Professional Documents
Culture Documents
IMPORTANT NOTICE
Elitecore has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of
any kind, expressed or implied. Users must take full responsibility for their application of any products. Elitecore assumes no
responsibility for any errors that may appear in this document. Elitecore reserves the right, without notice to make changes in product
design or specifications. Information is subject to change without notice.
USERS LICENSE
The Appliance described in this document is furnished under the terms of Elitecores End User license agreement. Please read these
terms and conditions carefully before using the Appliance. By using this Appliance, you agree to be bound by the terms and conditions
of this license. If you do not agree with the terms of this license, promptly return the unused Appliance and manual (with proof of
payment) to the place of purchase for a full refund.
LIMITED WARRANTY
Software: Elitecore warrants for a period of ninety (90) days from the date of shipment from Elitecore: (1) the media on which the
Software is furnished will be free of defects in materials and workmanship under normal use; and (2) the Software substantially
conforms to its published specifications except for the foregoing, the software is provided AS IS. This limited warranty extends only to
the customer as the original licenses. Customers exclusive remedy and the entire liability of Elitecore and its suppliers under this
warranty will be, at Elitecore or its service centers option, repair, replacement, or refund of the software if reported (or, upon, request,
returned) to the party supplying the software to the customer. In no event does Elitecore warrant that the Software is error free, or that
the customer will be able to operate the software without problems or interruptions. Elitecore hereby declares that the anti virus and anti
spam modules are powered by Kaspersky Labs and the performance thereof is under warranty provided by Kaspersky Labs. It is
specified that Kaspersky Lab does not warrant that the Software identifies all known viruses, nor that the Software will not occasionally
erroneously report a virus in a title not infected by that virus.
Hardware: Elitecore warrants that the Hardware portion of the Elitecore Products excluding power supplies, fans and electrical
components will be free from material defects in workmanship and materials for a period of One (1) year. Elitecore's sole obligation
shall be to repair or replace the defective Hardware at no charge to the original owner. The replacement Hardware need not be new or
of an identical make, model or part; Elitecore may, in its discretion, replace the defective Hardware (or any part thereof) with any
reconditioned product that Elitecore reasonably determines is substantially equivalent (or superior) in all material respects to the
defective Hardware.
DISCLAIMER OF WARRANTY
Except as specified in this warranty, all expressed or implied conditions, representations, and warranties including, without limitation,
any implied warranty or merchantability, fitness for a particular purpose, non-infringement or arising from a course of dealing, usage, or
trade practice, and hereby excluded to the extent allowed by applicable law.
In no event will Elitecore or its supplier be liable for any lost revenue, profit, or data, or for special, indirect, consequential, incidental, or
punitive damages however caused and regardless of the theory of liability arising out of the use of or inability to use the product even if
Elitecore or its suppliers have been advised of the possibility of such damages. In the event shall Elitecores or its suppliers liability to
the customer, whether in contract, tort (including negligence) or otherwise, exceed the price paid by the customer. The foregoing
limitations shall apply even if the above stated warranty fails of its essential purpose.
In no event shall Elitecore or its supplier be liable for any indirect, special, consequential, or incidental damages, including, without
limitation, lost profits or loss or damage to data arising out of the use or inability to use this manual, even if Elitecore or its suppliers
have been advised of the possibility of such damages.
RESTRICTED RIGHTS
Copyright 2000 Elitecore Technologies Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of Elitecore Technologies Ltd.
Information supplies by Elitecore Technologies Ltd. Is believed to be accurate and reliable at the time of printing, but Elitecore
Technologies assumes no responsibility for any errors that may appear in this documents. Elitecore Technologies reserves the right,
without notice, to make changes in product design or specifications. Information is subject to change without notice
CORPORATE HEADQUARTERS
Elitecore Technologies Ltd.
904 Silicon Tower,
Off. C.G. Road,
Ahmedabad 380015, INDIA
Phone: +91-79-66065606
Fax: +91-79-26407640
Web site: www.elitecore.com , www.cyberoam.com
2
Cyberoam User Guide
Contents
3
Cyberoam User Guide
4
Cyberoam User Guide
5
Cyberoam User Guide
Guide Sets
Guide Describes
User Guide
Console Guide Console Management
Windows Client Guide Installation & configuration of Cyberoam
Windows Client
Linux Client Guide Installation & configuration of Cyberoam Linux
Client
HTTP Client Guide Installation & configuration of Cyberoam HTTP
Client
Analytical Tool Guide Using the Analytical tool for diagnosing and
troubleshooting common problems
LDAP Integration Guide Configuration for integrating LDAP with
Cyberoam for external authentication
ADS Integration Guide Configuration for integrating ADS with Cyberoam
for external authentication
PDC Integration Guide Configuration for integrating PDC with Cyberoam
for authentication
RADIUS Integration Guide Configuration for integrating RADIUS with
Cyberoam for external authentication
High Availability Configuration Configuration of High Availability (HA)
Guide
Data transfer Management Configuration and Management of user based
Guide data transfer policy
Multi Link Manager User Guide Configuration of Multiple Gateways, load
balancing and failover
Cyberoam Anti Virus Configuring and implementing anti virus solution
Implementation Guide
Cyberoam Anti Spam Configuring and implementing anti spam solution
Implementation Guide
VPN Management Implementing and managing VPN
6
Cyberoam User Guide
Technical Support
You may direct all questions, comments, or requests concerning the software you purchased, your
registration status, or similar issues to Customer care/service department at the following address:
Corporate Office
eLitecore Technologies Ltd.
904, Silicon Tower
Off C.G. Road
Ahmedabad 380015
Gujarat, India.
Phone: +91-79-66065606
Fax: +91-79-26407640
Web site: www.elitecore.com
Cyberoam contact:
Technical support (Corporate Office): +91-79-26400707
Email: support@cyberoam.com
Web site: www.cyberoam.com
7
Cyberoam User Guide
Typographic Conventions
Report
shaded font
typefaces
Introduction
typefaces
Name of a Lowercase Enter policy name, replace policy name with the specific
particular italic type name of a policy
parameter / Or
field / command Click Name to select where Name denotes command button
button text text which is to be clicked
Cross Hyperlink in refer to Customizing User database Clicking on the link will
references different color open the particular topic
8
Cyberoam User Guide
Preface
Welcome to Cyberoams - User guide.
Cyberoam is an Identity-based UTM Appliance. Cyberoams solution is purpose-built to meet the security
needs of corporates, government organizations, and educational institutions.
Cyberoams perfect blend of best-of-breed solutions includes User based Firewall, Content filtering, Anti
Virus, Anti Spam, Intrusion Detection and Prevention (IDP), and VPN.
Cyberoam provides increased LAN security by providing separate port for connecting to the publicly
accessible servers like Web server, Mail server, FTP server etc. hosted in DMZ which are visible the
external world and still have firewall protection.
This Guide helps you manage and customize Cyberoam to meet your organizations various
requirements including creating groups and users and assigning policies to control internet access.
It is recommended that you change the default password immediately after installation to avoid unauthorized
access.
9
Cyberoam User Guide
Guide Organization
This Guide provides information regarding the administration, maintenance, and customization of
Cyberoam.
For help on a specific menu or screen function use Menu wise Screen and Table Index
Part II Management
It describes how to define groups and users to meet the specific requirements of your Organization. It
also describes how to manage and customize Cyberoam.
Customize Services, Schedules and Categories. Describes how to create and manage Categories,
Schedules and Services and Cyberoam upgrade process.
10
Cyberoam User Guide
Cyberoam Basics
Cyberoam is an Identity-based UTM Appliance. Cyberoams solution is purpose-built to meet the security
needs of corporates, government organizations, and educational institutions.
Cyberoams perfect blend of best-of-breed solutions includes Identity based Firewall, Content filtering,
Anti Virus, Anti Spam, Intrusion Detection and Prevention (IDP), and VPN.
Cyberoam provides increased LAN security by providing separate port for connecting to the publicly
accessible servers like Web server, Mail server, FTP server etc. hosted in DMZ which are visible the
external world and still have firewall protection.
It also provides assistance in improving Bandwidth management, increasing Employee productivity and
reducing legal liability associated with undesirable Internet content access.
Benefits of Cyberoam
1. Boost Employee productivity by
a. Blocking access to the sites like Gaming, Shopping, news, Pornography
2. Conserve bandwidth by
a. Controlling access to non-productive site access during working hours
b. Controlling rate of uploading & downloading of data
3. Load balancing over multiple links
a. Improved User response time
b. Failover solution
c. Continuous availability of Internet
d. Reduced bandwidth bottlenecks
5. Enforce acceptable Internet usage policies
6. Comprehensive, easy-to-use reporting tool enabling the IT managers to compile reports on Internet
and other resources usage and consumption patterns
Accessing Cyberoam
Two ways to access Cyberoam:
1. Web Admin Console
Managing Firewall rules
Used for policy configuration
Managing users, groups and policies
Managing Bandwidth
Viewing bandwidth graphs as well as reports
2. Telnet Console
Used for Network and System configuration (setting up IP Addresses, setting up gateway)
Managing Cyberoam application
a) Using Console Interface via remote login utility TELNET
b) Direct Console connection - attaching a keyboard and monitor directly to Cyberoam server
11
Cyberoam User Guide
Start SSH client and create new Connection with the following parameters:
Hostname - <Cyberoam server IP Address>
Username admin
Password admin
12
Cyberoam User Guide
Cyberoam Web Admin Console (GUI) access requires Microsoft Internet Explorer 5.5+ or Mozilla Firefox
1.5+ and Display settings as True color (32 bits)
Log on & log off from the Cyberoam Web Admin Console
The Log on procedure verifies validity of user and creates a session until the user logs off.
Log on procedure
To get the log in window, open the browser and type IP Address in browsers URL box. A dialog box
appears prompting you to enter username and password to log on. Use the default user name
cyberoam and password cyber if you are logging in for the first time after installation.
