You are on page 1of 6

How To Configure Zone Settings in

Cyberoam

How To Configure Zone settings in Cyberoam

Applicable Version: 10.00 onwards


Overview
Zone or Network-Zone refers to a logical collection of interfaces or ports. In Zone-based security,
firewall policies are applied to the Zones instead of ports. In this way, Zone-based security provides
flexibility and ease of policy deployment because the policies are defined for the zones on a whole
and there is no need to define policies for the interfaces individually.
Cyberoam is pre-configured with five default Zones types:
1. LAN - LAN zone is used for internal networkAn interface or group of interfaces (maximum 6) can
be assigned to the LAN zone. The LAN zone is the most secured zone as all the traffic through
this zone is blocked by default.
2. WAN WAN Zone is used for Internet services. It can also be referred as Internet zone.
3. DMZ (DeMilitarized Zone) - DMZ is used for publicly accessible servers. Depending on the
appliance in use and network design, one can group multiple physical ports in this zone.
4. VPN - VPN zone is used for secure remote connectivity. It does not have any interface assigned
to it. Whenever the VPN connection is established, the interface used by the connection is
automatically added to this zone and, on disconnection, interface is automatically removed from
the zone.
5. Local The entire set of physical interfaces available on your appliance including their Aliases (if
configured) are grouped in Local Zone.
The appliance is pre-configured with single zone for LAN, WAN and DMZ. These zones are called
System Zones. The Administrator can add LAN and DMZ zone types as custom zones as shown in
the section Add a Custom Zone.

Scenario
Configure Zone settings in Cyberoam.

Configuration
You must be logged on to the Web Admin Console as an administrator with Read-Write permission
for relevant feature(s).
Configure default Zone Settings
Go to Network > Interface > Zone to see the list of Zones along with other details like Member ports,
Type and Device Access. Click on any of the zones to change the settings.

How To Configure Zone settings in Cyberoam

Here, we have selected the LAN Zone for demonstration purpose. In the Edit Zone section, only the
Appliance Access settings can be changed. Interface binding can be done through the Interface
Settings shown in the section Assign Zone Membership to an Unbound Interface or Change Zone
membership of an Interface .
To change the default Appliance Access settings, enable or disable the desired options as shown in
table below.
Appliance Access

Admin Services

HTTP: Enabled
HTTPS: Disabled
TELNET:Disabled
SSH: Disabled

Authentication Services

Check/Uncheck to
Windows/Linux Client: Disabled Enable/Disable Authentication
Captive Portal: Enabled
Services that should be allowed
through Zone.

Network Services

DNS: Enable
Ping: Enable

Check/Uncheck to
Enable/Disable Network
Services that should be allowed
through Zone.

Web Proxy: Disabled


SSLVPN: Disabled

Check/Uncheck to
Enable/Disable Other Services
that should be allowed through
Zone as per requirement.

Other Services

Check/Uncheck to
Enable/Disable Admin Services
that should be allowed through
this zone.

How To Configure Zone settings in Cyberoam

Add a Custom Zone


You can also can add LAN and DMZ zone types as Custom Zones. Go to Network > Interface >
Zone and click Add to add a Custom Zone. Specify the parameters as shown in the table below.

Parameter

Value

Description

Name

Custom_Zone

Specify a name to identify the


Zone. Duplicate names are not
allowed.

Type

LAN

Select Zone Type : LAN or DMZ

HTTP: Enabled
HTTPS: Disabled
TELNET:Disabled
SSH: Disabled

Check/Uncheck to
Enable/Disable Admin Services
that should be allowed through
this zone.

Appliance Access

Admin Services

How To Configure Zone settings in Cyberoam

Authentication Services

Check/Uncheck to
Windows/Linux Client: Disabled
Enable/Disable Authentication
Captive Portal: Enabled
Services that should be allowed
NTLM: Disabled
through Zone.

Network Services

DNS: Enabled
Ping: Enabled

Check/Uncheck to
Enable/Disable Network
Services that should be allowed
through Zone.

Other Services

Web Proxy: Disabled


SSLVPN: Disabled

Check/Uncheck to
Enable/Disable Other Services
that should be allowed through
Zone as per requirement.

Click OK to add the Custom Zone. Now, this Zone membership can be assigned to either the
interfaces which are in use or any other unbound Interface.
Assign Zone to an unbound interface
Go to Network > Interface and click on the unbound or disabled interface to which the Zone
membership is to be assigned.

How To Configure Zone settings in Cyberoam

Specify the parameters as shown in the table below.


Parameter

Value

Description

Network Zone

Custom_Zone

Select the Zone from the list of


available zones

IP Assignment

Static

Select the IP assignment method.


Available options:
Static
PPPoE
DHCP

IP Address

192.168.2.1

Specify the IP address of the


interface

Netmask

/24(255.255.255.0)

Select the netmask

Primary DNS

4.2.2.2

Specify the primary DNS IP


address.

Secondary DNS(Optional)

8.8.8.8

Specify the secondary DNS IP


address

Click OK to assign the Zone membership to the Interface. In the above example, we have bound the
interface Port D to the Custom_Zone created earlier.
Change Zone membership of an Interface
Zone membership of an interface belonging to a particular zone can be changed.

How To Configure Zone settings in Cyberoam


To change Zone membership, go to Network > Interface and click on the desired interface. In this
example, we change the Interface membership of Port A from LAN Zone to Custom_Zone created
earlier.

Under General Settings, click on the drop-down box corresponding to Network-Zone and select
Custom_Zone created earlier.

Click OK to complete.

Document Version 1.0 27 October, 2014

You might also like