Search URL

Screen Search URL

183

Cyberoam User Guide

Manage Default Web Category

Default Web categories are available for use only if Web and Application Filter subscription module is registered. Database of web categories is constantly updated by Cyberoam. If the module is not registered, page is displayed with the message Web and Application Filter module is not registered. See Register Add on Modules for registering Web and Application Filter module. Module can also be registered as Demo version if you have yet not purchased but will expire after 15 days of registration. Once the module is registered, the default categories can be used in Internet Access for filtering. Select Categories Web Category Manage Default to view list of default Web Categories

Screen - Manage Default Web Category

Note
Default Web categories cannot be modified or deleted. Custom web category is given the priority over the default category while allowing/restricting access.

184

Cyberoam User Guide

Create Custom Web category

Select Categories Web Category Create Custom to open create page

Screen - Create Custom Web Category

Screen Elements

Description

Create Custom Web Category Name Specify Web category name Description Specify full description Category type Categories are grouped into four types and specifies whether accessing sites specified in those categories is considered as Neutral, Productive, Non-working or Un-healthy Select category type Create button Creates a new custom Web Category. Web Category configuration is incomplete until domain names or keywords are attached Domain Management

185

Cyberoam User Guide Add button Use to define domains for the web category. Depending on the users Internet access policy, accessing specified domain(s) will be allowed or denied. Click to add Refer to Add Domain(s) for more details Keywords Management Add button Use to define keywords for the web category. Depending on the users Internet access policy, accessing sites with the specified keyword(s) will be allowed or denied. Click to add Refer to Add Keyword(s) for details Saves the web category Cancels the current operation and returns to View Web Category page Table - Create Web Category screen elements

Update button Cancel button

Note
Custom category name cannot be same as default category name.

Add Domain

Screen - Add Domain

Screen Elements

Description

Domains Management Domains Specify domains for the category. Depending upon the Internet access policy and schedule strategy any site falling under the specified domain will be allowed or blocked access. Add Domain button Assigns domains to the web category Cancel button Cancels the current operation Table - Add Domain screen elements

Note
Domains can be added at the time of creation of web category or whenever required.

186

Cyberoam User Guide

Add Keyword

Screen - Add keyword

Screen Elements

Description

Keywords Management Keywords Specify domains for the category. Depending on the Internet access policy and schedule strategy any site falling under the specified domain will be allowed or blocked access Add button Assigns keywords to the Web Category Cancel button Cancels the current operation Table - Add keyword screen elements

Note
Keywords can be added at the time of creation of web category or whenever required.

187

Cyberoam User Guide

Manage Custom Web Category

Use to modify: Description Add and delete Domains Add and delete Keywords Select Categories Web Category click Web Category to be modified Manage Custom to view the list of Web categories and

Screen - Manage Custom Web category

Screen Elements

Description

Update Custom Web Category Name Displays name of the web category, modify if required Description Displays description of the Category Category type Categories are grouped into four types and specifies whether accessing sites specified in those categories is considered as Neutral, Productive, Non-working or Un-healthy Select category type Domain Management Add button Allows to add domain name(s) to the web category Click to add Refer to Add Domains for details Allows to remove domain name(s) from the web category Click to remove

Delete button

188

Cyberoam User Guide Refer to Delete Domains for details Keywords Management Add button Allows to add keyword(s) to the web category Click to add Refer to Add Keywords for details Allows to remove keywords from the web category Click to remove Refer to Delete Keywords for details Modifies and saves the updated details Click to Update Cancels the current operation and returns to the Manage Custom Web Category page Table - Update Custom Web category screen elements
Delete Domain

Delete button

Update button

Cancel button

Screen Delete Domain

Screen Elements Select Select All button

Description Click all the domains required to be removed Allows to select all the domains for deletion Click Select All to select all domains Remove(s) domains from the web category Click to remove

Delete button

Table Delete Domain screen elements

189

Cyberoam User Guide

Delete Keyword

Screen - Delete keyword

Screen Elements Select Select All button

Description Click all the keywords required to be removed Allows to select all the keywords for deletion Click Select All to select all keywords Remove(s) keywords from the web category Click to remove Table - Delete keywords screen elements

Delete button

Delete Web Category

Prerequisite Not attached to any Policy Select Categories Web Category Manage Custom to view the list of Web Categories.

Screen - Delete Custom Web Category

Screen Elements Del

Description Select web category to be deleted More than one web category can be selected Click to select Allows to select all the web categories for deletion Click to select Deletes all the selected web categories Click to delete

Select All

Delete button

Table - Delete Custom Web Category screen elements

190

Cyberoam User Guide

File Type Category

File type is a grouping of file extensions. Cyberoam allows filtering Internet content based on file extension. For example, you can restrict access to particular types of files from sites within an otherwisepermitted category. For your convenience, Cyberoam provides several default File Types categories. You can use these or even create new categories to suit your needs. Depending on the organization requirement, allow or deny access to the categories with the help of policies by groups, individual user, time of day, and many other criteria.

Manage Default File Type Category

Cyberoam provides five default File Type categories that cannot be modified or deleted. Select Categories File Type Category Manage Default to view the list of default File Type Categories. Click the Category to view extensions included in the Category.

Screen Manage Custom File Type Category

191

Cyberoam User Guide

Create Custom File Type Category

Select Categories File Type Category Create Custom to open the create page

Screen - Create Custom File Type Category

Screen Elements

Description

Custom File Type details Name Assign name to File Type Category File Extensions Specify file extensions to be included in the File Type Category Extensions defined here will be blocked or filtered Specify full description Creates a new File Type Category Cancels the current operation and returns to Manage Custom File Type Category page

Description Create button Cancel button

Table - Create Custom File Type screen elements

Manage Custom File Type Category

Select Categories File Type Category Manage Custom to view the list of File Type Categories and click File Type Category to be modified.

Screen - Manage Custom File Type Category

192

Cyberoam User Guide

Screen Elements

Description

Update Custom File Type Category Name Displays name of the File Type Category, modify if necessary File Extensions Displays file extension(s) added to the Category, modify if required Description Displays description of Category Update button Modifies and saves the updated details Click to Update Cancels the current operation and returns to the Manage Custom File Type Category page Screen - Manage Custom File Type Category

Cancel button

Delete Custom File Type Category

Prerequisite Not attached to any Policy Select Categories Categories created File Type Category Manage Custom to view the list of File Type

Screen - Delete Custom File Type Category

Screen Elements Del Select All button

Description Click all the File Types required to be deleted Allows to select all the File Types for deletion Click Select All to select all File Types Delete(s) the File Type Category Click to delete

Delete button

Table - Delete Custom File Type screen elements

193

Cyberoam User Guide

Application Protocol Category

Application Protocol Category is the grouping of Application Protocols used for filtering Internet content. You can also filter Internet requests based on protocols or applications other than HTTP, HTTPS or FTP, for example those used for instant messaging, file sharing, file transfer, mail, and various other network operations. For your convenience, Cyberoam provides a database of default Application Protocol categories. To use the default Application Protocol categories, the subscription module Web and Application Filter should be registered. You can also create: Customized Application protocol category, if required Firewall rule based on customized Application protocol category

Manage Default Application Protocol Category

Default Application protocol categories are available for use only if Web and Application Filter subscription module is registered. Database of protocol category is constantly updated by Cyberoam. If the module is not registered, page is displayed with the message Web and Application Filter module is not registered. Once the module is registered, the default protocol categories can be used in Internet Access for filtering. Default Application protocol category cannot be modified or deleted. Select Categories Application Protocol Category default Application protocols Categories Manage Default to view the list of

Screen - Manage Default Application Protocol Category

194

Cyberoam User Guide

Create Custom Application Protocol Category

Select Categories page Application Protocol Category Create Custom to open the create

Screen - Create Custom Application Protocol Category

Screen Elements

Description

Custom Application Protocol Category Name Specify name to Application Protocol Category. Custom category and default category cannot have same names. Description Specify full description Create button Creates a new custom Application Protocol Category Application Protocol details Add button Use to assign application protocols to Category for blocking. Select application protocol you want to include in a Category. Cyberoam gives access to the Category based on the Schedule. Allows to add application protocol(s) to Category Click to add Refer to Add Custom Application Protocol details for more details Saves Application Protocol Category Cancels the current operation and returns to View Custom Application Protocol Category page

Update button Cancel button

Table Create Custom Application Category screen elements

195

Cyberoam User Guide

Add Custom Application Protocol Details

Screen Add Custom Application Protocol Category details

Screen Elements

Description

Custom Application Protocol details Application Select Application Protocols that are to be grouped in the Category. Custom and Default both can be grouped in a single Application Protocol Category Specify destination IP Address Groups the application protocols in the Category Cancels the current operation

Destination Address Add button Cancel button

IP

Table Add Custom Application Protocol Category details

Manage Custom Application Protocol Category

Use to modify: Description Add Application Protocol details Delete Application Protocol details Select Categories Application Protocol Category Manage Custom to view the list of custom Application Protocol Categories. Click Application Protocol Category to be modified.