HTTP log in
To open unencrypted login page, in the browsers Address box, type
http://<IP address of Cyberoam>
The secure Hypertext Transfer Protocol (HTTPS) is a communication protocol designed to transfer
encrypted information between computers over the World Wide Web. HTTPS is http using a Secure
Socket Layer (SSL). A secure socket layer is an encryption protocol invoked on a Web server that uses
HTTPS.
13
Cyberoam User Guide
HTTPS protocol opens a secure hypertext transfer session with the specified site address.
If you are logging on for the first time after installation, please use
default username cyberoam
Password Specify user account Password
14
Cyberoam User Guide
If you are logging on for the first time after installation, please use
default password cyber
Log on to To administer Cyberoam, select Web Admin Console
Login button Logs on to Web Admin Console
Click Login
Table - Login screen elements
User group User is the user who accesses the resources through Cyberoam.
Clientless group
Clientless User group User who can bypass Cyberoam Client login to access resources. Cyberoam itself
takes care of login of this level user.
For Administrators and Managers, IP address based access restriction/control can be implemented.
Refer to Access Configuration to implement.
15
Cyberoam User Guide
PART
Getting Started
Once you have configured network, you can start using Cyberoam.
1. Start monitoring
Once you have installed Cyberoam successfully, you can monitor user activity in your Network.
Depending on the Internet Access policy configured at the time of installation, certain categories will be
blocked/allowed for LAN to WAN traffic with or without authentication.
To view Reports, log on to Reports from Web Admin Console using following URL: http://<Internal IP
Address>
View your organizations surfing pattern from Web Surfing Organization wise report
View your organizations general surfing trends from Trends Web Trends report
View your organizations Category wise surfing trends from Trends Category Trends report
Detect your network traffic i.e. applications and protocols accessed by your users.
To view traffic pattern of your network, log on to Cyberoam Web Management Console using following
URL: http://<Internal IP Address>
View amount of network traffic generated by various applications from Traffic Discovery Live
Connections Application wise
As Cyberoam monitors and logs user activity based on IP address, all the reports generated are also IP
address based. To monitor and log user activities based on User names, you have to configure
Cyberoam for integrating user information and authentication process.
Integration will identify access request based on User names and generate reports based on Usernames.
If your Network uses Active Directory Services and users are already created in ADS, configure
Cyberoam to communicate your ADS. Refer to Cyberoam ADS Integration guide for more details.
If your Network uses Windows Domain Controller, configure for Cyberoam to communicate with Windows
Domain Controller. Refer to Cyberoam PDC Integration guide for more details.
16
Cyberoam User Guide
5. Customize
Depending on the Internet Access configuration done at the time of installation, default firewall rules will
be created.
You can create additional firewall rules and other policies to meet your organizations requirement.
17
Cyberoam User Guide
Dashboard
As soon as you logon to the Web Admin Console, Dashboard is displayed.
Dashboard provides one solution to many analytical needs. Using the "dashboard" concept of information
presentation, Cyberoam makes it easy to view access data from multiple perspectives, allowing
management to identify patterns and potential areas of risk and productivity loss. It will empower
organizations to plan, understand, integrate and leverage strategy all from a single page report.
The goal of dashboard is to provide fast access to monitor and analyze employee Internet usage. As a
result, managers gain an unprecedented ability to report on and manage a wide spectrum of the data and
applications that employees use during their working hours.
Dashboard is the answer to Why can't Cyberoam automatically show me things that will help me with
what I'm doing, instead of making me search around for them?
18
Cyberoam User Guide
19
Cyberoam User Guide
2
Management
PART
Setting up Zones
A Zone is a logical grouping of ports.
Zones provide flexible layer of security for the firewall. With the zone-based security, the administrator
can group similar ports and apply the same policies to them, instead of having to write the same policy
for each interface.
LAN Depending on the appliance in use and on your network design, you can group one to six ports in
this zone. Even though each interface will have a different network subnet attached to it, when grouped
together they can be managed as a single entity. Group all the LAN networks under this zone.
By default the traffic to and from this zone is blocked and hence the highest secured zone. However,
traffic between ports belonging to the same zone will be allowed.
DMZ (DeMilitarized Zone) - This zone is normally used for publicly accessible servers. Depending on the
appliance in use and on your network design, you can group one to five ports in this zone.
WAN This zone is used for Internet services. It can also be referred as Internet zone. Depending on the
appliance in use and on your network design, you can group one to six ports in this zone.
Local - This zone is the grouping of all the available ports of Cyberoam.
Cyberoam provides single zone of each type. These are called System Zones. Administrator can add
LAN and DMZ zone types.
By default, entire traffic will be blocked except LAN to Local zone service likes Administration,
Authentication and Network.
20
Cyberoam User Guide
Create Zone
Select System Zone Create to open the create page
By default the traffic to and from this zone is blocked and hence the
highest secured zone.
WAN This zone type is used for the Internet services. Only one WAN
zone is allowed, hence you will not be able to create additional WAN
zones.
Available Ports list displays the list of ports that can be binded to the
selected zone.
Use Right arrow button to move the selected ports to Member Port list.
Description Specify zone description
Create button Saves the configuration and creates zone
Table Create Zone
21
Cyberoam User Guide
Setting up Users
Define Authentication
Cyberoam provides policy-based filtering that allows defining individual filtering plans for various users of
your organization. You can assign individual policies to users (identified by IP address), or a single policy
to number of users (Group).
Cyberoam detects users as they log on to Windows domains in your network via client machines.
Cyberoam can be configured to allow or disallow users based on username and password. In order to
use User Authentication, you must select at least one database against which Cyberoam should
authenticate users.
To filter Internet requests based on policies assigned, Cyberoam must be able to identify a user making a
request.
When the user attempts to access, Cyberoam requests a user name and password and authenticates the
user's credentials before giving access. User level authentication can be performed using the local user
database on the Cyberoam, an External ADS server, RADIUS server, LDAP or Windows Domain
Controller.
If your network uses an Active Directory service, configure Cyberoam to communicate with ADS. Refer to
Cyberoam - ADS Integration Guide for details.
If your network uses a Windows Domain controller, configure Cyberoam to communicate with Domain
controller. Refer to Cyberoam - PDC Integration for details.
If your Network uses LDAP, configure Cyberoam to communicate with LDAP server. Refer to Cyberoam
LDAP Integration for details.
If your Network uses RADIUS server, configure Cyberoam to communicate with RADIUS server. Refer to
RADIUS Integration Guide for details.
Cyberoam can prompt for user identification if your network does not use Windows environment. Refer to
Cyberoam Authentication for details.
Cyberoam Authentication
When Cyberoam is installed in Non PDC environment, it is necessary to create users and groups in
Cyberoam.
Before users log on to Cyberoam, Administrator has to create all the users in Cyberoam, assign them to
a Group and configure for Cyberoam authentication. Refer to Define Group and Define User for details
on creating groups and users.
22
Cyberoam User Guide
When user attempts to log on, Cyberoam server performs authentication i.e. User is authenticated
directly by the Cyberoam server.
23
Cyberoam User Guide
Define User
User
Users are identified by an IP address or a user name and assigned to a group. All the users in a group
inherit all the group policies. Refer to Policy Management to define new policies.
User types
Cyberoam supports three types of Users:
1. Normal
2. Clientless
3. Single Sign on
Normal User has to logon to Cyberoam. Requires Cyberoam client (client.exe) on the User machine or
user can use HTTP Client component and all the policy-based restriction can be applied.
Clientless Does not require Cyberoam client component (client.exe) on the User machines. Symbolically
represented as User name (C)
Single Sign On If User is configured for Single Sign On, whenever User logs on to Windows, he/she is
automatically logged to the Cyberoam. Symbolically represented as User name (S)
Use the given decision matrix below to decide which type of the user should be created.
24
Cyberoam User Guide
Add a User
Prerequisite
Group created for Normal Users only
25
Cyberoam User Guide
User Type Specify the user group type. Depending on user group type default
web console access control will be applied. Refer to Web console
Authorization and Access control for more details.
Available option:
Administrator
Manager
User
For example,
If in Client preferences, the number of concurrent logins allowed is 5
and here you have specified 3, then this particular user will be
allowed to login from 3 machines concurrently and not from 5
machines.
Group Information
Group Specify in Group in which user is to be added. User will inherit all the
group policies.
Available options
1) All Nodes
Allows Users to login from all the nodes in the network
Click to select
Personal details link Allows to enter personal details of the user
Personal information
Only if Personal details link is clicked
Birth date Specify date of birth of user
26
Cyberoam User Guide
Click to add
Review button Opens a new page and displays the user details for reviewing.
Click to review
27
Cyberoam User Guide
28
Cyberoam User Guide
When you add multiple clientless users, users are represented by IP addresses and not by the User
name.
Prerequisite
Clientless Group created
Select User Clientless Users Add Multiple Clientless Users to open create user page
29
Cyberoam User Guide
30
Cyberoam User Guide
Prerequisite
Group created
Logon Pool created
Select User Clientless Users Add Single Clientless User to open create user page
Options:
Yes Automatically logs in as soon as registered successfully i.e.
becomes a live user
31
Cyberoam User Guide
NOTE
Duplicate Usernames cannot be created
Create Group before assigning it to a User. Refer to Create Groups to create new groups
32
Cyberoam User Guide
Setting up Groups
Group
Group is a collection of users having common policies and a mechanism of assigning access of
resources to a number of users in one operation/step.
Instead of attaching individual policies to the user, create group of policies and simply assign the
appropriate Group to the user and user will automatically inherit all the policies added to the group. This
simplifies user configuration.
1. Surfing Quota policy which specifies the duration of surfing time and the period of subscription
2. Access Time policy which specifies the time period during which the user will be allowed access
3. Internet Access policy which specifies the access strategy for the user and sites
4. Bandwidth policy which specifies the bandwidth usage limit of the user
5. Data Transfer policy which specifies the data transfer quota of the user
Refer to Policy Management for more details on various policies.
