Upload
gestradag
View
238
Download
2
Embed Size (px)
DESCRIPTION
ok
Citation preview
Version 9
Document version 9402 -1.0-18/10/2006
Cyberoam User Guide
2
IMPORTANT NOTICE Elitecore has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Elitecore assumes no responsibility for any errors that may appear in this document. Elitecore reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice. USER’S LICENSE The Appliance described in this document is furnished under the terms of Elitecore’s End User license agreement. Please read these terms and conditions carefully before using the Appliance. By using this Appliance, you agree to be bound by the terms and conditions of this license. If you do not agree with the terms of this license, promptly return the unused Appliance and manual (with proof of payment) to the place of purchase for a full refund. LIMITED WARRANTY Software: Elitecore warrants for a period of ninety (90) days from the date of shipment from Elitecore: (1) the media on which the Software is furnished will be free of defects in materials and workmanship under normal use; and (2) the Software substantially conforms to its published specifications except for the foregoing, the software is provided AS IS. This limited warranty extends only to the customer as the original licenses. Customers exclusive remedy and the entire liability of Elitecore and its suppliers under this warranty will be, at Elitecore or its service center’s option, repair, replacement, or refund of the software if reported (or, upon, request, returned) to the party supplying the software to the customer. In no event does Elitecore warrant that the Software is error free, or that the customer will be able to operate the software without problems or interruptions. Elitecore hereby declares that the anti virus and anti spam modules are powered by Kaspersky Labs and the performance thereof is under warranty provided by Kaspersky Labs. It is specified that Kaspersky Lab does not warrant that the Software identifies all known viruses, nor that the Software will not occasionally erroneously report a virus in a title not infected by that virus. Hardware: Elitecore warrants that the Hardware portion of the Elitecore Products excluding power supplies, fans and electrical components will be free from material defects in workmanship and materials for a period of One (1) year. Elitecore's sole obligation shall be to repair or replace the defective Hardware at no charge to the original owner. The replacement Hardware need not be new or of an identical make, model or part; Elitecore may, in its discretion, replace the defective Hardware (or any part thereof) with any reconditioned product that Elitecore reasonably determines is substantially equivalent (or superior) in all material respects to the defective Hardware. DISCLAIMER OF WARRANTY Except as specified in this warranty, all expressed or implied conditions, representations, and warranties including, without limitation, any implied warranty or merchantability, fitness for a particular purpose, non-infringement or arising from a course of dealing, usage, or trade practice, and hereby excluded to the extent allowed by applicable law. In no event will Elitecore or its supplier be liable for any lost revenue, profit, or data, or for special, indirect, consequential, incidental, or punitive damages however caused and regardless of the theory of liability arising out of the use of or inability to use the product even if Elitecore or its suppliers have been advised of the possibility of such damages. In the event shall Elitecore’s or its supplier’s liability to the customer, whether in contract, tort (including negligence) or otherwise, exceed the price paid by the customer. The foregoing limitations shall apply even if the above stated warranty fails of its essential purpose. In no event shall Elitecore or its supplier be liable for any indirect, special, consequential, or incidental damages, including, without limitation, lost profits or loss or damage to data arising out of the use or inability to use this manual, even if Elitecore or its suppliers have been advised of the possibility of such damages. RESTRICTED RIGHTS Copyright 2000 Elitecore Technologies Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of Elitecore Technologies Ltd. Information supplies by Elitecore Technologies Ltd. Is believed to be accurate and reliable at the time of printing, but Elitecore Technologies assumes no responsibility for any errors that may appear in this documents. Elitecore Technologies reserves the right, without notice, to make changes in product design or specifications. Information is subject to change without notice CORPORATE HEADQUARTERS Elitecore Technologies Ltd. 904 Silicon Tower, Off. C.G. Road, Ahmedabad – 380015, INDIA Phone: +91-79-26405600 Fax: +91-79-26407640 Web site: www.elitecore.com , www.cyberoam.com
Cyberoam User Guide
3
Contents
Guide Sets _______________________________________________________________________________ 6 Technical Support _________________________________________________________________________ 7 Typographic Conventions___________________________________________________________________ 8
Preface ____________________________________________________________________________ 9 Guide Organization _______________________________________________________________________ 10
Cyberoam Basics__________________________________________________________________ 11 Benefits of Cyberoam _____________________________________________________________________ 11 Accessing Cyberoam _____________________________________________________________________ 11 Accessing the Web Admin Console _________________________________________________________ 13
Getting Started______________________________________________________________________________ 16 Dashboard ______________________________________________________________________________ 18
Management ________________________________________________________________________________ 19 Setting up Zones __________________________________________________________________ 19
Create Zone _____________________________________________________________________________ 20 Setting up Users __________________________________________________________________ 21
Define Authentication _____________________________________________________________________ 21 Define User______________________________________________________________________________ 23
Setting up Groups _________________________________________________________________ 32 Firewall ___________________________________________________________________________ 37
Create Firewall rule _______________________________________________________________________ 39 Manage Firewall__________________________________________________________________________ 44 Host Management ________________________________________________________________________ 54
Setting up Logon Pools ____________________________________________________________ 59 Traffic Discovery __________________________________________________________________ 61
Live Connections report ___________________________________________________________________ 61 Today’s Connection History ________________________________________________________________ 68
Policy Management________________________________________________________________ 74 Surfing Quota policy ______________________________________________________________________ 75 Access Time policy _______________________________________________________________________ 79 Internet Access policy _____________________________________________________________________ 82 Bandwidth policy _________________________________________________________________________ 91 Data Transfer policy _____________________________________________________________________ 106 SNAT Policy ____________________________________________________________________________ 110 DNAT Policy ____________________________________________________________________________ 114
Zone Management________________________________________________________________ 117 Manage Zone ___________________________________________________________________________ 117 Delete Zone ____________________________________________________________________________ 118
Group Management_______________________________________________________________ 119 Manage Group __________________________________________________________________________ 119 Delete Group ___________________________________________________________________________ 124
User Management ________________________________________________________________ 125 Search User ____________________________________________________________________________ 125 Live User_______________________________________________________________________________ 126 Manage User ___________________________________________________________________________ 127
Logon Pool Management__________________________________________________________ 139
Cyberoam User Guide
4
Search Node____________________________________________________________________________ 139 Update Logon Pool ______________________________________________________________________ 140 Delete Logon Pool _______________________________________________________________________ 143
System Management _____________________________________________________________ 144 Configure Network_______________________________________________________________________ 144 Configure DNS__________________________________________________________________________ 144 Configure DHCP ________________________________________________________________________ 146 View Interface details ____________________________________________________________________ 147 Configuring Dynamic DNS service _________________________________________________________ 148 Manage Gateway________________________________________________________________________ 150 DoS Settings____________________________________________________________________________ 151 Bypass DoS Settings ____________________________________________________________________ 155 Reset Console Password _________________________________________________________________ 157 System Module Configuration _____________________________________________________________ 158
Manage Data _____________________________________________________________________ 159 Client Services __________________________________________________________________________ 165 Customize Access Deny messages ________________________________________________________ 170 Upload Corporate logo ___________________________________________________________________ 171 Customize Login message________________________________________________________________ 172
HTTP Proxy Management _________________________________________________________ 173 Manage HTTP Proxy_____________________________________________________________________ 173 Configure HTTP Proxy ___________________________________________________________________ 174
Manage Servers __________________________________________________________________ 176 Monitoring Bandwidth Usage______________________________________________________ 177 Migrate Users ____________________________________________________________________ 182
Migration from PDC server________________________________________________________________ 182 Migration from External file________________________________________________________________ 183
Customization _____________________________________________________________________________ 185 Schedule ________________________________________________________________________ 185
Define Schedule_________________________________________________________________________ 185 Manage Schedule _______________________________________________________________________ 188 Delete Schedule_________________________________________________________________________ 190
Services _________________________________________________________________________ 191 Define Custom Service ___________________________________________________________________ 191 Manage Custom Service _________________________________________________________________ 192 Delete Custom Service ___________________________________________________________________ 193 Create Service Group ____________________________________________________________________ 194 Update Service Group ___________________________________________________________________ 195 Delete Service Group ____________________________________________________________________ 196
Categories _______________________________________________________________________ 197 Web Category __________________________________________________________________________ 198 File Type Category ______________________________________________________________________ 208 Application Protocol Category _____________________________________________________________ 212
Access Control___________________________________________________________________ 218 Product Licensing & Updates _____________________________________________________ 220
Product Version information_______________________________________________________________ 220 Upgrade Cyberoam ______________________________________________________________________ 221 Licensing_______________________________________________________________________________ 224
Download________________________________________________________________________ 229 Clients _________________________________________________________________________________ 229 Documentation__________________________________________________________________________ 230
Appendix A – Audit Log___________________________________________________________ 231
Cyberoam User Guide
5
Appendix B – Network Traffic Log Fields ___________________________________________ 237 Appendix C – Web Categories _____________________________________________________ 241 Appendix D – Services ____________________________________________________________ 246 Appendix E – Application Protocols _______________________________________________ 248 Menu wise Screen and Table Index ________________________________________________ 250
Cyberoam User Guide
6
Guide Sets
Guide Describes
User Guide Console Guide Console Management Windows Client Guide Installation & configuration of Cyberoam
Windows Client Linux Client Guide Installation & configuration of Cyberoam Linux
Client HTTP Client Guide Installation & configuration of Cyberoam HTTP
Client Analytical Tool Guide Using the Analytical tool for diagnosing and
troubleshooting common problems LDAP Integration Guide Configuration for integrating LDAP with
Cyberoam for external authentication ADS Integration Guide Configuration for integrating ADS with Cyberoam
for external authentication PDC Integration Guide Configuration for integrating PDC with Cyberoam
for authentication RADIUS Integration Guide Configuration for integrating RADIUS with
Cyberoam for external authentication High Availability Configuration Guide
Configuration of High Availability (HA)
Data transfer Management Guide
Configuration and Management of user based data transfer policy
Multi Link Manager User Guide Configuration of Multiple Gateways, load balancing and failover
Cyberoam Anti Virus Implementation Guide
Configuring and implementing anti virus solution
Cyberoam Anti Spam Implementation Guide
Configuring and implementing anti spam solution
VPN Management Implementing and managing VPN
Cyberoam User Guide
7
Technical Support
You may direct all questions, comments, or requests concerning the software you purchased, your registration status, or similar issues to Customer care/service department at the following address: Corporate Office eLitecore Technologies Ltd. 904, Silicon Tower Off C.G. Road Ahmedabad 380015 Gujarat, India. Phone: +91-79-26405600 Fax: +91-79-26407640 Web site: www.elitecore.com Cyberoam contact: Technical support (Corporate Office): +91-79-26400707 Email: [email protected] Web site: www.cyberoam.com Visit www.cyberoam.com for the regional and latest contact information.
Cyberoam User Guide
8
Typographic Conventions
Material in this manual is presented in text, screen displays, or command-line notation.
Item Convention Example
Server Machine where Cyberoam Software - Server component is installed
Client Machine where Cyberoam Software - Client component is installed
User The end user Username Username uniquely identifies the user of the system Part titles Bold and
shaded font typefaces Report
Topic titles Shaded font typefaces Introduction
Subtitles Bold & Black typefaces Notation conventions
Navigation link Bold typeface Group Management → Groups → Create it means, to open the required page click on Group management then on Groups and finally click Create tab
Name of a particular parameter / field / command button text
Lowercase italic type
Enter policy name, replace policy name with the specific name of a policy Or Click Name to select where Name denotes command button text which is to be clicked
Cross references
Hyperlink in different color
refer to Customizing User database Clicking on the link will open the particular topic
Notes & points to remember
Bold typeface between the black borders
Note
Prerequisites Bold typefaces between the black borders
Prerequisite Prerequisite details
Cyberoam User Guide
9
Preface Welcome to Cyberoam’s - User guide. Cyberoam is an Identity-based UTM Appliance. Cyberoam’s solution is purpose-built to meet the security needs of corporates, government organizations, and educational institutions. Cyberoam’s perfect blend of best-of-breed solutions includes User based Firewall, Content filtering, Anti Virus, Anti Spam, Intrusion Detection and Prevention (IDP), and VPN. Cyberoam provides increased LAN security by providing separate port for connecting to the publicly accessible servers like Web server, Mail server, FTP server etc. hosted in DMZ which are visible the external world and still have firewall protection. This Guide helps you manage and customize Cyberoam to meet your organization’s various requirements including creating groups and users and assigning policies to control internet access.
Default Web Admin Console username is ‘cyberoam’ and password is ‘cyber’ It is recommended that you change the default password immediately after installation to avoid unauthorized access.
Cyberoam User Guide
10
Guide Organization
This Guide provides information regarding the administration, maintenance, and customization of Cyberoam.
How do I search for relevant content? For help on how to perform certain task use Contents For help on a specific menu or screen function use Menu wise – Screen and Table Index
This Guide is organized into three parts:
Part I – Getting started
It describes how to start using Cyberoam after successful installation.
Part II Management
It describes how to define groups and users to meet the specific requirements of your Organization. It also describes how to manage and customize Cyberoam.
1. Define Authentication process and firewall rule. 2. Manage Groups and Users. Describes how to add, edit and delete Users and User Groups 3. Manage & Customize Policies. Describes how to define and manage Surfing Quota policy,
Access Time policy, Internet Access policy, Bandwidth policy and Data transfer policy 4. Manage Logon Pools. Describes how to add, edit and delete Logon Pools 5. Manage Cyberoam server
Part III Customization
Customize Services, Schedules and Categories. Describes how to create and manage Categories, Schedules and Services and Cyberoam upgrade process.
Cyberoam User Guide
11
Cyberoam Basics Cyberoam is an Identity-based UTM Appliance. Cyberoam’s solution is purpose-built to meet the security needs of corporates, government organizations, and educational institutions. Cyberoam’s perfect blend of best-of-breed solutions includes Identity based Firewall, Content filtering, Anti Virus, Anti Spam, Intrusion Detection and Prevention (IDP), and VPN. Cyberoam provides increased LAN security by providing separate port for connecting to the publicly accessible servers like Web server, Mail server, FTP server etc. hosted in DMZ which are visible the external world and still have firewall protection. It also provides assistance in improving Bandwidth management, increasing Employee productivity and reducing legal liability associated with undesirable Internet content access.
Benefits of Cyberoam
1. Boost Employee productivity by a. Blocking access to the sites like Gaming, Shopping, news, Pornography
2. Conserve bandwidth by a. Controlling access to non-productive site access during working hours b. Controlling rate of uploading & downloading of data
3. Load balancing over multiple links a. Improved User response time b. Failover solution c. Continuous availability of Internet d. Reduced bandwidth bottlenecks
5. Enforce acceptable Internet usage policies 6. Comprehensive, easy-to-use reporting tool enabling the IT managers to compile reports on Internet
and other resources usage and consumption patterns
Accessing Cyberoam
Two ways to access Cyberoam: 1. Web Admin Console
• Managing Firewall rules • Used for policy configuration • Managing users, groups and policies • Managing Bandwidth • Viewing bandwidth graphs as well as reports
2. Telnet Console
• Used for Network and System configuration (setting up IP Addresses, setting up gateway) • Managing Cyberoam application
a) Using Console Interface via remote login utility – TELNET b) Direct Console connection - attaching a keyboard and monitor directly to Cyberoam server
Accessing Console via remote login utility - TELNET
Access Cyberoam Console with the help of TELNET utility. To use TELNET, IP Address of the Cyberoam server is required. To start the TELNET utility: Click Start, and then click Run
Cyberoam User Guide
12
In Open, type TELNET xxx.xxx.x.xxx Click OK, opens a console login window and prompts to enter Password Default password for Cyberoam TELNET console is “admin”.
Screen - Console access
Screen - Console login screen
Accessing Console using SSH client
Access Cyberoam Console using any of the SSH client. Cyberoam server IP Address is required. Start SSH client and create new Connection with the following parameters: Hostname - <Cyberoam server IP Address> Username – admin Password – admin
Cyberoam User Guide
13
Accessing the Web Admin Console
Cyberoam Web Admin Console (GUI) access requires Microsoft Internet Explorer 5.5+ or Mozilla Firefox 1.5+ and Display settings as True color (32 bits)
Log on & log off from the Cyberoam Web Admin Console
The Log on procedure verifies validity of user and creates a session until the user logs off.
Log on procedure
To get the log in window, open the browser and type IP Address in browser’s URL box. A dialog box appears prompting you to enter username and password to log on. Use the default user name ‘cyberoam’ and password ‘cyber’ if you are logging in for the first time after installation. Asterisks are the placeholders in the password field.
Log on Methods
HTTP log in
To open unencrypted login page, in the browser’s Address box, type http://<IP address of Cyberoam>
Screen - HTTP login screen
HTTPS log in
Cyberoam provides secured communication method which encrypts the User log on information and which prevents unauthorized users from viewing the user information. For this, Cyberoam uses https protocol. The secure Hypertext Transfer Protocol (HTTPS) is a communication protocol designed to transfer encrypted information between computers over the World Wide Web. HTTPS is http using a Secure Socket Layer (SSL). A secure socket layer is an encryption protocol invoked on a Web server that uses HTTPS.
Cyberoam User Guide
14
HTTPS protocol opens a secure hypertext transfer session with the specified site address. To open login over secure HTTP, type https://<IP address of Cyberoam>
Screen - HTTPS login
Screen Elements Description
Login User name Specify user login name.
If you are logging on for the first time after installation, please use default username ‘cyberoam’
Password Specify user account Password
Cyberoam User Guide
15
If you are logging on for the first time after installation, please use default password ‘cyber’
Log on to To administer Cyberoam, select ‘Web Admin Console’ Login button Logs on to Web Admin Console
Click Login
Table - Login screen elements
Web console Authorization and Access control
By default, Cyberoam has four types of user groups:
Administrator group
Log in as Administrator group User to maintain, control and administer Cyberoam. Administrator group User can create, update and delete system configuration and user information. Administrator can create multiple administrator level users.
Manager group
Manager group User can only view the reports.
User group
User group User is the user who accesses the resources through Cyberoam.
Clientless group
Clientless User group User who can bypass Cyberoam Client login to access resources. Cyberoam itself takes care of login of this level user. For Administrators and Managers, IP address based access restriction/control can be implemented. Refer to Access Configuration to implement.
Log out procedure
To avoid un-authorized users from accessing Cyberoam, log off after you have finished working. This will end the session and exit from Cyberoam.
Cyberoam User Guide
16
Getting Started Once you have configured network, you can start using Cyberoam. 1. Start monitoring Once you have installed Cyberoam successfully, you can monitor user activity in your Network. Depending on the Internet Access policy configured at the time of installation, certain categories will be blocked/allowed for LAN to WAN traffic with or without authentication. 2. View Cyberoam Reports Monitor your Network activities using Cyberoam Reports. To view Reports, log on to Reports from Web Admin Console using following URL: http://<Internal IP Address> To log on, use default username ‘cyberoam’ and password ‘cyber’.
View your organization’s surfing pattern from Web Surfing Organization wise report View your organization’s general surfing trends from Trends Web Trends report View your organization’s Category wise surfing trends from Trends Category Trends report 3. Discover Network Application Traffic Detect your network traffic i.e. applications and protocols accessed by your users. To view traffic pattern of your network, log on to Cyberoam Web Management Console using following URL: http://<Internal IP Address> To log on, use default username ‘cyberoam’ and password ‘cyber’. View amount of network traffic generated by various applications from Traffic Discovery Live Connections Application wise 4. Configure for User name based monitoring As Cyberoam monitors and logs user activity based on IP address, all the reports generated are also IP address based. To monitor and log user activities based on User names, you have to configure Cyberoam for integrating user information and authentication process. Integration will identify access request based on User names and generate reports based on Usernames. If your Network uses Active Directory Services and users are already created in ADS, configure Cyberoam to communicate your ADS. Refer to Cyberoam – ADS Integration guide for more details. If your Network uses Windows Domain Controller, configure for Cyberoam to communicate with Windows Domain Controller. Refer to Cyberoam – PDC Integration guide for more details.
1PART
Cyberoam User Guide
17
5. Customize Depending on the Internet Access configuration done at the time of installation, default firewall rules will be created. You can create additional firewall rules and other policies to meet your organization’s requirement. Cyberoam allows you to:
1. Control user based per zone traffic by creating firewall rule. Refer to Firewall for more details. 2. Control individual user surfing time by defining Surfing quota policy. Refer to Policy Management-
Surfing Quota policy for more details. 3. Schedule Internet access for individual users by defining Access time policy. Refer to Policy
Management-Access time policy for more details. 4. Control web access by defining Internet Access policy. Refer to Policy Management-Internet
Access policy for more details. 5. Allocate and restrict the bandwidth usage by defining Bandwidth policy. Refer to Policy
Management-Bandwidth policy for more details. 6. Limit total as well as individual upload and/or download data transfer by defining data transfer
policy. Refer Data transfer policy for more details.
Cyberoam User Guide
18
Dashboard
As soon as you logon to the Web Admin Console, Dashboard is displayed. Dashboard provides one solution to many analytical needs. Using the "dashboard" concept of information presentation, Cyberoam makes it easy to view access data from multiple perspectives, allowing management to identify patterns and potential areas of risk and productivity loss. It will empower organizations to plan, understand, integrate and leverage strategy all from a single page report. The goal of dashboard is to provide fast access to monitor and analyze employee Internet usage. As a result, managers gain an unprecedented ability to report on and manage a wide specturm of the data and applications that employees use during their working hours. Dashboard is the answer to – ‘Why can't Cyberoam automatically show me things that will help me with what I'm doing, instead of making me search around for them?’ Dashboard is divided into following section:
1. HTTP Traffic Analysis 2. User Surfing pattern 3. Usage Summary 4. Recent Mail Viruses detected 5. Recent HTTP Viruses detected 6. Installation Information 7. System Resources 8. System Status 9. Installation Information 10. DoS attack status 11. Recent IDP Alerts 12. License Information
Cyberoam User Guide
19
Management Setting up Zones
A Zone is a logical grouping of ports. Zones provide flexible layer of security for the firewall. With the zone-based security, the administrator can group similar ports and apply the same policies to them, instead of having to write the same policy for each interface.
Default Zones Types
LAN – Depending on the appliance in use and on your network design, you can group one to six ports in this zone. Even though each interface will have a different network subnet attached to it, when grouped together they can be managed as a single entity. Group all the LAN networks under this zone. By default the traffic to and from this zone is blocked and hence the highest secured zone. However, traffic between ports belonging to the same zone will be allowed. DMZ (DeMilitarized Zone) - This zone is normally used for publicly accessible servers. Depending on the appliance in use and on your network design, you can group one to five ports in this zone. WAN – This zone is used for Internet services. It can also be referred as Internet zone. Depending on the appliance in use and on your network design, you can group one to six ports in this zone. Local - This zone is the grouping of all the available ports of Cyberoam. Cyberoam provides single zone of each type. These are called System Zones. Administrator can add LAN and DMZ zone types. By default, entire traffic will be blocked except LAN to Local zone service likes Administration, Authentication and Network.
2PART
Cyberoam User Guide
20
Create Zone
Select System Zone Create to open the create page
Screen - Create Zone
Screen Elements Description
Create Zone Zone Name Specify name of the Zone Zone Type Select zone type
LAN – Depending on the appliance in use and on your network design, you can group one to six ports in this zone. By default the traffic to and from this zone is blocked and hence the highest secured zone. DMZ (DeMilitarized Zone) - This zone is normally used for publicly accessible servers. Depending on the appliance in use and on your network design, you can group one to five ports in this zone. WAN – This zone type is used for the Internet services. Only one WAN zone is allowed, hence you will not be able to create additional WAN zones. Multiple LAN is not possible if Cyberoam is placed deployed as Bridge It is not possible to add Zone if Cyberoam is placed deployed as Bridge
Select Port Allows to bind port to the zone ‘Available Ports’ list displays the list of ports that can be binded to the selected zone. Use Right arrow button to move the selected ports to ‘Member Port’ list.
Description Specify zone description Create button Saves the configuration and creates zone
Table – Create Zone
Cyberoam User Guide
21
Setting up Users
Define Authentication
Cyberoam provides policy-based filtering that allows defining individual filtering plans for various users of your organization. You can assign individual policies to users (identified by IP address), or a single policy to number of users (Group). Cyberoam detects users as they log on to Windows domains in your network via client machines. /*Cyberoam can be configured to allow or disallow users based on username and password. In order to use User Authentication, you must select at least one database against which Cyberoam should authenticate users. Cyberoam supports user authentication against: • an Active Directory • an Windows Domain controller • an LDAP server • an RADIUS server • an internal database defined in Cyberoam */
To filter Internet requests based on policies assigned, Cyberoam must be able to identify a user making a request. When the user attempts to access, Cyberoam requests a user name and password and authenticates the user's credentials before giving access. User level authentication can be performed using the local user database on the Cyberoam, an External ADS server, RADIUS server, LDAP or Windows Domain Controller. Integrate with ADS, LDAP or Domain Controller if external authentication is required. If your network uses an Active Directory service, configure Cyberoam to communicate with ADS. Refer to Cyberoam - ADS Integration Guide for details. If your network uses a Windows Domain controller, configure Cyberoam to communicate with Domain controller. Refer to Cyberoam - PDC Integration for details. If your Network uses LDAP, configure Cyberoam to communicate with LDAP server. Refer to Cyberoam – LDAP Integration for details. If your Network uses RADIUS server, configure Cyberoam to communicate with RADIUS server. Refer to RADIUS Integration Guide for details. Cyberoam can prompt for user identification if your network does not use Windows environment. Refer to Cyberoam Authentication for details.
Cyberoam Authentication
When Cyberoam is installed in Non PDC environment, it is necessary to create users and groups in Cyberoam. Before users log on to Cyberoam, Administrator has to create all the users in Cyberoam, assign them to a Group and configure for Cyberoam authentication. Refer to Define Group and Define User for details on creating groups and users.
Cyberoam User Guide
22
When user attempts to log on, Cyberoam server performs authentication i.e. User is authenticated directly by the Cyberoam server.
Select User Authentication Settings to open configuration page
Screen – Cyberoam Authentication
Screen Elements Description
Configure Authentication & Integration parameters Integrate with Select Cyberoam as the authentication server Default Group Allows to select default group for users
Click Default Group list to select
Update button Updates and saves the configuration Table – Cyberoam Authentication screen elements
Cyberoam User Guide
23
Define User
User
Users are identified by an IP address or a user name and assigned to a group. All the users in a group inherit all the group policies. Refer to Policy Management to define new policies.
User types
Cyberoam supports three types of Users: 1. Normal 2. Clientless 3. Single Sign on
Normal User has to logon to Cyberoam. Requires Cyberoam client (client.exe) on the User machine or user can use HTTP Client component and all the policy-based restriction can be applied. Clientless Does not require Cyberoam client component (client.exe) on the User machines. Symbolically represented as User name (C) Single Sign On If User is configured for Single Sign On, whenever User logs on to Windows, he/she is automatically logged to the Cyberoam. Symbolically represented as User name (S) Use the given decision matrix below to decide which type of the user should be created.
Decision matrix for creation of User
Feature Normal User Clientless User Single Sign on User
User Login required Yes No No Type of Group Normal Clientless
Yes No
No Yes
Yes No
Apply Login restriction Yes Yes Yes Apply Surfing Quota policy Yes No No Apply Access Time policy Yes No No Apply Bandwidth policy Yes Yes Yes Apply Internet Access policy Yes Yes Yes Apply Data Transfer policy Yes No Yes
Table - Create User - Decision matrix
Cyberoam User Guide
24
Add a User
Prerequisite • Group created – for Normal Users only
Select User User Add User to open add user page
Screen - Add User
Screen Elements Description
User Information Name Specify name of the User Username Specify a name that uniquely identifies user & used for logging Password Specify Password Confirm Password Specify password again for conformation
Should be same as typed in the Password field
Windows Domain Controller Only if Authentication is done by Windows Domain Controller
Displays Authentication Server IP Address
Cyberoam User Guide
25
User Type Specify the user group type. Depending on user group type default web console access control will be applied. Refer to Web console Authorization and Access control for more details. Available option: Administrator Manager User Click User type list to select Refer to Add Clientless User on how to create clientless user
Number of simultaneous login(s) allowed OR Unlimited
Customize the maximum number of concurrent logins allowed to the user Specify number of concurrent logins allowed to the user OR Allows unlimited concurrent logins to the user The setting specified will override the setting specified in client preference. For example, If in Client preferences, the number of concurrent logins allowed is 5 and here you have specified 3, then this particular user will be allowed to login from 3 machines concurrently and not from 5 machines.
Group Information Group Specify in Group in which user is to be added. User will inherit all the
group policies. Click Group list to select
View details link Open a new Window and displays details of the selected Group Refer to View Group details table for more details
Login Restriction Select any one option
Allows to apply login restriction Available options 1) All Nodes Allows Users to login from all the nodes in the network 2) Group Nodes only Allows Users to login only from the nodes assigned to the group 3) Selected Nodes only Allows Users to login from the selected nodes only. Refer to Apply Login Node Restriction for details. Nodes from which the User is allowed login can be specified after creating the user also. Click to select
Personal details link Allows to enter personal details of the user Personal information Only if Personal details link is clicked Birth date Specify date of birth of user
Click Calendar to select date
Email Specify Email Id of User
Cyberoam User Guide
26
Add button Adds user Click to add
Review button Opens a new page and displays the user details for reviewing. Review details before adding to make sure details entered are correct. Click to review Click Submit to add user
Table - Add User screen elements View Group details table
Screen Elements Description
Group name Displays name of the Group Surfing Quota policy Displays name of the Surfing Quota policy assigned to the
group Access Time policy Displays name of the Access Time policy assigned to the
group Internet Access policy Displays name of the Internet Access policy assigned to the
group Bandwidth policy Displays name of the Bandwidth policy assigned to the
group Data transfer policy
Displays name of the Data Transfer policy assigned to the group
Allotted time (HH:mm) Displays total allotted surfing time to User Expiry date Displays User policy Expiry date Used minutes Displays total time used by the user in minutes
At the time of creation of user, it will be displayed as 0:0
Close button Closes window Table - View Group details screen elements
Apply Login Node Restriction
Cyberoam User Guide
27
Screen Elements Description
Select Node(s) button Only if the option ‘Selected Node(s) Only’ is selected
Opens a new page and allows to select the node Click to select the Node for restriction
Logon Pool name Logon Pool from which the Node/IP address is to be added Click Logon Pool name list to select
Select Selects the Node Multiple nodes can also be selected
OK button Click to apply restriction Cancel button Cancels the current operation
Table - Apply Login Node Restriction screen elements
Cyberoam User Guide
28
Add Clientless users
Clientless Users are the Users who can bypass Cyberoam Client login to access resources. It is possible to add a single clientless user as well as more than one clientless user at a time. When you add multiple clientless users, users are represented by IP addresses and not by the User name.