196

Cyberoam User Guide

Screen Manage Custom Application Protocol Category

Screen Elements

Description

Update Custom Application Protocol Category Name Displays name of Application Protocol Category, modify if necessary Description Displays description of the Category Application Protocol Details Add button Allows to add Application Protocol(s) to Category Click to add Refer to Add Custom Application Protocols for details Allows to remove Application Protocol(s) from Category Click to remove Refer to Delete Custom Application Protocol for details Modifies and saves the updated details Click to Update Cancels the current operation and returns to the Manage Custom Application Protocol Category page

Delete button

Update button

Cancel button

Table Manage Custom Application Protocol Category screen elements

Delete Custom Application Protocol Category details

Screen Delete Application Protocol Category details

197

Cyberoam User Guide

Screen Elements Del Select All button

Description Click Application Protocol(s) required to be deleted Allows to select all Application Protocol(s) for deletion Click Select All to select all Application Protocol(s) Delete(s) Application Protocol(s) Click to delete

Delete button

Table Delete Application Protocol Category screen elements

Delete Custom Application Protocol Category

Prerequisite Not attached to any Policy Select Categories Application Protocol Category Application Protocol Categories created Manage Custom to view the list of

Screen - Delete Custom Application Protocol Category

Screen Elements Del

Description Select Category to be deleted More than one Category can be selected Click to select Allows to select all the Categories for deletion Click to select Deletes all the selected Categories Click to delete

Select All

Delete button

Table - Delete Custom Application Protocol Category screen elements

198

Cyberoam User Guide

Access Control
Use Local ACLs to limit the Administrative access to the following Cyberoam services from LAN/WAN/DMZ: Admin Services Authentication Services Proxy Services Network Services Default Access Control configuration When Cyberoam is connected and powered up for the first time, it will have a default Access configuration as specified below: Admin Services HTTPS (TCP port 443) and SSH (TCP port 22) services will be open for administrative functions for LAN zone Authentication Services Cyberoam (UDP port 6060) and HTTP Authentication (TCP port 8090) will be open for User Authentication Services for LAN zone. User Authentication Services are not required for any of the Administrative functions but required to apply user based internet surfing, bandwidth and data transfer restrictions. Customize Access Control configuration Use access control to limit the access to Cyberoam for administrative purposes from the specific authenticated/trusted networks only. You can also limit access to administrative services within the specific authenticated/trusted network. Select Firewall Local ACL

Screen Access Configuration

199

Cyberoam User Guide Screen Elements Description

Admin Services Enable/disable access to Cyberoam using following service from the specified zone and network: HTTP HTTPS Telnet Authentication Services Enable/disable following service from the specified zone and network: Cyberoam HTTP Proxy Services Enable/disable HTTP service from the specified zone and network Network Services Enable/disable following service from the specified zone and network: DNS ICMP Update button Add button Saves configuration Allows to add the trusted networks from which the above specified services will be allowed/disallowed Click Add to add network details Specify Network IP address and Zone Click Add Table Access Configuration screen elements

200

Cyberoam User Guide

Syslog Configuration
Syslog is an industry standard protocol/method for collecting and forwarding messages from devices to a server running a syslog daemon usually via UDP Port 514. The syslog is a remote computer running a syslog server. Logging to a central syslog server helps in aggregation of logs and alerts. Cyberoam appliance can also send a detailed log to an external Syslog server in addition to the standard event log. The Cyberoam Syslog support requires an external server running a Syslog daemon on any of the UDP Port. The Cyberoam captures all log activity and includes every connection source and destination IP address, IP service, and number of bytes transferred. A SYSLOG service simply accepts messages, and stores them in files or prints. This form of logging is the best as it provides a Central logging facility and a protected long-term storage for logs. This is useful both in routine troubleshooting and in incident handling. Select System Syslog Configuration

Screen Syslog Configuration

Screen Elements Syslog Configuration Syslog Configuration Syslog Server

Description Click to enable syslog service Specify IP address of the syslog server. Messages from the Cyberoam will be sent to the server. Default: 192.168.1.254 Specify the port number for communication with the syslog server. Default: 514

Syslog Port

201

Cyberoam User Guide Syslog Facility Select facility to be used. Cyberoam supports following facilities for log messages received from remote servers and network devices. DAEMON - Daemon logs (Information of Services running in Cyberoam as daemon) KERN Kernel log LOCAL0 LOCAL7 Log level USER - Logging on the basis of users who are connected to Server Specify the level of the messages logged. Cyberoam logs all messages at and above the logging severity level you select. EMERGENCY - System is not usable ALERT - Action must be taken immediately CRITICAL - Critical condition ERROR - Error condition WARNING - Warning condition NOTICE - Normal but significant condition INFORMATION - Informational DEBUG Debug - level messages Click to save the configuration

Syslog Level

Update button

Log configuration
Cyberoam can log many different network activities and traffic including: DoS Attack traffic Invalid traffic Firewall traffic Local ACL traffic Dropped Source Routed packets Dropped ICMP Redirected packets IDP reports Traffic Discovery reports Cyberoam can either store logs locally or send logs to external syslog server for storage and archival purposes. IDP reports can be stored locally or can be send to syslog server also while Traffic Discovery logs can be stored locally only. To record logs you must enable the respective log and specify logging location. Administrator can choose between on-appliance logging, Syslog logging or disabling logging temporarily. Once you add the server, configure logs to be send to the syslog sever System Logging Log configuration page. Cyberoam logs many different network activities and traffic including: DoS attack Log The DoS Attack Log records attacks detected and prevented by the Cyberoam i.e. dropped TCP, UDP and ICMP packets.

202

Cyberoam User Guide

To generate log, go to Firewall Denial of Service DoS Settings and click Apply Flag against SYN Flood, UDP flood, TCP flood, and ICMP flood individually Invalid Traffic Log Log records the dropped traffic that does not follow the protocol standards, invalid fragmented traffic and traffic whose packets Cyberoam is not able to relate to any connection. Firewall traffic Log records the traffic, both permitted and denied by the firewall rule. To generate firewall rule logs, enable logging from Network Logging Management (Telnet Console). Local ACL Log Log records the entire (allowed and dropped) incoming traffic and traffic for the firewall Dropped Source Routed Packet Log Log records all the dropped source routed packets. To generate log, go to Firewall Denial of Service DoS Settings and click Apply Flag against Drop Source Routed Packets Dropped ICMP Redirected Packet Log Log records all the dropped ICMP redirect packets. To generate log, go to Firewall Denial of Service DoS Settings and click Apply Flag against Disable ICMP redirect Packets' Dropped Fragmented traffic Log records the dropped fragmented traffic IDP reports Logs detected and dropped attacks based on unknown or suspicious patterns (anomaly) and signatures Traffic Discovery reports Cyberoam generates various traffic discovery reports which include user specific and organization specific traffic reports. You can view reports from Reports Traffic Discovery

203

Cyberoam User Guide

Product Licensing & Updates

Product Version information
Click Cyberoam icon (on the rightmost corner of the screen) to get the version and appliance key information.

Screen About Cyberoam

204

Cyberoam User Guide

Upgrade Cyberoam
Cyberoam provides two types of upgrades: Automatic Correction to any critical software errors, performance improvement or changes in system behavior leads to automatic upgrade of Cyberoam without manual intervention or notification. Manual Manual upgrades requires human intervention.

Automatic Upgrade
By default, AutoUpgrade mode is ON. It is possible to disable the automatic upgrades. Follow the procedure to disable the AutoUpgrade mode: 1. Log on to Telnet Console 2. Go to option 4 Cyberoam Console

3. At the prompt, type the command, cyberoam autoupgrade off

Manual Upgrade Step 1. Check for Upgrades

Press F10 to go to Dashboard from any of the screens. Under the Installation Information section, click Check for Upgrades

205

Cyberoam User Guide

Page displays the list of available upgrades and the upgrade details like release date and size. Order specifies the sequence in which Cyberoam should be upgraded.