Group types
Two types of groups:
1. Normal
2. Clientless
Normal A user of this group need to logon to Cyberoam using the Cyberoam Client to access the
Internet
Clientless A user of this group need not logon to Cyberoam using the Cyberoam Client to access the
Internet. Access control is placed on the IP Address. Symbolically represented as Group name (C)
Use the below given decision matrix to decide which type of group will best suited for your network
configuration.
33
Cyberoam User Guide
Prerequisite
All the policies which are to be added to the Group are created
Logon Pool created if login is to be restricted from a particular Node/IP Address
34
Cyberoam User Guide
Available options
1) Allowed login from all nodes
Allows Users defined under the Group to login from all the nodes
Refer to Select Node table for more details Refer to Apply Login
Node restriction for more details
Click to select
Select Node button Opens a new page and allows to select the node
Only if Allowed
Login from Click to select the Node
selected node
option is selected
for Login
restriction
Create button Creates Group
35
Cyberoam User Guide
Cancel button Cancels the current operation and returns to the Manage Group
page
Table - Create Group screen elements
Note
It is not necessary to add user at the time of the creation of Group. Users can be added even after the creation
the group.
36
Cyberoam User Guide
37
Cyberoam User Guide
Firewall
A firewall protects the network from unauthorized access and typically guards the LAN and DMZ
networks against malicious access; however, firewalls may also be configured to limit the access to
harmful sites for LAN users.
The responsibility of firewall is to grant access from Internet to DMZ or Service Network according to the
Rules and Policies configured. It also keeps watch on state of connection and denies any traffic that is
out of connection state.
Firewall rules control traffic passing through the Cyberoam. Depending on the instruction in the rule,
Cyberoam decides on how to process the access request. When Cyberoam receives the request, it
checks for the source address, destination address and the services and tries to match with the firewall
rule. If Identity match is also specified then firewall will search in the Live Users Connections for the
Identity check. If Identity (User) found in the Live User Connections and all other matching criteria fulfills
then action specified in the rule will be applied. Action can be allow or deny.
If Action is Allow then each rule can be further configured to apply source or destination NATting
(Network Address Translation). You can also apply different protection settings to the traffic controlled by
firewall:
Enable load balancing between multiple links
Configure antivirus protection and spam filtering for SMTP, IMAP, POP3, and HTTP traffic. To
apply antivirus protection and spam filtering, you need to subscribe for Gateway Anti Virus and
Gateway Anti Spam modules individually. Refer to Licensing section for details.
Implement Intrusion detection and prevention. To apply IDP policy you need to subscribe for
Intrusion Detection and Prevention module. Refer to Licensing section for details.
Configure content filtering policies. To apply content filtering you need to subscribe for Web and
Application Filter module. Refer to Licensing section for details.
Apply bandwidth policy restriction
Depending on the Internet Access policy set through Network Configuration Wizard, Cyberoam defines
the two default firewall rules as follows:
Monitor only
Cyberoam applies the firewall rules in the order as specified below.
1. Masquerade and Allow entire LAN to WAN traffic for all the authenticated users after applying
following policies:
Internet Access policy User specific
Bandwidth policy User specific
Anti Virus & Anti Spam policy Allows SMTP, POP3, IMAP and HTTP traffic without scanning
2. Masquerade and Allow entire LAN to WAN traffic for all the users without scanning SMTP, POP3,
38
Cyberoam User Guide
2. Masquerade and Allow entire LAN to WAN traffic for all the users after applying following policies:
Internet Access policy Applies General Corporate Policy to block Porn, Nudity,
AdultContent, URL TranslationSites, Drugs, CrimeandSuicide, Gambling, MilitancyandExtremist,
PhishingandFraud, Violence, Weapons categories
Anti Virus & Anti Spam policy - Scan SMTP, POP3, IMAP and HTTP traffic
Note
Default Firewall rules can be modified as per the requirement but cannot be deleted
IDP policy will not be effective until the Intrusion Detection and Prevention (IDP) module is subscribed.
Virus and Spam policy will not be effective until the Gateway Anti Virus and Gateway Anti-spam modules are
subscribed respectively.
If Internet Access Policy is not set through Network Configuration Wizard at the time of deployment, the entire
traffic is dropped.
Additional firewall rules can be defined to extend or override the default rules. For example, rules can be
created that block certain types of traffic such as FTP from the LAN to the WAN, or allow certain types of
traffic from specific WAN hosts to specific LAN hosts, or restrict use of certain protocols such as Telnet to
authorized users on the LAN.
Custom rules evaluate network traffic source IP addresses, destination IP addresses, User, IP protocol
types, and compare the information to access rules created on the Cyberoam appliance. Custom rules
take precedence, and override the default Cyberoam firewall rules.
39
Cyberoam User Guide
Previous versions allowed creating firewall rules based on source and destination IP addresses and
services but now Cyberoams Identity based firewall allows to create firewall rules embedding user
identity into the firewall rule matching criteria.
Prior to this version, all the Unified Threat Control policies were to be enabled individually from their
respective pages. Now one can attach the following policies to the firewall rule as per the defined
matching criteria:
Intrusion Detection and Prevention (IDP)
Anti Virus
Anti Spam
Internet Access
Bandwidth Management
Routing policy i.e. define user and application based routing
Processing of firewall rules is top downwards and the first suitable rule found is applied.
Hence, while adding multiple rules, it is necessary to put specific rules before general rules. Otherwise, a
general rule might allow a packet that you specifically have a rule written to deny later in the list. When a
packet matches the rule, the packet is immediately dropped or forwarded without being tested by the rest
of the rules in the list.
40
Cyberoam User Guide
To define host group based firewall rule you need to define host group.
Under Select Address, click Create Host Group to define host group from
firewall rule itself or from Firewall Host Group Create
Under Select Address, click Add Host to define host group from firewall
rule itself rule itself or from Firewall Host Add Host
41
Cyberoam User Guide
Check Identity Check identity allows you to check whether the specified user/user group
(Only if source from the selected zone is allowed the access of the selected service or not.
zone is
LAN/DMZ) Click Enable to check the user identity.
Under Select Address, click Create Host Group to define host group from
firewall rule itself or from Firewall Host Group Create
Under Select Address, click Add Host to define host group from firewall
rule itself rule itself or from Firewall Host Add Host
Service/Service Services represent types of Internet data transmitted via particular
group protocols or applications.
Under Select Here, click Create Service Group to define service group
from firewall rule itself rule itself or from Firewall Service
Create Service
42
Cyberoam User Guide
Reject Denies access and ICMP port unreachable message will be sent
to the source
For example,
If the request is received on the LAN port using a spoofed IP address
(public IP address or the IP address not in the LAN zone network) and
specific route is not defined, Cyberoam will send a response to these hosts
using default route. Hence, response will be sent through the WAN port.
Apply Source Select the SNAT policy to be applied
NAT (Only if
Action is It allows access but after changing source IP address i.e. source IP
ACCEPT) address is substituted by the IP address specified in the SNAT policy.
You can create SNAT policy from firewall rule itself or from Firewall
SNAT Policy Create
43
Cyberoam User Guide
Advanced Settings
Click to apply different protection settings to the traffic controlled by firewall. You can:
Enable load balancing and failover when multiple links are configured. Applicable only
if Destination Zone is WAN
Configure antivirus protection and spam filtering for SMTP, IMAP, POP3, and HTTP
policies. To apply antivirus protection and spam filtering, you need to subscribe for
Gateway Anti Virus and Gateway Anti Spam modules individually. Refer to Licensing
section for details.
Implement Intrusion detection and prevention. To apply IDP policy you need to
subscribe for Intrusion Detection and Prevention module. Refer to Licensing section for
details.
Configure content filtering policies. To apply content filtering you need to subscribe for
Web and Application Filter module. Refer to Licensing section for details.
Apply bandwidth policy
Destination NAT Settings
Destination NAT Select DNAT policy to be applied
policy
DNAT rule tells the firewall to forward the requests from the specified
machine and port to the specified machine and port.
Under Select Here, click Create DNAT Policy to define dnat policy from
firewall rule itself rule itself or from Firewall DNAT Policy
Create
Policy Settings
IDP Policy Select IDP policy for the rule.
To use IDP, you have to subscribe for the module. Refer to Licensing for
more details.
44
Cyberoam User Guide
Bandwidth Policy Select Bandwidth policy for the rule. Only the Firewall Rule based
Bandwidth policy can be applied.
Bandwidth policy allocates & limits the maximum bandwidth usage of the
user.
To implement Anti Virus and Anti Spam scanning, you have to subscribe
for the Gateway Anti Virus and Anti Spam modules individually. Refer to
Licensing for more details.
To log the traffic permitted and denied by the firewall rule, you need to
ON/Enable the firewall rule logging from the Web Admin ConsoleFirewall
rule and from the Telnet ConsoleCyberoam Management. Refer to
Cyberoam Console Guide for more details.
Manage Firewall
Use to:
Enable/disable SMTP, POP3, IMAP and HTTP scanning
Deactivate rule
Delete rule
Change rule order
Append rule (zone to zone)
Insert rule
Select display columns
45
Cyberoam User Guide
Screen components
Subscription icon - Indicates subscription module. To implement the functionality of the subscription
module you need to subscribe the respective module. Click to open the licensing page.
Enable/Disable rule icon - Click to activate/deactive the rule. If you do not want to apply the firewall
rule temporarily, disable rule instead of deleting.
Green Active Rule
Red Deactive Rule
Edit icon - Click to edit the rule. Refer to Edit Firewall rule for more details.
Insert icon - Click to insert a new rule before the existing rule. Refer to Define Firewall Rule for more
details.
Move icon - Click to change the order of the selected rule. Refer to Change the firewall rule order for
details.
Delete icon - Click to delete the rule. Refer to Delete Firewall Rule for more details.
Update Rule
Select Firewall Manage Firewall to view the list of rules. Click the rule to be modified.