Add multiple clientless users
Creates Clientless users with given IP addresses as their username. Change the Username of the clientless users if required.
Prerequisite • Clientless Group created
Select User Clientless Users Add Multiple Clientless Users to open create user page
Screen - Add multiple Clientless users
Screen Elements Description
Logon Pool Details Logon Pool name Specify name of Logon Pool Is Logon Pool public Public IP address is routable over the Internet and do not need
Network Address Translation (NAT)
Cyberoam User Guide
29
Click to Select, if IP Addresses assigned to the Users are public IP Addresses
Bandwidth policy By default, group bandwidth policy is applied to the user but you can override this policy. Specify Bandwidth Policy to be applied. Click Bandwidth Policy list to select Click View details link to view details of the policy
Description Specify full description Machine details From – To Specify range of IP Address that will be used by Users to login Machine name Specify Machine name Select Group Group Specify Group in which User is to be added
Click Group list to select
Create button Adds multiple Clientless Users Table - Add multiple Clientless users screen elements
Cyberoam User Guide
30
Add single Clientless user
Prerequisite • Group created • Logon Pool created
Select User Clientless Users Add Single Clientless User to open create user page
Screen - Add single Clientless user
Screen Elements Description
User Information Name Specify name of the User Username Specify a unique name used for logging Activate on Creation Specifies whether user should be logged in automatically after
registration
Options: Yes – Automatically logs in as soon as registered successfully i.e. becomes a live user
No – User is registered but is in De-active mode. Activate user before first log in. Refer to Activate Clientless User for more details
User type Displays User type User Group Information Group Specify Group in which User is to be added
Cyberoam User Guide
31
Click Group list to select
View details link Open a new window and displays details of the selected group
Click to view details Login Restriction Allowed Login from IP Address
Specifies IP address from where User can login
Click Select Node, opens a new window and allows to select IP Address Refer to Select Node table for more details
Personal details link Allows to enter the personal details of the user Personal information Only if Personal details link is clicked Birth date Specify date of birth of User
Use Popup Calendar to enter date
Email Specify Email Id of User Register Registers a clientless user Cancel button Cancels current operation
Table - Create single Clientless user screen elements
Select Node table
Screen Elements Description
Logon Pool name Allows to select the Logon Pool Click Logon Pool name list to select
Select Selects the Node Apply Restriction button User will be allowed to login from the selected node
only. Click to apply login restriction
Close button Closes window Table - Select Node screen elements
NOTE Duplicate Usernames cannot be created Make sure that subnets or individually defined IP addresses do not overlap Create Group before assigning it to a User. Refer to Create Groups to create new groups
Cyberoam User Guide
32
Setting up Groups Group
Group is a collection of users having common policies and a mechanism of assigning access of resources to a number of users in one operation/step. Instead of attaching individual policies to the user, create group of policies and simply assign the appropriate Group to the user and user will automatically inherit all the policies added to the group. This simplifies user configuration. A group can contain default as well as custom policies. Various policies that can be grouped are:
1. Surfing Quota policy which specifies the duration of surfing time and the period of subscription 2. Access Time policy which specifies the time period during which the user will be allowed access 3. Internet Access policy which specifies the access strategy for the user and sites 4. Bandwidth policy which specifies the bandwidth usage limit of the user 5. Data Transfer policy which specifies the data transfer quota of the user
Refer to Policy Management for more details on various policies.
Group types
Two types of groups: 1. Normal 2. Clientless
Normal A user of this group need to logon to Cyberoam using the Cyberoam Client to access the Internet Clientless A user of this group need not logon to Cyberoam using the Cyberoam Client to access the Internet. Access control is placed on the IP Address. Symbolically represented as Group name (C) Use the below given decision matrix to decide which type of group will best suited for your network configuration.
Decision matrix for creation of Group
Feature Normal Group Clientless Group
Logon into Cyberoam required Yes No Type of User Normal Clientless
Yes No
No Yes
Apply Login restriction Yes No Apply Surfing Quota policy Yes No Apply Access Time policy Yes No Apply Bandwidth policy Yes Yes Apply Internet Access policy Yes Yes Apply Data transfer policy Yes No
Table - Group creation - Decision matrix
Cyberoam User Guide
33
Add a New Group
Prerequisite • All the policies which are to be added to the Group are created • Logon Pool created if login is to be restricted from a particular Node/IP Address
Select Group Add Group to open add group page
Screen - Create Group
Screen Elements Description
Create Group Group name Specify Group name. Choose a name that best describes the Group. Group type Specify type of Group
Click Group type to select Select Normal if Group members are required to log on using Cyberoam Client Select Clientless if Group members are not required to log on using Cyberoam Client
Surfing Quota Policy
Specify Surfing Quota Policy for Group
Cyberoam User Guide
34
Only if Group type is ‘Normal’
Click Surfing Quota Policy list to select By default, ‘Unlimited policy’ is assigned to the ‘Clientless’ Group type Refer to Surfing Quota Policy for more details
Access Time Policy Only if Group type is ‘Normal’
Specify Access Time policy for Group Click Access Time Policy list to select By default, ‘Unlimited policy’ is assigned to ‘Clientless’ Group type Refer to Access Time Policy for more details
Internet Access policy
Specify Internet Access policy for Group Click Internet Access policy list to select Refer Internet Access policy for details
Bandwidth Policy Specify Bandwidth Policy for Group Click Bandwidth Policy list to select Refer Bandwidth Policy for details
Data Transfer policy
Specify data transfer policy for Group Click Data Transfer policy list to select Refer Data Transfer Policy for details
Login Restriction Select any one option
Apply login restriction if required for the users defined under the Group Available options 1) Allowed login from all nodes Allows Users defined under the Group to login from all the nodes 2) Allowed login from the selected nodes Allow Users defined under the Group to login from the selected nodes only. Specifies IP address from where User can login
Click Select Node, opens a new window and allows to select IP Address Refer to Select Node table for more details Refer to Apply Login Node restriction for more details Click to select
Select Node button Only if ‘Allowed Login from selected node’ option is selected for Login restriction
Opens a new page and allows to select the node Click to select the Node
Create button Creates Group
Cyberoam User Guide
35
Cancel button Cancels the current operation and returns to the Manage Group page
Table - Create Group screen elements
Note It is not necessary to add user at the time of the creation of Group. Users can be added even after the creation the group.
Apply Login Node Restriction
Screen – Apply Login Node Restriction
Screen Elements Description
Logon Pool name Logon Pool from which the Node/IP address is to be added Click Logon Pool name list to select
Select User will be allowed to login from the selected nodes only. Click to select Node Multiple nodes can also be selected
OK button Applies login restriction and closes the window
Cyberoam User Guide
36
Click to apply restriction Cancel button Cancels the current operation
Table - Apply Login Node Restriction screen elements
Cyberoam User Guide
37
Firewall A firewall protects the network from unauthorized access and typically guards the LAN and DMZ networks against malicious access; however, firewalls may also be configured to limit the access to harmful sites for LAN users. The responsibility of firewall is to grant access from Internet to DMZ or Service Network according to the Rules and Policies configured. It also keeps watch on state of connection and denies any traffic that is out of connection state. Firewall rules control traffic passing through the Cyberoam. Depending on the instruction in the rule, Cyberoam decides on how to process the access request. When Cyberoam receives the request, it checks for the source address, destination address and the services and tries to match with the firewall rule. If Identity match is also specified then firewall will search in the Live Users Connections for the Identity check. If Identity (User) found in the Live User Connections and all other matching criteria fulfills then action specified in the rule will be applied. Action can be allow or deny. If Action is ‘Allow’ then each rule can be further configured to apply source or destination NATting (Network Address Translation). You can also apply different protection settings to the traffic controlled by firewall: • Enable load balancing between multiple links • Configure antivirus protection and spam filtering for SMTP, IMAP, POP3, and HTTP traffic. To apply
antivirus protection and spam filtering, you need to subscribe for Gateway Anti Virus and Gateway Anti Spam modules individually. Refer to Licensing section for details.
• Implement Intrusion detection and prevention. To apply IDP policy you need to subscribe for Intrusion Detection and Prevention module. Refer to Licensing section for details.
• Configure content filtering policies. To apply content filtering you need to subscribe for Web and Application Filter module. Refer to Licensing section for details.
• Apply bandwidth policy restriction By default, Cyberoam blocks any traffic to LAN.
Default Firewall rules
At the time of deployment, Cyberoam allows to define one of the following Internet Access policies using Network Configuration Wizard: • Monitor only • General Internet policy • Strict Internet policy
Depending on the Internet Access policy set through Network Configuration Wizard, Cyberoam defines the two default firewall rules as follows: Monitor only Cyberoam applies the firewall rules in the order as specified below.
1. Masquerade and Allow entire LAN to WAN traffic for all the authenticated users after applying following policies: Internet Access policy – User specific Bandwidth policy – User specific Anti Virus & Anti Spam policy – Allows SMTP, POP3, IMAP and HTTP traffic without scanning
2. Masquerade and Allow entire LAN to WAN traffic for all the users without scanning SMTP, POP3,
Cyberoam User Guide
38
IMAP and HTTP traffic General Internet policy Cyberoam applies the firewall rules in the order as specified below.
1. Masquerade and Allow entire LAN to WAN traffic for all the authenticated users after applying following policies: Internet Access policy – User specific Bandwidth policy – User specific Anti Virus & Anti Spam policy - Scan SMTP, POP3, IMAP and HTTP traffic
2. Masquerade and Allow entire LAN to WAN traffic for all the users after applying following policies: Internet Access policy – Applies ‘General Corporate Policy’ to block Porn, Nudity, AdultContent, URL TranslationSites, Drugs, CrimeandSuicide, Gambling, MilitancyandExtremist, PhishingandFraud, Violence, Weapons categories IDP – General policy Anti Virus & Anti Spam policy - Scan SMTP, POP3, IMAP and HTTP traffic
Strict Internet policy Cyberoam applies the firewall rules in the order as specified below.
3. Masquerade and Allow entire LAN to WAN traffic for all the authenticated users after applying following policies: Internet Access policy – User specific Bandwidth policy – User specific IDP policy – General policy Anti Virus & Anti Spam policy - Scan SMTP, POP3, IMAP and HTTP traffic
4. Drop entire LAN to WAN traffic for all the users
Note Default Firewall rules can be modified as per the requirement but cannot be deleted IDP policy will not be effective until the Intrusion Detection and Prevention (IDP) module is subscribed. Virus and Spam policy will not be effective until the Gateway Anti Virus and Gateway Anti-spam modules are subscribed respectively. If Internet Access Policy is not set through Network Configuration Wizard at the time of deployment, the entire traffic is dropped.
Additional firewall rules can be defined to extend or override the default rules. For example, rules can be created that block certain types of traffic such as FTP from the LAN to the WAN, or allow certain types of traffic from specific WAN hosts to specific LAN hosts, or restrict use of certain protocols such as Telnet to authorized users on the LAN. Custom rules evaluate network traffic source IP addresses, destination IP addresses, User, IP protocol types, and compare the information to access rules created on the Cyberoam appliance. Custom rules take precedence, and override the default Cyberoam firewall rules.
Cyberoam User Guide
39
Create Firewall rule
Previous versions allowed creating firewall rules based on source and destination IP addresses and services but now Cyberoam’s Identity based firewall allows to create firewall rules embedding user identity into the firewall rule matching criteria. Firewall rule matching criteria now includes: • Source and Destination Zone and Host • User • Service
Prior to this version, all the Unified Threat Control policies were to be enabled individually from their respective pages. Now one can attach the following policies to the firewall rule as per the defined matching criteria: • Intrusion Detection and Prevention (IDP) • Anti Virus • Anti Spam • Internet Access • Bandwidth Management • Routing policy i.e. define user and application based routing
To create a firewall rule, you should: • Define matching criteria • Associate action to the matching criteria • Attach the threat management policies
For example, now you can: • Restrict the bandwidth usage to 256kb for the user John every time he logs on from the IP
192.168.2.22 • Restrict the bandwidth usage to 1024kb for the user Mac if he logs on in working hours from the IP
192.168.2.22 Processing of firewall rules is top downwards and the first suitable rule found is applied. Hence, while adding multiple rules, it is necessary to put specific rules before general rules. Otherwise, a general rule might allow a packet that you specifically have a rule written to deny later in the list. When a packet matches the rule, the packet is immediately dropped or forwarded without being tested by the rest of the rules in the list. Select Firewall Create Rule
Cyberoam User Guide
40
Screen - Create Firewall rule
Screen Elements Description
Matching Criteria Source Specify source zone and host IP address/network address to which the
rule applies. To define host group based firewall rule you need to define host group. Under Select Address, click Create Host Group to define host group from firewall rule itself or from Firewall Host Group Create Under Select Address, click Add Host to define host group from firewall rule itself rule itself or from Firewall Host Add Host
Cyberoam User Guide
41
Check Identity (Only if source zone is LAN/DMZ)
Check identity allows you to check whether the specified user/user group from the selected zone is allowed the access of the selected service or not. Click Enable to check the user identity. Enable check identity to apply following policies per user:
• Internet Access policy for Content Filtering (User’s Internet access policy will be applied automatically but will not be effective till the Web and Content Filtering module is subscribed)
• Schedule Access • IDP (User’s IDP policy will be applied automatically but will not be
effective till the IDP module is subscribed) • Anti Virus scanning (User’s anti virus scanning policy will be applied
automatically but it will not be effective till the Gateway Anti Virus module is subscribed)
• Anti Spam scanning (User’s anti spam scanning policy will be applied automatically but it will not be effective till the Gateway Anti Spam module is subscribed)
• Bandwidth policy - User’s bandwidth policy will be applied automatically
• The policy selected in Route through Gateway is the static routing policy that is applicable only if more then one gateway is defined and used for load balancing.
and limit access to available services. Destination Specify destination zone and host IP address /network address to which
the rule applies. Under Select Address, click Create Host Group to define host group from firewall rule itself or from Firewall Host Group Create Under Select Address, click Add Host to define host group from firewall rule itself rule itself or from Firewall Host Add Host
Service/Service group
Services represent types of Internet data transmitted via particular protocols or applications. Select service/service group to which the rule applies. Under Select Here, click Create Service Group to define service group from firewall rule itself rule itself or from Firewall Service Create Service Cyberoam provides several standard services and allows creating the custom services also. Under Select Here, click Create Service to define service from firewall rule itself rule itself or from Firewall Service Create Service
Cyberoam User Guide
42
Protect by configuring rules to
• block services at specific zone • limit some or all users from accessing certain services • allow only specific user to communicate using specific service
Apply Schedule Select Schedule for the rule Firewall Action When Criteria Match Action Select rule action
Accept – Allow access Drop – Silently discards i.e. without sending ‘ICMP port unreachable’ message to the source Reject – Denies access and sends ‘ICMP port unreachable’ message to the source
Apply Source NAT (Only if Action is ‘ACCEPT’)
Select the SNAT policy to be applied It allows access but after changing source IP address i.e. source IP address is substituted by the IP address specified in the SNAT policy. You can create SNAT policy from firewall rule itself or from Firewall SNAT Policy Create
This option is not available if Cyberoam is deployed as Bridge
Advanced Settings Click to apply different protection settings to the traffic controlled by firewall. You can:
• Enable load balancing and failover when multiple links are configured. Applicable only if Destination Zone is WAN
• Configure antivirus protection and spam filtering for SMTP, IMAP, POP3, and HTTP policies. To apply antivirus protection and spam filtering, you need to subscribe for Gateway Anti Virus and Gateway Anti Spam modules individually. Refer to Licensing section for details.
Cyberoam User Guide
43
• Implement Intrusion detection and prevention. To apply IDP policy you need to subscribe for Intrusion Detection and Prevention module. Refer to Licensing section for details.
• Configure content filtering policies. To apply content filtering you need to subscribe for Web and Application Filter module. Refer to Licensing section for details.
• Apply bandwidth policy
Destination NAT Settings Destination NAT policy
Select DNAT policy to be applied DNAT rule tells the firewall to forward the requests from the specified machine and port to the specified machine and port. Under Select Here, click Create DNAT Policy to define dnat policy from firewall rule itself rule itself or from Firewall DNAT Policy Create
This option is not available if Cyberoam is deployed as Bridge
Policy Settings IDP Policy Select IDP policy for the rule.
To use IDP, you have to subscribe for the module. Refer to Licensing for more details. Refer to IDP, Policy for details on creating IDP policy
Internet Access Policy
Select Internet access policy for the rule. It can be applied only to LAN to WAN rule. Internet Access policy controls web access. Refer to Policies, Internet Access Policy for details on creating Internet Access policy.
Bandwidth Policy Select Bandwidth policy for the rule. Only the Firewall Rule based Bandwidth policy can be applied. Bandwidth policy allocates & limits the maximum bandwidth usage of the user. Refer to Policies, Bandwidth Policy for details on creating Bandwidth policy.
Route Through Gateway
Select routing policy
Cyberoam User Guide
44
Can be applied only if more than one gateway is defined. This option is not available if Cyberoam is deployed as Bridge Refer to Multiple Gateway Implementation Guide for more details.
Virus & Spam Settings Scan Protocol(s) Click the protocol for which the virus and spam scanning is to be enabled
By default, HTTP scanning is enabled. To implement Anti Virus and Anti Spam scanning, you have to subscribe for the Gateway Anti Virus and Anti Spam modules individually. Refer to Licensing for more details. Refer to Anti Virus Implementation Guide and Anti Spam Implementation Guide for details.
Log Traffic Click to enable traffic logging for the rule i.e. traffic permitted and denied by the firewall rule. Make sure, firewall rule logging in ON/Enable from the Logging Management. Refer to Cyberoam Console Guide, Cyberoam Management for more details. To log the traffic permitted and denied by the firewall rule, you need to ON/Enable the firewall rule logging from the Web Admin Console Firewall rule and from the Telnet Console Cyberoam Management. Refer to Cyberoam Console Guide for more details. Refer to Appendix B - Network Traffic Logging Entry for more details.
Description Specify full description of the rule Save button Saves the rule
Table - Create Firewall rule screen elements
Manage Firewall
Use to: • Enable/disable SMTP, POP3, IMAP and HTTP scanning • Deactivate rule • Delete rule • Change rule order • Append rule (zone to zone) • Insert rule • Select display columns
Select Firewall Manage Firewall to display the list of rules
Cyberoam User Guide
45
Screen components Append Rule button - Click to add zone to zone rule Select Column button – Click to customize the number of columns to be displayed on the page
Subscription icon - Indicates subscription module. To implement the functionality of the subscription module you need to subscribe the respective module. Click to open the licensing page.
Enable/Disable rule icon - Click to activate/deactive the rule. If you do not want to apply the firewall rule temporarily, disable rule instead of deleting.
Green – Active Rule Red – Deactive Rule
Edit icon - Click to edit the rule. Refer to Edit Firewall rule for more details.
Insert icon - Click to insert a new rule before the existing rule. Refer to Define Firewall Rule for more details.
Move icon - Click to change the order of the selected rule. Refer to Change the firewall rule order for details.
Delete icon - Click to delete the rule. Refer to Delete Firewall Rule for more details.
Update Rule
Select Firewall Manage Firewall to view the list of rules. Click the rule to be modified.
Cyberoam User Guide
46
Screen- Edit Firewall Rule
Screen Elements Description
Matching Criteria Source Displays source zone and host IP address /network address to which the
rule applies. Zone Type cannot be modified Modify host/network address if required To define host group based firewall rule you need to define host group. Under Select Address, click Create Host Group to define host group from firewall rule itself or from Firewall Host Group Create Under Select Address, click Add Host to define host group from firewall rule itself rule itself or from Firewall Host Add Host
Cyberoam User Guide
47
Check Identity (Only if source zone is LAN or DMZ)
Check identity allows you to check whether the specified user/user group from the selected zone is allowed the access of the selected service or not. Click Enable to check the user identity
Destination Displays destination zone and host IP address /network address to which the rule applies. Zone Type cannot be modified Modify host/network address if required. To define host group based firewall rule you need to define host group. Under Select Address, click Create Host Group to define host group from firewall rule itself or from Firewall Host Group Create Under Select Address, click Add Host to define host group from firewall rule itself rule itself or from Firewall Host Add Host
Service/Service group
Services represent types of Internet data transmitted via particular protocols or applications. Displays service/service group to which the rule applies, modify if required Under Select Here, click Create Service Group to define service group from firewall rule itself rule itself or from Firewall Service Create Service Cyberoam provides several standard services and allows creating the custom services also. Under Select Here, click Create Service to define service from firewall rule itself rule itself or from Firewall Service Create Service
Protect by configuring rules to
• block services at specific zone • limit some or all users from accessing certain services • allow only specific user to communicate using specific service
Cyberoam User Guide
48
Apply Schedule Displays rule’s schedule, modify if required Firewall Action When Criteria Match Action Displays rule action, modify if required
Accept – Allow access Drop – Silently discards i.e. without sending ‘ICMP port unreachable’ message to the source Reject – Denies access and sends ‘ICMP port unreachable’ message to the source
Apply Source NAT (Only if Action is ‘ACCEPT’)
Displays the SNAT policy applied to the rule, modify if required It allows access but after changing source IP address i.e. source IP address is substituted by the specified IP address in the SNAT policy. You can create SNAT policy from firewall rule itself or from Firewall SNAT Policy Create
This option is not available if Cyberoam is deployed as Bridge
Advanced Settings Click to apply different protection settings to the traffic controlled by firewall. You can:
• Enable load balancing between multiple links • Configure antivirus protection and spam filtering for SMTP, IMAP, POP3, and HTTP
policies • Apply bandwidth policy • Configure content filtering policies
Destination NAT Settings Destination NAT policy
Displays DNAT policy applied, modify if required DNAT rule tells the firewall to forward the requests from the specified machine and port to the specified machine and port. Under Select Here, click Create DNAT Policy to define dnat policy from firewall rule itself rule itself or from Firewall DNAT Policy Create
Cyberoam User Guide
49
This option is not available if Cyberoam is deployed as Bridge
Policy Settings IDP Policy Displays IDP policy for the rule, modify if required
To use IDP, you have to subscribe for the module. Refer to Licensing for more details. Refer to IDP, Policy for details on creating IDP policy
Internet Access Policy (Only if source zone is LAN)
Displays Internet access policy for the rule, modify if required Internet Access policy controls web access. Refer to Policies, Internet Access Policy for details on creating Internet Access policy.
Bandwidth Policy Displays Bandwidth policy for the rule, modify if required. Only the Firewall Rule based Bandwidth policy can be applied. Bandwidth policy allocates & limits the maximum bandwidth usage of the user. Refer to Policies, Bandwidth Policy for details on creating Bandwidth policy.
Route Through Gateway
Displays routing policy, modify if required Can be applied only if more than one gateway is defined. This option is not available if Cyberoam is deployed as Bridge Refer to Multiple Gateway Implementation Guide for more details.
Virus & Spam Settings Scan Protocol(s) Displays protocols for which the virus and spam scanning is to be enabled,
modify if required By default, HTTP scanning is enabled. To implement Anti Virus and Anti Spam scanning, you have to subscribe for the Gateway Anti Virus and Anti Spam modules individually. Refer to Licensing for more details. Refer to Anti Virus Implementation Guide and Anti Spam Implementation Guide for details.
Log Traffic Click to enable traffic logging for the rule
Cyberoam User Guide
50
Make sure, firewall rule logging in ON/Enable from the Logging Management. Refer to Cyberoam Console Guide, Cyberoam Management for more details. To log the traffic permitted and denied by the firewall rule, you need to ON/Enable the firewall rule logging from the Web Admin Console Firewall rule and from the Telnet Console Cyberoam Management. Refer to Cyberoam Console Guide for more details. Refer to Appendix B - Network Traffic Logging Entry for more details.
Description Displays full description of the rule, modify if required Allows maximum of 255 characters Can be any combination of A-Z, a-z,’_’, 0-9
Save button Saves the rule Table – Edit Firewall Rule
Cyberoam User Guide
51
Change Firewall Rule order
Rules are ordered by their priority. When the rules are applied, they are processed from the top down and the first suitable rule found is applied. Hence, while adding multiple rules, it is necessary to put specific rules before general rules. Otherwise, a general rule might allow a packet that you specifically have a rule written to deny later in the list. When a packet matches the rule, the packet is immediately dropped or forwarded without being tested by the rest of the rules in the list. Select Firewall Manage Firewall
Click the move button against the rule whose order is to be changed
Select Before or After as per the need Click the rule to be moved and then click where it is to be moved. Click Done to save the order
Append rule
Append Rule adds the new rule above the default rules if zone-to-zone rule set exists else append new rule as new zone-to-zone rule set in the end. For example, consider the screen given below. If the new rule is for DMZ to LAN then a new rule set DMZ – LAN is created at the end and rule is added to it. If the new rule is for LAN to WAN then rule will be added above Rule ID 4 as Rule ID 3 and ID 4 are default rules. Select Firewall Manage Firewall Rules and click Append Rule
Refer to Define Firewall Rule for more details.
Cyberoam User Guide
52
Change Display Columns
By default, Manage Firewall Rules page displays details of the rule in the following eight columns: ID, Enable, Source, Identity, Destination, Service, Action and Manage. You can customize the number of columns to be displayed as per your requirement.
Screen – Default Screen Display of Manage Firewall Rules page
Select Firewall Manage Firewall to open the manage page. Click Select Columns It opens the new window. ‘Available Columns’ list displays the columns that can be displayed on the page. Click the required column and use Right arrow button to move the selected column to the ‘Selected Columns’ list Click Done
Screen – Customized Screen Display of Manage Firewall Rules page
Delete Firewall Rule
Select Firewall Manage Firewall Rules and click the delete icon against the rule to deleted
Cyberoam User Guide
53
Screen - Delete Firewall rule
Note Default rules cannot be deleted or deactivated.
Cyberoam User Guide
54
Host Management
Firewall rule can be created for the individual host or host groups. By default, the numbers of hosts equal to the ports in the appliance are already created.
Create Host Group
Host group is the grouping on hosts. Select Firewall Host Group Create to open the create page
Screen – Create Host Group
Screen Elements Description
Create Host Group Host Group Name Specify host group name Description Specify full description Create button Add a new host. If host group is created successfully,
click Add to add hosts to the host group. Refer to Manage Host Groups for details.
Table – Create Host Group screen elements
Manage Host Group
Use to: • Add host to Group
Cyberoam User Guide
55
• Remove host from the Group • Delete Host Group
Add Host to Host Group
Select Firewall Host Group Manage to view the list of groups created. Click host group to which host is to be added. Host Group details are displayed. Click Add. List of hosts that can be added to the group is displayed. Click against the host to be added Click Add
Remove Host from Host Group
Select Firewall Host Group Manage and click host group from which the host is to be removed
Screen – Remove Host from Host Group
Cyberoam User Guide
56
Screen Elements Description
Del Select host to be removed from the group Click Del to select More than one host can also be selected
Select All Select all the hosts for deletion Click Select All to select all the hosts
Delete button Deletes all the selected hosts Table – Remove Host from Host Group screen elements
Delete Host Group
Select Firewall Host Group Create
Screen – Delete Host Group
Screen Elements Description
Del Select host group for deletion Click Del to select More than one group can also be selected
Select All Select all the groups for deletion Click Select All to select all the groups
Delete button Deletes all the selected groups Table – Delete host Group screen elements
Cyberoam User Guide
57
Add Host
Prerequisite • Host Group created
Select Firewall Host Add to open the add page
Screen – Add Host
Screen Elements Description
Add Host Host Name Specify host name Host Type Select host type i.e. single IP address with subnet or range
of IP address Network Specify network address or range of IP address Select Host Group Select host group Create button Add a new host
Table – Add Host screen elements
Manage Host
Select Firewall Host Manage to view the list of hosts
Cyberoam User Guide
58
Screen – Delete host
Screen Elements Description
Del Select host to be deleted Click Del to select More than one host can also be selected
Select All Select all the hosts for deletion Click Select All to select all the hosts
Delete button Deletes all the selected hosts Table – Delete host screen elements
Cyberoam User Guide
59
Setting up Logon Pools Logon Pool is a collection of a single IP addresses or range of IP addresses. Add IP addresses/Nodes at the time of creation of Logon Pool or after the creation.