Step 2. Download Upgrade

Click Download against the version to be downloaded and follow the on screen instructions to save the upgrade file.

Step 3. Upload downloaded version to Cyberoam

Select Help Upload Upgrade

Type the file name with full path or select using Browse and click Upload

206

Cyberoam User Guide

Screen - Upload Upgrade version

Step 4. Upgrade
Once the upgrade file is uploaded successfully, log on to Console to upgrade the version. Log on to Cyberoam Telnet Console. Type 6 to upgrade from the Main menu and follow the on-screen instructions. Successful message will displayed if upgraded successfully.

Repeat above steps if more than one upgrade is available. If more than one upgrade is available, please upgrade in the same sequence as displayed on the Available Upgrades page.

207

Cyberoam User Guide

Download
Clients
Cyberoam Client supports Users using following platforms: Windows Enables Users using Windows Operating System to log-on to Cyberoam Server Linux Enables Users using Linux Operating System to log-on to Cyberoam server HTTP Enables Users using any other Operating System than Windows & Linux to log-on to Cyberoam Server Single Sign on Client Enables Windows-migrated Users to log on to Cyberoam using Windows Username and password. Single Sign on Client Auto Setup Download the setup. Guides Opens the Cyberoam Documentation site (http://docs.cyberoam.com) and download or view complete documentation set available for all the versions. Depending on the requirement, download the Cyberoam Client from Help Downloads

Screen Download Clients

208

Cyberoam User Guide

Appendix A Audit Log

Audit logs are an important part of any secure system that provides an invaluable view into the current and past state of almost any type of complex system, and they need to be carefully designed in order to give a faithful representation of system activity. Cyberoam Audit log can identify what action was taken by whom and when. The existence of such logs can be used to enforce correct user behavior, by holding users accountable for their actions as recorded in the audit log. An audit log is the simplest, yet also one of the most effective forms of tracking temporal information. The idea is that any time something significant happens you write some record indicating what happened and when it happened. Audit logs can be accessed in two ways: 1. Log on to Cyberoam Web Admin Console and click Reports to open the reports page in a new window

Screen - Reports 2. Log on to Reports, click on the Reports link to open the reports login page in a new window

Screen Reports Login

209

Cyberoam User Guide

Viewing Log details Tailor the report by setting filters on data by arbitrary date range. Use the Calendar to select the date range of the report.

Screen Audit Log report

Screen Sample Audit Log Report

210

Cyberoam User Guide

Audit Log Components Entity Cyberoam Component through which the event was generated/Audit Resource Type Entity Name Unique Identifier of Entity Action Operation requested by entity/Audit Action Action By User who initiated the action/Accessor name Action Status Action result/Audit Outcome
Action Status Successful IP Address <IP address>

Entity Report GUI

Entity Name

Action Login

Action By <username>

Message -

Explanation Login attempt to Report GUI by User <username> was successful Login attempt to Report GUI by User <username> was not successful because of wrong username and password Login attempt to Management GUI by User <username> was successful Login attempt to Management GUI by User <username> was not successful because system did not find the User <username> Login attempt to Management GUI by User <username> was not successful as user does not have administrative privileges User <username>s request to start Configuration Wizard was successful User <username>s request to close Configuration Wizard was successful Cyberoam was successfully started by the User <username> <username> trying to log on from <ip address> using SSH client was successfully authenticated Authentication of <username> trying to log on from <ip address> using SSH client was not successful Log on to account <username> using SSH client was not successful

Report GUI

Login

<username>

Failed

Wrong username password

or

<IP address>

Management GUI

Login

<username>

Successful

<IP address>

Management GUI

Login

<username>

Failed

User not found

<IP address>

Management GUI

Login

<username>

Failed

User has no previllege of Administration

<IP address>

Configuration Wizard

Started

<username>

Successful

<IP address>

Configuration Wizard

Finished

<username>

Successful

<IP address>

System

Started

<username>

Successful

CyberoamSystem Started User admin, coming from 192.168.1.241, authenticated. Login Attempt failed from 192.168.1.241 by user root

<IP address> <IP address>

SSh

authentication

<username>

Successful

SSh

authentication

<username>

Failed

<IP address>

SSh

authentication

<username>

Failed

Password authentication failed. Login to account hello not allowed or account nonexistent Login

<IP address>

telnet

authentication

<username>

Successful

<IP

Remote Login attempt

211

Cyberoam User Guide

Successful address> through Telnet by User <username> was successful Authentication of <username> trying to log on remotely through Telnet was not successful Login attempt to Console using Console Interface via remote login utility by User <username> was successful Login attempt to Console via direct Console connection by User <username> was successful Login attempt to Console by User <username> was not successful Firewall subsystem started successfully without any error Firewall rule <firewall rule id> was created successfully by user <username> Firewall rule <firewall rule id> was updated successfully by user <username> Firewall rule <firewall rule id> was updated successfully by user <username> Firewall rule <firewall rule id> was deleted successfully by user <username> Request to delete Host by user <username> was not successful Host <host name> was deleted successfully by user <username> Host <host name> was added successfully by user <username> Host Group <host group name> was deleted successfully by user <username> Host Group <host group name> was updated successfully by user <username> Host Group <host group name> was updated successfully by user <username> Service <service name> was deleted successfully by user <username>

telnet

authentication

<username>

Failed

Authentication Failure

<IP address>

console

authentication

<username>

Successful

Login Successful

ttyS0

console

authentication

<username>

Successful

Login Successful

tty1

console

authentication

<username>

Failed

Authentication Failure

<IP address>

Firewall

Started

System

Successful

<IP address> <IP address>

Firewall Rule

<firewall rule id> e.g. 7 <firewall rule id> e.g. 6 <firewall rule id> e.g. 21 <firewall rule id> e.g. 10 N/A

Create

<username>

Successful

Firewall Rule

Update

<username>

Successful

<IP address>

Firewall Rule

Update

System

Successful

<IP address>

Firewall Rule

Delete

System

Successful

<IP address>

Host

Delete

<username>

Failed

<IP address> <IP address>

Host

<host name> e.g. 192.168.1.68, #Port D <host name> e.g. 192.168.1.66, #Port D <host group name> e.g. mkt group <host group name> e.g. sys group <host group name> e.g. Trainee <service name> e.g. vypress chat

Delete

<username>

Successful

Host

Insert

<username>

Successful

<IP address>

HostGroup

Delete

<username>

Successful

<IP address>

HostGroup

Update

<username>

Successful

<IP address>

HostGroup

Insert

<username>

Successful

<IP address>

Service

Delete

<username>

Successful

<IP address>

212

Cyberoam User Guide

Service <service name> e.g. vypress chat <service name > e.g. vypress chat <service group name > e.g. Intranet chat <service group name > e.g. Intranet chat <service group name > e.g. Intranet chat <policy name> Update <username> Successful <IP address> Service <service name> was updated successfully by user <username> Service <service name> was inserted successfully by user <username> Service group <service group name > was inserted successfully by user <username> Service group <service group name > was updated successfully by user <username> Service group <service group name > was deleted successfully by NAT policy <policy name> was inserted successfully by user <username> NAT policy <policy name> was updated successfully by user <username> NAT policy <policy name> was deleted successfully by user <username> DNAT policy <policy name> was inserted successfully by user <username> DNAT policy <policy name> was updated successfully by user <username> DNAT policy <policy name> was deleted successfully by user <username> Schedule <schedule name> was inserted successfully by user <username> Schedule <schedule name> was updated successfully by user <username> Schedule <schedule name> was deleted successfully by user <username> Schedule details to Schedule <schedule name> was inserted successfully by user <username> Local ACL was updated successfully by user <username> DoS Bypass rule deleted successfully