46
Cyberoam User Guide
To define host group based firewall rule you need to define host group.
Under Select Address, click Create Host Group to define host group from
firewall rule itself or from Firewall Host Group Create
Under Select Address, click Add Host to define host group from firewall
rule itself rule itself or from Firewall Host Add Host
47
Cyberoam User Guide
Check Identity Check identity allows you to check whether the specified user/user group
(Only if source from the selected zone is allowed the access of the selected service or not.
zone is LAN or
DMZ) Click Enable to check the user identity
Destination Displays destination zone and host IP address /network address to which
the rule applies.
To define host group based firewall rule you need to define host group.
Under Select Address, click Create Host Group to define host group from
firewall rule itself or from Firewall Host Group Create
Under Select Address, click Add Host to define host group from firewall
rule itself rule itself or from Firewall Host Add Host
Service/Service Services represent types of Internet data transmitted via particular
group protocols or applications.
Under Select Here, click Create Service Group to define service group
from firewall rule itself rule itself or from Firewall Service
Create Service
48
Cyberoam User Guide
You can create SNAT policy from firewall rule itself or from Firewall
SNAT Policy Create
Advanced Settings
Click to apply different protection settings to the traffic controlled by firewall. You can:
Enable load balancing between multiple links
Configure antivirus protection and spam filtering for SMTP, IMAP, POP3, and HTTP
policies
Apply bandwidth policy
Configure content filtering policies
Destination NAT Settings
Destination NAT Displays DNAT policy applied, modify if required
policy
DNAT rule tells the firewall to forward the requests from the specified
machine and port to the specified machine and port.
Under Select Here, click Create DNAT Policy to define DNAT policy from
firewall rule itself rule itself or from Firewall DNAT Policy
Create
49
Cyberoam User Guide
Policy Settings
IDP Policy Displays IDP policy for the rule, modify if required
To use IDP, you have to subscribe for the module. Refer to Licensing for
more details.
Bandwidth policy allocates & limits the maximum bandwidth usage of the
user.
To implement Anti Virus and Anti Spam scanning, you have to subscribe
for the Gateway Anti Virus and Anti Spam modules individually. Refer to
Licensing for more details.
50
Cyberoam User Guide
To log the traffic permitted and denied by the firewall rule, you need to
ON/Enable the firewall rule logging from the Web Admin ConsoleFirewall
rule and from the Telnet ConsoleCyberoam Management. Refer to
Cyberoam Console Guide for more details.
51
Cyberoam User Guide
Hence, while adding multiple rules, it is necessary to put specific rules before general rules. Otherwise, a
general rule might allow a packet that you specifically have a rule written to deny later in the list. When a
packet matches the rule, the packet is immediately dropped or forwarded without being tested by the rest
of the rules in the list.
Append rule
Append Rule adds the new rule above the default rules if zone-to-zone rule set exists else append new
rule as new zone-to-zone rule set in the end.
For example, consider the screen given below. If the new rule is for DMZ to LAN then a new rule set
DMZ LAN is created at the end and rule is added to it. If the new rule is for LAN to WAN then rule will
be added above Rule ID 4 as Rule ID 3 and ID 4 are default rules.
52
Cyberoam User Guide
Select Firewall Manage Firewall Rules and click the delete icon against the rule to deleted
53
Cyberoam User Guide
Note
54
Cyberoam User Guide
Host Management
Firewall rule can be created for the individual host or host groups. By default, the numbers of hosts equal
to the ports in the appliance are already created.
55
Cyberoam User Guide
Select Firewall Host Group Manage to view the list of groups created.
Click host group to which host is to be added. Host Group details are displayed.
Click Add. List of hosts that can be added to the group is displayed.
Click against the host to be added
Click Add
Select Firewall Host Group Manage and click host group from which the host is to be
removed
56
Cyberoam User Guide
57
Cyberoam User Guide
Add Host
Manage Host
58
Cyberoam User Guide
59
Cyberoam User Guide
Prerequisite
Bandwidth policy created
60
Cyberoam User Guide
61
Cyberoam User Guide
Traffic Discovery
"Network security" is controlling who can do what on your network. Control is all about detecting and
resolving any activity that does not align with your organization's policies.
Traffic discovery provides a comprehensive, integrated tool to tackle all your Network issues. It performs
network traffic monitoring by aggregating the traffic passing through Cyberoam. It helps in determining
the amount of network traffic generated by an application, IP address or user.
View your network's traffic statistics, including protocol mix, top senders, top broadcasters, and error
sources. Identify and locate bandwidth hogs and isolate them from the network if necessary. Analyze
performance trends with baseline data reports.
Apart from details of live connections traffic pattern, Cyberoam also provides current dates connection
history.
Application wise
Application wise Live Connections displays list of Applications running on the network currently. It also
displays which user is using the application currently and total data transferred using the application.
62
Cyberoam User Guide
63
Cyberoam User Guide
64
Cyberoam User Guide
65
Cyberoam User Guide
User wise
User wise Live Connections displays which user is using which Application and is consuming how much
bandwidth currently.
66
Cyberoam User Guide
67
Cyberoam User Guide
Apart from the live connection details, details of the connections that are closed can be also be viewed.
The details for all the connections that are closed during last 24 hours are shown. You can also select the
history duration.
68
Cyberoam User Guide
Application wise
It displays list of Applications accessed during the selected duration and by user and/or LAN IP Address.
69
Cyberoam User Guide
70
Cyberoam User Guide
User wise
It displays list of Users who has logged on to network during the selected duration and accessed which
applications.
71
Cyberoam User Guide
72
Cyberoam User Guide
73
Cyberoam User Guide
74
Cyberoam User Guide
Policy Management
Cyberoam allows controlling access to various resources with the help of Policy.
Cyberoam comes with several predefined policies. These predefined policies are immediately available
for use until configured otherwise.
Cyberoam also lets you define customized policies to define different levels of access for different users
to meet your organizations requirements.
75
Cyberoam User Guide
Cyberoam comes with several predefined policies. These predefined policies are immediately available
for use until configured otherwise. Cyberoam also lets you define customized policies to define different
levels of access for different users to meet your organizations requirements.
Select Policies Surfing Quota Policy Create policy to open the create page
Available options
Daily restricts surfing hours up to cycle hours defined on daily basis
Weekly restricts surfing hours up to cycle hours defined on weekly
basis
Monthly restricts surfing hours up to cycle hours defined on monthly
basis
Yearly restricts surfing hours up to cycle hours defined on yearly basis
Non-cyclic no restriction
Cycle hours Specify upper limit of surfing hours for cyclic type policies
Only if cycle type
is not Non cyclic At the end of each Cycle, cycle hours are reset to zero i.e. for Weekly
Cycle type, cycle hours will to reset to zero every week even if cycle
hours are unused
Allotted Days Restricts surfing days
76
Cyberoam User Guide
Click to select
Allotted Time Allotted time defined the upper limit of the total surfing time allowed i.e.
restricts total surfing time to allotted time
Click to select
Shared allotted Specify whether the allotted time will be shared among all the group
time with group members or not
members
Click to share
Policy Description Specify full description of the policy
Create button Creates policy
Table - Create Surfing Quota policy screen elements
Note
Policies with the same name cannot be created
77
Cyberoam User Guide
Select Policies Surfing Quota policy Manage policy and click Policy name to be
modified
78
Cyberoam User Guide
Note
The changes made in the policy become effective immediately on updating the changes.
Prerequisite
Not assigned to any User or Group
Select Policies Surfing Quota policy Manage policy to view list of policies
79
Cyberoam User Guide
Access time policy enables to set time interval - days and time - for the Internet access with the help of
schedules. See Schedules for more details.
A time interval defines days of the week and times of each day of the week when the user will be
allowed/denied the Internet access.
Prerequisite
Schedule created
Select Policies Access Time Policy Create policy to open create policy page
80
Cyberoam User Guide
Disallow - Does not allow the Internet access during the scheduled time
interval
Click to select
Description Specify full description of policy
Create button Creates policy
Table - Create Access Time policy screen elements
Note
Policies with the same name cannot be created
81
Cyberoam User Guide
Select Policies Access Time policy Manage policy and Click Policy name to be
modified
To modify,
Click Schedule list and select new schedule
82
Cyberoam User Guide
Note
The changes made in the policy become effective immediately on saving the changes.
Prerequisite
Not assigned to any User or Group
Select Policies Access Time policy Manage policy to view the list of policies
83
Cyberoam User Guide
When defining a policy, you can deny or allow access to an entire application category, or to individual
file extensions within a category. For example, you can define a policy that blocks access to all audio files
with .mp3 extensions.
Default Allow
By default, allows user to view everything except the sites and files specified in the web categories
E.g. To allow access to all sites except Mail sites
Default Disallow
By default, prevents user from viewing everything except the sites and files specified in the web
categories
E.g. To disallow access to all sites except certain sites
84
Cyberoam User Guide
Select Policies Internet Access Policy Create Policy to open the create policy page
85
Cyberoam User Guide
Deny Allows access to only those sites and files that are specified
in the Categories
Description Specify full description of policy
Reporting By default, Internet usage report is generated for all the users. But
Cyberoam allows to bypass reporting of certain users.
Click On to create policy which will include access details of all the
users in Internet usage reports to whom this policy is applied.
Create button Creates policy and allows to add Category restriction
Click to add
Note
Policies with the same name cannot be created
86
Cyberoam User Guide
Click to view
Click Close to close the window
Add button Add rule to Internet Access policy
87
Cyberoam User Guide
Select Policy Internet Access policy Manage Policy and click policy name to be
modified
Cannot be modified
Policy Type Displays policy type
Cannot be modified
Description Displays policy description, modify if required
Reporting By default, Internet usage report is generated for all the users. But
Cyberoam allows to bypass reporting of certain users.
Click On to create policy which will include access details of all the
users in Internet usage reports to whom this policy is applied.