Create a new Logon Pool
Prerequisite • Bandwidth policy created
Select Group Logon Pool Add Logon Pool
Screen - Create Logon Pool
Screen Elements Description
Logon Pool Details Logon Pool name Specify name of Logon Pool Is Logon Pool public
Public IP address is routable over the Internet and do not need Network Address Translation (NAT) Click to Select, if the IP Addresses assigned to Users are Public IP addresses
Bandwidth policy Specify Bandwidth Policy for Logon Pool Click Bandwidth Policy list to select Click View details link to view details of the policy
Description Specify full description Machine details From – To Specify range of IP Address that will be used by Users to login
Cyberoam User Guide
60
Machine name Specify machine name Create button Add a new Logon Pool
Table - Add Logon Pool screen elements
Cyberoam User Guide
61
Traffic Discovery "Network security" is controlling who can do what on your network. Control is all about detecting and resolving any activity that does not align with your organization's policies. Traffic discovery provides a comprehensive, integrated tool to tackle all your Network issues. It performs network traffic monitoring by aggregating the traffic passing through Cyberoam. It helps in determining the amount of network traffic generated by an application, IP address or user. View your network's traffic statistics, including protocol mix, top senders, top broadcasters, and error sources. Identify and locate bandwidth hogs and isolate them from the network if necessary. Analyze performance trends with baseline data reports. The discovered traffic pattern is presented in terms of • Application • User • LAN IP Address
Apart from details of live connection’s traffic pattern, Cyberoam also provides current date’s connection history.
Live Connections report
Application wise
Application wise Live Connections displays list of Applications running on the network currently. It also displays which user is using the application currently and total data transferred using the application. Select Traffic Discovery Live Connections Application wise
Screen – Application wise Live connections
Cyberoam User Guide
62
Screen Elements Description
Application Name Applications running on network Click Total Connections to view the connection details for selected Application. Refer to Connection details for selected Application
Click to view list of Users using respective Applications Click Total Connections to view the connection details for selected Application. Refer to Connection details for selected Application Click to view WAN IP Address wise Connection details for selected Application Click to view Destination Port wise Connection details for selected Application
Data Transfer details Upload Transfer Displays data uploaded using the Application Download Transfer Displays data downloaded using the Application Upstream Bandwidth (Kbit/sec)
Displays upstream bandwidth used by Application
Downstream Bandwidth (Kbits/sec)
Displays downstream bandwidth used by Application
Connection Details Total Connections Displays number of connections initiating/requesting the
Application Click to view the connection details for the respective Application for each connection
LAN Initiated Displays number of connections initiated by LAN IP Address for the Application
WAN Initiated Displays number of connections initiated by WAN IP Address for the Application
Table – Application wise Live connections screen elements
Cyberoam User Guide
63
Connection details for selected Application
Report columns Description
Established Time Time when connection was established LAN IP Address LAN IP Address from which the connection for the application
was established LAN PORT LAN port through which connection was established for the
application WAN IP Address WAN IP Address to which connection was established WAN PORT WAN port to which connection was established for the application Direction Traffic direction Upload Transfer Data uploaded using the Application Download Transfer Data downloaded using the Application Upstream Bandwidth Upstream bandwidth used by Application Downstream Bandwidth Downstream bandwidth used by Application
Connection details for selected LAN IP Address and Application
Report columns Description
Established Time Time when connection was established LAN IP Address LAN IP Address from which the connection for the application
was established LAN Port LAN port through which connection was established for the
application WAN IP Address WAN IP Address to which connection was established WAN Port WAN port to which connection was established for the application Direction Traffic direction Upload Transfer Data uploaded using the Application Download Transfer Data downloaded using the Application Upstream Bandwidth Upstream bandwidth used by Application Downstream Bandwidth Downstream bandwidth used by Application
Cyberoam User Guide
64
WAN IP Address wise Connection details for selected Application
Report columns Description
WAN IP Address WAN IP Addresses to which Connection was established by the selected Application
Total Connections Number of connections established to the WAN IP Address LAN Initiated Number of connections initiated from LAN WAN Initiated Number of connections initiated from WAN Upload Transfer Data uploaded during the connection Download Transfer Data downloaded during the connection Upstream Bandwidth Upstream bandwidth used by Application Downstream Bandwidth Downstream bandwidth used by Application
Destination Port wise Connection details for selected Application
Report columns Description
Destination Port Destination ports to which Connection was established by the selected Application
Total Connections Number of connections established through the destination port LAN Initiated Number of connections initiated from LAN WAN Initiated Number of connections initiated from WAN Upload Transfer Data uploaded during the connection Download Transfer Data downloaded using the connection Upstream Bandwidth Upstream bandwidth used by Application Downstream Bandwidth Downstream bandwidth used by Application
Cyberoam User Guide
65
User wise
User wise Live Connections displays which user is using which Application and is consuming how much bandwidth currently. Select Traffic Discovery Live Connections User wise
Screen – User wise Live connections
Screen Elements Description
User Name Network Users requesting various Applications Click Total Connections to view the connection details for selected User.
Click to view list of Applications used by the respective users Click Total Connections to view the connection details for selected User and Application Click to view WAN IP Addresses wise Connection details for selected User Click to view Destination ports wise Connection details for selected User
Data Transfer details Upload Transfer Displays data uploaded by the User Download Transfer Displays data downloaded by the User Upstream Bandwidth (Kbit/sec)
Displays upstream bandwidth used by User
Downstream Bandwidth (Kbits/sec)
Displays downstream bandwidth used by User
Connection Details Total Connections Displays number of connections initiated by the User
Click to view connection details initiated by the User for each connection
LAN Initiated Displays number of connections initiated from LAN IP Address by the User
WAN Initiated Displays number of connections initiated from WAN IP Address by the User
Table – User wise Live connections screen elements
Cyberoam User Guide
66
LAN IP Address wise
LAN IP Address wise Live Connections displays list of Applications currently accessed by LAN IP Address. Select Traffic Discovery Live Connections LAN IP Address wise
Screen –LAN IP Address wise Live connections
Screen Elements Description
LAN IP Address LAN IP Address requesting various Applications Click Total Connections to view the connection details for selected LAN IP Address.
Click to view list of Applications requested by the respective LAN IP Address Click Total Connections to view the connection details for selected LAN IP Address and Application Click to view WAN IP Addresses wise Connection details for selected LAN IP Address Click to view Destination ports wise Connection details for selected LAN IP Address
Data Transfer details Upload Transfer Displays data uploaded from the LAN IP Address Download Transfer Displays data downloaded from the LAN IP Address Upstream Bandwidth (Kbit/sec)
Displays upstream bandwidth used by LAN IP Address
Downstream Bandwidth (Kbits/sec)
Displays downstream bandwidth used by the LAN IP Address
Connection Details
Cyberoam User Guide
67
Total Connections Displays number of connections initiated by the LAN IP Address Click to view connection details initiated by the LAN IP Address for each connection
LAN Initiated Displays number of connections initiated from LAN IP Address WAN Initiated Displays total number of connections initiated from WAN IP
Address Table –LAN IP Address wise Live connection screen elements
Apart from the live connection details, details of the connections that are closed can be also be viewed. The details for all the connections that are closed during last 24 hours are shown. You can also select the history duration.
Cyberoam User Guide
68
Today’s Connection History
Application wise
It displays list of Applications accessed during the selected duration and by user and/or LAN IP Address. Select Traffic Discovery Today’s Connection History Application wise
Screen – Today’s Connection History – Application wise
Screen Elements Description
Select Start time and Stop time Start time & Stop time Select the history duration Refresh Data button Click to refresh the data after the start time or stop time is
changed to get the latest data Application Name Applications running on network
Click Total Connections to view the connection details for selected Application. Refer to Connection details for selected Application
Click to view list of users using respective Applications Click Total Connections to view the connection details for selected LAN IP Address and Application. Refer to Connection details for selected LAN IP Address and Application Click to view WAN IP Address wise Connection details for selected Application Click to view Destination Port wise Connection details for selected Application
Data Transfer details Upload Transfer Displays data uploaded using the Application Download Transfer Displays data downloaded using the Application Upstream Bandwidth (Kbit/sec)
Displays upstream bandwidth used by Application
Cyberoam User Guide
69
Downstream Bandwidth (Kbits/sec)
Displays downstream bandwidth used by Application
Connection Details Total Connections Displays number of connections initiating/requesting the
Application Click to view the connection details for the respective Application for each connection
LAN Initiated Displays number of connections initiated by LAN IP Address for the Application
WAN Initiated Displays number of connections initiated by WAN IP Address for the Application
Table – Today’s Connection History – Application screen elements
Cyberoam User Guide
70
User wise
It displays list of Users who has logged on to network during the selected duration and accessed which applications. Select Traffic Discovery Today’s Connection History User wise
Screen – Today’s Connection History – User wise
Screen Elements Description
Select Start time and Stop time Start time & Stop time Select the history duration Refresh Data button Click to refresh the data after the start time or stop time is
changed to get the latest data User Name Network Users requesting various Applications
Click Total Connections to view the connection details for selected User.
Click to view list of Applications used by the respective users Click Total Connections to view the connection details for selected User and Application Click to view WAN IP Addresses wise Connection details for selected User Click to view Destination ports wise Connection details for selected User
Data Transfer details Upload Transfer Displays data uploaded by the User
Cyberoam User Guide
71
Download Transfer Displays data downloaded by the User Upstream Bandwidth (Kbit/sec)
Displays upstream bandwidth used by User
Downstream Bandwidth (Kbits/sec)
Displays downstream bandwidth used by User
Connection Details Total Connections Displays number of connections initiated by the User
Click to view connection details initiated by the User for each connection
LAN Initiated Displays number of connections initiated from LAN IP Address by the User
WAN Initiated Displays number of connections initiated from WAN IP Address by the User
Table – Today’s Connection History – User wise screen elements
Cyberoam User Guide
72
LAN IP Address wise
It displays list of Applications accessed during the selected duration by each LAN IP Address. Select Traffic Discovery Today’s Connection History LAN IP Address wise
Screen – Today’s Connection History – LAN IP Address wise
Screen Elements Description
Select Start time and Stop time Start time & Stop time Select the history duration Refresh Data button Click to refresh the data after the start time or stop time is
changed to get the latest data LAN IP Address LAN IP Address requesting various Applications
Click Total Connections to view the connection details for selected LAN IP Address.
Click to view list of Applications requested by the respective LAN IP Address Click Total Connections to view the connection details for selected LAN IP Address and Application Click to view WAN IP Addresses wise Connection details for selected LAN IP Address Click to view Destination ports wise Connection details for selected LAN IP Address
Data Transfer details Upload Transfer Displays data uploaded from the LAN IP Address Download Transfer Displays data downloaded from the LAN IP Address Upstream Bandwidth (Kbit/sec)
Displays upstream bandwidth used by LAN IP Address
Downstream Bandwidth (Kbits/sec)
Displays downstream bandwidth used by the LAN IP Address
Connection Details
Cyberoam User Guide
73
Total Connections Displays number of connections initiated by the LAN IP Address Click to view connection details initiated by the LAN IP Address for each connection
LAN Initiated Displays number of connections initiated from LAN IP Address WAN Initiated Displays total number of connections initiated from WAN IP
Address Table – Today’s Connection History – LAN IP Address wise screen elements
Cyberoam User Guide
74
Policy Management Cyberoam allows controlling access to various resources with the help of Policy. Cyberoam allows defining following types of policies:
1. Control individual user surfing time by defining Surfing quota policy. See Surfing Quota policy for more details.
2. Schedule Internet access for individual users by defining Access time policy. See Access time policy for more details.
3. Control web access by defining Internet Access policy. See Internet Access policy for more details.
4. Allocate and restrict the bandwidth usage by defining Bandwidth policy. See Bandwidth policy for more details.
5. Limit total as well as individual upload and/or download data transfer by defining data transfer policy. See Data Transfer policy for more details.
Cyberoam comes with several predefined policies. These predefined policies are immediately available for use until configured otherwise. Cyberoam also lets you define customized policies to define different levels of access for different users to meet your organization’s requirements.
Cyberoam User Guide
75
Surfing Quota policy
Surfing quota policy defines the duration of Internet surfing time. Surfing time duration is the allowed time in hours for a Group or an Individual User to access Internet. Surfing quota policy: • Allocates Internet access time on cyclic or non-cyclic basis • Single policy can be applied to number of Groups or Users
Cyberoam comes with several predefined policies. These predefined policies are immediately available for use until configured otherwise. Cyberoam also lets you define customized policies to define different levels of access for different users to meet your organization’s requirements.
Create Surfing Quota policy
Select Policies Surfing Quota Policy Create policy to open the create page
Screen - Create Surfing Quota policy
Screen Elements Description
Create Surfing Quota policy Name Specify policy name. Choose a name that best describes the policy Cycle type Specify cycle type
Available options Daily – restricts surfing hours up to cycle hours defined on daily basis Weekly – restricts surfing hours up to cycle hours defined on weekly basis Monthly – restricts surfing hours up to cycle hours defined on monthly basis Yearly – restricts surfing hours up to cycle hours defined on yearly basis Non-cyclic – no restriction
Cycle hours Only if cycle type is not ‘Non cyclic’
Specify upper limit of surfing hours for cyclic type policies At the end of each Cycle, cycle hours are reset to zero i.e. for ‘Weekly’ Cycle type, cycle hours will to reset to zero every week even if cycle hours are unused
Allotted Days Restricts surfing days
Cyberoam User Guide
76
Specify total surfing days allowed to limit surfing hours Unlimited Days Does not restrict surfing days and creates Unlimited Surfing Quota
policy. Click to select
Allotted Time Allotted time defined the upper limit of the total surfing time allowed i.e. restricts total surfing time to allotted time Specify surfing time in Hours & minutes
Unlimited Time Select if you do not want to restrict the total surfing time Click to select
Shared allotted time with group members
Specify whether the allotted time will be shared among all the group members or not Click to share
Policy Description Specify full description of the policy Create button Creates policy
Table - Create Surfing Quota policy screen elements
Note Policies with the same name cannot be created
Cyberoam User Guide
77
Update Surfing Quota policy
Select Policies → Surfing Quota policy → Manage policy and click Policy name to be modified
Screen - Update Surfing Quota policy
Screen Elements Description
Edit Surfing Quota policy Name Displays policy name, modify if required Cycle Type Displays Cycle type, modify if required Cycle Hours Displays allotted Cycle hours Allotted Days Or Unlimited Days
Displays allotted days, modify if required
Cyberoam User Guide
78
Allotted time Or Unlimited time
Displays allotted time in hours, minutes, modify if required
Shared allotted time with group members
Displays whether the total allotted time is shared among the group members or not, modify if required
Policy Description Displays description of the policy, modify if required Update button Updates and saves the policy Cancel button Cancels the current operation and returns to Manage Surfing
Quota policy page Table - Update Surfing Quota policy screen elements
Note The changes made in the policy become effective immediately on updating the changes.
Delete Surfing Quota policy
Prerequisite • Not assigned to any User or Group
Select Policies → Surfing Quota policy → Manage policy to view list of policies
Screen - Delete Surfing Quota policy
Screen Elements Description
Del Select policy for deletion Click Del to select More than one policy can also be selected
Select All Select all the policies for deletion Click Select All to select all the policies
Delete button Deletes all the selected policies Table - Delete Surfing Quota policy screen elements
Cyberoam User Guide
79
Access Time policy
Access time is the time period during which user can be allowed/denied the Internet access. An example would be “only office hours access” for a certain set of users. Access time policy enables to set time interval - days and time - for the Internet access with the help of schedules. See Schedules for more details. A time interval defines days of the week and times of each day of the week when the user will be allowed/denied the Internet access. Two strategies based on which Access time policy can be defined: Allow strategy By default, allows access during the schedule Deny strategy By default, disallows access during the schedule
Create Access Time policy
Prerequisite • Schedule created
Select Policies Access Time Policy Create policy to open create policy page
Screen - Create Access Time policy
Screen Elements Description
Access Time policy details Name Specify policy name. Choose a name that best describes the policy to
be created Schedule Specify policy schedule
Users will be allowed/disallowed access during the time specified in the schedule. Click Schedule list to select Click View details link to view the details of selected schedule
Cyberoam User Guide
80
Refer to Define Schedule on how to create a new schedule Strategy for selected Schedule
Specify strategy to policy Allow – Allows the Internet access during the scheduled time interval Disallow - Does not allow the Internet access during the scheduled time interval Click to select
Description Specify full description of policy Create button Creates policy
Table - Create Access Time policy screen elements
Note Policies with the same name cannot be created
Cyberoam User Guide
81
Update Access Time policy
Select Policies → Access Time policy → Manage policy and Click Policy name to be modified
Screen - Update Access
Time policy
Screen Elements Description
Access Time policy details Name Displays policy name, modify if required Schedule Displays selected policy schedule
To modify, Click Schedule list and select new schedule Click View details link to view details of the selected schedule
Strategy for selected Schedule
Displays Schedule strategy
Cannot be modified Description Displays description of the policy, modify if required Save button Saves the modified details Cancel button Cancels current operation and returns to Manage Access Time
policy Table - Update Access Time policy screen elements
Note The changes made in the policy become effective immediately on saving the changes.
Delete Access Time policy
Prerequisite
Cyberoam User Guide
82
• Not assigned to any User or Group Select Policies → Access Time policy → Manage policy to view the list of policies
Screen - Delete Access Time policy
Screen Elements Description
Del Select policy for deletion Click Del to select More than one policy can also be selected
Select All Select all the policies for deletion Click Select All to select all the policies
Delete button Deletes all the selected policies Table - Delete Access Time policy screen elements
Internet Access policy
Internet Access policy controls user’s web access. It helps to manage web access specific to the organization’s need. It specifies which user has access to which sites or applications and allows defining policy based on almost limitless parameters like:
1. Individual users 2. Groups of users 3. Time of day 4. Location/Port/Protocol type 5. Content type 6. Bandwidth usage (for audio, video and streaming content)
When defining a policy, you can deny or allow access to an entire application category, or to individual file extensions within a category. For example, you can define a policy that blocks access to all audio files with .mp3 extensions. Two basic types of Internet Access policy:
1. Default Allow 2. Default Disallow
Cyberoam User Guide
83
Default Allow By default, allows user to view everything except the sites and files specified in the web categories E.g. To allow access to all sites except Mail sites Default Disallow By default, prevents user from viewing everything except the sites and files specified in the web categories E.g. To disallow access to all sites except certain sites
Cyberoam User Guide
84
Create a new Internet Access policy
Select Policies Internet Access Policy Create Policy to open the create policy page
Screen - Create Internet Access policy
Cyberoam User Guide
85
Screen Elements Description
Internet Access policy details Name Specify policy name. Choose a name that best describes the policy
to be created Using Template Select a template if you want to create a new policy based on an
existing policy and want to inherit all the categories restrictions from the existing policy Select ‘Blank’ template, if you want to create a fresh policy without any restrictions. After creation you can always customize the category restrictions according to the requirement.
Policy Type Only for ‘Blank’ option in Using Template field
Select default policy type Available options Allow – Allows access to all the Internet sites except the sites and files specified in the Categories Deny – Allows access to only those sites and files that are specified in the Categories
Description Specify full description of policy Reporting By default, Internet usage report is generated for all the users. But
Cyberoam allows to bypass reporting of certain users. Click ‘Off’ to create Bypass reporting Internet access policy. Internet usage reports will not include access details of all the users to whom this policy will be applied. Click ‘On’ to create policy which will include access details of all the users in Internet usage reports to whom this policy is applied.
Create button Creates policy and allows to add Category restriction Refer to Add Category for more details
Internet Access policy Rules Add button Allows to define Internet Access policy rules and assign Web, File
Type and Application Protocol Categories to Internet Access policy Click to add Refer to Add Internet Access policy rule for more details
Save button Saves policy Show Policy Members button
Opens a new page and displays list of policy members
Cancel button Cancels the current operation and return to Manage Internet Access policy page
Table - Create Internet Access policy screen elements
Note Policies with the same name cannot be created
Add Internet Access policy rule
Cyberoam User Guide
86
Screen – Add Internet Access policy rule
Screen Elements Description
Rule details Select Category Displays list of custom Web, File Type and Application Protocol
Categories Displays list of Categories assigned to policy In Category Name column, W represents Web Category F represents File Type Category A represents Application Protocol Category D represents Default Category C represents Customized i.e. User defined Category Select Categories to be assigned to policy. In Web Category list, click to select In File Type list, click to select In Application Protocol list, click to select Use Ctrl/Shift and click to select multiple Categories If ‘Web and Application Filter’ subscription module is registered, all the default categories will also be listed and can be for restriction.
Strategy Allows/Disallows access to the selected Categories during the period defined in the schedule Click Strategy box to see options and select
During Schedule Allows/Disallows access to the selected Categories according to the strategy defined during the period defined in the schedule Allow/Disallow will depend on the strategy selected Click Schedule box to see options and select
View details link Opens a new window and displays details of the selected schedule
Click to view Click Close to close the window
Add button Add rule to Internet Access policy
Cyberoam User Guide
87
Click to add rule Cancel button Cancels the current operation
Table – Add Internet Access policy rule screen elements
Update Internet Access policy
Select Policy Internet Access policy Manage Policy and click policy name to be modified
Screen - Update Internet Access policy
Screen Elements Description
Internet Access policy details Name Displays policy name
Cannot be modified
Policy Type Displays policy type Cannot be modified
Description Displays policy description, modify if required Reporting By default, Internet usage report is generated for all the users. But
Cyberoam allows to bypass reporting of certain users. Click ‘Off’ to create Bypass reporting Internet access policy. Internet usage reports will not include access details of all the users to whom this policy will be applied. Click ‘On’ to create policy which will include access details of all the users in Internet usage reports to whom this policy is applied.
Internet Access policy Rules
Cyberoam User Guide
88
Table - Update Internet Access policy screen elements
Delete Internet Access policy rule
Screen - Delete Internet Access policy rule
Displays list of Categories assigned to policy In Category Name column, W represents Web Category F represents File Type Category A represents Application Protocol Category D represents Default Category C represents Customized i.e. User defined Category
Add button Allows to define a new rule Click to add Refer to Add Internet Access policy rule for more details
Delete button Allows to delete the selected rule(s) Refer to Delete Internet Access policy rule for more details
MoveUp button Only when more than one rule is defined
Moves the selected rule one step up Click rule that is to be moved one-step up. This will highlight selected rule. Click MoveUp to move the selected rule one step upwards
MoveDown button Only when more than one rule is defined
Moves the selected rule one step down Click rule, which is to be moved one-step down. This will highlight selected rule. Click Move Down to move the selected rule one step downwards
Update button Only when more than one rule is defined
Saves the modified sequence of the rules
Save button Saves the modifications Show Policy members button
Opens a new page and displays list of policy members
Cancel button Cancels the current operation and returns to Manage Internet Access policy page
Cyberoam User Guide
89
Screen Elements Description
Del Select rule to be deleted Click Del to select More than one rule can also be selected
Select All Selects all rules for deletion Click Select All to select all rules for deletion
Delete button Delete(s) selected rules Table - Delete Internet Access policy rule screen elements
Note Do not forget to update after changing the order
Delete Internet Access policy
Prerequisite • Not assigned to any User or Group
Select Policies Internet Access policy Manage Policy
Screen - Delete Internet Access policy
Cyberoam User Guide
90
Screen Elements Description
Del Select policy for deletion Click Del to select More than one policy can also be selected
Select All Selects all policies for deletion Click Select All to select all policies for deletion
Delete button Delete(s) selected policies Table - Delete Internet Access policy screen elements
Cyberoam User Guide
91
Bandwidth policy
Bandwidth is the amount of data passing through a media over a period of time and is measured in terms of kilobytes per second (kbps) or kilobits per second (kbits) (1 Byte = 8 bits). The primary objective of bandwidth policy is to manage and distribute total bandwidth on certain parameters and user attributes. Bandwidth policy allocates & limits the maximum bandwidth usage of the user and controls web and network traffic. Policy can be defined/created for: 1. Logon Pool
It restricts the bandwidth of a Logon Pool i.e. all the users defined under the Logon Pool share the allocated bandwidth.
2. User It restricts the bandwidth of a particular user.
3. Firewall Rule It restricts the bandwidth of any entity to which the firewall rule is applied.
Logon Pool based bandwidth policy
Policy restricts the bandwidth for a Logon Pool i.e. all the users defined under the Logon Pool will share the allocated bandwidth.
User based bandwidth policy
Policy restricts the bandwidth for a particular user. There are two types of bandwidth restriction • Strict • Committed
Strict
In this type of bandwidth restriction, user cannot exceed the defined bandwidth limit. Two ways to implement strict policy: • Total (Upstream + Downstream) • Individual Upstream and Individual Downstream
Implementation on Bandwidth specified Example
Total (Upstream + Downstream)
Total bandwidth Total bandwidth is 20 kbps and upstream and downstream combined cannot cross 20 kbps
Individual Upstream and Individual Downstream
Individual bandwidth i.e. separate for both
Upstream and Downstream bandwidth is 20 kbps then either cannot cross 20 kbps
Table - Implementation types for Strict - Bandwidth policy
Strict policy – Bandwidth usage
Bandwidth usage Bandwidth specified
Individual For a particular user Shared Shared among all the users who have been assigned this policy
Table - Bandwidth usage for Strict - Bandwidth policy
Cyberoam User Guide
92
Committed
In this type of bandwidth restriction, user is allocated the guaranteed amount of bandwidth and user can draw bandwidth up to the defined burstable limit, if available. It enables to assign fixed minimum and maximum amounts of bandwidth to users. By borrowing excess bandwidth when it is available, users are able to burst above guaranteed minimum limits, up to the burst-able rate. Guaranteed rates also assure minimum bandwidth to critical users to receive constant levels of bandwidth during peak and non-peak traffic periods. Guaranteed represents the minimum guaranteed bandwidth and burstable represents the maximum bandwidth that a user can use, if available. Two ways to implement committed policy: • Total (Upstream + Downstream) • Individual Upstream and Individual Downstream
Implementation on Bandwidth specified Example
Total (Upstream + Downstream)
Guaranteed bandwidth
Burstable bandwidth
Guaranteed bandwidth is 20 kbps then upstream and downstream combined will get 20 kbps guaranteed (minimum) bandwidth Burstable bandwidth is 50 kbps then upstream and downstream combined can get up to 50 kbps of bandwidth (maximum), if available
Individual Upstream and Individual Downstream
Individual Guaranteed and Brustable bandwidth i.e. separate for both
Individual guaranteed bandwidth is 20 kbps then upstream and downstream get 20 kbps guaranteed (minimum) bandwidth individually Individual brustable bandwidth is 50 kbps then upstream and downstream get maximum bandwidth up to 50 kbps, if available individually
Table - Implementation types for Committed - Bandwidth policy
Committed policy – Bandwidth usage
Bandwidth usage Bandwidth specified
Individual For a particular user Shared Shared among all the users who have been assigned this policy
Table - Bandwidth usage for Committed - Bandwidth policy
Firewall Rule based bandwidth policy
Policy restricts the bandwidth for a particular IP address. It is similar to the User based policy with the same type of restrictions on Implementation type & Bandwidth usage.
Cyberoam User Guide
93
Create Bandwidth policy
Select Policies Bandwidth Policy Create policy to open the create policy pane
Screen - Create Bandwidth policy
Common Screen Elements
Screen Elements Description
Bandwidth Policy Details Name Specify policy name. Choose a name that best describes
the policy to be created Description Specify full description of policy Priority Set the bandwidth priority
Priority can be set from 0 (highest) to 7 (lowest) Set the priority for SSH/Voice/Telnet traffic to be highest as this traffic is more of the interaction
Create button Creates policy Cancel button Cancels the current operation
Table - Create Bandwidth policy - Common screen elements
Note Policies with the same name cannot be created
Cyberoam User Guide
94
Create Logon Pool based bandwidth policy
Select Policies Bandwidth Policy Create policy to open the create policy page
Screen - Create Logon Pool based Bandwidth policy
Screen Elements Description
Bandwidth Policy Details Policy based on Click Logon Pool to create Logon Pool based policy Total Bandwidth (in KB) Specify maximum amount of total bandwidth, expressed
in terms of kbps. Specified bandwidth will be shared by all the users of the Logon Pool Maximum bandwidth limit is 4096 kbps
Table - Create Logon Pool based Bandwidth policy screen elements
Cyberoam User Guide
95
Create User/Firewall Rule based Strict bandwidth policy
Screen - Create User/IP based Strict Bandwidth policy
Screen Elements Description
Bandwidth Policy Details Policy based on Based on the selection creates policy for User or IP address
Click User to create User based policy Click IP Address to create IP Address based policy
Policy Type Based on the selection bandwidth restriction will be applied In Strict type of bandwidth restriction, user cannot exceed the defined bandwidth limit In Committed type of bandwidth restriction, user is allocated the guaranteed amount of bandwidth and can draw bandwidth up to the defined burst-able limit, if available.