Service

Insert

<username>

Successful

<IP address>

ServiceGroup

Insert

<username>

Successful

<IP address>

ServiceGroup

Update

<username>

Successful

<IP address>

ServiceGroup

Delete

<username>

Successful

<IP address>

NAT Policy

Insert

<username>

Successful

<IP address>

NAT Policy

<policy name>

Update

<username>

Successful

<IP address>

NAT Policy

<policy name>

Delete

<username>

Successful

<IP address>

DNAT Policy

<policy name>

Insert

<username>

Successful

<IP address>

DNAT Policy

<policy name>

Update

<username>

Successful

<IP address>

DNAT Policy

<policy name>

Delete

<username>

Successful

<IP address>

Schedule

<schedule name>

Insert

<username>

Successful

<IP address>

Schedule

<schedule name>

Update

<username>

Successful

<IP address>

Schedule

<schedule name>

Delete

<username>

Successful

<IP address>

Schedule Detail

<schedule name>

Insert

<username>

Successful

<IP address>

Local ACLs

Local ACLs

Update

<username>

Successful

<IP address> <IP address>

DoS Bypass

DoS Bypass

Delete

<username>

Successful

213

Cyberoam User Guide

by <username> DoS Bypass DoS Bypass Insert <username> Successful <IP address> DoS Bypass rule inserted successfully by user <username> DoS settings updated successfully by user <username> User <username> successfully registered Appliance/Subscription module(s) through Online Registration User <username> successfully uploaded the version Request to update the Date from Console by User <username> was successful

DoS Settings

DoS Settings

Update

<username>

Successful

<IP address> <IP address>

Online Registraion

Register

<username>

Successful

Upload Version Date

Upload Version Update

<username>

Successful

<IP address> <IP address>

<username>

Successful

System time changed from 2006-06-19 23:15:50 IST to 2006-07-19 23:15:03 IST

Apart from the tabular format, Cyberoam allows to view the log details in: to open a new window and display the report in the printer Printable format Click friendly format. Report can be printed from File -> Print.

to export and save the report in CSV Export as CSV (Comma Separated Value) Click format. Report can be very easily exported to MS Excel and all the Excel functionalities can be used to analyze the data.

214

Cyberoam User Guide

Appendix B Network Traffic Log Fields

Cyberoam provides extensive logging capabilities for traffic, system and network protection functions. Detailed log information and reports provide historical as well as current analysis of network activity to help identify security issues and reduce network misuse and abuse. Cyberoam provides following logs: DoS Attack Log Invalid Traffic Log Firewall Rule Log Local ACL Log Dropped ICMP Redirected Packet Log Dropped Source Routed Packet Log By default, only the firewall rule logging will be ON i.e. only traffic allowed/denied by the firewall will be logged. Refer to Cyberoam Console Guide on how to enable/disable logging. SR. No. 1.

DATA FIELDS Date

TYPE date

DESCRIPTION Date (yyyy-mm-dd) when the event occurred For the allowed traffic - the date on which connection was started on Cyberoam For the dropped traffic - the date when the packet was dropped by Cyberoam Time (hh:mm:ss) when the event occurred For the allowed traffic - the tome when the connection was started on Cyberoam For the dropped traffic - the time when the packet was dropped by Cyberoam Model Number of the Cyberoam Appliance Unique Identifier of the Cyberoam Appliance Unique 7 characters code (c1c2c3c4c5c6c7) e.g. 0101011, 0102011 c1c2 represents Log Type e.g. 01 c3c4 represents Log Component e.g. Firewall, local ACL c5c6 represents Log Sub Type e.g. allow, violation c7 represents Priority e.g. 1 Section of the system where event occurred e.g. Traffic for traffic logging. Possible values: 01 Traffic - Entire traffic intended for Cyberoam Component responsible for logging Possible values: 01 - Firewall rule

2.

Time

time

3. 4. 5.

Device Name Device Id Log Id

String String string

4.

Log Type

string

5.

Log Component

string

215

Cyberoam User Guide Event due to any traffic allowed or dropped based on the firewall rule created 02 - Local ACL Event due to any traffic allowed or dropped based on the local ACL configuration or all other traffic intended for the firewall 03 - DoS Attack Event due to any packets dropped based on the dos attack settings i.e. Dropped tcp, udp and icmp packets. 04 - Invalid traffic Event due to any traffic dropped which does not follow the protocol standards, invalid fragmented traffic and traffic whose packets Cyberoam is not able to relate to any connection. Refer to Invalid traffic list for more details. 05 - Invalid Fragmented traffic Event when any invalid fragmented traffic is dropped. Refer to Invalid Fragmented traffic list for more details. 06 - ICMP redirect Event due to any ICMP Redirected packets dropped based on the DoS attack setting

07 - Source routed packet Event due to any source routed packets dropped based on the DoS attack setting 08 Fragmented traffic Event when any fragmented traffic is dropped due to Advanced Firewall settings. Refer to Console Guide Page no. 59 for more details. Decision taken on traffic Possible values: 01 Allowed Traffic permitted to and through Cyberoam based on the firewall rule settings 02 Violation Traffic dropped based on the firewall rule settings, local ACL settings, DOS settings or due to invalid traffic. Ultimate state of traffic (accept/deny) Severity level of traffic Possible values: 01 Notice Durability of traffic Firewall rule id of traffic User Id Group Id of user Internet Access policy Id applied for traffic Interface for incoming traffic e.g. eth0 Blank for outgoing traffic Interface for outgoing traffic e.g. eth1 Blank for incoming traffic

6.

Log Sub Type

string

7. 8.

Status Priority

string string

9. 10. 11. 12. 13. 14.

Duration Firewall Rule ID User User Group IAP In Interface

integer integer string string integer string

15.

Out Interface

string

216

Cyberoam User Guide 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. Source IP Destination IP Protocol Source Port Destination Port ICMP Type ICMP Code Sent Packets Received Packets Sent Bytes Received Bytes Translated Source IP string string integer integer integer integer integer integer integer integer integer integer Source IP address of traffic Destination IP address of traffic Protocol number of traffic Source Port of TCP and UDP traffic Destination Port of TCP and UDP traffic ICMP type of ICMP traffic ICMP code of ICMP traffic Total number of packets sent Total number of packets received Total number of bytes sent Total number of bytes received Translated Source IP address if Cyberoam is deployed as Gateway "N/A" - if Cyberoam is deployed as Bridge Translated Source port if Cyberoam is deployed as Gateway "N/A" - if Cyberoam is deployed as Bridge Translated Destination IP address if Cyberoam is deployed as Gateway "N/A" - if Cyberoam is deployed as Bridge Translated Destination port if Cyberoam is deployed as Gateway "N/A" - if Cyberoam is deployed as Bridge

28.

Translated Source Port Translated Destination IP

integer

29.

integer

30.

Translated Destination Port

integer

Invalid traffic Cyberoam will define following traffic as Invalid traffic: Short IP Packet IP Packets with bad IP checksum IP Packets with invalid header and/or data length Truncated/malformed IP packet Packets of Ftp-bounce Attack Short ICMP packet ICMP packets with bad ICMP checksum ICMP packets with wrong ICMP type/code Short UDP packet Truncated/malformed UDP packet UDP Packets with bad UDP checksum Short TCP packet Truncated/malformed TCP packet TCP Packets with bad TCP checksum TCP Packets with invalid flag combination Cyberoam TCP connection subsystem not able to relate TCP Packets to any connection If Strict Internet Access Policy is applied then Cyberoam will define following traffic also as Invalid traffic: UDP Packets with Destination Port 0 TCP Packets with Source Port and/or Destination Port 0

217

Cyberoam User Guide Land Attack Winnuke Attack TCP Syn Packets contains Data IP Packet with Protocol Number 0 IP Packet with TTL Value 0 Invalid Fragmented traffic Cyberoam will define following traffic as Invalid Fragmented traffic: Fragment Queue out of memory while reassembling IP fragments Fragment Queue Timeout while reassembling IP fragments Fragment too far ahead while reassembling IP fragments Oversized IP Packet while reassembling IP fragments Fragmentation failure while creating fragments