Internet Access policy Rules
88
Cyberoam User Guide
Click to add
Click Move Down to move the selected rule one step downwards
Update button Saves the modified sequence of the rules
Only when more
than one rule is
defined
Save button Saves the modifications
Show Policy members Opens a new page and displays list of policy members
button
Cancel button Cancels the current operation and returns to Manage Internet
Access policy page
89
Cyberoam User Guide
Note
Do not forget to update after changing the order
Prerequisite
Not assigned to any User or Group
90
Cyberoam User Guide
91
Cyberoam User Guide
Bandwidth policy
Bandwidth is the amount of data passing through a media over a period of time and is measured in terms
of kilobytes per second (kbps) or kilobits per second (kbits) (1 Byte = 8 bits).
The primary objective of bandwidth policy is to manage and distribute total bandwidth on certain
parameters and user attributes. Bandwidth policy allocates & limits the maximum bandwidth usage of the
user and controls web and network traffic.
In this type of bandwidth restriction, user cannot exceed the defined bandwidth limit. Two ways to
implement strict policy:
Total (Upstream + Downstream)
Individual Upstream and Individual Downstream
92
Cyberoam User Guide
Committed
In this type of bandwidth restriction, user is allocated the guaranteed amount of bandwidth and user can
draw bandwidth up to the defined burstable limit, if available.
It enables to assign fixed minimum and maximum amounts of bandwidth to users. By borrowing excess
bandwidth when it is available, users are able to burst above guaranteed minimum limits, up to the burst-
able rate. Guaranteed rates also assure minimum bandwidth to critical users to receive constant levels of
bandwidth during peak and non-peak traffic periods.
Guaranteed represents the minimum guaranteed bandwidth and burstable represents the maximum
bandwidth that a user can use, if available.
93
Cyberoam User Guide
Select Policies Bandwidth Policy Create policy to open the create policy pane
Note
Policies with the same name cannot be created
94
Cyberoam User Guide
Select Policies Bandwidth Policy Create policy to open the create policy page
95
Cyberoam User Guide
96
Cyberoam User Guide
97
Cyberoam User Guide
98
Cyberoam User Guide
99
Cyberoam User Guide
Select Policies Bandwidth policy Manage policy and click Policy name to be updated
100
Cyberoam User Guide
Cannot be modified
Default values to be applied all the time
Implementation on Displays Implementation type of the policy
Cannot be modified
Total Bandwidth (in KB) Displays total bandwidth for the group, modify if required
101
Cyberoam User Guide
Cannot be modified
Default values to be applied all the time
Implementation on Displays implementation type of policy
Cannot be modified
Total Bandwidth Displays total bandwidth assigned, modify if required
(Only for TOTAL implementation
type)
Upload Bandwidth (in KB) Modify Upstream bandwidth value
(Only for STRICT policy type
and INDIVIDUAL implementation
type)
Download Bandwidth (in KB) Modify Downstream bandwidth value
(Only for STRICT policy type
and INDIVIDUAL implementation
type)
Guaranteed Brustable Upload Modify Upstream bandwidth value
Bandwidth (in KB)
(Only for COMMITTED policy
102
Cyberoam User Guide
Cannot be modified
Update button Updates the changes made in Bandwidth restriction
details and Default values to be applied all the time
Add details button Allows to attach schedule to override default bandwidth
restriction
Strict
For Total
Total Bandwidth - Specify maximum amount of Total bandwidth,
expressed in terms of kbps
For Individual
Upload Bandwidth - Specify maximum amount of Upstream bandwidth,
expressed in terms of kbps
103
Cyberoam User Guide
Committed
For Total
Guaranteed(Min) Bandwidth - Specify minimum guaranteed amount of Total
bandwidth, expressed in terms of kbps
For Individual
Guaranteed(Min) Upload Bandwidth - Specify minimum guaranteed amount of
Upstream bandwidth, expressed in terms of kbps
104
Cyberoam User Guide
Note
The changes made in the policy become effective immediately on saving the changes.
105
Cyberoam User Guide
Prerequisite
Bandwidth policy not attached to any Logon Pool, user or IP address
Select Policies Bandwidth policy Manage policy to view the list of policies
106
Cyberoam User Guide
Cyberoam provides several predefined policies, which are available for use until configured otherwise.
You can also define customized policies to define different limit for different users to meet your
organizations requirements.
Select Policies Data Transfer Policy Create Policy to open the create policy page
Available options
107
Cyberoam User Guide
Click Total Data Transfer to apply data transfer restriction on the Total
(Upload + Download) data transfer
If you do not want to restrict total data transfer, click Unlimited Total
Data Transfer
Upload Data Transfer Specify Upload Data transfer limit.
Limit (MB)
It is the total upload data transfer allowed to the user and if the limit is
108
Cyberoam User Guide
Only if Restriction is reached user will not be able to log on until the policy is renewed.
based on Individual
Data Transfer OR
If you do not want to restrict total upload data transfer, click Unlimited
Upload Data Transfer
Download Data Transfer Specify Download Data transfer limit.
Limit (MB)
It is the upper download data transfer allowed to the user and if the limit
Only if Restriction is is reached user will not be able to log on until the policy is renewed.
based on Individual
Data Transfer OR
If you do not want to restrict total download data transfer, click Unlimited
Download Data Transfer
Create button Creates policy
Cancel button Cancels the current operation and returns to Manage Data transfer
policy page
Table Create Data transfer policy screen elements
Select Policies Data transfer policy Manage policy and click Policy name to be modified
109
Cyberoam User Guide
Shared allotted data Displays whether the allotted data transfer is shared among all the group
transfer with group members or not
members
Policy Description Displays full description of the policy, modify if required.
Restriction Details
Cycle Total Data Displays Cycle Total Data transfer limit
Transfer Limit (MB)
Only if Restriction is It is the upper limit of total data transfer allowed to the user per cycle.
based on Total Data User will be disconnected if limit is reached.
Transfer
Prerequisite
Not assigned to any User or Group
Select Policies Data transfer policy Manage policy to view list of policies
110
Cyberoam User Guide
SNAT Policy
SNAT policy tells firewall rule to allow access but after changing source IP address i.e. source IP address
is substituted by the IP address specified in the SNAT policy.
111
Cyberoam User Guide
Update policy
Select Firewall SNAT policy Manage to view the list of polices. Click the policy to be
modified.
112
Cyberoam User Guide
113
Cyberoam User Guide
114
Cyberoam User Guide
DNAT Policy
DNAT rule tells the firewall to forward the requests from the specified machine/port to the specified
machine/port.
115
Cyberoam User Guide
Update policy
Select Firewall DNAT policy Manage to view the list of polices. Click the policy to be
modified.
116
Cyberoam User Guide
117
Cyberoam User Guide
Zone Management
Use to
Update Zone details
Delete Zone
Manage Zone
Select System Zone Manage to open the manage zone page
By default the traffic to and from this zone is blocked and hence the
highest secured zone.
118
Cyberoam User Guide
Available Ports list displays the list of ports that can be binded to the
selected zone.
Member Port list displays the list of ports binded to the zone
Use Right arrow button to move the selected ports to Member Port
list.
Use Left arrow button to move the selected ports to Available Port
list.
Description Displays zone description, modify if required
Save button Saves the zone configuration
Table Edit Zone
Delete Zone
Prerequisite
No hosts attached to the zone
Note
Default Zones cannot be deleted
119
Cyberoam User Guide
Group Management
Manage Group
Update Group to:
Change Surfing time policy applied
Change Access time policy applied
Change Internet Access policy applied
Change Bandwidth policy applied
Change Data transfer policy applied
Change the login restriction for the users of the group
Add new users to the group
120
Cyberoam User Guide
Surfing quota policy, Time allotted & Expiry date changes accordingly
Time allotted Displays total surfing time allotted by Surfing Quota policy to the Group
(HH:mm) Cannot be modified
Expiry date Displays Expiry date of the Surfing Quota policy
Cannot be modified
Period Time Displays cycle hours
(HH:mm)
Only if Surfing Cannot be modified
Quota policy is
Non-Cyclic
Period Cycle Displays type of cycle
Only if Surfing
Quota policy is Cannot be modified
Non-Cyclic
Used Surfing Time Displays total time used by the Group members
Cannot be modified
Access Time policy Displays currently attached Access Time policy to the Group
Only for Normal
Group type To change
Click Access Time policy list to select
To change
Click Bandwidth policy list to select
To change
Click Data Transfer policy list to select
Click to add
121
Cyberoam User Guide
Note
122
Cyberoam User Guide
Update Group
Need may arise to change the Group setting after the creation of Group.
To Click
Show Group Members Show Group Members button
123
Cyberoam User Guide
124
Cyberoam User Guide
Delete Group
Prerequisite
No Group members defined
125
Cyberoam User Guide
User Management
Search User
Use to search the User
Click to search
Table - Search User screen elements
126
Cyberoam User Guide
Live User
Use Live users page to
view list of all the currently logged on Users
modify user details
send message to any live user
disconnect any live user
Click to change the display order Click User name link to View/Update user details
Name Displays User name
127
Cyberoam User Guide
Manage User
Update User
Manage Normal & Single Sign on Client Users
Select User User Manage Active to view the list of Users and click User name to be modified
OR
Select User User Manage Deactive to view the list of Users and click User name to be
modified
Need may arise to change the User setting after the creation of User.
To Click
Change the personal details or password Edit personal details/Change Password
of the User
Refer to Change Personal details for more
details
View User Accounts details User My Account
128
Cyberoam User Guide
Cannot be modified
Edit Personal details/Change Allows to change the Users personal details and login
Password button password
Cannot be modified
Birth date Displays Birth date of User
Email Displays Email ID of User
User My Account button Click to view/update the my account details
129
Cyberoam User Guide
Cannot be modified
Number of simultaneous login(s) Displays whether simultaneous login is allowed or not,
allowed modify if required
Policy Information
Group Displays Group in which User is defined
Change Group button Allows to change Group of the User
Cannot be modified
User Policy Expiry Date Displays Expiry date
Cannot be modified
Time used (HH:mm) Displays total time used by the User in the format
Hours: Minutes
Cannot be modified
Period time Displays allowed total cycle hours
Period Cycle Displays cycle type
Cycle Time used Displays cycle time used
Access Time Policy Displays currently assigned Access Time policy to the
User, modify if required
130
Cyberoam User Guide
Change login restriction button Click to change user login restriction applied
User My Account gives details like Personal details and Internet usage of a particular user. User can
change his/her password using this tab.