Implementation on Specify implementation type of Bandwidth restriction Click Total to implement bandwidth restriction on the Total usage
Click Individual to implement bandwidth restriction on the Individual Upstream and Individual Downstream bandwidth usage
Total bandwidth (Only for ‘TOTAL’ implementation type)
Specify maximum amount of Total bandwidth, expressed in terms of kbps Minimum bandwidth allowed is 2 kbps and maximum is 4096 kbps
Upload Bandwidth (Only for ‘INDIVIDUAL’ implementation type)
Specify maximum amount of Upstream Bandwidth, expressed in terms of kbps Minimum bandwidth allowed is 2 kbps and maximum is 4096 kbps
Download Bandwidth (Only for ‘INDIVIDUAL’ implementation type)
Specify maximum amount of Downstream Bandwidth, expressed in terms of kbps
Cyberoam User Guide
96
Minimum bandwidth allowed is 2 kbps and maximum is 4096 kbps Bandwidth usage Specify whether the Bandwidth allocated is for particular user or shared
among all the policy users Table - Create User/IP based Strict Bandwidth policy screen elements
Cyberoam User Guide
97
Create User/Firewall Rule based Committed bandwidth policy
Screen - Create User/IP based Committed Bandwidth policy
Screen Elements Description
Bandwidth Policy Details Policy based on Creates policy based on the selection
Click User to create User based policy Click IP Address to create IP address based policy
Policy Type Based on the selection bandwidth restriction will be applied In Strict type of bandwidth restriction, user cannot exceed the defined bandwidth limit In Committed type of bandwidth restriction, user is allocated the guaranteed amount of bandwidth and can draw bandwidth up to the defined burst-able limit, if available. Click Committed to apply committed policy
Implementation on Specify implementation type for Bandwidth restriction Click Total to implement bandwidth restriction on Total Click Individual to implement bandwidth restriction on Individual Upstream and Individual Downstream bandwidth
Guaranteed (Min)/ Burstable (Max) (Only for ‘TOTAL’ implementation type)
Specify Guaranteed and Burstable amount of Total bandwidth, expressed in terms of kbps Minimum bandwidth allowed is 2 kbps and maximum is 4096 kbps
Guaranteed (Min)/ Burstable (Max) Upload Bandwidth (Only for ‘INDIVIDUAL’ implementation type)
Specifies Guaranteed and Burstable amount of Upstream Bandwidth, expressed in terms of kbps Minimum bandwidth allowed is 2 kbps and maximum is 4096 kbps
Guaranteed (Min)/ Specifies Guaranteed and Burstable amount of Downstream Bandwidth,
Cyberoam User Guide
98
Burstable(Max) Download Bandwidth (Only for ‘INDIVIDUAL’ implementation type)
expressed in terms of kbps Minimum bandwidth allowed is 2 kbps and maximum is 4096 kbps
Bandwidth usage Specify whether bandwidth specified is for a particular User or Shared among all the policy users
Table - Create User/IP based Committed Bandwidth policy screen elements
Cyberoam User Guide
99
Update Bandwidth policy
Need to update Bandwidth Policy
1. Add/remove schedule based details to User/IP address based policy 2. Update bandwidth values
Select Policies → Bandwidth policy → Manage policy and click Policy name to be updated
Screen - Update Bandwidth policy
Common Screen Elements
Screen Elements Description
Bandwidth Policy details Name Displays Bandwidth policy name, modify if required Priority Displays the bandwidth priority, modify if required
Priority can be set from 0 (highest) to 7 (lowest) Set the priority for SSH/Voice/Telnet traffic to be highest as this traffic is more of the interaction
Description Displays policy description, modify if required Update button Updates and saves the policy Cancel button Cancels current operation and returns to the Manage
Bandwidth policy page Table - Update Bandwidth policy Common screen elements
Cyberoam User Guide
100
Update Logon Pool based bandwidth policy
Screen - Update Logon Pool based Bandwidth policy
Screen Elements Description
Bandwidth Policy Details Show Members link Opens a new browser window and displays bandwidth
restriction details and the member Logon Pools of the policy Click Close to close the window
Policy Based On Displays type of policy Cannot be modified
Default values to be applied all the time Implementation on Displays Implementation type of the policy
Cannot be modified
Total Bandwidth (in KB) Displays total bandwidth for the group, modify if required Maximum bandwidth limit is 4096 kbps
Table - Update Logon Pool based Bandwidth policy screen elements
Cyberoam User Guide
101
Update User/Firewall Rule based Bandwidth policy
Screen - Update User based Bandwidth policy
Screen Elements Description
Bandwidth Policy Details Show members link Opens a new browser window and displays bandwidth
restriction details, schedule details and the members/users of the policy Click Close to close the window
Policy based on Displays type of policy Cannot be modified
Default values to be applied all the time Implementation on Displays implementation type of policy
Cannot be modified
Total Bandwidth (Only for ‘TOTAL’ implementation type)
Displays total bandwidth assigned, modify if required
Upload Bandwidth (in KB) (Only for ‘STRICT’ policy type and ‘INDIVIDUAL’ implementation type)
Modify Upstream bandwidth value
Download Bandwidth (in KB) (Only for ‘STRICT’ policy type and ‘INDIVIDUAL’ implementation type)
Modify Downstream bandwidth value
Guaranteed – Brustable Upload Bandwidth (in KB) (Only for ‘COMMITTED’ policy
Modify Upstream bandwidth value
Cyberoam User Guide
102
type and ‘INDIVIDUAL’ implementation type) Guaranteed – Brustable Download Bandwidth (in KB) (Only for ‘COMMITTED’ policy type and ‘INDIVIDUAL’ implementation type)
Modify Downstream bandwidth value
Policy type Displays policy type i.e. committed or strict Cannot be modified
Update button Updates the changes made in ‘Bandwidth restriction details’ and ‘Default values to be applied all the time’
Add details button Allows to attach schedule to override default bandwidth restriction Click Add details Refer to Attach Schedule details for more details
Table - Update User based Bandwidth policy screen elements
Attach Schedule details
Strict
Screen – Assign Schedule to User based Strict Bandwidth policy
Screen Elements Description
Bandwidth Policy Schedule wise details Name Displays policy name Policy Type Displays Type of bandwidth restriction
Click Strict to apply strict policy
Implementation on Specify whether bandwidth restriction implementation is on Total or Upstream & downstream individually For Total Total Bandwidth - Specify maximum amount of Total bandwidth, expressed in terms of kbps For Individual Upload Bandwidth - Specify maximum amount of Upstream bandwidth, expressed in terms of kbps Download Bandwidth - Specify maximum amount of Downstream bandwidth, expressed in terms of kbps
Cyberoam User Guide
103
Schedule Specify Schedule Click Schedule list to select
View details link Opens the new browser window and displays the details of the schedule selected Click Close to close the window
Add button Assigns schedule Cancel button Cancels the current operation
Table – Assign Schedule to User based Strict Bandwidth policy screen elements
Committed
Screen - Assign Schedule to User based Committed Bandwidth policy
Screen Elements Description
Bandwidth Policy Schedule wise details Name Displays policy name Policy Type Displays Type of bandwidth restriction
Click Committed to apply committed policy
Implementation on Specify whether bandwidth restriction implementation is on Total or Upstream & downstream individually For Total Guaranteed(Min) Bandwidth - Specify minimum guaranteed amount of Total bandwidth, expressed in terms of kbps Brustable(Max) Bandwidth - Specify maximum amount of Total bandwidth, expressed in terms of kbps For Individual Guaranteed(Min) Upload Bandwidth - Specify minimum guaranteed amount of Upstream bandwidth, expressed in terms of kbps Brustable(Max) Upload Bandwidth - Specify maximum amount of Upstream bandwidth, expressed in terms of kbps
Cyberoam User Guide
104
Guaranteed(Min) Download Bandwidth - Specify minimum guaranteed amount of Downstream bandwidth, expressed in terms of kbps Brustable(Max) Download Bandwidth - Specify maximum amount of Downstream bandwidth, expressed in terms of kbps
Schedule Specify Schedule Click Schedule list to select
View details link Opens new browser window and displays the details of the schedule selected Click Close to close the window
Add button Assigns schedule to the bandwidth policy Cancel button Cancels the current operation
Table – Assign Schedule to User based Committed Bandwidth policy screen elements
Remove Schedule details
Screen - Remove Schedule from User based Bandwidth policy
Screen Elements Description
Select Select Schedule detail(s) for deletion Click Select to select More than one schedule details can also be selected
Select All Select all details for deletion Click Select All to select all details
Remove Detail button Removes the selected schedule detail(s) Table - Remove Schedule from User based Bandwidth policy screen elements
Note The changes made in the policy become effective immediately on saving the changes.
Cyberoam User Guide
105
Delete Bandwidth policy
Prerequisite • Bandwidth policy not attached to any Logon Pool, user or IP address
Select Policies → Bandwidth policy → Manage policy to view the list of policies
Screen - Delete Bandwidth policy
Screen Elements Description
Del Select policy for deletion Click Del to select More than one policy can also be selected
Select All Selects all polices for deletion Click Select All to select all policies
Delete button Deletes selected policies Table - Delete Bandwidth policy screen elements
Cyberoam User Guide
106
Data Transfer policy
Data transfer policy: • Limits data transfer on a cyclic or non-cyclic basis. • Single policy can be applied to number of Groups or Users.
Data transfer restriction can be based on: • Total Data transfer (Upload+Download) • Individual Upload and/or Download
Cyberoam provides several predefined policies which are available for use until configured otherwise. You can also define customized policies to define different limit for different users to meet your organization’s requirements.
Create Data transfer policy
Select Policies Data Transfer Policy Create Policy to open the create policy page
Screen – Create Data transfer policy
Screen Elements Description
Create Data Transfer policy Name Specify policy name. Choose a name that best describes the policy
Allows maximum of 40 characters Can be any combination of A – Z, a – z, ‘_’, 0 - 9
Cyberoam User Guide
107
Cycle type Specify cycle type Available options Daily – restricts data transfer up to cycle hours defined on daily basis Weekly – restricts data transfer up to cycle hours defined on weekly basis Monthly – restricts data transfer up to cycle hours defined on monthly basis Yearly – restricts data transfer up to cycle hours defined on yearly basis Non-cyclic – data restriction is defined by the Total data transfer limit
Restriction based on Specify whether the data transfer restriction is on total data transfer or on individual upload or download Click Total Data Transfer to apply data transfer restriction on the Total (Upload + Download) data transfer
Click Individual Data Transfer to apply data transfer restriction on the Individual Upload and Individual Download data transfer
Shared allotted data transfer with group members Only if Cycle Type is ‘Non-cyclic’
Specify whether the allotted data transfer will be shared among all the group members or not Click to share
Policy Description Specify full description of the policy Allows maximum of 255 characters Can be any combination of A – Z, a – z, ‘_’, 0 - 9
Restriction Details Cycle Total Data Transfer Limit (MB) Only if Cycle Type is not ‘Non-cyclic’ and Restriction is based on ‘Total Data Transfer’
Specify Cycle Total Data transfer limit It is the upper limit of total data transfer allowed to the user per cycle. User will be disconnected if limit is reached.
Cycle Upload Data Transfer Limit (MB) Only if Cycle Type is not ‘Non-cyclic’ and Restriction is based on ‘Individual Data Transfer’
Specify Cycle Upload Data transfer limit. It is the upper limit of upload data transfer allowed to the user per cycle. User will be disconnected if limit is reached. OR If you do not want to restrict upload data transfer per cycle, click Unlimited Cycle Upload Data transfer
Cycle Download Data Transfer Limit (MB) Only if Cycle Type is not ‘Non-cyclic’ and Restriction is based on ‘Individual Data Transfer’
Enter Cycle Download Data transfer limit. It is the upper limit of download data transfer allowed to the user per cycle. User will be disconnected if limit is reached. OR If you do not want to restrict download data transfer per cycle, click Unlimited Cycle Download Data transfer
Total Data Transfer Limit (MB) Only if Restriction is based on ‘Total Data Transfer’
Specify Total Data transfer limit. It is the data transfer allowed to the user and if the limit is reached user will not be able to log on until the policy is renewed. OR
Cyberoam User Guide
108
If you do not want to restrict total data transfer, click Unlimited Total Data Transfer
Upload Data Transfer Limit (MB) Only if Restriction is based on ‘Individual Data Transfer’
Specify Upload Data transfer limit. It is the total upload data transfer allowed to the user and if the limit is reached user will not be able to log on until the policy is renewed. OR If you do not want to restrict total upload data transfer, click Unlimited Upload Data Transfer
Download Data Transfer Limit (MB) Only if Restriction is based on ‘Individual Data Transfer’
Specify Download Data transfer limit. It is the upper download data transfer allowed to the user and if the limit is reached user will not be able to log on until the policy is renewed. OR If you do not want to restrict total download data transfer, click Unlimited Download Data Transfer
Create button Creates policy Cancel button Cancels the current operation and returns to Manage Data transfer
policy page Table – Create Data transfer policy screen elements
Update Data transfer policy
Select Policies → Data transfer policy → Manage policy and click Policy name to be modified
Screen – Update Data transfer policy screen
Screen Elements Description
Edit Data Transfer policy
Cyberoam User Guide
109
Name Displays policy name, modify if required. Cycle type Displays cycle type Restriction based on Displays whether the data transfer restriction is on total data transfer or
on individual upload or download Shared allotted data transfer with group members
Displays whether the allotted data transfer is shared among all the group members or not
Policy Description Displays full description of the policy, modify if required. Restriction Details Cycle Total Data Transfer Limit (MB) Only if Restriction is based on ‘Total Data Transfer’
Displays Cycle Total Data transfer limit It is the upper limit of total data transfer allowed to the user per cycle. User will be disconnected if limit is reached.
Cycle Upload Data Transfer Limit (MB) Only if Restriction is based on ‘Individual Data Transfer’
Displays Cycle Upload Data transfer limit. It is the upper limit of upload data transfer allowed to the user per cycle. User will be disconnected if limit is reached.
Cycle Download Data Transfer Limit (MB) Only if Restriction is based on ‘Individual Data Transfer’
Displays Cycle Download Data transfer limit. It is the upper limit of download data transfer allowed to the user per cycle. User will be disconnected if limit is reached.
Total Data Transfer Limit (MB) Only if Restriction is based on ‘Total Data Transfer’
Displays Total Data transfer limit. It is the data transfer allowed to the user and if the limit is reached user will not be able to log on until the policy is renewed.
Upload Data Transfer Limit (MB) Only if Restriction is based on ‘Individual Data Transfer’
Displays Upload Data transfer limit. It is the total upload data transfer allowed to the user and if the limit is reached user will not be able to log on until the policy is renewed.
Download Data Transfer Limit (MB) Only if Restriction is based on ‘Individual Data Transfer’
Displays Download Data transfer limit. It is the upper download data transfer allowed to the user and if the limit is reached user will not be able to log on until the policy is renewed.
Update button Updates policy Cancel button Cancels the current operation and returns to Manage Data transfer policy
page Table – Update Data transfer policy screen elements
Delete Data transfer policy
Prerequisite • Not assigned to any User or Group
Select Policies → Data transfer policy → Manage policy to view list of policies
Cyberoam User Guide
110
Screen – Delete Data transfer policy screen
Screen Elements Description
Del Select policy for deletion Click Del to select More than one policy can also be selected
Select All Select all the policies for deletion Click Select All to select all the policies
Delete button Deletes all the selected policy/policies Table - Delete Data transfer policy screen element
SNAT Policy
SNAT policy tells firewall rule to allow access but after changing source IP address i.e. source IP address is substituted by the IP address specified in the SNAT policy.
Create SNAT policy
Select Firewall → SNAT policy → Create to open the create page
Cyberoam User Guide
111
Screen – Create SNAT policy
Screen Elements Description
SNAT policy SNAT Policy Name Specify policy name Description Specify description Source Translation Map Source IP with Specify IP address
MASQUERADE – will replace source IP address with Cyberoam’s WAN IP address IP – will replace source IP address with the specified IP address IP Range – will replace source IP address with any of the IP address from the specified range
Create button Creates the SNAT policy Table – Create SNAT policy screen elements
Manage SNAT policy
Use to • Edit policy • Delete policy
Update policy
Select Firewall → SNAT policy → Manage to view the list of polices. Click the policy to be modified.
Cyberoam User Guide
112
Screen – Update SNAT policy
Screen Elements Description
SNAT policy SNAT Policy Name Displays policy name, modify if required Description Displays description, modify if required Source Translation Map Source IP with Specify IP address
MASQUERADE – will replace source IP address with Cyberoam’s WAN IP address IP – will replace source IP address with the specified IP address IP Range – will replace source IP address with any of the IP address from the specified range
Update button Saves the modifications Table – Update SNAT policy screen elements
Delete SNAT policy
Select Firewall → SNAT policy → Manage to view the list of polices.
Cyberoam User Guide
113
Screen – Delete SNAT policy
Screen Elements Description
Del Select policy for deletion Click Del to select More than one policy can also be selected
Select All Select all the policies for deletion Click Select All to select all the policies
Delete button Deletes all the selected policy/policies Table – Delete SNAT policy screen elements
Cyberoam User Guide
114
DNAT Policy
DNAT rule tells the firewall to forward the requests from the specified machine/port to the specified machine/port.
Create DNAT policy
Select Firewall → DNAT policy → Create to open the create page
Screen - Create DNAT policy
Screen Elements Description
DNAT policy DNAT Policy Name Specify policy name Description Specify description Destination Translation Map Destination IP with Specify IP address
IP – will replace destination IP address with the specified IP address IP Range – will replace destination IP address with any of the IP address from the specified range
Port Forward Enable port forwarding if you want to replace the port also. Specify TCP Port number Specify UDP Port number
Create button Creates DNAT policy Table - Create DNAT policy screen elements
Cyberoam User Guide
115
Manage DNAT policy
Use to • Edit policy • Delete policy
Update policy Select Firewall → DNAT policy → Manage to view the list of polices. Click the policy to be modified.
Screen – Edit DNAT policy
Screen Elements Description
DNAT policy DNAT Policy Name Displays policy name, modify if required Description Displays description, modify if required Destination Translation Map Destination IP with Specify IP address
IP – will replace destination IP address with the specified IP address IP Range – will replace destination IP address with any of the IP address from the specified range
Port Forward Displays whether port forwarding is enabled or not.
Cyberoam User Guide
116
Enable port forwarding if you want to replace the port also. Specify TCP Port number Specify UDP Port number
Update button Updates DNAT policy Table – Edit DNAT policy screen elements
Delete DNAT policy Select Firewall → DNAT policy → Manage to view the list of polices.
Screen – Delete DNAT policy
Screen Elements Description
Del Select policy for deletion Click Del to select More than one policy can also be selected
Select All Select all the policies for deletion Click Select All to select all the policies
Delete button Deletes all the selected policy/policies Table – Delete DNAT policy screen elements
Cyberoam User Guide
117
Zone Management Use to • Update Zone details • Delete Zone
Manage Zone
Select System Zone Manage to open the manage zone page
Screen – Edit Zone
Screen Elements Description
Create Zone Zone Name Displays zone name Zone Type Displays zone type
LAN – Depending on the appliance in use and on your network design, you can group one to six ports in this zone. By default the traffic to and from this zone is blocked and hence the highest secured zone. DMZ (DeMilitarized Zone) - This zone is normally used for publicly accessible servers. Depending on the appliance in use and on your network design, you can group one to five ports in this zone. WAN - Depending on the appliance in use and on your network design, you can group one to six ports in this zone.
Select Port Displays the ports binded to the to the zone, modify if required
Cyberoam User Guide
118
‘Available Ports’ list displays the list of ports that can be binded to the selected zone. ‘Member Port’ list displays the list of ports binded to the zone Use Right arrow button to move the selected ports to ‘Member Port’ list. Use Left arrow button to move the selected ports to ‘Available Port’ list.
Description Displays zone description, modify if required Save button Saves the zone configuration
Table – Edit Zone
Delete Zone
Prerequisite No hosts attached to the zone Select System Zone Manage to open the manage zone page
Screen – Delete Zone
Screen Elements Description
Del Select Zone(s) for deletion Click Del to select More than one zone can also be selected
Select All Selects all the zones Click Select All to select all the zones for deletion
Delete Group button Delete the selected zone(s) Table – Delete Zone
Note Default Zones cannot be deleted
Cyberoam User Guide
119
Group Management
Manage Group
Updation of Group is required to • Change Surfing time policy applied • Change Access time policy applied • Change Internet Access policy applied • Change Bandwidth policy applied • Change Data transfer policy applied • Change the login restriction for the users of the group • Add new users to the group
Select Group Manage Group and click the Group to be modified
Screen - Manage Group
Screen Elements Description
Group Information Group Name Displays Group name, modify if required Show Group Members button
Opens a new window and displays list of group members
Surfing Quota policy Displays currently attached Surfing Quota policy to the Group Change policy button Click to change the attached Surfing Quota policy
Cyberoam User Guide
120
Only for ‘Normal’ Group type
Opens a new window and allows to select a new Surfing Quota policy Click Change policy Click Select to select from available policy Click Done to confirm the selection Click Cancel to cancel the operation Surfing quota policy, Time allotted & Expiry date changes accordingly
Time allotted (HH:mm)
Displays total surfing time allotted by Surfing Quota policy to the Group Cannot be modified
Expiry date Displays Expiry date of the Surfing Quota policy Cannot be modified
Period Time (HH:mm) Only if Surfing Quota policy is Non-Cyclic
Displays cycle hours Cannot be modified
Period Cycle Only if Surfing Quota policy is Non-Cyclic
Displays type of cycle Cannot be modified
Used Surfing Time Displays total time used by the Group members Cannot be modified
Access Time policy Only for ‘Normal’ Group type
Displays currently attached Access Time policy to the Group To change Click Access Time policy list to select Click View details to view the details of the policy
Internet Access policy
Displays currently attached Internet Access policy to the Group To change Click Internet Access policy list to select Click View details to view the details of the policy
Bandwidth policy Displays currently attached Bandwidth policy to the Group To change Click Bandwidth policy list to select Click View details to view the details of the policy
Data Transfer policy
Displays currently attached Data Transfer policy to the Group To change Click Data Transfer policy list to select Click View details to view the details of the policy
Login Restriction Display login restriction applied to the Group members Change Login Restriction button
Click to change login restriction Refer to Change Login Restriction for more details
Save button Saves the modified details Add Members Allows to add members to the group
Click to add
Cyberoam User Guide
121
Refer to Add Group Members for details
Renew Data Transfer (Only if Data transfer policy is Non-cyclic and shared)
Renews data transfer policy of all the group memebers
Cancel button Cancels the current operation Table - Manage Group screen elements
Note Any changes made are applicable to all the group members
Add Group Member(s)
Screen – Add Group Member
Screen Elements Description
Select Group Members from the selected group will be transferred to the current group Click to select the Group
Username/Name starting with (* for All)
Search user Specify username or * to display all the users
Search button Search user from the selected Group Displays list of users in the selected Group
Click Add to select the user to be added More than one user can also be selected
Add button Adds selected user(s) to the group Close button Closes the window and returns to Edit Group page
Table – Add Group Member screen elements
Cyberoam User Guide
122
Update Group
Need may arise to change the Group setting after the creation of Group.
To Click
Show Group Members Show Group Members button Refer to View Group members for details
Change Surfing Quota Policy Only for ‘Normal’ Group type
Change Policy button
Change Access Time Policy Access Time Policy list Change Internet Access policy Internet Access policy list Change Bandwidth Policy Bandwidth Policy list Change Data transfer policy Data transfer policy list Change Login Restriction Change Login Restriction button
Table - Need to Update group
Show Group Members
Screen - Show Group Members
Screen Elements Description
Group name Displays Group name Total members Displays Total Group members/users User Name User name
Name with which the Employee logs in
Employee Name Employee name Allotted Time Total Allotted time to the user
Refer to Access Time policy for details
Expiry Date Expiry date of the policy attached to the User Refer to Surfing time policy for details
Used Time Total time used by the User Close button Closes the window
Table - Show Group Members screen elements
Cyberoam User Guide
123
Change Login Restriction
Screen - Change Login Restriction
Screen Elements Description
Login Restriction Displays the current login restriction Click to change the current restriction Save button Saves if the restriction is changed Cancel button Cancels the current operation Select Node(s) button Only if the option ‘Allowed login from selected nodes’ is selected
Click to select the Node for restriction
IP address Displays IP address Machine name Displays Machine name if given Allowed from Click to select
Multiple nodes can be selected
Apply Restriction button Applies the login restriction for the group members i.e. Group members will be able to login from the above selected nodes only
Cancel button Cancels the current operation Table - Change Login Restriction screen elements
Cyberoam User Guide
124
Delete Group
Prerequisite • No Group members defined
Select Group Manage Group and view the list of Groups
Screen - Delete Group
Screen Elements Description
Del Select Group(s) for deletion Click Del to select More than one Group can also be selected
Select All Selects all the Groups Click Select All to select all the Groups for deletion
Delete Group button Delete the selected Group(s) Table - Delete Group screen elements
Cyberoam User Guide
125
User Management
Search User
Use to search the User Select User Search User
Screen - Search User
Screen Elements Description
Search User Enter Username Specify Search criteria Search User button Searches all types of users based on the entered criteria
Click to search
Table - Search User screen elements
Search criteria Result
Mark Details of the user ‘Mark’ A Details of all the users whose User name or Name contains ‘a’ 192.9.203.102 Details of the user ‘192.9.203.102’ 8 Details of all the users whose User name or Name contains ‘8’
Table - Search User – Result
Cyberoam User Guide
126
Live User
Use Live users page to • view list of all the currently logged on Users • modify user details • send message to any live user • disconnect any live user
Select User Manage Live Users
Screen – Manage Live Users
Report Columns Description
Concurrent Sessions Displays currently connected total users (Normal, Clientless, and Single sign on client Users)
Current System time Displays current system time in the format - Day, Month Date,HH:MM
User name Click to change the display order
Displays name with which user has logged in Click User name link to View/Update user details
Name Displays User name Click Name link to view Group and policies details attached to the User
Connected from Click to change the display order
Displays IP address of the machine from which user has logged in
Public IP Displays Public IP address if User has logged in using public IP address
Start time Click to change the display order
Displays login time
Time (HH:mm) Displays total time used in hours and minutes Upload Data transfer Click to change the display order
Displays Data uploaded
Download Data transfer Click to change the display order
Displays Data downloaded
Bandwidth (bits/sec) Displays Bandwidth used Select Select User for sending message or disconnecting
More than one User can be selected
Send Message button Sends message to the selected User(s) Disconnect button Disconnects the selected User(s)
Table – Manage Live User screen elements
Cyberoam User Guide
127
Manage User
Update User
Manage Normal & Single Sign on Client Users Select User User Manage Active to view the list of Users and click User name to be modified OR Select User User Manage Deactive to view the list of Users and click User name to be modified Manage Clientless Users Select User Clientless Users Manage Clientless Users to view list of Users and click User name to be modified Need may arise to change the User setting after the creation of User.
To Click
Change the personal details or password of the User
Edit personal details/Change Password Refer to Change Personal details for more details
View User Accounts details User My Account Refer to User My Account for more details
Change the User Group Change Group Refer to Change Group for more details
Change Access Time Policy assigned to the User
Access Time policy list Refer to Change Individual Policy for more details
Change Internet Access Policy assigned to the User
Internet Access policy list Refer to Change Individual Policy for more details
Change Bandwidth Policy assigned to the User
Bandwidth policy list Refer to Change Individual Policy for more details
Change Data Transfer policy assigned to the User
Data Transfer policy list Refer to Change Individual Policy for more details
Change Login Restriction of the User Change Login restriction button Refer to Change Login Restriction for more details
Table - Need to Update User
Cyberoam User Guide
128
Screen - Manage User
Screen Elements Description
Personal Information Username Displays username with which the user logs on
Cannot be modified
Edit Personal details/Change Password button
Allows to change the User’s personal details and login password Click Edit Personal details to change Refer to Personal details table for more details
Name Displays User/Employee name Cannot be modified
Birth date Displays Birth date of User Email Displays Email ID of User User My Account button Click to view/update the my account details
Refer to User My Account
Windows Domain Controller Only if Authentication is done by Windows Domain Controller
Displays Authentication server address, modify if required
User type Displays User type
Cyberoam User Guide
129
Cannot be modified
Number of simultaneous login(s) allowed
Displays whether simultaneous login is allowed or not, modify if required
Policy Information Group Displays Group in which User is defined Change Group button Allows to change Group of the User
Opens a new window and allows to select a new Group
Time Allotted to User (HH:mm) Displays total time allotted to User in the format Hours: Minutes Cannot be modified
User Policy Expiry Date Displays Expiry date Cannot be modified
Time used (HH:mm) Displays total time used by the User in the format Hours: Minutes
Cannot be modified
Period time Displays allowed total cycle hours Period Cycle Displays cycle type Cycle Time used Displays cycle time used Access Time Policy Displays currently assigned Access Time policy to the
User, modify if required To view the details of the policy Click View details Refer to Change Individual Policy on how to change the assigned policy
Internet Access policy Displays currently assigned Internet Access policy to the User To view the details of the policy Click View details Refer to Change Individual Policy on how to change the assigned policy
Bandwidth policy Displays currently assigned Bandwidth policy to the User To view the details of the policy Click View details Refer to Change Individual Policy on how to change the assigned policy
Data Transfer policy
Displays currently assigned Data Transfer policy to the User To view the details of the policy Click View details Refer to Change Individual Policy on how to change the assigned policy
Login Restriction Display currently applied login restriction to the User
Cyberoam User Guide
130
Change login restriction button Click to change user login restriction applied Refer to Change User Login restriction for details
Save button Saves the modified details Re-apply Current policy button Reapplies all the current policies at the time of renewal Cancel button Cancels the current operation
Table - Manage User screen elements
Change Personal details
Screen - Change User Personal details
Screen Elements Description
Personal Information Username Displays the name with which user has logged in Name User name, modify if required New password Type the new password Re-enter New password Re-enter new password
Should be same as typed in new password
Birth date Displays birth date, modify if required Use Popup Calendar to change
Email Displays Email ID of the user, modify if required User type Displays User type, modify if required Update button Updates the changes made Cancel button Cancels the current operation and returns to Edit User page
Table - Change User personal details screen elements
User My Account
User My Account gives details like Personal details, Internet and Printer usage of a particular user. User can change his/her password using this tab. Administrator and User both can view these details. 1. Administrator can view details of various users from User → User → Manage Active and click Username whose detail is to be checked. Click User My Account, it opens a new browser window.
Cyberoam User Guide
131
Screen - User My Account
2. Normal Users can view their MyAccount details from task bar.
In the task bar, double click the Cyberoam client icon and click My Account. It opens a new window and prompts for MyAccount login Username and Password.