218

Cyberoam User Guide

Appendix C Web Categories

The list includes all categories with a short description of each category. Visit www.cyberoam.com for latest updates
Category Name ActiveX AdultContent Type Non Working UnHealthy Description Includes all ActiveX applications Adult sites not falling in "Porn, Nudity, Swimwear & Lingerie, Sex Education, and Sexual Health & Medicines" will be included in "Adult Content" and which may contain material not suitable to be viewed for audience under 18 Sites providing advertising graphics or other pop ad content files Sites providing information about, promote, or support the sale of alcoholic beverages or tobacco products or associated paraphernalia Any HTTP Traffic All web pages containing Applets Sites primarily exhibiting artistic techniques like creative painting, sculpture, poetry, dance, crafts, Literature, and Drama. Sites that narrate historical details about countries/places; events that changed the course of history forever; sites providing details and events of all wars i.e. World Wars, Civil Wars, and important persons of world historical importance Sites showing predictions about Sun signs and into various subjects like Education & Career, Love Relationships, etc. Sites sponsored by or devoted to business firms, business associations, sites providing details for all types of industrial sector like Chemicals, Machinery, Factory Automation, Cable and Wire, sites providing information about couriers and logistics, and Non-Alcoholic Soft drinks and Beverages Sites hosting Web Chat services or providing support or information about chat via HTTP or IRC Commercial Banks Category includes all Banking Sites i.e. International / National Public or Private Sector Banks providing a wide range of services such as all types of Accounts and Cards, Fixed Deposits, and Loans Sites offering telephone, wireless, long distance, and paging services. It also includes sites providing details about Mobile communications / cellular communications Sites providing information about or free downloadable tools for computer security Includes all cookie based web pages Sites providing Live Scores of cricket matches, Debates on Cricketers, Top 10 Cricketers, Cricket News, and forthcoming Cricket matches. Cricket Category is differentiated from Sports Category and solely devoted to Cricket activities Advocating, instructing, or giving advice on performing illegal acts such as phone, service theft, evading law enforcement, lock-picking, burglary techniques and suicide Sites sponsored by museums, galleries, theatres , libraries, and similar institutions; also, sites whose purpose is the display of artworks Sites assisting users in establishing interpersonal relationships, friendship, excluding those of exclusively gay, or lesbian or bisexual interest and Matrimonial Sites providing photos and details of individuals seeking life partners Sites whose primary purpose is providing freeware and shareware downloads of application, software, tools, screensavers, wallpapers, and drivers Sites providing information about the cultivation, preparation, or use of prohibited drugs Sites sponsored by schools, colleges, institutes, online education and other educational facilities, by non-academic research institutions or that relate to educational events and activities Sites offering books, reference-shelf content such as atlases, dictionaries, encyclopedias, formularies, white and yellow pages, and public statistical data

Advertisements AlcoholandTobacco ALLWebTraffic Applets ArtsAndHistory

Non Working Non Working Neutral Non Working Non Working

Astrology BusinessAndEconomy

Non Working Neutral

Chat CommercialBanks

Non Working Neutral

Communication

Neutral

ComputerSecurity Cookies Cricket

Neutral Non Working Non Working

CrimeAndSuicide

UnHealthy

CulturalInstitutions DatingAndMatrimonials

Neutral Non Working

DownloadFreewareAndShar eware Drugs EducationalInstitions

UnHealthy

UnHealthy Productive

EducationAndReferenceMate rial

Productive

219

Cyberoam User Guide

Electronics Neutral Sites providing information on manufacturing of electronics and electrical equipments, gadgets, instruments like air conditioners, Semi conductors, Television, Storage Devices, LCD Projectors, Home Appliances, and Power Systems etc. Sites providing entertainment sources for Movies, Celebrities, Theatres, about or promote motion pictures, non-news radio and television, humor, Comics, Kids and Teen amusement, Jokes, and magazines Sites providing information on Money matters, investment, a wide range of financial services, economics and accounting related sites and sites of National & International Insurance companies providing details for all types of Insurances & Policies Sites providing information about or promote gambling or support online gambling, involving a risk of losing money Sites providing information about or promote electronic games, video games, computer games, role-playing games, or online games Sites sponsored by countries, government, branches, bureaus, or agencies of any level of government including defence. Government associated Sites providing comprehensive details on Tax related issues excluding Government sites providing Visa and Immigration services Sites that provide information about or promote illegal or questionable access to or use of computer or communication equipment, software, or databases Sites providing information or advice on personal health and fitness. Sites of pharmaceutical companies and sites providing information about Medicines Sites providing information about or promote private and largely sedentary pastimes, but not electronic, video, or online games. Homelife and family-related topics, including parenting tips, gay/lesbian/bisexual (non-pornographic sites), weddings, births, and funerals Foreign cultures, socio-cultural information HTTP Upload Restriction Sites advocating sand protecting Human Rights and Liberty to prevent discrimination and protect people from inhumane Image Banks Sites sponsoring or providing information about computers, software applications, database, operating system. Including sites providing information of hardware, peripherals, and services. Sites offering design, flash, graphics, multimedia, and web site designing tutorials, tools, advice and services Sites enabling instant messaging Sites enabling users to make telephone, lease line, ISDN, Cable, VSAT connections via Internet or obtaining information for that purpose. Sites providing hosting services, or top-level domain pages of Web communities Sites offering information about or support the seeking of employment or employees Sites designed specifically for kids Sites offering information about groups advocating antigovernment beliefs or action Sites providing songs and music and supporting downloads of MP3 or other sound files or that serve as directories of such sites Sites providing information about Nature, explorations, discoveries, wild life, animals, birds, protecting endangered species, habitats, Animal sanctuaries, etc. Sites offering current news and opinions, including those sponsored by newspapers, general-circulation magazines or other media. It also includes sites of advertising agencies and sites providing details of weather forecast Uncategorized Traffic Sites depicting nude or seminude human forms, singly or in groups, not overtly sexual in intent or effect. It includes Nude images of film stars, models, nude art and photography Includes personal sites of individuals and biographical sites of ordinary or famous personalities Sites gathering personal information (such as name, address, credit card number, school, or personal schedules) that may be used for malicious intent

Entertainment

Non Working

Finance

Non Working

Gambling Games Government

UnHealthy Non Working Neutral

Hacking

Neutral

HealthAndMedicines

Productive

HobbiesAndRecreation

Non Working

HTTPUpload HumanRightsandLiberty ImageBanks InformationTechnology

Non Working Neutral Non Working Productive

InstantMessages IPAddress ISPWebHosting

Non Working Neutral Neutral

JobsSearch Kids MilitancyAndExtremist Music NatureAndWildLife

UnHealthy Neutral UnHealthy Non Working Non Working

NewsAndMedia

Neutral

None Nudity

Neutral UnHealthy

PersonalAndBisographySites PhishingAndFraud

Non Working UnHealthy

220

Cyberoam User Guide

PhotGallaries Non Working Sites providing photos of celebrities, models, and well-known personalities Such sites may also contain profiles or additional elements as long as the primary focus is on multi-celebrity photographs Sites sponsored by or providing information about political parties and interest groups focused on elections or legislation Sites depicting or graphically describing sexual acts or activity, including exhibitionism and sites offering direct links to such sites. Sites providing information or catering Gay, Lesbian, or Bisexual images and lifestyles are also included in this category Portals include web sites or online services providing a broad array of resources and services such as search engines, free email, shopping, news, and other features Sites providing information about renting, buying, selling, or financing residential, real estate, plots, etc. Sites providing news, research projects, ideas, information of topics pertaining to physics, chemistry, biology, cosmology, archeology, geography, and astronomy Sites supporting searching the Web, groups, or indices or directories thereof Sites providing information regarding Sexual Education and Sexual Health and sites providing Medicines to cure and overcome Sex related problems and difficulties, with no pornographic intent Sites providing charting, market commentary, forums, prices, and discussion of Shares and Stock Market. It also includes sites dealing in online share trading and sites of stockbrokers Sites supporting Online purchases of consumer goods except: sexual materials, lingerie, swimwear, medications, educational materials, computer software Also Sites of Showrooms, Stores providing shopping products and services investments, or hardware. of consumer

PoliticalOrganizations Porn

Neutral UnHealthy

Portals

Non Working

PropertyAndRealEstate Science

Neutral Productive

SearchEngines SeXHealthAndEducation

Neutral Neutral

SharesAndStockMarket

Non Working

Shopping

Non Working

Spirituality

Non Working

Sites featuring articles on healing solutions in wellness, personal growth, relationship, workplace, prayer, articles on God, Society, Religion, and ethics Sites providing any information about or promoting sports, active games, and recreation. All types of Sites providing information about Sports except Cricket Sites or pages that download software that, without the user's knowledge, generates http traffic (other than simple user identification and validation) and Sites providing client software to enable peer-topeer file sharing and transfer Sites showing images of models and magazines offering lingerie/swimwear but not Nude or sexual images. It also includes Arts pertaining Adult images and shopping of lingerie Sites providing information about traveling i.e. Airlines and Railway sites. Sites providing details about Hotels, Restaurants, Resorts, and information about worth seeing places. Sites that list, review, advertise, or promote food, dining, or catering services. Sites providing Visa, Immigration, Work Permit and Holiday & Work Visa details, procedures and services Sites offering Online translation of URLs. These sites access the URL to be translated in a way that bypasses the proxy server, potentially allowing unauthorized access Sites providing information regarding manufacturing and shopping of vehicles and their parts Sites featuring or promoting violence or bodily harm, including selfinflicted harm; or that gratuitously displaying images of death, gore, or injury; or featuring images or descriptions that are grotesque or frightening and of no redeeming value. These do not include news, historical, or press incidents that may include the above criteria Sites providing information about, promote, or support the sale of weapons and related items Sites providing Web based E-mail services or information regarding email services