131
Cyberoam User Guide
In the task bar, double click the Cyberoam client icon and click My Account. It opens a new window
and prompts for MyAccount login Username and Password.
Opens a new window with following sub modules: Personal, Client, Account status, Logout
132
Cyberoam User Guide
Personal
Allows viewing and updating password and personal details of the user
Change Password
Select Personal Change Password
Cannot be modified
Name Displays User name, modify if required
Birth Date Displays birth date
Cannot be modified
Update Update the changes made
Table - Change Personal details screen elements
133
Cyberoam User Guide
Account status
Allows viewing Internet & Printer usage of the user
Internet Usage
Report displays IP address from where user had logged in, session start and stop time, total used time,
data uploaded and downloaded during the session and total data transferred during the session.
134
Cyberoam User Guide
Change Group
135
Cyberoam User Guide
136
Cyberoam User Guide
Delete User
User can be deleted from Active list as well as from Deactive list
137
Cyberoam User Guide
Deactivate User
User is de-activated automatically in case he has overused one of the resources defined by policies
assigned. In case, need arises to de-activate user manually, select User User Manage Active
138
Cyberoam User Guide
Activate User
To activate normal and Single sign on Client user, click User User Manage Deactive
To activate Clientless user, click User Clientless Users Manage Clientless Users
139
Cyberoam User Guide
140
Cyberoam User Guide
141
Cyberoam User Guide
Add Node
142
Cyberoam User Guide
Delete Node
Prerequisite
Not assigned to any User
143
Cyberoam User Guide
Prerequisite
IP address from Group not assigned to any User
144
Cyberoam User Guide
System Management
Configure Network
Network setting consists of Interface Configuration, DHCP Configuration and DNS Configuration.
Configure DNS
A Domain Name Server translates domain names to IP addresses. You can configure domain name
server for your network as follows.
At the time of installation, you configured the IP address of a single primary DNS server. You can change
this primary DNS server any time and also define additional DNS servers.
145
Cyberoam User Guide
Click Add
Type IP address
Click OK
Remove button Allows to remove IP address of Domain Name Server
Click Save
Redirect DNS traffic to local DNS Server
DNS traffic Redirects all the DNS traffic to Cyberoam
redirection
Click Enable to redirect
Table - Configure DNS
To add multiple DNS repeat the above-described procedure. Use Move Up & Move Down buttons to
change the order of DNS. If more than one Domain name server exists, query will be resolved according
to the order specified.
146
Cyberoam User Guide
Configure DHCP
Dynamic Host Configuration Protocol (DHCP) is a protocol that assigns a unique IP address to a device,
releases and renews the address as device leaves and re-joins the network. The device can have
different IP address every time it connects to the network.
In other words, it provides a mechanism for allocating IP address dynamically so that addresses can be
re-used.
Select System Configure Network Configure DHCP
147
Cyberoam User Guide
148
Cyberoam User Guide
Powered by Dynamic Domain Name System (DDNS), you can now access your Cyberoam server by the
domain name, not the dynamic IP address. DDNS will tie a domain name (e.g. mycyberoam.com, or
elitecore.cyberoam.com) to your dynamic IP address.
149
Cyberoam User Guide
Manage Account
Check the IP address updation status from the Manage Account page. It also displays the reason incase
updation was not successful.
150
Cyberoam User Guide
PPPoE
PPPoE Client is a network protocol that uses Point to Point Protocol over Ethernet to connect with a
remote site using various Remote Access Service products. This protocol is typically founding broadband
network of service provider. The ISP may then allow you to obtain an IP address automatically or give
you a specific IP address.
PPPoE Access Concentrator is a router that acts as a server in a Point-to-Point Protocol over Ethernet
(PPPoE) session and is used to:
For Ethernet LANs, to assign IP addresses to workstations, e.g. Multi-apartment buildings, Offices,
to provide user authentication and accounting
Schools and universities, computer classes
Connections to Wireless ISPs
Connections to xDSL providers
Access Concentrators (AC) also known as PPPoE Termination units, answer the PPPoE request coming
from a client site PPPoE application for PPP negotiation and authentication.
When using Cyberoam as a PPPoE client, computers on LAN are transparent to WAN side PPPoE link.
This alleviates Administrator from having to manage the PPPoE clients on the individual computers.
Note:
A new dynamic IP address will be leased to the PPPoE Interface, each time a new PPP session is
establish with Access Concentrator
IP address in Firewall rules will automatically change when the new IP address is leased
If multiple gateways are defined then IP address in the failover condition will automatically change
when the new IP address is leased
As IP address to PPPoE interface is assigned dynamically:
a) Network Configuration from Telnet Console will not display the PPPoE interface configuration
b) You will not be able to change the IP address of the PPPoE interface from Telnet Console using
Network Configuration
Select System Configure Network View Interface Details and click PPPoE Interface
151
Cyberoam User Guide
152
Cyberoam User Guide
1. Select System Configure Network View Interface Details and click PPPoE
Interface through which you want to establish connection
2. Click Reconnect. It establishes 128bit tunnel with Access Concentrator. Cyberoam will
automatically detect the presence of PPPoE server on the WAN interface.
153
Cyberoam User Guide
Manage Gateway
Gateway routes traffic between the networks and if gateway fails, communication with outside Network is
not possible. In this case, organization and its customers are left with the significant downtime and
financial loss.
By default, Cyberoam supports only one gateway. However, since organizations opt for multiple
gateways to cope with gateway failure problems, Cyberoam also provides an option for supporting
multiple gateways. However, simply adding one more gateway is not an end to the problem. Optimal
utilization of all the gateways is also necessary.
Cyberoam not only supports multiple gateways but also provides a way to utilize total bandwidth of all the
gateways optimally.
At the time of installation, you configured the IP address for a default gateway. You can change this
configuration any time and configure for additional gateways.
Refer to Multi link Configuration Guide for source based static routing. Policy based routing can be done
from firewall rule.
Click to save
Cancel button Cancels the current operation and returns to Manage Gateway page
Click to cancel
Table - Gateway Configuration screen elements
154
Cyberoam User Guide
DoS Settings
Cyberoam provides several security options that cannot be defined by the firewall rules. This includes
protection from several kinds of Denial of Service attacks. These attacks disable computers and
circumvent security.
Denial of Service (DoS) attack is a method hackers use to prevent or deny legitimate users access to a
service.
DoS attacks are typically executed by sending many request packets to a targeted server (usually Web,
FTP, or Mail server), which floods the server's resources, making the system unusable. Their goal is not
to steal the information but disable or deprive a device or network so that users no longer have access to
the network services/resources.
All servers can handle traffic volume up to a maximum, beyond which they become disabled. Hence,
attackers send a very high volume of redundant traffic to a system so it cannot examine and allow
permitted network traffic. Best way to protect against the DoS attack is to identify and block such
redundant traffic.
SYN Flood In this attack, huge amount of connections are send so that the backlog queue overflows.
The connection is created when the victim host receives a connection request and allocates for it some
memory resources. A SYN flood attack creates so many half-open connections that the system becomes
overwhelmed and cannot handle incoming requests any more.
Click Apply Flag to apply the SYN flood definition and control the allowed number of packets.
To generate log, enable DoS Attack logging from Network Logging Management (Telnet Console). By
default, the DoS attack logging is Off.
To enable logging:
1. Log on to Telnet Console
1. Go to Cyberoam Management>Logging Management>Network Logging Management
2. Enable/On DoS Attack Logging
User Datagram Protocol (UDP) Flood This attack links two systems. It hooks up one system's UDP
character-generating service, with another system's UDP echo service. Once the link is made, the two
systems are tied up exchanging a flood of meaningless data.
Click Apply Flag to apply the UDP flood definition and control the allowed number of packets.
To generate log, enable DoS Attack logging from Network Logging Management (Telnet Console). By
default, the DoS attack logging is Off.
To enable logging:
1. Log on to Telnet Console
2. Go to Cyberoam Management>Logging Management>Network Logging Management
3. Enable/On DoS Attack Logging
TCP attack This attack sends huge amount of TCP packet than the host/victim computer can handle.
155
Cyberoam User Guide
Click Apply Flag to apply the TCP flood definition and control the allowed number of packets.
To generate log, enable DoS Attack logging from Network Logging Management (Telnet Console). By
default, the DoS attack logging is Off.
To enable logging:
1. Log on to Telnet Console
2. Go to Cyberoam Management>Logging Management>Network Logging Management
3. Enable/On DoS Attack Logging
ICMP attack This attack sends huge amount of packet/traffic than the protocol implementation can
handle to the host/victim computer.
Click Apply Flag to apply the ICMP flood definition and control the allowed number of packets.
To generate log, enable DoS Attack logging from Network Logging Management (Telnet Console). By
default, the DoS attack logging is Off.
To enable logging:
1. Log on to Telnet Console
2. Go to Cyberoam Management>Logging Management>Network Logging Management
3. Enable/On DoS Attack Logging
Drop Source Routed Packet This will block any source routed connections or any packets with internal
address from entering your network.
To generate log, enable Dropped Source Routed Packet Logging from Network Logging Management
(Telnet Console). By default, the DoS attack logging is Off.
To enable logging:
1. Log on to Telnet Console
2. Go to Cyberoam Management>Logging Management>Network Logging Management
3. Enable/On DoS Attack Logging
Disable ICMP redirect packet An ICMP redirect packet is used by routers to inform the hosts what the
correct route should be. If an attacker is able to forge ICMP redirect packets, he or she can alter the
routing tables on the host and possibly weaken the security of the host by causing traffic to flow via
another path.