Screen - User My Account
Opens a new window with following sub modules: Personal, Client, Account status, Logout
Cyberoam User Guide
132
Personal
Allows viewing and updating password and personal details of the user
Change Password
Select Personal → Change Password
Screen - Change Password
Screen Elements Description
Change Password Username Displays the name with which user has logged in Current Password Type the current password New password Type the new password Re-enter New password Re-enter new password
Should be same as new password
Update Update the changes made Table - Change password screen elements
Change Personal details
Select Personal → Personal Detail
Screen - Change Personal details
Screen Elements Description
Personal Information Username Displays the name with which user logs in
Cannot be modified
Name Displays User name, modify if required Birth Date Displays birth date
Use Popup Calendar to change
Email Displays Email ID of the user Cannot be modified
Update Update the changes made Table - Change Personal details screen elements
Cyberoam User Guide
133
Account status
Allows viewing Internet & Printer usage of the user
Internet Usage
Screen - Internet Usage Status
Screen Elements Description
Policy Information Username Displays the name with which user has logged in Group Displays the name of the User Group Time allotted to User (HH:mm)
Displays total surfing time allotted to the user in the Surfing time policy
Expiry date Displays Expiry date Time used by User (HH:mm)
Displays total time used by the User
Usage Information Upload Data transfer Displays allotted, used and remaining upload data transfer
Allotted upload data transfer is configured from Data transfer policy
Download Data transfer Displays allotted, used and remaining download data transfer Allotted download data transfer is configured from Data transfer policy
Total Data transfer Displays allotted, used and remaining total data transfer Allotted total data transfer is configured from Data transfer policy
Get Internet Usage information for month
Select Month Select Year
Submit button Click to view the Internet usage report for the selected period Table - Internet Usage screen elements
Report displays IP address from where user had logged in, session start and stop time, total used time, data uploaded and downloaded during the session and total data transferred during the session.
Cyberoam User Guide
134
Change Group
Screen - Change Group
Screen Elements Description
Policy Information Change Group button Opens a new window and displays list of Groups
Click to change the User group
Select Click to select Done button Adds User to the Group Cancel button Cancels the current operation
Table - Change Group screen elements
Change Individual Policy
Screen Elements Description
Policy Information Access Time policy Specify Access Time policy. It overrides the assigned Group
Access time policy. Click Access policy list to select
Internet Access policy Specify Internet Access policy. It overrides the assigned Group Internet Access policy. Click Internet Access policy list to select
Bandwidth policy Specify Bandwidth policy. It overrides the assigned Group Bandwidth policy Click Bandwidth policy list to select
Data Transfer policy
Specify Data Transfer policy. It overrides the assigned Group Data Transfer policy Click Data Transfer policy list to select
Save Saves the changes Table - Change Individual policy
Cyberoam User Guide
135
Change User Login Restriction
Screen - Change User Login Restriction
Screen Elements Description
Login restriction Change login restriction button
Click to change the login restriction
Allowed login from all the nodes
Allows user to login from all the nodes of the Network
Allowed login from Group node(s)
Allows Users to login only from the nodes assigned to the group
Allowed login from selected node(s)
Allows user to login from the selected nodes only To select node Click Select node Select a Logon Pool from the Logon Pool name list Click Select to select the IP addresses to be added to the policy Click Select All to select all IP addresses Click OK to assign policy to the selected IP Addresses Click Close to cancel the operation
Save button Saves the above selection Cancel button Cancel the current operation
Table - Change User Login Restriction screen elements
Cyberoam User Guide
136
Delete User
User can be deleted from Active list as well as from Deactive list To delete active user, click User → User → Manage Active
Screen - Delete Active User
To delete de-active user, click User → User → Manage Deactive
Screen - Delete Deactive User
To delete Clientless user, click User → Clientless User → Manage Clientless User
Screen - Delete Clientless User
Screen Elements Description
Select Select User to be deleted Click Select to select More than one user can also be selected
Select All Selects all the users for deletion Click Select All to select all
Delete button Deletes all the selected User(s) Table - Delete User screen elements
Cyberoam User Guide
137
Deactivate User
User is de-activated automatically in case he has overused one of the resources defined by policies assigned. In case, need arises to de-activate user manually, select User → User → Manage Active
Screen - Deactivate User
Screen Elements Description
Select Select User to be deactivated Click Select to select More than one user can be selected
Select All Select all the users Deactivate button Deactivates all the selected User(s)
Table - Deactivate User screen elements View the list of deactivated users by User → User → Manage Deactive
Cyberoam User Guide
138
Activate User
To activate normal and Single sign on Client user, click User → User → Manage Deactive To activate Clientless user, click User → Clientless Users → Manage Clientless Users
Screen - Activate Normal User
Screen - Activate Clientless User
Screen Elements Description
Select Select User to be activated Click Activate to select More than one user can be selected
Select All Selects all the users Click Select All to select
Activate button Activates all the selected User(s) Table - Activate User screen elements
Cyberoam User Guide
139
Logon Pool Management
Search Node
Use Search Node Tab to search the Node/IP address based on: IP address OR MAC address Select Group Logon Pool Search Node
Screen - Search
Node
Example Search criteria Result
‘1’ list of nodes whose address contains ‘1’ ‘192’ list of nodes whose address contains ‘192’ ‘192.9.203.203 ‘ node whose address is ‘192.9.203.203’ ‘b’ list of nodes whose address contains ‘B’ ‘4C’ list of nodes whose address contains ‘4C’ ‘B7’ list of nodes whose address contains ‘B7’
Table - Search Node results
Cyberoam User Guide
140
Update Logon Pool
Select Group Logon Pool Manage Logon Pool and click Logon Pool name to be modified
Screen - Update Logon Pool
Screen Elements Description
Logon Pool Details Logon Pool name Displays Logon Pool name, modify if required Is Logon Pool Public Displays whether Logon Pool is of public IP addresses or not Bandwidth policy Displays bandwidth policy attached, modify if required
Click View details link to view bandwidth restriction details and policy members
Description Displays description of the Logon Pool, modify if required Show Nodes link Displays IP addresses defined under the Logon Pool. Allows to
Add or Delete node Click Show nodes Click Add Node Refer to Add node for more details Click Delete Node Refer to Delete node for more details
Update button Updates and saves the details Cancel button Cancels the current
Table - Update Logon Pool screen elements
Cyberoam User Guide
141
Add Node
Screen - Add Node
Screen Elements Description
Machine details IP address IP address of the Node to be added to the Logon Pool Range link Click to add range of IP Address
From – To - IP addresses to be included in the Logon Pool
Machine name Specify machine name Create button Adds the nodes to the Logon Pool Cancel button Cancels the current operation
Table - Add Node screen elements
Cyberoam User Guide
142
Delete Node
Prerequisite • Not assigned to any User
Screen - Delete Node
Screen Elements Description
Select Select the IP address of the node for deletion Click Select to select More than one node can also be selected
Select All Selects all the nodes for deletion Click Select All to select all the nodes
Delete button Deletes the selected Node(s) Table - Delete Node screen elements
Cyberoam User Guide
143
Delete Logon Pool
Prerequisite • IP address from Group not assigned to any User
Select Group Logon Pool Manage Logon Pool
Screen - Delete Logon Pool
Screen Elements Description
Del Select the Logon Pool(s) for deletion Click Del to select More than one Logon Pool can also be selected
Select All Select all the Logon Pools for deletion Click Select All to select all the Logon Pools for deletion
Delete Logon Pool button
Delete the selected Logon Pool(s)
Table - Delete Logon Pool screen elements
Cyberoam User Guide
144
System Management
Configure Network
Network setting consists of Interface Configuration, DHCP Configuration and DNS Configuration.
Configure DNS
A Domain Name Server translates domain names to IP addresses. You can configure domain name server for your network as follows. At the time of installation, you configured the IP address of a single primary DNS server. You can change this primary DNS server any time and also define additional DNS servers. Select System Configure Network Configure DNS
Screen – Configure DNS
Cyberoam User Guide
145
Screen Elements Description
DNS List Displays list of Domain name servers
List order indicates preference of DNS. If more than one Domain name server exists, query will be resolved according to the order specified.
Add button Allows to add IP address of Domain Name Server Multiple DNS server can be defined Click Add Type IP address Click OK
Remove button Allows to remove IP address of Domain Name Server Click IP address to select Click Remove
Move Up button Changes the order of server when more than one DNS server defined Moves the selected Server one step up Click IP address which is to be moved up Click MoveUp
Move Down button Changes the order of server when more than one DNS server is defined Moves the selected Server one step down Click IP address which is to be moved down Click Move Down
Save button Updates the DNS details and order, if modified Click Save
Redirect DNS traffic to local DNS Server DNS traffic redirection
Redirects all the DNS traffic to Cyberoam Click Enable to redirect
Table - Configure DNS To add multiple DNS repeat the above-described procedure. Use Move Up & Move Down buttons to change the order of DNS. If more than one Domain name server exists, query will be resolved according to the order specified.
Cyberoam User Guide
146
Configure DHCP
Dynamic Host Configuration Protocol (DHCP) is a protocol that assigns a unique IP address to a device, releases and renews the address as device leaves and re-joins the network. The device can have different IP address every time it connects to the network. In other words, it provides a mechanism for allocating IP address dynamically so that addresses can be re-used. Select System → Configure Network → Configure DHCP
Screen - Configure DHCP
Screen Elements Description
DHCP Details Network Interface Displays Network Interface i.e. Internal or External Interface IP Displays IP address assigned to Interface Netmask Displays Netmask IP address From – To
Displays IP address range for clients, modify if required The DHCP server assigns an available IP address in the range to the client upon request
Domain name Displays domain name for the specified subnet, modify if required Subnet Mask Displays subnet mask for the client/network, modify if required Gateway Displays IP address of Gateway, modify if required Domain name server Displays IP address of Domain name server, modify if required Update DHCP button Updates the modified details
Table - Configure DHCP screen elements
Cyberoam User Guide
147
View Interface details
Use to view the Interface configuration Select System Configure Network View Interface details
Screen – Cyberoam as Gateway - View Interface details
Screen Elements Description
Displays port wise configuration details Network Displays IP address and Net mask Zone/Zone Type Displays port to zone relationship i.e. port is binded to
which zone LAN – Depending on the appliance in use and on your network design, you can group one to six ports in this zone. By default the traffic to and from this zone is blocked and hence the highest secured zone. DMZ (DeMilitarized Zone) - This zone is normally used for publicly accessible servers. Depending on the appliance in use and on your network design, you can group one to five ports in this zone. WAN - Depending on the appliance in use and on your network design, you can group one to six ports in this zone.
Table – View Interface details screen elements
Cyberoam User Guide
148
Configuring Dynamic DNS service
Dynamic DNS (Domain Name Service) is a method of keeping a static domain/host name linked to a dynamically assigned IP address allowing your server to be more easily accessible from various locations on the Internet. Powered by Dynamic Domain Name System (DDNS), you can now access your Cyberoam server by the domain name, not the dynamic IP address. DDNS will tie a domain name (e.g. mycyberoam.com, or elitecore.cyberoam.com) to your dynamic IP address.
Register hostname with DDNS service provider
Select System Dynamic DNS Configuration Create Account to open configuration page
Screen – Register Hostname with DDNS
Screen Elements Description
Host Name Detail Hostname Specify hostname you want to use on DDNS server i.e. domain
name that you registered with your DDNS service provider Specify description
Description Specify description Service Provider’s details Service name Select Service provider with whom you have registered your
hostname.
Cyberoam User Guide
149
Login Name and Password
Specify your DDNS account’s login name and password
IP detail Port for Public IP Select External Interface. IP address of the selected interface
will be binded with the specified host name. IP Update Checking Interval
Enter the time interval after which DDNS server should check and update the IP address of your server if changed. For example if time interval is set to 10 minutes, after every 10 minutes, DDNS server will check for any changes in your server IP address
Create button Click Create to save the configuration Table – Register hostname with DDNS
Testing your Dynamic DNS configuration You can test your Dynamic DNS by: • Access your Cyberoam server using the host name you have registered with DDNS service provider
- If you are able to access Cyberoam then your configuration is correct and DDNS is working properly.
• Ping your host - If you get the IP address of your external interface then your configuration is correct and DDNS is working properly.
Manage Account
Check the IP address updation status from the Manage Account page. It also displays the reason incase updation was not successful. Select System Dynamic DNS Configuration Manage Account to open configuration page and click the hostname to be
Cyberoam User Guide
150
Manage Gateway
Gateway routes traffic between the networks and if gateway fails, communication with outside Network is not possible. In this case, organization and its customers are left with the significant downtime and financial loss. By default, Cyberoam supports only one gateway. However, since organizations opt for multiple gateways to cope with gateway failure problems, Cyberoam also provides an option for supporting multiple gateways. However, simply adding one more gateway is not an end to the problem. Optimal utilization of all the gateways is also necessary. Cyberoam not only supports multiple gateways but also provides a way to utilize total bandwidth of all the gateways optimally. At the time of installation, you configured the IP address for a default gateway. You can change this configuration any time and configure for additional gateways. Refer to Multi link Configuration Guide for source based static routing. Policy based routing can be done from firewall rule. To view the Gateway details, select System Gateway Manage Gateway(s)
Screen – Gateway Configuration
Screen Elements Description
Gateway Details Gateway Name Displays Gateway name Gateway IP address and port
Displays IP address and port of the Gateway configured IP address of a device Cyberoam uses to reach devices on different Network, typically a router
Save button
Saves the modified details Click to save
Cancel button
Cancels the current operation and returns to Manage Gateway page Click to cancel
Table - Gateway Configuration screen elements
Cyberoam User Guide
151
DoS Settings
Cyberoam provides several security options that cannot be defined by the firewall rules. This includes protection from several kinds of “Denial of Service attacks”. These attacks disable computers and circumvent security. Denial of Service (DoS) attack is a method hackers use to prevent or deny legitimate users access to a service. DoS attacks are typically executed by sending many request packets to a targeted server (usually Web, FTP, or Mail server), which floods the server's resources, making the system unusable. Their goal is not to steal the information but disable or deprive a device or network so that users no longer have access to the network services/resources. All servers can handle traffic volume up to a maximum, beyond which they become disabled. Hence, attackers send a very high volume of redundant traffic to a system so it cannot examine and allow permitted network traffic. Best way to protect against the DoS attack is to identify and block such redundant traffic. SYN Flood In this attack, huge amount of connections are send so that the backlog queue overflows. The connection is created when the victim host receives a connection request and allocates for it some memory resources. A SYN flood attack creates so many half-open connections that the system becomes overwhelmed and cannot handle incoming requests any more. Click Apply Flag to apply the SYN flood definition and control the allowed number of packets. To generate log, enable DoS Attack logging from Network Logging Management (Telnet Console). By default, the DoS attack logging is Off. To enable logging:
1. Log on to Telnet Console 2. Go to Cyberoam Management>Logging Management>Network Logging Management 3. Enable/On DoS Attack Logging
Refer to Cyberoam Console Guide, Logging Management for more details. User Datagram Protocol (UDP) Flood This attack links two systems. It hooks up one system's UDP character-generating service, with another system's UDP echo service. Once the link is made, the two systems are tied up exchanging a flood of meaningless data. Click Apply Flag to apply the UDP flood definition and control the allowed number of packets. To generate log, enable DoS Attack logging from Network Logging Management (Telnet Console). By default, the DoS attack logging is Off. To enable logging:
1. Log on to Telnet Console 2. Go to Cyberoam Management>Logging Management>Network Logging Management 3. Enable/On DoS Attack Logging
Refer to Cyberoam Console Guide, Logging Management for more details. TCP attack This attack sends huge amount of TCP packet than the host/victim computer can handle.
Cyberoam User Guide
152
Click Apply Flag to apply the TCP flood definition and control the allowed number of packets. To generate log, enable DoS Attack logging from Network Logging Management (Telnet Console). By default, the DoS attack logging is Off. To enable logging:
1. Log on to Telnet Console 2. Go to Cyberoam Management>Logging Management>Network Logging Management 3. Enable/On DoS Attack Logging
Refer to Cyberoam Console Guide, Logging Management for more details. ICMP attack This attack sends huge amount of packet/traffic than the protocol implementation can handle to the host/victim computer. Click Apply Flag to apply the ICMP flood definition and control the allowed number of packets. To generate log, enable DoS Attack logging from Network Logging Management (Telnet Console). By default, the DoS attack logging is Off. To enable logging:
1. Log on to Telnet Console 2. Go to Cyberoam Management>Logging Management>Network Logging Management 3. Enable/On DoS Attack Logging
Refer to Cyberoam Console Guide, Logging Management for more details. Drop Source Routed Packet This will block any source routed connections or any packets with internal address from entering your network. Click Apply Flag to enable blocking. To generate log, enable Dropped Source Routed Packet Logging from Network Logging Management (Telnet Console). By default, the DoS attack logging is Off. To enable logging:
1. Log on to Telnet Console 2. Go to Cyberoam Management>Logging Management>Network Logging Management 3. Enable/On DoS Attack Logging
Refer to Cyberoam Console Guide, Logging Management for more details. Disable ICMP redirect packet An ICMP redirect packet is used by routers to inform the hosts what the correct route should be. If an attacker is able to forge ICMP redirect packets, he or she can alter the routing tables on the host and possibly weaken the security of the host by causing traffic to flow via another path. Set the flag to disable the ICMP redirection. To generate log, enable Dropped ICMP Redirected Packet Logging from Network Logging Management (Telnet Console). By default, the DoS attack logging is Off. To enable logging:
Cyberoam User Guide
153
1. Log on to Telnet Console 2. Go to Cyberoam Management>Logging Management>Network Logging Management 3. Enable/On DoS Attack Logging
Refer to Cyberoam Console Guide, Logging Management for more details. ARP Flooding This attack sends ARP requests to the server at a very high. Because of this server is overloaded with requests and will not be able to respond to the valid requests. Cyberoam protects by dropping such invalid ARP requests.
Threshold values
Cyberoam uses threshold value to detect DoS attack. Threshold value depends on various factors like: • Network bandwidth • Nature of traffic • Capacity of servers in the network
Threshold = Total number of connections/packet rate allowed to a particular user at a given time When threshold value exceeds, Cyberoam detects it as an attack and the traffic from the said source/destination is blocked till the lockdown period. Threshold is applicable to the individual source/destination i.e. requests per user/IP address and not globally to the complete network traffic. For example, if source threshold is 2500 packets/minute and the network is of 100 users then each source is allowed packet rate of 2500 packets/minute. You can define different threshold values for source and destination. Configuring high values will degrade the performance and too low values will block the regular requests. Hence it is very important to configure appropriate values for both source and destination IP address.
Source threshold
Source threshold is the total number of connections/packet rate allowed to a particular user at a given time.
Destination threshold
Destination threshold is the total number of connections/packet rate allowed from a particular user at a given time.
How it works
When threshold is crossed, Cyberoam detects it as an attack. Cyberoam provides DoS attack protection by dropping all the excess packets from the particular source/destination. Cyberoam will continue to drop the packets till the attack subsides. Because Cyberoam applies threshold value per IP address, traffic from the particular source/destination will only be dropped while the rest of the network traffic will not be dropped at all i.e. traffic from the remaining IP addresses will not be affected at all. Time taken to re-allow traffic from the blocked source/destination = time taken to subside the attack + 30 seconds
Cyberoam User Guide
154
Configure DoS Settings
Select Firewall → DoS Setting
Screen – DoS Settings
Screen Elements Description
Attack type Type of Attack Click to view the real time updates on flooding. It displays the source IP address - which was used for flooding and IP address which was targeted.
Source Packets Rate (packets/minute)
Allowed Packets per minute (Packet rate) If the packet rate exceeds, it is considered as an attack and the rest of the packets are dropped. The specified packet rate is applicable to individual IP address i.e. requests per user and not globally to the complete traffic.
Apply flag Set flag to control allowed number of packets Source Packets dropped
Displays number of packets dropped from the said source
Destination Packets Rate (packets/minute)
Allowed Packets per minute (Packet rate) When the packet rate exceeds, all the excess packets are dropped for the next 30 seconds. You can call this the lockdown period which means the traffic from the destination IP address will be blocked for next 30 seconds. Because Cyberoam applies threshold value per IP address, the traffic from rest of the IP addresses is not blocked. The specified packet rate is applicable to individual IP address i.e. requests per user and not globally to the complete traffic.
Apply flag Set flag to control allowed number of packets Destination Packets dropped
Displays number of packets dropped at destination
Update button Updates Packet rate Updated details will be applied only after restarting the Management services from Console
Table – DoS Settings screen elements
Cyberoam User Guide
155
Bypass DoS Settings
Cyberoam allows bypassing the DoS rule in case you are sure that the specified source/destination will never be used for flooding or want to ignore if flooding occurs from the specified source.
Create DoS bypass rule
Select Firewall → Bypass DoS
Screen – Create DoS bypass rule
Screen Elements Description
Source and Destination Information Source Domain name/IP Address
Source Domain name, IP address or Network on which the DoS rule is not to be applied Specify source information Specify * if you want to bypass the complete network
Source Port Specify source port address. Specify * if you want to bypass all the ports DoS will not be applied on all the requests from the specified source IP address and port
Destination Domain name/IP Address
Destination Domain name or IP address on which the DoS rule is not to be applied Specify destination information Specify * if you want to bypass the complete network
Destination Port Specify destination port address.
Cyberoam User Guide
156
Specify * if you want to bypass all the ports DoS will not be applied on all the requests from the specified destination IP address and port
Network Protocol Select protocol whose traffic is to be bypassed for specified source to
destination. For example, If you select TCP protocol then DoS rules will not be applied on the TCP traffic from the specified source to destination.
Create button Creates the bypass rule Table – Create DoS bypass rule screen elements
Delete DoS bypass rule
Select Firewall → Bypass DoS
Screen – Delete DoS bypass rule
Screen Elements Description
Select Select rule for deletion Click Del to select More than one rule can also be selected
Select All Select all rules Click Select All to select all rules
Delete button Deletes all the selected rules Click to delete
Table – Delete DoS bypass rule screen elements
Cyberoam User Guide
157
Reset Console Password
You can change Telnet Console password from Web based Console or Telnet Console itself. To change password from Telnet Console, refer to Cyberoam Console guide. Select System → Reset Console Password
Screen - Reset Console Password
Screen Elements Description
Reset Console Password GUI Admin Password Specify current GUI Admin password i.e. the
password with which Administrator has logged on to Web Admin Console
New password Specify new console password Confirm New password Type again the same password as entered in the
New password field Submit button Saves new password
Click Submit
Table - Reset Console Password screen elements
Cyberoam User Guide
158
System Module Configuration
Enable/disable services to enhance the network performance and reduce the potential security risk. Do not enable any local services that are not in use. Any enabled services could present a potential security risk. A hacker might find a way to misuse the enabled services to access your network. By default, all the services are enabled. Cyberoam allows enabling/disabling of following services and VPN and Traffic Discovery modules: TFTP - Trivial File Transfer Protocol (TFTP) is a simple form of the File Transfer Protocol (FTP). TFTP uses the User Datagram Protocol (UDP) and provides no security features. PPTP - PPTP (Point to Point Tunneling Protocol) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a VPN tunnel using a TCP/IP based network IRC - IRC (Internet Relay Chat) is a multi-user, multi-channel chatting system based on a client-server model. Single Server links with many other servers to make up an IRC network, which transport messages from one user (client) to another. In this manner, people from all over the world can talk to each other live and simultaneously. DoS attacks are very common as it is an open network and with no control on file sharing, performance is affected. H323 - The H.323 standard provides a foundation for audio, video, and data communications across IP-based networks, including the Internet. H.323 is an umbrella recommendation from the International Telecommunications Union (ITU) that sets standards for multimedia communications over Local Area Networks (LANs) that do not provide a guaranteed Quality of Service (QoS). It enables users to participate in the same conference even though they are using different videoconferencing applications. P2P Traffic Modules - Identifies peer-to-peer (P2P) data in IP traffic. It works together with connection tracking and connection marking which helps in identifying the bigger part of all P2P packets and limit the bandwidth rate. Select Firewall → System Modules and enable or disable the required service and modules.
Screen – System Modules Configuration
Cyberoam User Guide
159
Manage Data Backup data
Backup is the essential part of data protection. No matter how well you treat your system, no matter how much care you take, you cannot guarantee that your data will be safe if it exists in only one place. Backups are necessary in order to recover data from the loss due to the disk failure, accidental deletion or file corruption. There are many ways of taking backup and just as many types of media to use as well. Cyberoam provides facility of taking regular and reliable data backup. Backup consists of all the policies, logs and all other user related information. Cyberoam maintains five logs: Web surfing log This log stores the information of all the websites visited by all the users User session log Every time the user logs in, session is created. This log stores the session entries of all the users and specifies the login and logout time. Audit log This log stores the details of all the actions performed the User administrating Cyberoam. Refer to Appendix A – Audit Log for more details. Virus log This log stores the details of malicious traffic requests received.
Set Backup Schedule
Select System → Manage Data → Set Backup Schedule
Screen – Set Backup schedule
Cyberoam User Guide
160
Screen Elements Description
Backup of Data only (Does not include Logs) Backup Frequency Backup schedule. Only data backup will be taken.
Select any one Daily – backup will be send daily Weekly – backup will be send weekly Monthly – backup will be send monthly Never – backup will never be send In general, it is best to schedule backup on regular basis. Depending on how much information you add or change will help you determine the schedule
Incremental Backup of Log files only (in CSV format) Backup process only copies what has changed since the last backup. This creates a much smaller backup file. Log Select the logs for backup. Backup of log files will be taken in CSV
format. Available logs for backup: 1. Web surfing 2. Virus 3. Audit
Backup Frequency Select any one Daily – backup will be send daily Weekly – backup will be send weekly Never – backup will never be send
Set Backup Mode Backup mode Specifies how backup should be taken and send
Select FTP backup OR Mail backup
Only for FTP backup FTP server Specify IP address of FTP server User name Specify User name with which user has to logon to the FTP server Password Specify Password Only for Mail backup To Mail Id Specify email address to which the backup is to be mailed Save button Saves the configuration
Table – Set Backup Schedule screen elements
Cyberoam User Guide
161
Backup Data
Select System → Manage Data → Backup Data
Screen – Backup Data
Screen Elements Description
Backup System Data (Does not include logs) Backup button Takes the recent backup and allows to download
Click Backup data to take backup
Download button Only if backup is taken previously
Download the backup already taken. Also displays date and time of backup Click Download to download To download follow the screen instructions
Backup Log (in CSV format) Logs Backup of selected logs will be taken
Select the logs for backup 1. Web surfing 2. Virus 3. Audit
Backup button Takes the recent backup of logs and allows to download Click Backup data to take the recent backup
Download button Only if backup is taken previously
Download the backup of logs already taken. Also displays date and time of backup Click Download to download To download follow the screen instructions
Table – Backup Data screen elements
Cyberoam User Guide
162
Restore Data
With the help of restore facility, restore data from the backup taken. Restoring data older than the current data will lead to the loss of current data. Select System → Manage Data → Restore Data
Screen – Restore Data screen
Screen Elements Description
Upload Backup File to upload Specify name of backup file to be uploaded Browse button Select the backup file Upload button Uploads the backup file
Table - Restore Data screen elements
Note Restore facility is version dependant i.e. it will work only if the backup and restore versions are same e.g. if backup is taken from Cyberoam version 7.4.0.0 then restore will work only for version 7.4.0.0 and not for any other version.
Cyberoam User Guide
163
Purge
Purging of data means periodic deletion of the data. Cyberoam provides Auto purge and Manual purge facility for deleting log records.
Configure Auto purge Utility
Select System → Manage Data → Configure Auto purge utility
Screen – Configure Auto purge Utility screen
Screen Elements Description
Purge Frequency Purge Web surfing logs every
Specify number of days after which web surfing log should be purged automatically
Save button Saves purging schedule configuration Popup Notification Enable Alert Popup Enabling Popup Notification displays alert popup
before purging the logs Click to enable
Save button Saves popup alert configuration Download Purged Logs Only if Logs have been Auto purged Download button Allows to download the purged log files
Click to download
Delete button Deletes the purged log files Table – Configure Auto purge Utility screen elements
Note System will preserve logs only for the specified number of days and automatically purges the logs generated there after.
Cyberoam User Guide
164
Manual purge
Use manual purge to delete log records manually Select System → Manage Data → Purge Logs
Screen – Purge Logs screen
Screen Elements Description
Purge Select log for purging Web surfing logs User session logs Audit logs Till Date Select the date from Calendar till which the
selected log(s) is to be purged Purge button Purges the selected log till the specified date
Click Purge to purge
Table - Purge Logs screen elements
Note Auto purge option is always on
Cyberoam User Guide
165
Client Services
Client Messages
Message Management tab allows Administrator to send messages to the various users. Messages help Administrator to notify users about problems as well as Administrative alerts in areas such as access, user sessions, incorrect password, and successful log on and log off etc. Message is send to the User whenever the event occurs. Message can be up to 256 characters and send to the number of users at a time. Select System → Configure Client Settings → Customize Client Message
Screen – Customized Client Messages screen
Screen Elements Description
Message Key Message code Click Message link to customize the message which will be received by user Click Save to save the changes Click Cancel to cancel the current operation
Message Message description Configure Usage to Alert User before Expiration Enter Remaining Usage in
Alert will be displayed to all the users when the specified data transfer is remaining Remaining usage can be entered in absolute value or in percentage
Cyberoam User Guide
166
Data Transfer (MB) Specify remaining data transfer usage when all the users should receive alert. Eg. Absolute Remaining data transfer usage: 20 MB User1: Total Data transfer limit (as defined in Data transfer policy): 150 MB User2: Total Data transfer limit (as defined in Data transfer policy): 640 MB User1 will receive alert when he is left with 20 MB of data transfer i.e has done total data transfer of 130 MB User2 will receive alert when he is left with 20 MB of data transfer i.e has done total data transfer of 620 MB Percentage Remaining data transfer usage: 20% User1: Total Data transfer limit (as defined in Data transfer policy): 150 MB User2: Total Data transfer limit (as defined in Data transfer policy): 640 MB User1 will receive alert when he is left with 30 MB (20% of 150 MB) of data transfer i.e. has done data transfer of 120 MB User2 will receive alert when he is left with 128 MB (20% of 640 MB) of data transfer i.e. has done data transfer of 512 MB
Cycle Data Transfer (MB)
Specify remaining cycle data transfer usage when all the users should receive alert. Cycle data transfer is the upper limit of total data transfer allowed to the user per cycle. User will be disconnected if the limit is reached. It is applicable the users to whom the cyclic data tanfer policies are applied. E.g. Absolute Remaining cycle data transfer usage: 20 MB User1: Cycle Total Data transfer limit (as defined in Data transfer policy): 150 MB User2: Cycle Total Data transfer limit (as defined in Data transfer policy): 640 MB User1 will receive alert when he is left with 20 MB of data transfer per cycle i.e has done data transfer of 130 MB User2 will receive alert when he is left with 20 MB of data transfer per cycle i.e has done data transfer of 620 MB Percentage Remaining cycle data transfer usage: 20% User1: Cycle Total Data transfer limit (as defined in Data transfer policy): 150 MB User2: Cycle Total Data transfer limit (as defined in Data transfer policy): 640 MB User1 will receive alert when he is left with 30 MB (20% of 150 MB) of data transfer per cycle i.e. has done data transfer of 120 MB User2 will receive alert when he is left with 128 MB (20% of 640 MB) of data transfer per cycle i.e. has done data transfer of 512 MB
Save details button Saves the data transfer alert configuration Table - Customized Client Message screen elements
Cyberoam User Guide
167
List of Predefined messages
Messages Description/Reason
AlertMessageWithCycleData Message is sent to the user when the remaining cycle data transfer is equal to the configured value. Value can be configured from Customize Client Messages page. Refer to Client Messages for more details
AlertMessageWithData Message is sent to the user when the remaining data transfer is equal to the configured value. Value can be configured from Customize Client Messages page. Refer to Client Messages for more details
DeactiveUser Administrator has deactivated the User and the User will not be able to log on
DisconnectbyAdmin When the administrator disconnects the user from the live users page
InvalidMachine Message is sent if User tries to login from the IP address not assigned to him/her
LoggedoffsuccessfulMsg Message is sent when User logs off successfully LoggedonsuccessfulMsg Message is sent when User logs on successfully Loggedinfromsomewhereelse Message is sent if User has already logged in from other
machine MaxLoginLimit Message is sent if User has reached the maximum login limit MultipleLoginnotallowed Message is sent if User is not allowed multiple login NotAuthenticate Message is sent if User name or password are incorrect NotCurrentlyAllowed Message is sent if User is not permitted to access at this time
Access Time policy applied to the User account defines the allowed access time and not allowed access at any other time.