Sports

Non Working

SpywareAndP2P

UnHealthy

SwimwareAndLingerie

Non Working

TravelFoodAndImmigration

Non Working

URLTranslationSites

UnHealthy

Vehicles Violence

Non Working UnHealthy

Weapons WebBasedEmail

UnHealthy Non Working

221

Cyberoam User Guide

Appendix D Services
Service Name All Services Cyberoam AH AOL BGP DHCP DNS ESP FINGER FTP FTP_GET FTP_PUT GOPHER GRE H323 HTTP HTTPS ICMP_ANY IKE IMAP INFO_ADDRESS INFO_REQUEST IRC Internet-Locator-Service L2TP LDAP NFS NNTP NTP NetMeeting OSPF PC-Anywhere PING POP3 PPTP QUAKE RAUDIO RIP RLOGIN SAMBA SIP SIP-MSNmessenger SMTP SNMP SSH SYSLOG TALK TCP TELNET TFTP TIMESTAMP UDP UUCP Details All Services UDP (1024:65535) / (6060) IP Protocol No 51 (IPv6-Auth) TCP (1:65535) / (5190:5194) TCP (1:65535) / (179) UDP (1:65535) / (67:68) TCP (1:65535) / (53), UDP (1:65535) / (53) IP Protocol No 50 (IPv6-Crypt) TCP (1:65535) / (79) TCP (1:65535) / (21) TCP (1:65535) / (21) TCP (1:65535) / (21) TCP (1:65535) / (70) IP Protocol No 47 TCP (1:65535) / (1720), TCP (1:65535) / (1503), UDP (1:65535) / (1719) TCP (1:65535) / (80) TCP (1:65535) / (443) ICMP any / any UDP (1:65535) / (500), UDP (1:65535) / (4500) TCP (1:65535) / (143) ICMP 17 / any ICMP 15 / any TCP (1:65535) / (6660:6669) TCP (1:65535) / (389) TCP (1:65535) / (1701), UDP (1:65535) / (1701) TCP (1:65535) / (389) TCP (1:65535) / (111),TCP (1:65535) / (2049), UDP (1:65535) / (111), UDP (1:65535) / (2049) TCP (1:65535) / (119) TCP (1:65535) / (123), UDP (1:65535) / (123) TCP (1:65535) / (1720) IP Protocol No 89 (OSPFIGP) TCP (1:65535) / (5631), UDP (1:65535) / (5632) ICMP 8 / any TCP (1:65535) / (110) IP Protocol No 47, TCP (1:65535) / (1723) UDP (1:65535) / (26000),UDP (1:65535)/(27000),UDP(1:65535)/(27910),UDP (1:65535)/ (27960) UDP (1:65535) / (7070) UDP (1:65535) / (520) TCP (1:65535) / (513) TCP (1:65535) / (139) UDP (1:65535) / (5060) TCP (1:65535) / (1863) TCP (1:65535) / (25) TCP (1:65535) / (161:162), UDP (1:65535) / (161:162) TCP (1:65535) / (22), UDP (1:65535) / (22) UDP (1:65535) / (514) TCP (1:65535) / (517:518) TCP (1:65535) / (1:65535) TCP (1:65535) / (23) UDP (1:65535) / (69) ICMP 13 / any UDP (1:65535) / (1:65535) TCP (1:65535) / (540)

222

Cyberoam User Guide

VDOLIVE WAIS WINFRAME X-WINDOWS TCP (1:65535) / (7000:7010) TCP (1:65535) / (210) TCP (1:65535) / (1494) TCP (1:65535) / (6000:6063)

223

Cyberoam User Guide

Appendix E Application Protocols

Group Application Name Any File Transfer FTP yahoofilexfer File Transfer client File sharing gnucleuslan imesh Gnutella Definition All Services File Transfer Protocol is a method to transfer files from one location to another, either on local disks or via the Internet Yahoo Messenger file transfer Gnucleuslan P2P client IMESH P2P client Gnutella is a system in which individuals can exchange files over the Internet directly without going through a Web site. Gnutella is often used as a way to download music files from or share them with other Internet users A decentralized Internet peer-to-peer (P2P) file-sharing program peer-to-peer (P2P) file-sharing program Transport protocol used for receiving emails. A protocol for transferring email messages from one server to another. A protocol for retrieving e-mail messages Yahoo Messenger MSN Messenger Chat client Chat client Windows Media Player Quick Time Player (Session Initiation Protocol) Protocol for initiating an interactive user session that involves multimedia elements such as video, voice, chat, gaming, and virtual reality. SIP works in the Application layer of the OSI communications model. A standard approved by the International Telecommunication Union (ITU) that defines how audiovisual conferencing data is transmitted across networks. It enables users to participate in the same conference even though they are using different videoconferencing applications. (Real Time Streaming Protocol) A standard for controlling streaming data over the World Wide Web (Internet Printing Protocol) Protocol used for printing documents over the web. IPP defines basic handshaking and communication methods, but does not enforce the format of the print data stream. Protocol for assigning dynamic IP addresses to devices on a network (Simple Network Management Protocol) Protocol for network management software. Defines methods for remotely managing active network components such as hubs, routers, and bridges An Internet service that translates domain names to or from IP addresses, which are the actual basis of addresses on the Internet. (Remote Desktop Protocol) Protocol that allows a Windows-based terminal (WBT) or other Windows-based client to communicate with a Windows XP Professionalbased computer. RDP works across any TCP/IP connection NetBIOS Naming Service Protocol for remote computing on the Internet. It allows a computer to act as a remote terminal on another machine, anywhere on the Internet (Secure Socket Shell) Protocol used for secure access to a remote computer Protocol for moving hypertext files across the Internet. (Secure Socket Layer) Protocol used for secure Internet communications. (Internet Control Message Protocol) A message control and error-reporting protocol

Kazaa directconnect Mail Protocol POP3 SMTP IMAP Chat ymsgr msnmessenger AOL indiatimes Media Player Voice over IP wmplayer quickplayer SIP

H323

RTSP Printing IPP

Network

DHCP SNMP

DNS RDP

nbns Remote logging Telnet

SSH HTTP SSL ICMP

224

Cyberoam User Guide

Menu wise Screen and Table Index

Screen - Console login screen.................................................................................................................................10 Screen - HTTP login screen ......................................................................................................................................11 Screen - HTTPS login .................................................................................................................................................12 Table - Login screen elements.................................................................................................................................13 Screen - Dashboard ....................................................................................................................................................17 Screen - Create Zone ..................................................................................................................................................19 Table Create Zone ....................................................................................................................................................19 Screen Cyberoam Authentication........................................................................................................................21 Table Cyberoam Authentication screen elements ..........................................................................................21 Table - Create User - Decision matrix ....................................................................................................................22 Screen - Add User .......................................................................................................................................................23 Table - Add User screen elements..........................................................................................................................24 Table - View Group details screen elements........................................................................................................25 Table - Apply Login Node Restriction screen elements....................................................................................25 Screen - Add multiple Clientless users .................................................................................................................26 Table - Add multiple Clientless users screen elements ....................................................................................27 Screen - Add single Clientless user .......................................................................................................................27 Table - Create single Clientless user screen elements .....................................................................................28 Table - Select Node screen elements.....................................................................................................................28 Table - Group creation - Decision matrix ..............................................................................................................29 Screen - Create Group................................................................................................................................................30 Table - Create Group screen elements ..................................................................................................................31 Screen Apply Login Node Restriction ................................................................................................................32 Table - Apply Login Node Restriction screen elements....................................................................................32 Screen Import Group Wizard.................................................................................................................................33 Screen Define same policy to all the imported Groups .................................................................................35 Screen Define different policies to different Groups ......................................................................................35 Screen Define specific policy for a Group.........................................................................................................35 Screen Groups imported and common policies attached successfully....................................................36 Screen Groups imported and specific policies attached to specific Group.............................................36 Screen - Create Firewall rule ....................................................................................................................................40 Table - Create Firewall rule screen elements .......................................................................................................43 Screen- Edit Firewall Rule .........................................................................................................................................45 Table Edit Firewall Rule..........................................................................................................................................47 Screen Default Screen Display of Manage Firewall Rules page ..................................................................49 Screen Customized Screen Display of Manage Firewall Rules page .........................................................49