To generate log, enable Dropped ICMP Redirected Packet Logging from Network Logging Management
(Telnet Console). By default, the DoS attack logging is Off.
To enable logging:
156
Cyberoam User Guide
ARP Flooding This attack sends ARP requests to the server at a very high. Because of this server is
overloaded with requests and will not be able to respond to the valid requests. Cyberoam protects by
dropping such invalid ARP requests.
Threshold values
Cyberoam uses threshold value to detect DoS attack.
Threshold = Total number of connections/packet rate allowed to a particular user at a given time
When threshold value exceeds, Cyberoam detects it as an attack and the traffic from the said
source/destination is blocked till the lockdown period.
Threshold is applicable to the individual source/destination i.e. requests per user/IP address and
not globally to the complete network traffic. For example, if source threshold is 2500
packets/minute and the network is of 100 users then each source is allowed packet rate of 2500
packets/minute.
You can define different threshold values for source and destination.
Configuring high values will degrade the performance and too low values will block the regular requests.
Hence, it is very important to configure appropriate values for both source and destination IP address.
Source threshold
Source threshold is the total number of connections/packet rate allowed to a particular user at a given
time.
Destination threshold
Destination threshold is the total number of connections/packet rate allowed from a particular user at a
given time.
How it works
When threshold is crossed, Cyberoam detects it as an attack. Cyberoam provides DoS attack protection
by dropping all the excess packets from the particular source/destination. Cyberoam will continue to drop
the packets till the attack subsides. Because Cyberoam applies threshold value per IP address, traffic
from the particular source/destination will only be dropped while the rest of the network traffic will not be
dropped at all i.e. traffic from the remaining IP addresses will not be affected at all.
Time taken to re-allow traffic from the blocked source/destination = time taken to subside the attack + 30
seconds
157
Cyberoam User Guide
Click to view the real time updates on flooding. It displays the source IP
address - which was used for flooding and IP address which was
targeted.
Source Packets Rate Allowed Packets per minute (Packet rate)
(packets/minute)
If the packet rate exceeds, it is considered as an attack and the rest of
the packets are dropped.
158
Cyberoam User Guide
DoS will not be applied on all the requests from the specified source IP
address and port
Destination Destination Domain name or IP address on which the DoS rule is not to be
Domain name/IP applied
Address
Specify destination information
Specify * if you want to bypass the complete network
Destination Port Specify destination port address.
159
Cyberoam User Guide
DoS will not be applied on all the requests from the specified destination IP
address and port
Network Protocol
Select protocol whose traffic is to be bypassed for specified source to
destination.
For example,
If you select TCP protocol then DoS rules will not be applied on the TCP
traffic from the specified source to destination.
Create button Creates the bypass rule
Table Create DoS bypass rule screen elements
Click to delete
Table Delete DoS bypass rule screen elements
160
Cyberoam User Guide
Click Submit
Table - Reset Console Password screen elements
161
Cyberoam User Guide
Cyberoam allows enabling/disabling of following services and VPN and Traffic Discovery modules:
TFTP - Trivial File Transfer Protocol (TFTP) is a simple form of the File Transfer Protocol (FTP). TFTP
uses the User Datagram Protocol (UDP) and provides no security features.
PPTP - PPTP (Point to Point Tunneling Protocol) is a network protocol that enables secure transfer of
data from a remote client to a private server, creating a VPN tunnel using a TCP/IP based network
IRC - IRC (Internet Relay Chat) is a multi-user, multi-channel chatting system based on a client-server
model. Single Server links with many other servers to make up an IRC network, which transport
messages from one user (client) to another. In this manner, people from all over the world can talk to
each other live and simultaneously. DoS attacks are very common as it is an open network and with no
control on file sharing, performance is affected.
H323 - The H.323 standard provides a foundation for audio, video, and data communications across IP-
based networks, including the Internet. H.323 is an umbrella recommendation from the International
Telecommunications Union (ITU) that sets standards for multimedia communications over Local Area
Networks (LANs) that do not provide a guaranteed Quality of Service (QoS). It enables users to
participate in the same conference even though they are using different videoconferencing applications.
P2P Traffic Modules - Identifies peer-to-peer (P2P) data in IP traffic. It works together with connection
tracking and connection marking which helps in identifying the bigger part of all P2P packets and limit the
bandwidth rate.
Select Firewall System Modules and enable or disable the required service and modules.
162
Cyberoam User Guide
SNMP
Simple Network Management Protocol (SNMP) is used as the transport protocol for network
management. Network management consists of network management station/manager communicating
with network elements such as hosts, routers, servers, or printers. The agent is the software on the
network element (host, router, printer) that runs the network management software. In other words, agent
is the network element. The agent will store information in a management information base (MIB).
Management software will poll the various network elements/agents and get the information stored in
them. The manager uses UDP port 161 to send requests to the agent and the agent uses UDP port 162
to send replies or messages to the manager. The manager can ask for data from the agent or set
variable values in the agent. Agents can reply and report events.
SNMP terms
Trap - Alert that management station receive from the agents.
Agent - A program at devices that can be set to watch for some event and send a trap message to
a management station if the event occurs
SNMP community - Group of SNMP management stations. The community name identifies the
group. A SNMP agent may belong to more than one SNMP community. It will not respond to the
requests from management stations that do not belong to one of its communities.
163
Cyberoam User Guide
164
Cyberoam User Guide
Cyberoam MIB
The Cyberoam SNMP implementation is read-only. SNMP v1, v2c and v3 compliant SNMP managers
have read-only access to Cyberoam system information and can receive Cyberoam traps. To monitor
Cyberoam system information and receive Cyberoam traps you must compile Cyberoam proprietary
MIBs into your SNMP manager.
SNMP allows network administrators to monitor the status of the Cyberoam appliance and receive
notification of critical events as they occur on the network. The Cyberoam appliance supports SNMPv1,
SNMPv2c, and SNMPv3 and custom Management Information Base (MIB). The Cyberoam appliance
replies to SNMP Get commands for MIB via configured interface and supports a custom Cyberoam MIB
for generating trap messages. The custom Cyberoam MIB is available for download from the Cyberoam
Web site and can be loaded into any third-party SNMP management software.
The Cyberoam MIB contains fields that report current Cyberoam Appliance status information. The tables
below list the names of the MIB fields and describe the status information available for each one. You
can view more details about the information available from all Cyberoam MIB fields by compiling the
cyberoam.mib file into your SNMP manager and browsing the Cyberoam MIB fields.
165
Cyberoam User Guide
166
Cyberoam User Guide
(liAntiVirus) subscribed
asSubStatus Current subscription status for AntiSpam module
(liAntiSpam)
supportExpiryDate Subscription Expiry date for AntiSpam module, if
(liAntiSpam) subscribed
asSubStatus Current subscription status for IDP module
(liIdp)
supportExpiryDate Subscription Expiry date for IDP module, if
(liIdp) subscribed
asSubStatus Current subscription status for Web and
(liWebcat) Application Filter module
supportExpiryDate Subscription Expiry date for Web and Application
(liWebcat) Filter module, if subscribed
167
Cyberoam User Guide
Cyberoam Traps
All the SNMP communities added in Cyberoam will receive traps. All traps include the trap message as
well as the Cyberoam unit serial number or Cyberoam WAN IP address.
To receive traps, SNMP Manager must load and compile the Cyberoam MIB.
If SNMP manager has already included standard and private MIBs in a compiled database that is in use
then you must add the Cyberoam proprietary MIB to this database.
Cyberoam generates the following traps, when the specified events or conditions occur:
168
Cyberoam User Guide
Manage SNMP
You can manage the Cyberoam appliance using SNMP.
SNMP allows network administrators to monitor the status of the Cyberoam appliance and receive
notification of critical events as they occur on the network. The Cyberoam appliance supports SNMPv1,
SNMPv2c and SNMPv3 and custom Management Information Base (MIB). The Cyberoam appliance
replies to SNMP Get commands for MIB via configured interface and supports a custom Cyberoam MIB
for generating trap messages. The custom Cyberoam MIB is available for download from the Cyberoam
Web site and can be loaded into any third-party SNMP management software.
The Cyberoam SNMP implementation is read-only. SNMP v1,v2c and V3 compliant SNMP managers
have read-only access to Cyberoam system information and can receive Cyberoam traps.
169
Cyberoam User Guide
170
Cyberoam User Guide
171
Cyberoam User Guide
Select System SNMP Manage Community to view the list of communities created
172
Cyberoam User Guide
Click to delete
Table Delete SNMP Community screen elements
173
Cyberoam User Guide
Select System SNMP Manage V3 User to view list of created users. Click the user whose
details are to be updated
174
Cyberoam User Guide
Click to delete
Table Delete SNMP V3 User screen elements
175
Cyberoam User Guide
Manage Data
Backup data
Backup is the essential part of data protection. No matter how well you treat your system, no matter how
much care you take, you cannot guarantee that your data will be safe if it exists in only one place.
Backups are necessary in order to recover data from the loss due to the disk failure, accidental deletion
or file corruption. There are many ways of taking backup and just as many types of media to use as well.
Cyberoam provides facility of taking regular and reliable data backup. Backup consists of all the policies,
logs and all other user related information.
User session log Every time the user logs in, session is created. This log stores the session entries of
all the users and specifies the login and logout time.
Audit log This log stores the details of all the actions performed the User administrating Cyberoam.
Refer to Appendix A Audit Log for more details.
Virus log This log stores the details of malicious traffic requests received.
176
Cyberoam User Guide
Select
FTP backup OR
Mail backup
Only for FTP backup
FTP server Specify IP address of FTP server
User name Specify User name with which user has to logon to the FTP server
Password Specify Password
Only for Mail backup
To Mail Id Specify email address to which the backup is to be mailed
Save button Saves the configuration
Table Set Backup Schedule screen elements
177
Cyberoam User Guide
Backup Data
178
Cyberoam User Guide
Restore Data
With the help of restore facility, restore data from the backup taken. Restoring data older than the current
data will lead to the loss of current data.