Someoneloggedin Message is sent if someone has already logged in on that particular machine
SurfingtimeExhausted Message is sent when User is disconnected because his/her allotted surfing time is exhausted The surfing time duration is the time in hours the User is allowed Internet access that is defined in Surfing time policy. If hours are exhausted, User is not allowed to access
SurfingtimeExpired Administrator has temporarily deactivated the User and will not be able to log in because User surfing time policy has expired
LiveIPinuse Message is sent if connection is requesting a public IP Address from the server that is already in use
Nmpoolexceedlimit Message is sent if the maximum number of IP Addresses in the public Logon Pool at any given time has exceeded the limit
Table - List of predefined messages
Cyberoam User Guide
168
Client preferences
Use Client preference to specify • which page to open every time user logs on to Cyberoam • whether HTTP client log on page should pop up if user tries to surf without logging in • port from which Web Administration Console can be accessed • number of concurrent log on allowed
Select System → Configure Client Settings → Customize Client preferences
Screen – Customized Client Preferences screen
Screen Elements Description
Open following site after client logs on to the server URL Specify URL which is to be opened every time user logs
on Leave this field blank, if you do not want to open any specific page every time user logs in
Update button Updates configuration HTTP Client Pop up HTTP client Whenever User tries to surf without logging, page with a
message ‘Cyberoam Access Denied‘ displayed
If HTTP client pop up option is selected, User will get a HTTP Client pop up along with the ‘Cyberoam Access Denied' page. Once User logs on successfully using the HTTP client, user will be able to surf the requested site.
Update button Updates configuration
Cyberoam User Guide
169
Web Admin Console Web Admin Console Port
Specify Port number on which Web Admin Console is running
Update button Updates configuration Number of Logins Number of Logins Allowed OR Unlimited Login
Specify number of concurrent logins allowed to all the users OR Allows unlimited concurrent logins
Update button Updates configuration Table – Customized Client Preferences screen elements
Note The preferences set are applicable to all the users by default i.e. By default, all the preferences set will be applicable when the user is created. Refer to Create User, for customizing number of concurrent logins allowed to the particular user.
Cyberoam User Guide
170
Customize Access Deny messages
Use to customize Access deny message for: • all web categories • individual web category • all file type categories
This customized message will be displayed when user tries to access the site which is not allowed.
1. Select System → Configure → Customize Denied Message 2. Select category for which you want to customize access deny message
Select ‘All Web categories’ to display the same access deny message for all the web categories. The message specified for ‘All Web Categories’ becomes the default message. Select a particular category for which you want to display a different message By default, the message specified for ‘All Web Categories’ is displayed. Disable Use Default Message, if you want to display a different message for a particular category and modify the message Select ‘All File type category’ to customize the access deny message for all the file type categories
3. In Denied Message, modify the message contents 4. Click Update to save if any changes are made
Cyberoam User Guide
171
Upload Corporate logo
Use to display your company’s logo in all the messages displayed to the user.
1. Select System → Configure → Customize Denied Message 2. In Top Bar, specify the image to be displayed at the top of the message page. 3. In the Bottom Bar, specify the image to be displayed at the bottom of the message page 4. Click Upload
Note Dimension of Image should be 700 * 80 and jpg file only
Cyberoam User Guide
172
Customize Login message
Use to customize login page messages and client login links provided on login page.
1. Select System → Configure → Customize Login Message 2. Under Client Login Links, select Login Clients that you want to be displayed on Login page.
In the login page, download links are provided so that user can download the required login client. If you do not want user to download a particular login client, deselect the link In the Login message box, specify the message to be displayed. You can further customize the message by using clientip address, category and URL
3. Enable Blink Message to display blinking message 4. Before saving the configuration, click Preview and see how message will be displayed to the user 5. Click Save to save the configuration
Cyberoam User Guide
173
HTTP Proxy Management Proxy server is a kind of buffer between your computer and the internet resources you are accessing. Proxy server accumulates and saves all those files that are most often requested by other Internet users in a ‘Cache’. The cache of a proxy server may already contain information you need by the time of your request, making it possible for the proxy to deliver it immediately. Therefore, proxy servers are able to improve the network performance by reducing the access time. Cyberoam can also act as a HTTP proxy server. All visited static sites are cached on the Cyberoam server hard drive. The advantage of a cache server is that it will cache the static web pages once requested and serve them locally when requested next time.
Manage HTTP Proxy
Select System → HTTP Proxy → Manage HTTP Proxy
Screen - Manage HTTP Proxy
Screen Elements Description
Server Status Displays current status of Cache server Start button Only if Current Status is ‘Stopped’
Click to start Cache server
Stop button Only if Current Status is ‘Running’
Click to stop Cache server
Restart button Click to restart Cache server Table - Manage HTTP Proxy screen elements
Cyberoam User Guide
174
Configure HTTP Proxy
Use to • configure http proxy port • configure trusted ports
Select System → HTTP Proxy → Configure HTTP Proxy
Screen - Configure HTTP Proxy
Screen Elements Description
HTTP Proxy Port Setting HTTP Proxy port Specify proxy port to be used Save button Click to save the port setting HTTP Proxy Trusted Ports Setting Cyberoam allows the access to those sites which are hosted on
standard port only if deployed as HTTP proxy. To allow access to the sites hosted on the non-standard ports, you have to define non-standard ports as trusted ports. You can define individual port or range of ports for http and https protocols.
Cyberoam User Guide
175
Click Add to define non-standard ports Pharming Protection Configuration Enable Pharming Protection
Pharming attacks require no additional action from the user from their regular web surfing activities. Pharming attack succeeds by redirecting the users from legitimate web sites instead of similar fraudulent web sites that has been created to look like the legitimate site. Enable to protect against pharming attacks and direct users to the legitimate web sites instead of fraudulent web sites. Click to enable/disable
Save button Click to save the port setting Table - Configure HTTP Proxy screen elements
Cyberoam User Guide
176
Manage Servers Use Services tab to Start/Stop and Enable/Disable Autostart various configured servers. According to the requirement, one can Start, Stop, Enable or Disable the services. Types of the servers available:
1. DHCP 2. Domain Name Server 3. Antivirus server 4. Antispam server 5. Cyberoam server 6. Proxy servers – HTTP, SMTP, POP3, IMAP, FTP
Select System → Manage Services
Screen - Manage Services
Screen Elements Description
Service name Name of the server Status Status of the respective server
Running – if server is on Stopped – if server is off
Commands Starts or stops the respective servers Enables or disables Autostart Refer to Action table for details
Table - Manage Control Service screen elements Action table
Button Usage
Start Starts the Server whose status is ‘Stopped’ Stop Stops the server whose status is ‘Started’ Enable Autostart Automatically starts the configured server with the startup of Cyberoam Disable Autostart Disables the Autostart process Restart
Restarts Cyberoam All the servers with ‘Enable Autostart’ will restart
Shutdown Shuts down Cyberoam server and all the servers will be stopped Table - Manage Control Service – Action
Cyberoam User Guide
177
Monitoring Bandwidth Usage Bandwidth is the amount of data passing through a media over a period. In other words, it is the amount of data accessed by the Users. Each time the data is accessed – uploaded or downloaded, the amount is added to the total bandwidth. Because of the limited resource, it needs periodic monitoring. Bandwidth usage graphical report allows Administrator to monitor the amount of data uploaded or downloaded by the Users. Administrator can use this information to help determine: • Whether to increase or decrease the bandwidth limit? • Whether all the gateways are utilized optimally? • Which gateway is underutilized? • What type of traffic is consuming the majority of the Bandwidth? • Which inbound/ outbound traffic has consumed the most Bandwidth in the last week/month?
Select System → View Bandwidth usage
Screen – View Bandwidth Usage
Screen Elements Description
Bandwidth report Graph type Generates graph
Select any one Gateway wise – Displays list of Gateways defined, click the Gateway whose data transfer report is to be generated Logon Pool wise – Displays list of Logon Pools defined, click the Logon Pool whose data transfer report is to be generated Total – Generates total (all gateways and Logon Pools) data transfer report. Also generates Live user report Gatewaywise breakup - Generates total (all gateways) data transfer report.
Graph period Generates graph based on time interval selected Click Graph period to select
Table - Bandwidth usage screen elements
Cyberoam User Guide
178
It generates eight types of graphical reports:
1. Live users - Graph shows time and live users connected to Internet. In addition, shows minimum, maximum and average no. of users connected during the selected graph period. This will help in knowing the peak hour of the day.
X axis – Hours Y axis – No. of users Peak hour – Maximum no. of live users
Screen - Bandwidth usage - Live Users graph
2. Total data transfer – Graph shows total data transfer (upload + download) during the day. In addition, shows minimum, maximum and average data transfer.
X axis – Hours Y-axis – Total data transfer (upload + download) in KB/Second
Screen - Bandwidth usage - Total Data transfer graph
Minimum data
Maximum data transfer
Cyberoam User Guide
179
3. Composite data transfer – Combined graph of Upload & Download data transfer. Colors
differentiate upload & download data traffic. In addition, shows the minimum, maximum and average data transfer for upload & download individually
X axis – Hours Y-axis – Upload + Download in Bits/Second
Orange Color - Upload traffic Blue Color – Download traffic
Screen - Bandwidth usage - Composite Data transfer graph
4. Download data transfer – Graph shows only download traffic during the day. In addition, shows
the minimum, maximum and average download data transfer.
X axis – Hours Y-axis – Download data transfer in Bits/Second
Screen - Bandwidth usage - Download Data transfer graph
Cyberoam User Guide
180
5. Upload data transfer - Graph shows only upload traffic during the day. In addition, shows minimum, maximum and average upload data transfer.
X axis – Hours Y-axis – Upload data transfer in Bits/Second
Screen - Bandwidth usage - Upload Data transfer graph
6. Integrated total data transfer for all Gateways – Combined graph of total (Upload + Download)
data transfer for all the gateways. Colors differentiate gateways. In addition, shows the minimum, maximum and average data transfer of individual gateway
X axis – Hours Y-axis – Total (Upload + Download) data transfer in Bits/Second Orange Color – Gateway1 Blue Color – Gateway2
Cyberoam User Guide
181
7. Integrated Download data transfer of all Gateways – Graph shows only the download traffic of all the gateways during the day. In addition, shows the minimum, maximum and average download data transfer.
X axis – Hours Y-axis – Download data transfer in Bits/Second
Orange Color – Gateway1 Blue Color – Gateway2
8. Integrated Upload data transfer for all the Gateways - Graph shows only the upload traffic of all the gateways during the day. In addition, shows minimum, maximum and average upload data transfer.
X axis – Hours Y-axis – Upload data transfer in Bits/Second Orange Color – Gateway1 Blue Color – Gateway2
Cyberoam User Guide
182
Migrate Users Cyberoam provides a facility to migrate the existing users from PDC or LDAP server. Alternately, you can also import user definition from an external file (CSV format file). If you do not want to migrate users, configure for Automatic User creation. This reduces Administrator’s burden of creating the same users again in Cyberoam.
Migration from PDC server
All the migrated users will be created under Group type – ‘Normal’ and default policies will be applied. Administrator can change the assigned group or status at the time of migration or later. After migration, Username will be set as password in Cyberoam. Select User Migrate Users to open migration page Step 1: Click Download User Migration Utility link
Screen - Download User Migration Utility
Step 2: Opens the File Download window and prompts to run or save the utility. Select the appropriate option and click OK button
Screen - Save User Migration Utility
Step 3: Opens a new browser window and prompts for the login. Provide the administrator username and
Cyberoam User Guide
183
password. E.g. Username: “cyberoam” and password: “cyber” Step 4: On successful authentication, following screen will be shown. Upload the specified file.
Screen – Upload downloaded User Migration Utility
Step 5: Change the group or status of the user at this stage, if required. To migrate all the users, click Select All or select the individual users and click Migrate Users.
Note After migration, for Cyberoam login password will be same as the username
Once the users are migrated, configure for single sign on login utility.The configuration is required to be done on the Cyberoam server.
Migration from External file
Instead of creating user again in Cyberoam, if you already have User details in a CSV file then you can upload CSV file. CSV file should be in the following format:
1. Header (first) row should contain field names. Format of header row: Compulsory first field: username Optional fields in any order: password, name, groupname
2. Subsequent rows should contain values corresponding to the each field in header row 3. Number of fields in each row should be same as in the header row 4. Error will be displayed if data is not provided for any field specified in the header 5. Blank rows will be ignored 6. If password field is not included in the header row then it will set same as username 7. If name field is not included in the header row then it will set same as username 8. If groupname is not included in the header row, administrator will be able to configure group at the
time of migration Step 1 Upload CSV file Select System Migrate User to open migration page
Cyberoam User Guide
184
Screen – Upload CVS file
Step 2 Change Group or Active status of user at this stage, if required. To migrate all the users, click Select All or select the individual users and click Migrate Users.
Screen - Register migrated users from External file
If migration is successful, Manage Active User page will be displayed with all the migrated users as Active users.
Cyberoam User Guide
185
Customization Schedule
Schedule defines a time schedule for applying firewall rule or Internet Access policy i.e. used to control when firewall rules or Internet Access policies are active or inactive. Types of Schedules: • Recurring – use to create policies that are effective only at specified times of the day or on specified
days of the week. • One-time - use to create firewall rules/policies that are effective once for the period of time specified
in the schedule.
Define Schedule
Select Firewall Schedule Define Schedule to open define schedule page
Screen - Define One Time Schedule
3 PAR
T
Cyberoam User Guide
186
Screen Elements Description
Schedule details Name Specify schedule name. Choose a name that best describes schedule Schedule Type Specify type of schedule
Recurring – applied at specified times of the day or on specified days of the week One time – applied only once for the period of time specified in the schedule
Start time & Stop time (only if Schedule Type is ‘One Time’)
Defines start and stop time for the schedule Start & stop time cannot be same
Description Specify full description of schedule Allows maximum of 250 characters Can be any combination of A – Z, a – z, ‘_’, 0 - 9
Create button Creates schedule Refer to Add Schedule Entry details to add time details
Table - Define Schedule screen elements
Add Schedule Entry details
Select Firewall Schedule Manage Schedule to view the list of schedule and click the Schedule name in which the schedule entry details is to be added.
Cyberoam User Guide
187
Screen – Add Schedule Entry details
Screen Elements Description
Schedule Entry Weekday Select weekday Start time & Stop time Defines the access hours/duration
Start & stop time cannot be same
Add Schedule detail button
Attaches the schedule details for the selected weekday to the schedule
Cancel button Cancels the current operation Table – Add Schedule Entry details screen elements
Cyberoam User Guide
188
Manage Schedule
Use to modify: 1. Schedule Name 2. Description 3. Add Schedule Entry details 4. Delete Schedule Entry details
Select Firewall Schedule Manage Schedule and click Schedule name to be updated
Screen - Manage Schedule
Screen Elements Description
Schedule details Schedule name Displays schedule name, modify if required Schedule description Displays schedule description, modify if required Schedule Entry Add button Allows to add the schedule entry details
Refer to ‘Add Schedule Entry details’ for more details
Delete button Allows to delete the schedule entry details Refer to ‘Delete Schedule Entry details’ for more details
Save button Saves schedule Cancel button Cancels the current operation and returns to Manage
Schedule page Table - Manage Schedule screen elements
Cyberoam User Guide
189
Delete Schedule Entry details
Screen – Delete Schedule Entry details
Screen Elements Description
Del Select Schedule Entry detail to be deleted Click Del to select Schedule Entry details More than one Schedule Entry details can also be selected
Select All Selects all the Schedule Entry details Click Select All to select all the Schedule Entry details
Delete button Deletes the selected Schedule Entry detail(s) Table - Delete Schedule Entry details screen elements
Cyberoam User Guide
190
Delete Schedule
Select Firewall Schedule Manage Schedule to view the list of Schedules
Screen - Delete Schedule
Screen Elements Description
Del Select schedule to be deleted Click Del to select schedule More than one schedule can also be selected
Select All Selects all the schedules Click Select All to select all the schedules
Delete button Deletes the selected schedule(s) Table - Delete Schedule screen elements
Cyberoam User Guide
191
Services Services represent types of Internet data transmitted via particular protocols or applications. Protect your network by configuring firewall rules to • block services for specific zone • limit some or all users from accessing certain services • allow only specific user to communicate using specific service
Cyberoam provides several standard services and allows creating: • Customized service definitions • Firewall rule for customized service definitions
Define Custom Service
Select Firewall Services Create to open the create page
Screen - Define Custom Service
Screen Elements Description
Create Service Service Name Specify service name Select Protocol Select the type of protocol
For IP - Select Protocol No. For TCP - Specify Source and Destination port For UDP - Specify Source and Destination port For ICMP – Select ICMP Type and Code
Description Specify service description Create button Creates a new service Cancel button Cancels the current operation and returns Manage Service
Table – Define Custom Service screen elements
Cyberoam User Guide
192
Manage Custom Service
Use to modify: 1. Description 2. Add Protocol details 3. Delete Protocol details
Select Firewall Services Manage to view the list of custom services. Click service to be modified
Screen - Update Custom Service
Screen Elements Description
Custom Service Service Name Displays service name Description Displays description, modify if required Protocol Details Add button Allows to add protocol details
Click to add Select protocol For IP - Select Protocol No. For TCP - Specify Source and Destination port For UDP - Specify Source and Destination port For ICMP – Select ICMP Type and Code Click Add
Delete button Allows to delete protocol details Click to delete against the protocol details to be deleted Click Delete
Save button Updates the modified details Cancel button Cancels the current operation
Table - Update Custom Service screen elements
Cyberoam User Guide
193
Delete Custom Service
Select Firewall services Manage to view the list of services.
Screen - Delete Custom Service
Screen Elements Description
Del Select the Service for deletion More than one services can be selected Click to select
Select All Allows to select all the services for deletion Click to select
Delete button Deletes all the selected service(s) Click to delete
Table - Delete Custom Service screen elements
Note Default Services cannot be deleted
Cyberoam User Guide
194
Create Service Group
Service Group is the grouping of services. Custom and default services can be grouped in a single group. Use to configure firewall rules to • block group of services for specific zone • limit some or all users from accessing group of services • allow only specific user to communicate using group of service
Select Firewall Service Group Create to open the create page
Screen – Create Service Group screen
Screen Elements Description
Create Service Group Service Group Name Specify service group name Select Service Select the services to be grouped.
‘Available Services’ column displays the services that can be grouped Using right arrow button move all the services that are to be grouped in the ‘Member Services’ list ‘Member Services’ column displays the services that will be grouped
Description Specify group description Create button Creates a new service group Cancel button Cancels the current operation and returns Manage
Service Group page Table – Create Service Group screen elements
Cyberoam User Guide
195
Update Service Group
Select Firewall Service Group Manage to view the list of groups created. Click the group to be modified
Screen – Edit Service Group
Screen Elements Description
Edit Service Group Service Group Name Displays service group name Select Service Displays grouped services
‘Available Services’ column displays the services that can be grouped Using right arrow button move all the services that are to be grouped in the ‘Member Services’ list ‘Member Services’ column displays the services that will be grouped
Description Displays group description, modify if required Save button Saves the modified details Cancel button Cancels the current operation and returns Manage
Service Group page Table – Edit Service Group screen elements
Cyberoam User Guide
196
Delete Service Group
Select Firewall Service Group Manage to view the list of groups created.
Screen – Delete Service Group
Screen Elements Description
Del Select the group for deletion More than one groups can be selected Click to select
Select All Allows to select all the groups for deletion Click to select
Delete button Deletes all the selected group(s) Click to delete
Table – Delete Service Group
Cyberoam User Guide
197
Categories Cyberoam’s content filtering capabilities prevent Internet users from accessing non-productive or objectionable websites that take valuable system resources from your network at the same time prevents hackers and viruses that can gain access to your network through their Internet connections. Cyberoam lets you prevent Internet users from accessing URLs that contain content the company finds objectionable. Cyberoam’s Categories Database contains categories covering Web page subject matter as diverse as adult material, astrology, games, job search, and weapons. It is organized into general categories, many of which contain collections of related Internet sites with specific content focus. In other words, database is a collection of site/host names that are assigned a category based on the major theme or content of the site. Categories Database consists of three types: Web category – Grouping of Domains and Keywords. Default web categories are available for use only if ‘Web and Application Filter’ subscription module is registered. File Type category – Grouping of File extensions Application protocol – Grouping of protocols. Standard protocol definitions are available for use only if ‘Web and Application Filter’ subscription module is registered. Apart from the default categories provided by Cyberoam, custom category can also be created if required. Creating custom category gives increased flexibility in managing Internet access for your organization. After creating a new category, it must be added to a policy so that Cyberoam knows when to enforce it and for which groups/users.
Cyberoam User Guide
198
Web Category
Web category is the grouping of Domains and Keywords used for Internet site filtering. Domains and any URL containing the keywords defined in the Web category will be blocked. Each category is grouped according to the type of sites. Categories are grouped into four types and specifies whether accessing sited specified those categories is considered as productive or not: • Neutral • Productive • Non-working • Un-healthy
For your convenience, Cyberoam provides a database of default Web categories. You can use these or even create new web categories to suit your needs. To use the default web categories, the subscription module Web and Application Filter should be registered. Depending on the organization requirement, allow or deny access to the categories with the help of policies by groups, individual user, time of day, and many other criteria. Custom web category is given priority over default category while allowing/restricting the access.
Search URL
Use Search URL to search whether the URL is categorized or not. It searches the specified URL and displays Category name under which the URL is categorized and category description. When a custom category is created with a domain/URL which is already categorized in default category then the custom category overrides the default category and the search result displays custom category name and not the default category name. Select Categories Web Category Search URL
Cyberoam User Guide
199
Screen – Search URL
Manage Default Web Category
Default Web categories are available for use only if ‘Web and Application Filter’ subscription module is registered. Database of web categories is constantly updated by Cyberoam. If the module is not registered, page is displayed with the message ‘Web and Application Filter module is not registered’. See Register Add on Modules for registering Web and Application Filter module. Module can also be registered as ‘Demo’ version if you have yet not purchased but will expire after 15 days of registeration. Once the module is registered, the default categories can be used in Internet Access for filtering. Select Categories Web Category Manage Default to view list of default Web Categories
Cyberoam User Guide
200
Screen - Manage Default Web Category
Note Default Web categories cannot be modified or deleted. Custom web category is given the priority over the default category while allowing/restricting access.
Cyberoam User Guide
201
Create Custom Web category
Select Categories Web Category Create Custom to open create page
Screen - Create Custom Web Category
Screen Elements Description
Create Custom Web Category Name Specify Web category name Description Specify full description Category type Categories are grouped into four types and specifies whether
accessing sites specified in those categories is considered as Neutral, Productive, Non-working or Un-healthy Select category type
Cyberoam User Guide
202
Create button Creates a new custom Web Category. Web Category configuration is incomplete until domain names or keywords are attached
Domain Management Add button Use to define domains for the web category. Depending on the user’s
Internet access policy, accessing specified domain(s) will be allowed or denied. Click to add Refer to Add Domain(s) for more details
Keywords Management Add button Use to define keywords for the web category. Depending on the user’s
Internet access policy, accessing sites with the specified keyword(s) will be allowed or denied. Click to add Refer to Add Keyword(s) for details
Update button Saves the web category Cancel button Cancels the current operation and returns to View Web Category page
Table - Create Web Category screen elements
Note Custom category name cannot be same as default category name.
Add Domain
Screen - Add Domain
Screen Elements Description
Domains Management Domains Specify domains for the category. Depending upon the Internet
access policy and schedule strategy any site falling under the specified domain will be allowed or blocked access.
Add Domain button Assigns domains to the web category Cancel button Cancels the current operation
Table - Add Domain screen elements
Cyberoam User Guide
203
Note Domains can be added at the time of creation of web category or whenever required.
Add Keyword
Screen - Add keyword
Screen Elements Description
Keywords Management Keywords Specify domains for the category. Depending on the Internet
access policy and schedule strategy any site falling under the specified domain will be allowed or blocked access
Add button Assigns keywords to the Web Category Cancel button Cancels the current operation
Table - Add keyword screen elements
Note Keywords can be added at the time of creation of web category or whenever required.
Cyberoam User Guide
204
Manage Custom Web Category
Use to modify: 1. Description 2. Add Domains 3. Delete Domains 4. Add Keywords 5. Delete Keywords
Select Categories Web Category Manage Custom to view the list of Web categories and click Web Category to be modified
Screen - Manage Custom Web category
Screen Elements Description
Update Custom Web Category Name Displays name of the web category, modify if required Description Displays description of the Category Category type Categories are grouped into four types and specifies whether accessing
sites specified in those categories is considered as Neutral, Productive, Non-working or Un-healthy Select category type
Domain Management Add button Allows to add domain name(s) to the web category
Click to add Refer to Add Domains for details
Delete button Allows to remove domain name(s) from the web category Click to remove Refer to Delete Domains for details
Cyberoam User Guide
205
Keywords Management Add button Allows to add keyword(s) to the web category
Click to add Refer to Add Keywords for details
Delete button Allows to remove keywords from the web category Click to remove Refer to Delete Keywords for details
Update button Modifies and saves the updated details Click to Update
Cancel button Cancels the current operation and returns to the Manage Custom Web Category page
Table - Update Custom Web category screen elements
Delete Domain
Screen – Delete Domain
Screen Elements Description
Select Click all the domains required to be removed Select All button Allows to select all the domains for deletion
Click Select All to select all domains
Delete button Remove(s) domains from the web category
Click to remove Table – Delete Domain screen elements
Cyberoam User Guide
206
Delete Keyword
Screen - Delete keyword
Screen Elements Description
Select Click all the keywords required to be removed Select All button Allows to select all the keywords for deletion
Click Select All to select all keywords
Delete button Remove(s) keywords from the web category Click to remove
Table - Delete keywords screen elements
Cyberoam User Guide
207
Delete Web Category
Prerequisite • Not attached to any Policy
Select Categories Web Category Manage Custom to view the list of Web Categories.
Screen - Delete Custom Web Category
Screen Elements Description
Del Select web category to be deleted More than one web category can be selected Click to select
Select All Allows to select all the web categories for deletion Click to select
Delete button Deletes all the selected web categories Click to delete
Table - Delete Custom Web Category screen elements
Cyberoam User Guide
208
File Type Category
File type is a grouping of file extensions. Cyberoam allows filtering Internet content based on file extension. For example, you can restrict access to particular types of files from sites within an otherwise-permitted category. For your convenience, Cyberoam provides several default File Types categories. You can use these or even create new categories to suit your needs. Depending on the organization requirement, allow or deny access to the categories with the help of policies by groups, individual user, time of day, and many other criteria.
Manage Default File Type Category
Cyberoam provides five default File Type categories which cannot be modified or deleted. Select Categories File Type Category Manage Default to view the list of default File Type Categories. Click the Category to view extensions included in the Category.
Screen – Manage Custom File Typ
e Category
Cyberoam User Guide
209
Create Custom File Type Category
Select Categories File Type Category Create Custom to open the create page
Screen - Create Custom File Type Category
Screen Elements Description
Custom File Type details Name Assign name to File Type Category File Extensions Specify file extensions to be included in the File Type
Category Extensions defined here will be blocked or filtered
Description Specify full description Create button Creates a new File Type Category Cancel button Cancels the current operation and returns to Manage
Custom File Type Category page Table - Create Custom File Type screen elements
Cyberoam User Guide
210
Manage Custom File Type Category
Use to modify: 1. File Extensions 2. Description
Select Categories File Type Category Manage Custom to view the list of File Type Categories and click File Type Category to be modified.