225

Cyberoam User Guide Screen - Delete Firewall rule.....................................................................................................................................49 Screen Create Host Group.....................................................................................................................................50 Table Create Host Group screen elements .......................................................................................................50 Screen Remove Host from Host Group..............................................................................................................52 Table Remove Host from Host Group screen elements ................................................................................52 Screen Delete Host Group .....................................................................................................................................52 Table Delete host Group screen elements ........................................................................................................52 Screen Add Host ......................................................................................................................................................53 Table Add Host screen elements .........................................................................................................................53 Screen Delete Host ..................................................................................................................................................53 Table Delete Host screen elements.....................................................................................................................53 Screen Create Virtual host.....................................................................................................................................54 Screen Delete Virtual Host.....................................................................................................................................57 Table Delete Virtual host screen elements........................................................................................................57 Screen - Create Logon Pool......................................................................................................................................58 Table - Add Logon Pool screen elements.............................................................................................................58 Screen Application wise Live connections .......................................................................................................59 Table Application wise Live connections screen elements..........................................................................60 Screen User wise Live connections ....................................................................................................................62 Table User wise Live connections screen elements.......................................................................................63 Screen LAN IP Address wise Live connections................................................................................................63 Table LAN IP Address wise Live connection screen elements.....................................................................64 Screen Todays Connection History Application wise................................................................................65 Table Todays Connection History Application screen elements ............................................................66 Screen Todays Connection History User wise ............................................................................................66 Table Todays Connection History User wise screen elements ...............................................................67 Screen Todays Connection History LAN IP Address wise .......................................................................67 Table Todays Connection History LAN IP Address wise screen elements..........................................68 Screen - Create Surfing Quota policy ....................................................................................................................70 Table - Create Surfing Quota policy screen elements .......................................................................................71 Screen - Update Surfing Quota policy ...................................................................................................................71 Table - Update Surfing Quota policy screen elements ......................................................................................72 Screen - Delete Surfing Quota policy.....................................................................................................................72 Table - Delete Surfing Quota policy screen elements........................................................................................72 Screen - Create Access Time policy.......................................................................................................................73 Table - Create Access Time policy screen elements .........................................................................................74 Screen - Update Access Time policy......................................................................................................................74 Table - Update Access Time policy screen elements ........................................................................................75 Screen - Delete Access Time policy .......................................................................................................................75 Table - Delete Access Time policy screen elements..........................................................................................75

226

Cyberoam User Guide Screen - Create Internet Access policy .................................................................................................................76 Table - Create Internet Access policy screen elements ....................................................................................77 Screen Add Internet Access policy rule.............................................................................................................78 Table Add Internet Access policy rule screen elements ...............................................................................79 Screen - Update Internet Access policy ................................................................................................................79 Table - Update Internet Access policy screen elements...................................................................................80 Screen - Delete Internet Access policy rule .........................................................................................................80 Table - Delete Internet Access policy rule screen elements ............................................................................81 Screen - Delete Internet Access policy..................................................................................................................81 Table - Delete Internet Access policy screen elements ....................................................................................81 Table - Implementation types for Strict - Bandwidth policy .............................................................................82 Table - Bandwidth usage for Strict - Bandwidth policy.....................................................................................82 Table - Implementation types for Committed - Bandwidth policy ..................................................................83 Table - Bandwidth usage for Committed - Bandwidth policy ..........................................................................83 Screen - Create Bandwidth policy...........................................................................................................................84 Table - Create Bandwidth policy - Common screen elements.........................................................................84 Screen - Create Logon Pool based Bandwidth policy .......................................................................................84 Table - Create Logon Pool based Bandwidth policy screen elements..........................................................85 Screen - Create User/IP based Strict Bandwidth policy ....................................................................................85 Table - Create User/IP based Strict Bandwidth policy screen elements.......................................................86 Screen - Create User/IP based Committed Bandwidth policy .........................................................................86 Table - Create User/IP based Committed Bandwidth policy screen elements ............................................87 Screen - Update Bandwidth policy .........................................................................................................................87 Table - Update Bandwidth policy Common screen elements..........................................................................87 Screen - Update Logon Pool based Bandwidth policy ......................................................................................88 Table - Update Logon Pool based Bandwidth policy screen elements.........................................................88 Screen - Update User based Bandwidth policy ...................................................................................................88 Table - Update User based Bandwidth policy screen elements......................................................................89 Screen Assign Schedule to User based Strict Bandwidth policy................................................................89 Table Assign Schedule to User based Strict Bandwidth policy screen elements ..................................90 Screen - Assign Schedule to User based Committed Bandwidth policy......................................................90 Table Assign Schedule to User based Committed Bandwidth policy screen elements........................91 Screen - Remove Schedule from User based Bandwidth policy ....................................................................91 Table - Remove Schedule from User based Bandwidth policy screen elements .......................................91 Screen - Delete Bandwidth policy ...........................................................................................................................92 Table - Delete Bandwidth policy screen elements..............................................................................................92 Screen Create Data transfer policy .....................................................................................................................93 Table Create Data transfer policy screen elements ........................................................................................94 Screen Update Data transfer policy screen.......................................................................................................95 Table Update Data transfer policy screen elements .......................................................................................96

227

Cyberoam User Guide Screen Delete Data transfer policy screen ........................................................................................................96 Table - Delete Data transfer policy screen element............................................................................................96 Screen Create NAT policy......................................................................................................................................97 Table Create NAT policy screen elements.........................................................................................................97 Screen Update NAT policy.....................................................................................................................................98 Table Update NAT policy screen elements .......................................................................................................98 Screen Delete NAT policy ......................................................................................................................................98 Table Delete NAT policy screen elements .........................................................................................................98 Screen Edit Zone ......................................................................................................................................................99 Table Edit Zone.......................................................................................................................................................100 Screen Delete Zone................................................................................................................................................100 Table Delete Zone ..................................................................................................................................................100 Table - Need to Update group ................................................................................................................................103 Screen - Manage Group ...........................................................................................................................................103 Table - Manage Group screen elements..............................................................................................................104 Screen - Show Group Members.............................................................................................................................105 Table - Show Group Members screen elements ...............................................................................................105 Screen Add Group Member .................................................................................................................................106 Table Add Group Member screen elements....................................................................................................106 Screen - Change Login Restriction.......................................................................................................................107 Table - Change Login Restriction screen elements .........................................................................................107 Screen - Search User................................................................................................................................................108 Table - Search User screen elements ..................................................................................................................108 Table - Search User Result ..................................................................................................................................108 Screen Manage Live Users ..................................................................................................................................109 Table Manage Live User screen elements .......................................................................................................109 Table - Need to Update User...................................................................................................................................110 Screen - Manage User ..............................................................................................................................................111 Table - Manage User screen elements.................................................................................................................112 Screen - Change User Personal details...............................................................................................................113 Table - Change User personal details screen elements..................................................................................113 Screen - User My Account ......................................................................................................................................113 Screen - User My Account ......................................................................................................................................114 Screen - Change Password ....................................................................................................................................114 Table - Change password screen elements .......................................................................................................114 Screen - Change Personal details.........................................................................................................................114 Table - Change Personal details screen elements ...........................................................................................115 Screen - Internet Usage Status ..............................................................................................................................115 Table - Internet Usage screen elements ..............................................................................................................116 Screen - Change Group ...........................................................................................................................................116