Screen - Manage Custom File Type Category
Screen Elements Description
Update Custom File Type Category Name Displays name of the File Type Category, modify if necessary File Extensions Displays file extension(s) added to the Category, modify if
required Description Displays description of Category Update button Modifies and saves the updated details
Click to Update
Cancel button Cancels the current operation and returns to the Manage Custom File Type Category page
Screen - Manage Custom File Type Category
Cyberoam User Guide
211
Delete Custom File Type Category
Prerequisite • Not attached to any Policy
Select Categories File Type Category Manage Custom to view the list of File Type Categories created
Screen - Delete Custom File Type Category
Screen Elements Description
Del Click all the File Types required to be deleted Select All button Allows to select all the File Types for deletion
Click Select All to select all File Types
Delete button Delete(s) the File Type Category Click to delete
Table - Delete Custom File Type screen elements
Cyberoam User Guide
212
Application Protocol Category
Application Protocol Category is the grouping of Application Protocols used for filtering Internet content. You can also filter Internet requests based on protocols or applications other than HTTP, HTTPS or FTP, for example those used for instant messaging, file sharing, file transfer, mail, and various other network operations. For your convenience, Cyberoam provides a database of default Application Protocol categories. To use the default Application Protocol categories, the subscription module ‘Web and Application Filter’ should be registered. You can also create: • Customized Application protocol category, if required • Firewall rule based on customized Application protocol category
Manage Default Application Protocol Category
Default Application protocol categories are available for use only if ‘Web and Application Filter’ subscription module is registered. Database of protocol category is constantly updated by Cyberoam. If the module is not registered, page is displayed with the message ‘Web and Application Filter’ module is not registered. See Register Add on Modules for registering Web and Application Filter module. Module can also be registered as ‘Demo’ version if you have yet not purchased but will expire after 15 days of registeration. Once the module is registered, the default protocol categories can be used in Internet Access for filtering. Default Application protocol category cannot be modified or deleted. Select Categories Application Protocol Category Manage Default to view the list of default Application protocols Categories
Screen - Manage Default Application Protocol Category
Cyberoam User Guide
213
Create Custom Application Protocol Category
Select Categories Application Protocol Category Create Custom to open the create page
Screen - Create Custom Application Protocol Category
Screen Elements Description
Custom Application Protocol Category Name Specify name to Application Protocol Category Description Specify full description Create button Creates a new custom Application Protocol Category Application Protocol details Add button Use to assign application protocols to Category for blocking.
Select application protocol you want to include in a Category. Cyberoam gives access to the Category based on the Schedule.
Cyberoam User Guide
214
Allows to add application protocol(s) to Category Click to add Refer to Add Custom Application Protocol details for more details
Update button Saves Application Protocol Category Cancel button Cancels the current operation and returns to View Custom
Application Protocol Category page Table – Create Custom Application Category screen elements
Note Custom category name cannot be same as default category name.
Add Custom Application Protocol Details
Screen – Add Custom Application Protocol Category details
Screen Elements Description
Custom Application Protocol details Application Select Application Protocols that are to be grouped in the
Category. Custom and Default both can be grouped in a single Application Protocol Category
Destination IP Address
Specify destination IP Address
Add button Groups the application protocols in the Category Cancel button Cancels the current operation
Table – Add Custom Application Protocol Category details
Cyberoam User Guide
215
Manage Custom Application Protocol Category
Use to modify: 1. Description 2. Add Application Protocol details 3. Delete Application Protocol details
Select Categories Application Protocol Category Manage Custom to view the list of custom Application Protocol Categories. Click Application Protocol Category to be modified.
Screen – Manage Custom Application Protocol Category
Screen Elements Description
Update Custom Application Protocol Category Name Displays name of Application Protocol Category, modify if necessary Description Displays description of the Category Application Protocol Details Add button Allows to add Application Protocol(s) to Category
Click to add Refer to Add Custom Application Protocols for details
Delete button Allows to remove Application Protocol(s) from Category Click to remove Refer to Delete Custom Application Protocol for details
Update button Modifies and saves the updated details Click to Update
Cancel button Cancels the current operation and returns to the Manage Custom Application Protocol Category page
Table – Manage Custom Application Protocol Category screen elements
Cyberoam User Guide
216
Delete Custom Application Protocol Category details
Screen – Delete Application Protocol Category details
Screen Elements Description
Del Click Application Protocol(s) required to be deleted
Select All button Allows to select all Application Protocol(s) for deletion Click Select All to select all Application Protocol(s)
Delete button Delete(s) Application Protocol(s)
Click to delete Table – Delete Application Protocol Category screen elements
Cyberoam User Guide
217
Delete Custom Application Protocol Category
Prerequisite • Not attached to any Policy
Select Categories Application Protocol Category Manage Custom to view the list of Application Protocol Categories created
Screen - Delete Custom Application Protocol Category
Screen Elements Description
Del Select Category to be deleted More than one Category can be selected Click to select
Select All Allows to select all the Categories for deletion Click to select
Delete button Deletes all the selected Categories Click to delete
Table - Delete Custom Application Protocol Category screen elements
Cyberoam User Guide
218
Access Control Use Local ACLs to limit the Administrative access to the following Cyberoam services from LAN/WAN/DMZ: • Admin Services • Authentication Services • Proxy Services • Network Services
Default Access Control configuration When Cyberoam is connected and powered up for the first time, it will have a default Access configuration as specified below:
Admin Services HTTPS (TCP port 443) and SSH (TCP port 22) services will be open for administrative functions for LAN zone Authentication Services Cyberoam (UDP port 6060) and HTTP Authentication (TCP port 8090) will be open for User Authentication Services for LAN zone. User Authentication Services are not required for any of the Administrative functions but required to apply user based internet surfing, bandwidth and data transfer restrictions.
Customize Access Control configuration Use access control to limit the access to Cyberoam for administrative purposes from the specific authenticated/trusted networks only. You can also limit access to administrative services within the specific authenticated/trusted network. Select Firewall Local ACL
Screen – Access Configuration
Screen Elements Description
Cyberoam User Guide
219
Admin Services Enable/disable access to Cyberoam using following service from the specified zone and network:
• HTTP • HTTPS • Telnet
Authentication Services Enable/disable following service from the specified zone and network:
• Cyberoam • HTTP
Proxy Services Enable/disable HTTP service from the specified zone and network Network Services Enable/disable following service from the specified zone and network:
• DNS • ICMP
Update button Saves configuration Add button Allows to add the trusted networks from which the above
specified services will be allowed/disallowed Click Add to add network details Specify Network IP address and Zone Click Add
Table – Access Configuration screen elements
Cyberoam User Guide
220
Product Licensing & Updates
Product Version information
Check which version of the Cyberoam is installed on your computer, and determine the appliance key. Click Cyberoam icon (on the rightmost corner of the screen) to get the information.
Screen – About Cyberoam
Cyberoam User Guide
221
Upgrade Cyberoam
Cyberoam provides two types of upgrades: • Automatic – Correction to any critical software errors, performance improvement or changes in
system behavior leads to automatic upgrade of Cyberoam without manual intervention or notification.
• Manual – Manual upgrades requires human intervention.
Automatic Upgrade
By default, AutoUpgrade mode is ON. It is possible to disable the automatic upgrades. Follow the procedure to disable the AutoUpgrade mode:
1. Log on to Telnet Console 2. Go to option 4 Cyberoam Console
3. At the prompt, type the command, cyberoam autoupgrade off
Manual Upgrade
Step 1. Check for Upgrades
Press F10 to go to Dashboard from any of the screens. Under the Installation Information section, click Check for Upgrades
Cyberoam User Guide
222
Page displays the list of available upgrades and the upgrade details like release date and size. Order specifies the sequence in which Cyberoam should be upgraded.
Step 2. Download Upgrade
Click Download against the version to be downloaded and follow the on screen instructions to save the upgrade file.
Step 3. Upload downloaded version to Cyberoam
Select Help Upload Upgrade Type the file name with full path or select using ‘Browse’ and click Upload
Cyberoam User Guide
223
Screen - Upload Upgrade version
Step 4. Upgrade
Once the upgrade file is uploaded successfully, log on to Console to upgrade the version. Log on to Cyberoam Telnet Console. Type ‘6’ to upgrade from the Main menu and follow the on-screen instructions. Successful message will displayed if upgraded successfully.
Repeat above steps if more than one upgrade is available. If more than one upgrade is available, please upgrade in the same sequence as displayed on the Available Upgrades page.
Cyberoam User Guide
224
Licensing
You need a customer account to • register your Cyberoam appliance • avail 8 X 5 support • register subscription modules • subscribe for free 30-days Trial subscription
Select Help Licensing to view the list of subscription modules. Screen shows licensing status of Appliances and subscription modules along with the subscription expiry date if subscribed.
Screen – Licensing
Status - ‘Registered’ – Appliance registered Status - ‘Unregistered’ – Appliance not registered Status - ‘Subscribed’ - Module subscribed Status - ‘Unsubscribed’ - Module not subscribed Status - ‘Trial’ - Trial subscription Status - ‘Expired’ - Subscription expired
Cyberoam User Guide
225
Create Customer account and register appliance
Select Help Licensing and click Register against your appliance name.
You need to create a customer account to register appliance. If you have already created an account, type your username and password to register appliance and click register
Cyberoam User Guide
226
If you have not created account, fill in the form to create your customer account and register appliance.
Screen – Registration
Screen Elements Description
Appliance Registration form Appliance key Displays Appliance key Appliance Model No. Displays Appliance model number Email ID Specify email ID
Account will be created with this id and will be username for customer my account.
Password Specify password for your account and retype to confirm. Remember to choose a password that is easy for you to remember but hard for others to guess.
Company name Specify company name under whose name appliance is to be registered Cannot be modified
Contact person Specify name of the contact person in the company Address, City, State, Country, Zip, Phone, Fax
Specify complete address of the company
Cyberoam User Guide
227
Secret Question and Answer
Question and answer related to your password This question will be mailed to the customer in case he forgets his password. If customer’s reply to the question matches the answer, new password will be mailed at his email id.
External Proxy Server Information Configure for proxy server if HTTP Proxy Server is used to connect to Web Proxy Server Specify HTTP proxy server setting (name or IP address) to
connect to Cyberoam registration server Proxy Port Specify port number if proxy server is running on the port than
other than the default port (80) Username and Password
Specify username and password to be used to log on to proxy server (if configured)
Register button This process will create user account and register the appliance Table - Registration screen elements
Subscribe Add-on Modules
Cyberoam includes following add-on modules, which are not included in basic package: • Intrusion Detection and Prevention • Gateway Anti Virus • Gateway Anti Spam • Web and Application Filter
Customer has to procure a different license and subscribe for using any of the add-on modules. You can also subscribe for the 30-days free Trial subscription of any of the add-on modules.
Prerequisite • Account created • Appliance registered
Select Help Licensing and click Subscribe against the module to be subscribed.
Cyberoam User Guide
228
Screen – Subscribe Add-on Module
Screen – Subscribe Trial Add-on Module
Screen Elements Description
Subscribe Appliance key Displays Appliance key Appliance Model No. Displays Appliance model number Module Displays module name to be subscribed Registered Email ID and Password
Specify email ID and password of your registered account
Subscription Key (Only if you have purchased the module)
Specify subscription key of the module obtained from Sales person
External Proxy Server Information Configure for proxy server if HTTP Proxy Server is used to connect to Web Proxy Server Specify HTTP proxy server setting (name or IP address) to
connect to Cyberoam registration server Proxy Port Specify port number if proxy server is running on the port than
other than the default port (80) Username and Password
Specify username and password to be used to log on to proxy server (if configured)
Subscribe/Trial button Registers the specified module Table – Subscribe Add-on Module
Cyberoam User Guide
229
Download
Clients
Cyberoam Client supports Users using following platforms: Windows Enables Users using Windows Operating System to log-on to Cyberoam Server Linux Enables Users using Linux Operating System to log-on to Cyberoam server HTTP Enables Users using any other Operating System than Windows & Linux to log-on to Cyberoam Server Single Sign on Client Enables Windows-migrated Users to log on to Cyberoam using Windows Username and password. Single Sign on Client Auto Setup Download the setup. Depending on the requirement, download the Cyberoam Client. Select Help Downloads to download Cyberoam Client
Screen – Download Clients
Cyberoam User Guide
230
Documentation
Select Help Guides to download various guides
Screen – Download Cyberoam Guides
Cyberoam User Guide
231
Appendix A – Audit Log Audit logs are an important part of any secure system that provides an invaluable view into the current and past state of almost any type of complex system, and they need to be carefully designed in order to give a faithful representation of system activity. Cyberoam Audit log can identify what action was taken by whom and when. The existence of such logs can be used to enforce correct user behavior, by holding users accountable for their actions as recorded in the audit log. An audit log is the simplest, yet also one of the most effective forms of tracking temporal information. The idea is that any time something significant happens you write some record indicating what happened and when it happened. Audit logs can be accessed in two ways:
1. Log on to Cyberoam Web Admin Console and click Reports to open the reports page in a new window
Screen - Reports
2. Log on to Reports, click on the Reports link to open the reports login page in a new window
Screen – Reports Login
Cyberoam User Guide
232
Viewing Log details Tailor the report by setting filters on data by arbitrary date range. Use the Calendar to select the date range of the report.
Screen – Audit Log report
Screen – Sample Audit Log Report
Cyberoam User Guide
233
Audit Log Components Entity – Cyberoam Component through which the event was generated/Audit Resource Type Entity Name – Unique Identifier of Entity Action – Operation requested by entity/Audit Action Action By – User who initiated the action/Accessor name Action Status – Action result/Audit Outcome
Entity Entity Name Action Action By Action Status Message IP
Address Explanation
Report GUI Login <username> Successful - <IP address>
Login attempt to Report GUI by User <username> was successful
Report GUI Login <username> Failed Wrong username or password
<IP address>
Login attempt to Report GUI by User <username> was not successful because of wrong username and password
Management GUI
Login <username> Successful - <IP address>
Login attempt to Management GUI by User <username> was successful
Management GUI
Login <username> Failed User not found <IP address>
Login attempt to Management GUI by User <username> was not successful because system did not find the User <username>
Management GUI
Login <username> Failed User has no previllege of Administration
<IP address>
Login attempt to Management GUI by User <username> was not successful as user does not have administrative privileges
Configuration Wizard
Started <username> Successful - <IP address>
User <username>’s request to start Configuration Wizard was successful
Configuration Wizard
Finished <username> Successful - <IP address>
User <username>’s request to close Configuration Wizard was successful
System Started <username> Successful Cyberoam-System Started
<IP address>
Cyberoam was successfully started by the User <username>
SSh authentication <username> Successful User admin, coming from 192.168.1.241, authenticated.
<IP address>
<username> trying to log on from <ip address> using SSH client was successfully authenticated
SSh authentication <username> Failed Login Attempt failed from 192.168.1.241 by user root
<IP address>
Authentication of <username> trying to log on from <ip address> using SSH client was not successful
SSh authentication <username> Failed Password authentication failed. Login to account hello not allowed or account non-existent
<IP address>
Log on to account <username> using SSH client was not successful
telnet authentication <username> Successful Login <IP Remote Login attempt
Cyberoam User Guide
234
Successful address> through Telnet by User <username> was successful
telnet authentication <username> Failed Authentication Failure
<IP address>
Authentication of <username> trying to log on remotely through Telnet was not successful
console authentication <username> Successful Login Successful
ttyS0 Login attempt to Console using Console Interface via remote login utility by User <username> was successful
console authentication <username> Successful Login Successful
tty1 Login attempt to Console via direct Console connection by User <username> was successful
console authentication <username> Failed Authentication Failure
<IP address>
Login attempt to Console by User <username> was not successful
Firewall Started System Successful - <IP address>
Firewall subsystem started successfully without any error
Firewall Rule <firewall rule id> e.g. 7
Create <username> Successful - <IP address>
Firewall rule <firewall rule id> was created successfully by user <username>
Firewall Rule <firewall rule id> e.g. 6
Update <username> Successful - <IP address>
Firewall rule <firewall rule id> was updated successfully by user <username>
Firewall Rule <firewall rule id> e.g. 21
Update System Successful - <IP address>
Firewall rule <firewall rule id> was updated successfully by user <username>
Firewall Rule <firewall rule id> e.g. 10
Delete System Successful - <IP address>
Firewall rule <firewall rule id> was deleted successfully by user <username>
Host N/A Delete <username> Failed - <IP address>
Request to delete Host by user <username> was not successful
Host <host name> e.g. 192.168.1.68, #Port D
Delete <username> Successful - <IP address>
Host <host name> was deleted successfully by user <username>
Host <host name> e.g. 192.168.1.66, #Port D
Insert <username> Successful - <IP address>
Host <host name> was added successfully by user <username>
HostGroup <host group name> e.g. mkt group
Delete <username> Successful - <IP address>
Host Group <host group name> was deleted successfully by user <username>
HostGroup <host group name> e.g. sys group
Update <username> Successful - <IP address>
Host Group <host group name> was updated successfully by user <username>
HostGroup <host group name> e.g. Trainee
Insert <username> Successful - <IP address>
Host Group <host group name> was updated successfully by user <username>
Service <service name> e.g. vypress chat
Delete <username> Successful - <IP address>
Service <service name> was deleted successfully by user <username>
Cyberoam User Guide
235
Service <service name> e.g. vypress chat
Update <username> Successful - <IP address>
Service <service name> was updated successfully by user <username>
Service <service name > e.g. vypress chat
Insert <username> Successful - <IP address>
Service <service name> was inserted successfully by user <username>
ServiceGroup <service group name > e.g. Intranet chat
Insert <username> Successful - <IP address>
Service group <service group name > was inserted successfully by user <username>
ServiceGroup <service group name > e.g. Intranet chat
Update <username> Successful - <IP address>
Service group <service group name > was updated successfully by user <username>
ServiceGroup <service group name > e.g. Intranet chat
Delete <username> Successful - <IP address>
Service group <service group name > was deleted successfully by
SNAT Policy <policy name>
Insert <username> Successful - <IP address>
SNAT policy <policy name> was inserted successfully by user <username>
SNAT Policy <policy name>
Update <username> Successful - <IP address>
SNAT policy <policy name> was updated successfully by user <username>
SNAT Policy <policy name>
Delete <username> Successful - <IP address>
SNAT policy <policy name> was deleted successfully by user <username>
DNAT Policy <policy name>
Insert <username> Successful - <IP address>
DNAT policy <policy name> was inserted successfully by user <username>
DNAT Policy <policy name>
Update <username> Successful - <IP address>
DNAT policy <policy name> was updated successfully by user <username>
DNAT Policy <policy name>
Delete <username> Successful - <IP address>
DNAT policy <policy name> was deleted successfully by user <username>
Schedule <schedule name>
Insert <username> Successful - <IP address>
Schedule <schedule name> was inserted successfully by user <username>
Schedule <schedule name>
Update <username> Successful - <IP address>
Schedule <schedule name> was updated successfully by user <username>
Schedule <schedule name>
Delete <username> Successful - <IP address>
Schedule <schedule name> was deleted successfully by user <username>
Schedule Detail
<schedule name>
Insert <username> Successful - <IP address>
Schedule details to Schedule <schedule name> was inserted successfully by user <username>
Local ACLs Local ACLs Update <username> Successful - <IP address>
Local ACL was updated successfully by user <username>
DoS Bypass DoS Bypass Delete <username> Successful - <IP address>
DoS Bypass rule deleted successfully
Cyberoam User Guide
236
by <username> DoS Bypass DoS Bypass Insert <username> Successful - <IP
address> DoS Bypass rule inserted successfully by user <username>
DoS Settings DoS Settings Update <username> Successful - <IP address>
DoS settings updated successfully by user <username>
Online Registraion
Register <username> Successful - <IP address>
User <username> successfully registered Appliance/Subscription module(s) through Online Registration
Upload Version
Upload Version
<username> Successful - <IP address>
User <username> successfully uploaded the version
Date Update <username> Successful System time changed from 2006-06-19 23:15:50 IST to 2006-07-19 23:15:03 IST
<IP address>
Request to update the Date from Console by User <username> was successful
Apart from the tabular format, Cyberoam allows to view the log details in:
• Printable format Click to open a new window and display the report in the printer friendly format. Report can be printed from File -> Print.
• Export as CSV (Comma Separated Value) Click to export and save the report in CSV format. Report can be very easily exported to MS Excel and all the Excel functionalities can be used to analyze the data.
Cyberoam User Guide
237
Appendix B – Network Traffic Log Fields Cyberoam provides extensive logging capabilities for traffic, system and network protection functions. Detailed log information and reports provide historical as well as current analysis of network activity to help identify security issues and reduce network misuse and abuse. Cyberoam provides following logs: • DoS Attack Log • Invalid Traffic Log • Firewall Rule Log • Local ACL Log • Dropped ICMP Redirected Packet Log • Dropped Source Routed Packet Log
By default, only the firewall rule logging will be ON i.e. only traffic allowed/denied by the firewall will be logged. Refer to Cyberoam Console Guide on how to enable/disable logging.
SR. No. DATA FIELDS TYPE DESCRIPTION
1. Date date Date (yyyy-mm-dd) when the event occurred For the allowed traffic - the date on which connection was started on Cyberoam For the dropped traffic - the date when the packet was dropped by Cyberoam
2. Time time Time (hh:mm:ss) when the event occurred For the allowed traffic - the tome when the connection was started on Cyberoam For the dropped traffic - the time when the packet was dropped by Cyberoam
3. Device Name String Model Number of the Cyberoam Appliance 4. Device Id String Unique Identifier of the Cyberoam Appliance 5. Log Id string Unique 7 characters code (c1c2c3c4c5c6c7) e.g. 0101011,
0102011 c1c2 represents Log Type e.g. 01 c3c4 represents Log Component e.g. Firewall, local ACL c5c6 represents Log Sub Type e.g. allow, violation c7 represents Priority e.g. 1
4. Log Type string Section of the system where event occurred e.g. Traffic for traffic logging. Possible values: 01 – Traffic - Entire traffic intended for Cyberoam
5. Log Component string Component responsible for logging Possible values: 01 - Firewall rule
Cyberoam User Guide
238
Event due to any traffic allowed or dropped based on the firewall rule created 02 - Local ACL Event due to any traffic allowed or dropped based on the local ACL configuration or all other traffic intended for the firewall 03 - DoS Attack Event due to any packets dropped based on the dos attack settings i.e. Dropped tcp, udp and icmp packets. 04 - Invalid traffic Event due to any traffic dropped which does not follow the protocol standards, invalid fragmented traffic and traffic whose packets Cyberoam is not able to relate to any connection. Refer to Invalid traffic list for more details. 05 - Invalid Fragmented traffic Event when any invalid fragmented traffic is dropped. Refer to Invalid Fragmented traffic list for more details. 06 - ICMP redirect Event due to any ICMP Redirected packets dropped based on the DoS attack setting 07 - Source routed packet Event due to any source routed packets dropped based on the DoS attack setting
6. Log Sub Type string Decision taken on traffic Possible values: 01 – Allowed Traffic permitted to and through Cyberoam based on the firewall rule settings 02 – Violation Traffic dropped based on the firewall rule settings, local ACL settings, DOS settings or due to invalid traffic.
7. Status string Ultimate state of traffic (accept/deny) 8. Priority string Severity level of traffic
Possible values: 01 – Notice
9. Duration integer Durability of traffic 10. Firewall Rule ID integer Firewall rule id of traffic 11. User string User Id 12. User Group string Group Id of user 13. IAP integer Internet Access policy Id applied for traffic 14. In Interface string Interface for incoming traffic e.g. eth0
Blank for outgoing traffic
15. Out Interface string Interface for outgoing traffic e.g. eth1 Blank for incoming traffic
16. Source IP string Source IP address of traffic 17. Destination IP string Destination IP address of traffic 18. Protocol integer Protocol number of traffic 19. Source Port integer Source Port of TCP and UDP traffic
Cyberoam User Guide
239
20. Destination Port integer Destination Port of TCP and UDP traffic 21. ICMP Type integer ICMP type of ICMP traffic 22. ICMP Code integer ICMP code of ICMP traffic 23. Sent Packets integer Total number of packets sent 24. Received
Packets integer Total number of packets received
25. Sent Bytes integer Total number of bytes sent 26. Received Bytes integer Total number of bytes received 27. Translated
Source IP integer Translated Source IP address – if Cyberoam is deployed as
Gateway "N/A" - if Cyberoam is deployed as Bridge
28. Translated Source Port
integer Translated Source port – if Cyberoam is deployed as Gateway "N/A" - if Cyberoam is deployed as Bridge
29. Translated Destination IP
integer Translated Destination IP address – if Cyberoam is deployed as Gateway "N/A" - if Cyberoam is deployed as Bridge
30. Translated Destination Port
integer Translated Destination port – if Cyberoam is deployed as Gateway "N/A" - if Cyberoam is deployed as Bridge
Invalid traffic Cyberoam will define following traffic as Invalid traffic: • Short IP Packet • IP Packets with bad IP checksum • IP Packets with invalid header and/or data length • Truncated/malformed IP packet • Packets of Ftp-bounce Attack • Short ICMP packet • ICMP packets with bad ICMP checksum • ICMP packets with wrong ICMP type/code • Short UDP packet • Truncated/malformed UDP packet • UDP Packets with bad UDP checksum • Short TCP packet • Truncated/malformed TCP packet • TCP Packets with bad TCP checksum • TCP Packets with invalid flag combination • Cyberoam TCP connection subsystem not able to relate TCP Packets to any connection
If Strict Internet Access Policy is applied then Cyberoam will define following traffic also as Invalid traffic: • UDP Packets with Destination Port 0 • TCP Packets with Source Port and/or Destination Port 0 • Land Attack • Winnuke Attack • TCP Syn Packets contains Data • IP Packet with Protocol Number 0
Cyberoam User Guide
240
• IP Packet with TTL Value 0 Invalid Fragmented traffic Cyberoam will define following traffic as Invalid Fragmented traffic: • Fragment Queue out of memory while reassembling IP fragments • Fragment Queue Timeout while reassembling IP fragments • Fragment too far ahead while reassembling IP fragments • Oversized IP Packet while reassembling IP fragments • Fragmentation failure while creating fragments
Cyberoam User Guide
241
Appendix C – Web Categories The list includes all categories with a short description of each category. Visit www.cyberoam.com for latest updates
Category Name Type Description ActiveX Non Working Includes all ActiveX applications AdultContent UnHealthy Adult sites not falling in "Porn, Nudity, Swimwear &
Lingerie, Sex Education, and Sexual Health & Medicines" will be included in "Adult Content" and which may contain material not suitable to be viewed for audience under 18
Advertisements Non Working Sites providing advertising graphics or other pop ad content files
AlcoholandTobacco Non Working Sites providing information about, promote, or support the sale of alcoholic beverages or tobacco products or associated paraphernalia
ALLWebTraffic Neutral Any HTTP Traffic Applets Non Working All web pages containing Applets ArtsAndHistory Non Working Sites primarily exhibiting artistic techniques like creative
painting, sculpture, poetry, dance, crafts, Literature, and Drama. Sites that narrate historical details about countries/places; events that changed the course of history forever; sites providing details and events of all wars i.e. World Wars, Civil Wars, and important persons of world historical importance
Astrology Non Working Sites showing predictions about Sun signs and into various subjects like Education & Career, Love Relationships, etc.
BusinessAndEconomy
Neutral Sites sponsored by or devoted to business firms, business associations, sites providing details for all types of industrial sector like Chemicals, Machinery, Factory Automation, Cable and Wire, sites providing information about couriers and logistics, and Non-Alcoholic Soft drinks and Beverages
Chat Non Working Sites hosting Web Chat services or providing support or information about chat via HTTP or IRC
CommercialBanks Neutral Commercial Banks Category includes all Banking Sites i.e. International / National Public or Private Sector Banks providing a wide range of services such as all types of Accounts and Cards, Fixed Deposits, and Loans
Communication Neutral Sites offering telephone, wireless, long distance, and paging services. It also includes sites providing details about Mobile communications / cellular communications
ComputerSecurityAndHacking
Productive Sites providing information about hacking, computer security, sites providing Anti-Virus solutions, including sites providing information about or promote illegal or questionable access to or use of computer or communication equipment, software, or databases
Cookies Non Working Includes all cookie based web pages Cricket Non Working Sites providing Live Scores of cricket matches, Debates
on Cricketers, Top 10 Cricketers, Cricket News, and forthcoming Cricket matches. Cricket Category is differentiated from Sports Category and solely devoted
Cyberoam User Guide
242
to Cricket activities CrimeAndSuicide UnHealthy Advocating, instructing, or giving advice on performing
illegal acts such as phone, service theft, evading law enforcement, lock-picking, burglary techniques and suicide
CulturalInstitutions Neutral Sites sponsored by museums, galleries, theatres , libraries, and similar institutions; also, sites whose purpose is the display of artworks
DatingAndMatrimonials
Non Working Sites assisting users in establishing interpersonal relationships, friendship, excluding those of exclusively gay, or lesbian or bisexual interest and Matrimonial Sites providing photos and details of individuals seeking life partners
DownloadFreewareAndShareware
UnHealthy Sites whose primary purpose is providing freeware and shareware downloads of application, software, tools, screensavers, wallpapers, and drivers
Drugs UnHealthy Sites providing information about the cultivation, preparation, or use of prohibited drugs
EducationalInstitions
Productive Sites sponsored by schools, colleges, institutes, online education and other educational facilities, by non-academic research institutions or that relate to educational events and activities
EducationAndReferenceMaterial
Productive Sites offering books, reference-shelf content such as atlases, dictionaries, encyclopedias, formularies, white and yellow pages, and public statistical data
Electronics Neutral Sites providing information on manufacturing of electronics and electrical equipments, gadgets, instruments like air conditioners, Semi conductors, Television, Storage Devices, LCD Projectors, Home Appliances, and Power Systems etc.