228

Cyberoam User Guide Table - Change Group screen elements ..............................................................................................................116 Table - Change Individual policy ...........................................................................................................................116 Screen - Change User Login Restriction.............................................................................................................117 Table - Change User Login Restriction screen elements ...............................................................................117 Screen - Delete Active User ....................................................................................................................................117 Screen - Delete Deactive User................................................................................................................................118 Screen - Delete Clientless User .............................................................................................................................118 Table - Delete clientless User screen elements.................................................................................................118 Screen - Deactivate User .........................................................................................................................................118 Table - Deactivate User screen elements............................................................................................................119 Screen - Activate Normal User...............................................................................................................................119 Screen - Activate Clientless User..........................................................................................................................119 Table - Activate User screen elements ................................................................................................................119 Screen - Search Node...............................................................................................................................................120 Table - Search Node results ...................................................................................................................................120 Screen - Update Logon Pool...................................................................................................................................121 Table - Update Logon Pool screen elements .....................................................................................................121 Screen - Add Node ....................................................................................................................................................122 Table - Add Node screen elements.......................................................................................................................122 Screen - Delete Node ................................................................................................................................................122 Table - Delete Node screen elements...................................................................................................................122 Screen - Delete Logon Pool ....................................................................................................................................123 Table - Delete Logon Pool screen elements.......................................................................................................123 Screen Configure DNS..........................................................................................................................................124 Screen - Configure DHCP........................................................................................................................................126 Table - Configure DHCP screen elements ..........................................................................................................127 Screen View DHCP leased IP list .......................................................................................................................127 Screen Update DHCP configuration..................................................................................................................128 Screen - Disable DHCP service..............................................................................................................................128 Screen Manage Interface......................................................................................................................................129 Screen Add Alias....................................................................................................................................................129 Table Add Alias screen elements ......................................................................................................................130 Screen Edit Alias ....................................................................................................................................................130 Table Edit Alias screen elements.......................................................................................................................130 Screen Delete Alias ...............................................................................................................................................130 Screen Register Hostname with DDNS ............................................................................................................131 Table Register hostname with DDNS................................................................................................................132 Screen PPPoE configuration...............................................................................................................................134 Table PPPoE configuration screen elements .................................................................................................134 Screen Gateway Configuration...........................................................................................................................135

229

Cyberoam User Guide Table - Gateway Configuration screen elements ..............................................................................................135 Screen DoS Settings .............................................................................................................................................138 Table DoS Settings screen elements ................................................................................................................139 Screen Create DoS bypass rule .........................................................................................................................140 Table Create DoS bypass rule screen elements ............................................................................................141 Screen Delete DoS bypass rule..........................................................................................................................141 Table Delete DoS bypass rule screen elements.............................................................................................141 Screen - Reset Console Password .......................................................................................................................142 Table - Reset Console Password screen elements ..........................................................................................142 Screen System Modules Configuration............................................................................................................143 Screen Set Backup schedule ..............................................................................................................................144 Table Set Backup Schedule screen elements ................................................................................................145 Screen Backup Data ..............................................................................................................................................145 Table Backup Data screen elements.................................................................................................................146 Screen Restore Data screen................................................................................................................................146 Table - Restore Data screen elements .................................................................................................................146 Screen Configure Auto purge Utility screen ...................................................................................................147 Table Configure Auto purge Utility screen elements....................................................................................147 Screen Purge Logs screen ..................................................................................................................................148 Table - Purge Logs screen elements....................................................................................................................148 Screen Customized Client Messages screen .................................................................................................149 Table - Customized Client Message screen elements .....................................................................................150 Table - List of predefined messages ....................................................................................................................151 Screen Customized Client Preferences screen..............................................................................................152 Table Customized Client Preferences screen elements ..............................................................................153 Screen Customize Denied message screen elements .................................................................................154 Screen - Manage HTTP Proxy.................................................................................................................................159 Table - Manage HTTP Proxy screen elements ...................................................................................................159 Screen - Configure HTTP Proxy.............................................................................................................................160 Table - Configure HTTP Proxy screen elements ...............................................................................................161 Screen - Manage Services.......................................................................................................................................162 Table - Manage Control Service screen elements ............................................................................................162 Table - Manage Control Service Action............................................................................................................162 Screen View Bandwidth Usage...........................................................................................................................163 Table - Bandwidth usage screen elements.........................................................................................................163 Screen - Bandwidth usage - Live Users graph ..................................................................................................164 Screen - Bandwidth usage - Total Data transfer graph ...................................................................................164 Screen - Bandwidth usage - Composite Data transfer graph ........................................................................165 Screen - Bandwidth usage - Download Data transfer graph..........................................................................165 Screen - Bandwidth usage - Upload Data transfer graph ...............................................................................166

230

Cyberoam User Guide Screen - Download User Migration Utility ...........................................................................................................168 Screen - Save User Migration Utility.....................................................................................................................168 Screen Upload downloaded User Migration Utility .......................................................................................169 Screen Upload CVS file ........................................................................................................................................170 Screen - Register migrated users from External file ........................................................................................170 Screen - Define One Time Schedule.....................................................................................................................171 Table - Define Schedule screen elements...........................................................................................................171 Screen Add Schedule Entry details...................................................................................................................172 Table Add Schedule Entry details screen elements .....................................................................................172 Screen - Manage Schedule .....................................................................................................................................173 Table - Manage Schedule screen elements ........................................................................................................173 Screen Delete Schedule Entry details ..............................................................................................................174 Table - Delete Schedule Entry details screen elements ..................................................................................174 Screen - Delete Schedule ........................................................................................................................................174 Table - Delete Schedule screen elements...........................................................................................................174 Screen - Define Custom Service............................................................................................................................175 Table Define Custom Service screen elements .............................................................................................175 Screen - Update Custom Service ..........................................................................................................................176 Table - Update Custom Service screen elements .............................................................................................176 Screen - Delete Custom Service............................................................................................................................177 Table - Delete Custom Service screen elements...............................................................................................178 Screen Create Service Group screen................................................................................................................179 Table Create Service Group screen elements ................................................................................................179 Screen Edit Service Group ..................................................................................................................................180 Table Edit Service Group screen elements.....................................................................................................180 Screen Delete Service Group..............................................................................................................................181 Table Delete Service Group.................................................................................................................................181 Screen Search URL................................................................................................................................................183 Screen - Manage Default Web Category..............................................................................................................184 Screen - Create Custom Web Category ...............................................................................................................185 Table - Create Web Category screen elements .................................................................................................186 Screen - Add Domain................................................................................................................................................186 Table - Add Domain screen elements ..................................................................................................................186 Screen - Add keyword ..............................................................................................................................................187 Table - Add keyword screen elements.................................................................................................................187 Screen - Manage Custom Web category .............................................................................................................188 Table - Update Custom Web category screen elements .................................................................................189 Screen Delete Domain ..........................................................................................................................................189 Table Delete Domain screen elements .............................................................................................................189 Screen - Delete keyword..........................................................................................................................................190

231

Cyberoam User Guide Table - Delete keywords screen elements ..........................................................................................................190 Screen - Delete Custom Web Category ...............................................................................................................190 Table - Delete Custom Web Category screen elements ..................................................................................190 Screen Manage Custom File Type Category...................................................................................................191 Screen - Create Custom File Type Category ......................................................................................................192 Table - Create Custom File Type screen elements ...........................................................................................192 Screen - Manage Custom File Type Category....................................................................................................192 Screen - Manage Custom File Type Category....................................................................................................193 Screen - Delete Custom File Type Category.......................................................................................................193 Table - Delete Custom File Type screen elements ...........................................................................................193 Screen - Manage Default Application Protocol Category ...............................................................................194 Screen - Create Custom Application Protocol Category ................................................................................195 Table Create Custom Application Category screen elements ...................................................................195 Screen Add Custom Application Protocol Category details.......................................................................196 Table Add Custom Application Protocol Category details .........................................................................196 Screen Manage Custom Application Protocol Category .............................................................................197 Table Manage Custom Application Protocol Category screen elements................................................197 Screen Delete Application Protocol Category details ..................................................................................197 Table Delete Application Protocol Category screen elements...................................................................198 Screen - Delete Custom Application Protocol Category.................................................................................198 Table - Delete Custom Application Protocol Category screen elements....................................................198 Screen Access Configuration .............................................................................................................................199 Table Access Configuration screen elements................................................................................................200 Screen Syslog Configuration..............................................................................................................................201 Screen About Cyberoam ......................................................................................................................................204 Screen - Upload Upgrade version .........................................................................................................................207 Screen Download Clients.....................................................................................................................................208 Screen - Reports........................................................................................................................................................209 Screen Reports Login ...........................................................................................................................................209 Screen Audit Log report .......................................................................................................................................210 Screen Sample Audit Log Report ......................................................................................................................210

232