Entertainment Non Working Sites providing entertainment sources for Movies, Celebrities, Theatres, about or promote motion pictures, non-news radio and television, humor, Comics, Kids and Teen amusement, Jokes, and magazines
Finance Non Working Sites providing information on Money matters, investment, a wide range of financial services, economics and accounting related sites and sites of National & International Insurance companies providing details for all types of Insurances & Policies
Gambling UnHealthy Sites providing information about or promote gambling or support online gambling, involving a risk of losing money
Games Non Working Sites providing information about or promote electronic games, video games, computer games, role-playing games, or online games
Government Neutral Sites sponsored by countries, government, branches, bureaus, or agencies of any level of government including defence. Government associated Sites providing comprehensive details on Tax related issues excluding Government sites providing Visa and Immigration services
HealthAndMedicines
Productive Sites providing information or advice on personal health and fitness. Sites of pharmaceutical companies and sites providing information about Medicines
HobbiesAndRecreation
Non Working Sites providing information about or promote private and largely sedentary pastimes, but not electronic, video, or online games. Homelife and family-related topics, including parenting tips, gay/lesbian/bisexual (non-
Cyberoam User Guide
243
pornographic sites), weddings, births, and funerals Foreign cultures, socio-cultural information
HTTPUpload Non Working HTTP Upload Restriction HumanRightsandLiberty
Neutral Sites advocating sand protecting Human Rights and Liberty to prevent discrimination and protect people from inhumane
ImageBanks Non Working Image Banks InformationTechnology
Productive Sites sponsoring or providing information about computers, software applications, database, operating system. Including sites providing information of hardware, peripherals, and services. Sites offering design, flash, graphics, multimedia, and web site designing tutorials, tools, advice and services
InstantMessages Non Working Sites enabling instant messaging IPAddress Neutral ISPWebHosting Neutral Sites enabling users to make telephone, lease line,
ISDN, Cable, V-SAT connections via Internet or obtaining information for that purpose. Sites providing hosting services, or top-level domain pages of Web communities
JobsSearch UnHealthy Sites offering information about or support the seeking of employment or employees
Kids Neutral Sites designed specifically for kids MilitancyAndExtremist
UnHealthy Sites offering information about groups advocating antigovernment beliefs or action
Music Non Working Sites providing songs and music and supporting downloads of MP3 or other sound files or that serve as directories of such sites
NatureAndWildLife Non Working Sites providing information about Nature, explorations, discoveries, wild life, animals, birds, protecting endangered species, habitats, Animal sanctuaries, etc.
NewsAndMedia Neutral Sites offering current news and opinions, including those sponsored by newspapers, general-circulation magazines or other media. It also includes sites of advertising agencies and sites providing details of weather forecast
None Neutral Uncategorized Traffic Nudity UnHealthy Sites depicting nude or seminude human forms, singly
or in groups, not overtly sexual in intent or effect. It includes Nude images of film stars, models, nude art and photography
PersonalAndBisographySites
Non Working Includes personal sites of individuals and biographical sites of ordinary or famous personalities
PhishingAndFraud UnHealthy Sites gathering personal information (such as name, address, credit card number, school, or personal schedules) that may be used for malicious intent
PhotGallaries Non Working Sites providing photos of celebrities, models, and well-known personalities Such sites may also contain profiles or additional elements as long as the primary focus is on multi-celebrity photographs
PoliticalOrganizations
Neutral Sites sponsored by or providing information about political parties and interest groups focused on elections or legislation
Porn UnHealthy Sites depicting or graphically describing sexual acts or activity, including exhibitionism and sites offering direct links to such sites. Sites providing information or catering Gay, Lesbian, or Bisexual images and lifestyles
Cyberoam User Guide
244
are also included in this category Portals Non Working Portals include web sites or online services providing a
broad array of resources and services such as search engines, free email, shopping, news, and other features
PropertyAndRealEstate
Neutral Sites providing information about renting, buying, selling, or financing residential, real estate, plots, etc.
Science Productive Sites providing news, research projects, ideas, information of topics pertaining to physics, chemistry, biology, cosmology, archeology, geography, and astronomy
SearchEngines Neutral Sites supporting searching the Web, groups, or indices or directories thereof
SeXHealthAndEducation
Neutral Sites providing information regarding Sexual Education and Sexual Health and sites providing Medicines to cure and overcome Sex related problems and difficulties, with no pornographic intent
SharesAndStockMarket
Non Working Sites providing charting, market commentary, forums, prices, and discussion of Shares and Stock Market. It also includes sites dealing in online share trading and sites of stockbrokers
Shopping Non Working Sites supporting Online purchases of consumer goods and services except: sexual materials, lingerie, swimwear, investments, medications, educational materials, computer software or hardware. Also Sites of Showrooms, Stores providing shopping of consumer products
Spirituality Non Working Sites featuring articles on healing solutions in wellness, personal growth, relationship, workplace, prayer, articles on God, Society, Religion, and ethics
Sports Non Working Sites providing any information about or promoting sports, active games, and recreation. All types of Sites providing information about Sports except Cricket
SpywareAndP2P UnHealthy Sites or pages that download software that, without the user's knowledge, generates http traffic (other than simple user identification and validation) and Sites providing client software to enable peer-to-peer file sharing and transfer
SwimwareAndLingerie
Non Working Sites showing images of models and magazines offering lingerie/swimwear but not Nude or sexual images. It also includes Arts pertaining Adult images and shopping of lingerie
TravelFoodAndImmigration
Non Working Sites providing information about traveling i.e. Airlines and Railway sites. Sites providing details about Hotels, Restaurants, Resorts, and information about worth seeing places. Sites that list, review, advertise, or promote food, dining, or catering services. Sites providing Visa, Immigration, Work Permit and Holiday & Work Visa details, procedures and services
URLTranslationSites
UnHealthy Sites offering Online translation of URLs. These sites access the URL to be translated in a way that bypasses the proxy server, potentially allowing unauthorized access
Vehicles Non Working Sites providing information regarding manufacturing and shopping of vehicles and their parts
Violence UnHealthy Sites featuring or promoting violence or bodily harm, including self-inflicted harm; or that gratuitously displaying images of death, gore, or injury; or featuring images or descriptions that are grotesque or frightening
Cyberoam User Guide
245
and of no redeeming value. These do not include news, historical, or press incidents that may include the above criteria
Weapons UnHealthy Sites providing information about, promote, or support the sale of weapons and related items
WebBasedEmail Non Working Sites providing Web based E-mail services or information regarding email services
Cyberoam User Guide
246
Appendix D – Services
Service Name Details All Services All Services Cyberoam UDP (1024:65535) / (6060) AH IP Protocol No 51 (IPv6-Auth) AOL TCP (1:65535) / (5190:5194) BGP TCP (1:65535) / (179) DHCP UDP (1:65535) / (67:68) DNS TCP (1:65535) / (53), UDP (1:65535) / (53) ESP IP Protocol No 50 (IPv6-Crypt) FINGER TCP (1:65535) / (79) FTP TCP (1:65535) / (21) FTP_GET TCP (1:65535) / (21) FTP_PUT TCP (1:65535) / (21) GOPHER TCP (1:65535) / (70) GRE IP Protocol No 47 H323 TCP (1:65535) / (1720), TCP (1:65535) / (1503), UDP (1:65535) /
(1719) HTTP TCP (1:65535) / (80) HTTPS TCP (1:65535) / (443) ICMP_ANY ICMP any / any IKE UDP (1:65535) / (500), UDP (1:65535) / (4500) IMAP TCP (1:65535) / (143) INFO_ADDRESS ICMP 17 / any INFO_REQUEST ICMP 15 / any IRC TCP (1:65535) / (6660:6669) Internet-Locator-Service
TCP (1:65535) / (389)
L2TP TCP (1:65535) / (1701), UDP (1:65535) / (1701) LDAP TCP (1:65535) / (389) NFS TCP (1:65535) / (111), TCP (1:65535) / (2049), UDP (1:65535) /
(111), UDP (1:65535) / (2049) NNTP TCP (1:65535) / (119) NTP TCP (1:65535) / (123), UDP (1:65535) / (123) NetMeeting TCP (1:65535) / (1720) OSPF IP Protocol No 89 (OSPFIGP) PC-Anywhere TCP (1:65535) / (5631), UDP (1:65535) / (5632) PING ICMP 8 / any POP3 TCP (1:65535) / (110), UDP (1:65535) / (110) PPTP IP Protocol No 47, TCP (1:65535) / (1723) QUAKE UDP (1:65535) / (26000), UDP (1:65535) / (27000), UDP (1:65535)
/ (27910), UDP (1:65535) / (27960) RAUDIO UDP (1:65535) / (7070) RIP UDP (1:65535) / (520) RLOGIN TCP (1:65535) / (513) SAMBA TCP (1:65535) / (139) SIP UDP (1:65535) / (5060) SIP-MSNmessenger TCP (1:65535) / (1863)
Cyberoam User Guide
247
SMTP TCP (1:65535) / (25) SNMP TCP (1:65535) / (161:162), UDP (1:65535) / (161:162) SSH TCP (1:65535) / (22), UDP (1:65535) / (22) SYSLOG UDP (1:65535) / (514) TALK TCP (1:65535) / (517:518) TCP TCP (1:65535) / (1:65535) TELNET TCP (1:65535) / (23) TFTP UDP (1:65535) / (69) TIMESTAMP ICMP 13 / any UDP UDP (1:65535) / (1:65535) UUCP TCP (1:65535) / (540) VDOLIVE TCP (1:65535) / (7000:7010) WAIS TCP (1:65535) / (210) WINFRAME TCP (1:65535) / (1494) X-WINDOWS TCP (1:65535) / (6000:6063)
Cyberoam User Guide
248
Appendix E – Application Protocols
Group Application Name Definition
Any All Services File Transfer FTP
File Transfer Protocol is a method to transfer files from one location to another, either on local disks or via the Internet
yahoofilexfer Yahoo Messenger file transfer File Transfer client
gnucleuslan Gnucleuslan P2P client
imesh IMESH P2P client File sharing Gnutella Gnutella is a system in which individuals can exchange files over the
Internet directly without going through a Web site. Gnutella is often used as a way to download music files from or share them with other Internet users
Kazaa A decentralized Internet peer-to-peer (P2P) file-sharing program directconnect peer-to-peer (P2P) file-sharing program Mail Protocol POP3 Transport protocol used for receiving emails. SMTP
A protocol for transferring email messages from one server to another.
IMAP A protocol for retrieving e-mail messages Chat ymsgr Yahoo Messenger msnmessenger MSN Messenger AOL Chat client indiatimes Chat client Media Player wmplayer Windows Media Player quickplayer Quick Time Player Voice over IP SIP (Session Initiation Protocol) Protocol for initiating an interactive user
session that involves multimedia elements such as video, voice, chat, gaming, and virtual reality. SIP works in the Application layer of the OSI communications model.
H323 A standard approved by the International Telecommunication Union (ITU) that defines how audiovisual conferencing data is transmitted across networks. It enables users to participate in the same conference even though they are using different videoconferencing applications.
RTSP
(Real Time Streaming Protocol) A standard for controlling streaming data over the World Wide Web
Printing IPP (Internet Printing Protocol) Protocol used for printing documents over the web. IPP defines basic handshaking and communication methods, but does not enforce the format of the print data stream.
Network DHCP
Protocol for assigning dynamic IP addresses to devices on a network
SNMP (Simple Network Management Protocol) Protocol for network management software. Defines methods for remotely managing active network components such as hubs, routers, and bridges
DNS An Internet service that translates domain names to or from IP addresses, which are the actual basis of addresses on the Internet.
RDP (Remote Desktop Protocol) Protocol that allows a Windows-based terminal (WBT) or other Windows-based client to communicate with a
Cyberoam User Guide
249
Windows XP Professional–based computer. RDP works across any TCP/IP connection
nbns NetBIOS Naming Service Remote logging
Telnet
Protocol for remote computing on the Internet. It allows a computer to act as a remote terminal on another machine, anywhere on the Internet
SSH
(Secure Socket Shell) Protocol used for secure access to a remote computer
HTTP Protocol for moving hypertext files across the Internet. SSL
(Secure Socket Layer) Protocol used for secure Internet communications.
ICMP (Internet Control Message Protocol) A message control and error-reporting protocol
Cyberoam User Guide
250
Menu wise Screen and Table Index
Screen - Console access ...........................................................................................................................................12 Screen - Console login screen.................................................................................................................................12 Screen - HTTP login screen ......................................................................................................................................13 Screen - HTTPS login .................................................................................................................................................14 Table - Login screen elements.................................................................................................................................15 Screen - Create Zone ..................................................................................................................................................20 Table – Create Zone ....................................................................................................................................................20 Screen – Cyberoam Authentication........................................................................................................................22 Table – Cyberoam Authentication screen elements ..........................................................................................22 Table - Create User - Decision matrix ....................................................................................................................23 Screen - Add User .......................................................................................................................................................24 Table - Add User screen elements ..........................................................................................................................26 Table - View Group details screen elements ........................................................................................................26 Table - Apply Login Node Restriction screen elements....................................................................................27 Screen - Add multiple Clientless users .................................................................................................................28 Table - Add multiple Clientless users screen elements ....................................................................................29 Screen - Add single Clientless user .......................................................................................................................30 Table - Create single Clientless user screen elements .....................................................................................31 Table - Select Node screen elements .....................................................................................................................31 Table - Group creation - Decision matrix ..............................................................................................................32 Screen - Create Group................................................................................................................................................33 Table - Create Group screen elements ..................................................................................................................35 Screen – Apply Login Node Restriction ................................................................................................................35 Table - Apply Login Node Restriction screen elements....................................................................................36 Screen - Create Firewall rule ....................................................................................................................................40 Table - Create Firewall rule screen elements .......................................................................................................44 Screen- Edit Firewall Rule .........................................................................................................................................46 Table – Edit Firewall Rule..........................................................................................................................................50 Screen – Default Screen Display of Manage Firewall Rules page ..................................................................52 Screen – Customized Screen Display of Manage Firewall Rules page .........................................................52 Screen - Delete Firewall rule.....................................................................................................................................53 Screen – Create Host Group.....................................................................................................................................54 Table – Create Host Group screen elements .......................................................................................................54 Screen – Remove Host from Host Group ..............................................................................................................55 Table – Remove Host from Host Group screen elements ................................................................................56
Cyberoam User Guide
251
Screen – Delete Host Group .....................................................................................................................................56 Table – Delete host Group screen elements ........................................................................................................56 Screen – Add Host ......................................................................................................................................................57 Table – Add Host screen elements .........................................................................................................................57 Screen – Delete host...................................................................................................................................................58 Table – Delete host screen elements .....................................................................................................................58 Screen - Create Logon Pool......................................................................................................................................59 Table - Add Logon Pool screen elements .............................................................................................................60 Screen – Application wise Live connections .......................................................................................................61 Table – Application wise Live connections screen elements..........................................................................62 Screen – User wise Live connections ....................................................................................................................65 Table – User wise Live connections screen elements.......................................................................................65 Screen –LAN IP Address wise Live connections ................................................................................................66 Table –LAN IP Address wise Live connection screen elements.....................................................................67 Screen – Today’s Connection History – Application wise................................................................................68 Table – Today’s Connection History – Application screen elements ............................................................69 Screen – Today’s Connection History – User wise ............................................................................................70 Table – Today’s Connection History – User wise screen elements ...............................................................71 Screen – Today’s Connection History – LAN IP Address wise .......................................................................72 Table – Today’s Connection History – LAN IP Address wise screen elements ..........................................73 Screen - Create Surfing Quota policy ....................................................................................................................75 Table - Create Surfing Quota policy screen elements .......................................................................................76 Screen - Update Surfing Quota policy ...................................................................................................................77 Table - Update Surfing Quota policy screen elements ......................................................................................78 Screen - Delete Surfing Quota policy .....................................................................................................................78 Table - Delete Surfing Quota policy screen elements........................................................................................78 Screen - Create Access Time policy.......................................................................................................................79 Table - Create Access Time policy screen elements .........................................................................................80 Screen - Update Access Time policy......................................................................................................................81 Table - Update Access Time policy screen elements ........................................................................................81 Screen - Delete Access Time policy .......................................................................................................................82 Table - Delete Access Time policy screen elements..........................................................................................82 Screen - Create Internet Access policy .................................................................................................................84 Table - Create Internet Access policy screen elements ....................................................................................85 Screen – Add Internet Access policy rule.............................................................................................................86 Table – Add Internet Access policy rule screen elements ...............................................................................87 Screen - Update Internet Access policy ................................................................................................................87 Table - Update Internet Access policy screen elements ...................................................................................88 Screen - Delete Internet Access policy rule .........................................................................................................88 Table - Delete Internet Access policy rule screen elements ............................................................................89
Cyberoam User Guide
252
Screen - Delete Internet Access policy..................................................................................................................89 Table - Delete Internet Access policy screen elements ....................................................................................90 Table - Implementation types for Strict - Bandwidth policy .............................................................................91 Table - Bandwidth usage for Strict - Bandwidth policy .....................................................................................91 Table - Implementation types for Committed - Bandwidth policy ..................................................................92 Table - Bandwidth usage for Committed - Bandwidth policy ..........................................................................92 Screen - Create Bandwidth policy...........................................................................................................................93 Table - Create Bandwidth policy - Common screen elements.........................................................................93 Screen - Create Logon Pool based Bandwidth policy .......................................................................................94 Table - Create Logon Pool based Bandwidth policy screen elements..........................................................94 Screen - Create User/IP based Strict Bandwidth policy ....................................................................................95 Table - Create User/IP based Strict Bandwidth policy screen elements.......................................................96 Screen - Create User/IP based Committed Bandwidth policy .........................................................................97 Table - Create User/IP based Committed Bandwidth policy screen elements ............................................98 Screen - Update Bandwidth policy .........................................................................................................................99 Table - Update Bandwidth policy Common screen elements ..........................................................................99 Screen - Update Logon Pool based Bandwidth policy ....................................................................................100 Table - Update Logon Pool based Bandwidth policy screen elements.......................................................100 Screen - Update User based Bandwidth policy .................................................................................................101 Table - Update User based Bandwidth policy screen elements....................................................................102 Screen – Assign Schedule to User based Strict Bandwidth policy..............................................................102 Table – Assign Schedule to User based Strict Bandwidth policy screen elements ................................103 Screen - Assign Schedule to User based Committed Bandwidth policy....................................................103 Table – Assign Schedule to User based Committed Bandwidth policy screen elements......................104 Screen - Remove Schedule from User based Bandwidth policy ..................................................................104 Table - Remove Schedule from User based Bandwidth policy screen elements .....................................104 Screen - Delete Bandwidth policy .........................................................................................................................105 Table - Delete Bandwidth policy screen elements............................................................................................105 Screen – Create Data transfer policy ...................................................................................................................106 Table – Create Data transfer policy screen elements ......................................................................................108 Screen – Update Data transfer policy screen.....................................................................................................108 Table – Update Data transfer policy screen elements .....................................................................................109 Screen – Delete Data transfer policy screen ......................................................................................................110 Table - Delete Data transfer policy screen element..........................................................................................110 Screen – Create SNAT policy .................................................................................................................................111 Table – Create SNAT policy screen elements ....................................................................................................111 Screen – Update SNAT policy ................................................................................................................................112 Table – Update SNAT policy screen elements...................................................................................................112 Screen – Delete SNAT policy..................................................................................................................................113 Table – Delete SNAT policy screen elements ....................................................................................................113
Cyberoam User Guide
253
Screen - Create DNAT policy ..................................................................................................................................114 Table - Create DNAT policy screen elements.....................................................................................................114 Screen – Edit DNAT policy ......................................................................................................................................115 Table – Edit DNAT policy screen elements ........................................................................................................116 Screen – Delete DNAT policy .................................................................................................................................116 Table – Delete DNAT policy screen elements ....................................................................................................116 Screen – Edit Zone ....................................................................................................................................................117 Table – Edit Zone.......................................................................................................................................................118 Screen – Delete Zone................................................................................................................................................118 Table – Delete Zone ..................................................................................................................................................118 Screen - Manage Group ...........................................................................................................................................119 Table - Manage Group screen elements..............................................................................................................121 Screen – Add Group Member .................................................................................................................................121 Table – Add Group Member screen elements....................................................................................................121 Table - Need to Update group ................................................................................................................................122 Screen - Show Group Members.............................................................................................................................122 Table - Show Group Members screen elements ...............................................................................................122 Screen - Change Login Restriction.......................................................................................................................123 Table - Change Login Restriction screen elements .........................................................................................123 Screen - Delete Group ..............................................................................................................................................124 Table - Delete Group screen elements.................................................................................................................124 Screen - Search User................................................................................................................................................125 Table - Search User screen elements ..................................................................................................................125 Table - Search User – Result ..................................................................................................................................125 Screen – Manage Live Users ..................................................................................................................................126 Table – Manage Live User screen elements .......................................................................................................126 Table - Need to Update User...................................................................................................................................127 Screen - Manage User ..............................................................................................................................................128 Table - Manage User screen elements .................................................................................................................130 Screen - Change User Personal details ...............................................................................................................130 Table - Change User personal details screen elements..................................................................................130 Screen - User My Account ......................................................................................................................................131 Screen - User My Account ......................................................................................................................................131 Screen - Change Password ....................................................................................................................................132 Table - Change password screen elements .......................................................................................................132 Screen - Change Personal details .........................................................................................................................132 Table - Change Personal details screen elements ...........................................................................................132 Screen - Internet Usage Status ..............................................................................................................................133 Table - Internet Usage screen elements ..............................................................................................................133 Screen - Change Group ...........................................................................................................................................134
Cyberoam User Guide
254
Table - Change Group screen elements ..............................................................................................................134 Screen - Change User Login Restriction.............................................................................................................135 Table - Change User Login Restriction screen elements ...............................................................................135 Screen - Delete Active User ....................................................................................................................................136 Screen - Delete Deactive User................................................................................................................................136 Screen - Delete Clientless User .............................................................................................................................136 Table - Delete User screen elements....................................................................................................................136 Screen - Deactivate User .........................................................................................................................................137 Table - Deactivate User screen elements............................................................................................................137 Screen - Activate Normal User...............................................................................................................................138 Screen - Activate Clientless User..........................................................................................................................138 Table - Activate User screen elements ................................................................................................................138 Screen - Search Node...............................................................................................................................................139 Table - Search Node results ...................................................................................................................................139 Screen - Update Logon Pool...................................................................................................................................140 Table - Update Logon Pool screen elements .....................................................................................................140 Screen - Add Node ....................................................................................................................................................141 Table - Add Node screen elements.......................................................................................................................141 Screen - Delete Node ................................................................................................................................................142 Table - Delete Node screen elements...................................................................................................................142 Screen - Delete Logon Pool ....................................................................................................................................143 Table - Delete Logon Pool screen elements.......................................................................................................143 Screen – Configure DNS..........................................................................................................................................144 Table - Configure DNS..............................................................................................................................................145 Screen - Configure DHCP ........................................................................................................................................146 Table - Configure DHCP screen elements ..........................................................................................................146 Screen – Cyberoam as Gateway - View Interface details................................................................................147 Table – View Interface details screen elements ................................................................................................147 Screen – Register Hostname with DDNS ............................................................................................................148 Table – Register hostname with DDNS................................................................................................................149 Screen – Gateway Configuration...........................................................................................................................150 Table - Gateway Configuration screen elements ..............................................................................................150 Screen – DoS Settings .............................................................................................................................................154 Table – DoS Settings screen elements ................................................................................................................154 Screen – Create DoS bypass rule .........................................................................................................................155 Table – Create DoS bypass rule screen elements ............................................................................................156 Screen – Delete DoS bypass rule ..........................................................................................................................156 Table – Delete DoS bypass rule screen elements.............................................................................................156 Screen - Reset Console Password .......................................................................................................................157 Table - Reset Console Password screen elements ..........................................................................................157
Cyberoam User Guide
255
Screen – System Modules Configuration............................................................................................................158 Screen – Set Backup schedule ..............................................................................................................................159 Table – Set Backup Schedule screen elements ................................................................................................160 Screen – Backup Data ..............................................................................................................................................161 Table – Backup Data screen elements.................................................................................................................161 Screen – Restore Data screen................................................................................................................................162 Table - Restore Data screen elements .................................................................................................................162 Screen – Configure Auto purge Utility screen ...................................................................................................163 Table – Configure Auto purge Utility screen elements....................................................................................163 Screen – Purge Logs screen ..................................................................................................................................164 Table - Purge Logs screen elements....................................................................................................................164 Screen – Customized Client Messages screen .................................................................................................165 Table - Customized Client Message screen elements .....................................................................................166 Table - List of predefined messages ....................................................................................................................167 Screen – Customized Client Preferences screen..............................................................................................168 Table – Customized Client Preferences screen elements ..............................................................................169 Screen - Manage HTTP Proxy.................................................................................................................................173 Table - Manage HTTP Proxy screen elements ...................................................................................................173 Screen - Configure HTTP Proxy.............................................................................................................................174 Table - Configure HTTP Proxy screen elements ...............................................................................................175 Screen - Manage Services.......................................................................................................................................176 Table - Manage Control Service screen elements ............................................................................................176 Table - Manage Control Service – Action............................................................................................................176 Screen – View Bandwidth Usage...........................................................................................................................177 Table - Bandwidth usage screen elements.........................................................................................................177 Screen - Bandwidth usage - Live Users graph ..................................................................................................178 Screen - Bandwidth usage - Total Data transfer graph ...................................................................................178 Screen - Bandwidth usage - Composite Data transfer graph ........................................................................179 Screen - Bandwidth usage - Download Data transfer graph ..........................................................................179 Screen - Bandwidth usage - Upload Data transfer graph ...............................................................................180 Screen - Download User Migration Utility ...........................................................................................................182 Screen - Save User Migration Utility.....................................................................................................................182 Screen – Upload downloaded User Migration Utility .......................................................................................183 Screen – Upload CVS file ........................................................................................................................................184 Screen - Register migrated users from External file ........................................................................................184 Screen - Define One Time Schedule .....................................................................................................................185 Table - Define Schedule screen elements...........................................................................................................186 Screen – Add Schedule Entry details...................................................................................................................187 Table – Add Schedule Entry details screen elements .....................................................................................187 Screen - Manage Schedule .....................................................................................................................................188
Cyberoam User Guide
256
Table - Manage Schedule screen elements ........................................................................................................188 Screen – Delete Schedule Entry details ..............................................................................................................189 Table - Delete Schedule Entry details screen elements ..................................................................................189 Screen - Delete Schedule ........................................................................................................................................190 Table - Delete Schedule screen elements ...........................................................................................................190 Screen - Define Custom Service............................................................................................................................191 Table – Define Custom Service screen elements .............................................................................................191 Screen - Update Custom Service ..........................................................................................................................192 Table - Update Custom Service screen elements .............................................................................................192 Table - Delete Custom Service screen elements...............................................................................................193 Screen – Create Service Group screen................................................................................................................194 Table – Create Service Group screen elements ................................................................................................194 Screen – Edit Service Group ..................................................................................................................................195 Table – Edit Service Group screen elements .....................................................................................................195 Screen – Delete Service Group ..............................................................................................................................196 Table – Delete Service Group.................................................................................................................................196 Screen – Search URL................................................................................................................................................199 Screen - Manage Default Web Category..............................................................................................................200 Screen - Create Custom Web Category ...............................................................................................................201 Table - Create Web Category screen elements .................................................................................................202 Screen - Add Domain................................................................................................................................................202 Table - Add Domain screen elements ..................................................................................................................202 Screen - Add keyword ..............................................................................................................................................203 Table - Add keyword screen elements.................................................................................................................203 Screen - Manage Custom Web category .............................................................................................................204 Table - Update Custom Web category screen elements .................................................................................205 Screen – Delete Domain ..........................................................................................................................................205 Table – Delete Domain screen elements .............................................................................................................205 Screen - Delete keyword..........................................................................................................................................206 Table - Delete keywords screen elements ..........................................................................................................206 Screen - Delete Custom Web Category ...............................................................................................................207 Table - Delete Custom Web Category screen elements ..................................................................................207 Screen – Manage Custom File Type Category...................................................................................................208 Screen - Create Custom File Type Category ......................................................................................................209 Table - Create Custom File Type screen elements ...........................................................................................209 Screen - Manage Custom File Type Category....................................................................................................210 Screen - Manage Custom File Type Category....................................................................................................210 Screen - Delete Custom File Type Category.......................................................................................................211 Table - Delete Custom File Type screen elements ...........................................................................................211 Screen - Manage Default Application Protocol Category ...............................................................................212
Cyberoam User Guide
257
Screen - Create Custom Application Protocol Category ................................................................................213 Table – Create Custom Application Category screen elements ...................................................................214 Screen – Add Custom Application Protocol Category details.......................................................................214 Table – Add Custom Application Protocol Category details .........................................................................214 Screen – Manage Custom Application Protocol Category .............................................................................215 Table – Manage Custom Application Protocol Category screen elements................................................215 Screen – Delete Application Protocol Category details ..................................................................................216 Table – Delete Application Protocol Category screen elements...................................................................216 Screen - Delete Custom Application Protocol Category .................................................................................217 Table - Delete Custom Application Protocol Category screen elements....................................................217 Screen – Access Configuration .............................................................................................................................218 Table – Access Configuration screen elements................................................................................................219 Screen – About Cyberoam ......................................................................................................................................220 Screen - Upload Upgrade version .........................................................................................................................223 Screen – Licensing ...................................................................................................................................................224 Screen – Registration ...............................................................................................................................................226 Table - Registration screen elements ..................................................................................................................227 Screen – Subscribe Add-on Module .....................................................................................................................228 Screen – Subscribe Trial Add-on Module ...........................................................................................................228 Table – Subscribe Add-on Module........................................................................................................................228 Screen – Download Clients.....................................................................................................................................229 Screen – Download Cyberoam Guides ................................................................................................................230 Screen - Reports ........................................................................................................................................................231 Screen – Reports Login ...........................................................................................................................................231 Screen – Audit Log report .......................................................................................................................................232 Screen – Sample Audit Log Report ......................................................................................................................232