Note
Restore facility is version dependant i.e. it will work only if the backup and restore versions are same e.g. if
backup is taken from Cyberoam version 7.4.0.0 then restore will work only for version 7.4.0.0 and not for any
other version.
179
Cyberoam User Guide
Purge
Purging of data means periodic deletion of the data. Cyberoam provides Auto purge and Manual purge
facility for deleting log records.
Click to enable
Save button Saves popup alert configuration
Download Purged Logs
Only if Logs have been Auto purged
Download button Allows to download the purged log files
Click to download
Delete button Deletes the purged log files
Table Configure Auto purge Utility screen elements
Note
System will preserve logs only for the specified number of days and automatically purges the logs generated
there after.
180
Cyberoam User Guide
Manual purge
Use manual purge to delete log records manually
Note
181
Cyberoam User Guide
Client Services
Client Messages
Message Management tab allows Administrator to send messages to the various users. Messages help
Administrator to notify users about problems as well as Administrative alerts in areas such as access,
user sessions, incorrect password, and successful log on and log off etc.
Message can be up to 256 characters and send to the number of users at a time.
182
Cyberoam User Guide
Data Transfer (MB) Specify remaining data transfer usage when all the users should
receive alert.
User1 will receive alert when he is left with 30 MB (20% of 150 MB)
of data transfer i.e. has done data transfer of 120 MB
User2 will receive alert when he is left with 128 MB (20% of 640
MB) of data transfer i.e. has done data transfer of 512 MB
Cycle Data Transfer Specify remaining cycle data transfer usage when all the users
(MB) should receive alert.
Cycle data transfer is the upper limit of total data transfer allowed
to the user per cycle. User will be disconnected if the limit is
reached. It is applicable the users to whom the cyclic data transfer
policies are applied.
User1 will receive alert when he is left with 30 MB (20% of 150 MB)
of data transfer per cycle i.e. has done data transfer of 120 MB
User2 will receive alert when he is left with 128 MB (20% of 640
MB) of data transfer per cycle i.e. has done data transfer of 512 MB
Save details button Saves the data transfer alert configuration
Table - Customized Client Message screen elements
183
Cyberoam User Guide
Messages Description/Reason
AlertMessageWithCycleData Message is sent to the user when the remaining cycle data
transfer is equal to the configured value.
The surfing time duration is the time in hours the User is allowed
Internet access that is defined in Surfing time policy. If hours are
exhausted, User is not allowed to access
SurfingtimeExpired Administrator has temporarily deactivated the User and will not
be able to log in because User surfing time policy has expired
LiveIPinuse Message is sent if connection is requesting a public IP Address
from the server that is already in use
Nmpoolexceedlimit Message is sent if the maximum number of IP Addresses in the
public Logon Pool at any given time has exceeded the limit
Table - List of predefined messages
184
Cyberoam User Guide
Client preferences
Use Client preference to specify
which page to open every time user logs on to Cyberoam
whether HTTP client log on page should pop up if user tries to surf without logging in
port from which Web Administration Console can be accessed
number of concurrent log on allowed
185
Cyberoam User Guide
Note
The preferences set are applicable to all the users by default i.e. by default, all the preferences set will be
applicable when the user is created. Refer to Create User, for customizing number of concurrent logins allowed
to the particular user.
186
Cyberoam User Guide
This customized message will be displayed when user tries to access the site, which is not allowed.
Select a particular category for which you want to display a different message
By default, the message specified for All Web Categories is displayed.
Disable Use Default Message, if you want to display a different message for a particular category
and modify the message
Select All File type category to customize the access deny message for all the file type
categories
3. In Denied Message, modify the message contents
4. Click Update to save if any changes are made
187
Cyberoam User Guide
Use to display your companys logo in all the messages displayed to the user.
Note
Dimension of Image should be 700 * 80 and jpg file only
188
Cyberoam User Guide
In the Login message box, specify the message to be displayed. You can further customize the
message by using clientip address, category and URL
3. Enable Blink Message to display blinking message
4. Before saving the configuration, click Preview and see how message will be displayed to the user
5. Click Save to save the configuration
189
Cyberoam User Guide
Cyberoam can also act as a HTTP proxy server. All visited static sites are cached on the Cyberoam
server hard drive. The advantage of a cache server is that it will cache the static web pages once
requested and serve them locally when requested next time.
190
Cyberoam User Guide
191
Cyberoam User Guide
Enable Parent Proxy If enabled all the HTTP requests will be sent to HTTP Proxy
Server via Cyberoam. One needs to configure Parent Proxy
when the HTTP traffic is blocked by the upstream Gateway.
Click to enable
IP address Specify IP address of Parent proxy
HTTP Proxy Port Specify parent proxy port
Save button Click to save the setting
HTTP Proxy Trusted Ports Setting
Cyberoam allows the access to those sites which are hosted on
standard port only if deployed as HTTP proxy.
You can define individual port or range of ports for http and https
protocols.
Click to enable/disable
Save button Click to save the port setting
Table - Configure HTTP Proxy screen elements
192
Cyberoam User Guide
Manage Servers
Use Services tab to Start/Stop and Enable/Disable Autostart various configured servers. According to the
requirement, one can Start, Stop, Enable or Disable the services.
Running if server is on
Stopped if server is off
Commands Starts or stops the respective servers
Enables or disables Autostart
Button Usage
Start Starts the Server whose status is Stopped
Stop Stops the server whose status is Started
Enable Autostart Automatically starts the configured server with the startup of Cyberoam
Disable Autostart Disables the Autostart process
Restart Restarts Cyberoam
193
Cyberoam User Guide
Bandwidth usage graphical report allows Administrator to monitor the amount of data uploaded or
downloaded by the Users. Administrator can use this information to help determine:
Whether to increase or decrease the bandwidth limit?
Whether all the gateways are utilized optimally?
Which gateway is underutilized?
What type of traffic is consuming the majority of the Bandwidth?
Which inbound/ outbound traffic has consumed the most Bandwidth in the last week/month?
Logon Pool wise Displays list of Logon Pools defined, click the Logon
Pool whose data transfer report is to be generated
Total Generates total (all gateways and Logon Pools) data transfer
report. Also generates Live user report
194
Cyberoam User Guide
1. Live users - Graph shows time and live users connected to Internet. In addition, shows minimum,
maximum and average no. of users connected during the selected graph period. This will help in
knowing the peak hour of the day.
X axis Hours
Y axis No. of users
Peak hour Maximum no. of live users
2. Total data transfer Graph shows total data transfer (upload + download) during the day. In
addition, shows minimum, maximum and average data transfer.
X axis Hours
Y-axis Total data transfer (upload + download) in KB/Second
Maximum
data transfer
Minimum
data
195
Cyberoam User Guide
3. Composite data transfer Combined graph of Upload & Download data transfer. Colors
differentiate upload & download data traffic. In addition, shows the minimum, maximum and
average data transfer for upload & download individually
X axis Hours
Y-axis Upload + Download in Bits/Second
4. Download data transfer Graph shows only download traffic during the day. In addition, shows
the minimum, maximum and average download data transfer.
X axis Hours
Y-axis Download data transfer in Bits/Second
196
Cyberoam User Guide
5. Upload data transfer - Graph shows only upload traffic during the day. In addition, shows
minimum, maximum and average upload data transfer.
X axis Hours
Y-axis Upload data transfer in Bits/Second
6. Integrated total data transfer for all Gateways Combined graph of total (Upload + Download)
data transfer for all the gateways. Colors differentiate gateways. In addition, shows the minimum,
maximum and average data transfer of individual gateway
X axis Hours
Y-axis Total (Upload + Download) data transfer in Bits/Second
197
Cyberoam User Guide
7. Integrated Download data transfer of all Gateways Graph shows only the download traffic of all
the gateways during the day. In addition, shows the minimum, maximum and average download
data transfer.
X axis Hours
Y-axis Download data transfer in Bits/Second
8. Integrated Upload data transfer for all the Gateways - Graph shows only the upload traffic of all
the gateways during the day. In addition, shows minimum, maximum and average upload data
transfer.
X axis Hours
Y-axis Upload data transfer in Bits/Second
198
Cyberoam User Guide
Migrate Users
Cyberoam provides a facility to migrate the existing users from PDC or LDAP server. Alternately, you can
also import user definition from an external file (CSV format file).
If you do not want to migrate users, configure for Automatic User creation. This reduces Administrators
burden of creating the same users again in Cyberoam.
Step 2: Opens the File Download window and prompts to run or save the utility. Select the appropriate
option and click OK button
199
Cyberoam User Guide
Step 4: On successful authentication, following screen will be shown. Upload the specified file.
Step 5: Change the group or status of the user at this stage, if required. To migrate all the users, click
Select All or select the individual users and click Migrate Users.
Note
After migration, for Cyberoam login password will be same as the username
Once the users are migrated, configure for single sign on login utility.The configuration is required to be
done on the Cyberoam server.
200
Cyberoam User Guide
Step 2 Change Group or Active status of user at this stage, if required. To migrate all the users, click
Select All or select the individual users and click Migrate Users.
If migration is successful, Manage Active User page will be displayed with all the migrated users as
Active users.
201
Cyberoam User Guide
3
Customization
PART
Schedule
Schedule defines a time schedule for applying firewall rule or Internet Access policy i.e. used to control
when firewall rules or Internet Access policies are active or inactive.
Types of Schedules:
Recurring use to create policies that are effective only at specified times of the day or on
specified days of the week.
One-time - use to create firewall rules/policies that are effective once for the period of time specified
in the schedule.
Define Schedule
202
Cyberoam User Guide
Select Firewall Schedule Manage Schedule to view the list of schedule and click the
Schedule name in which the schedule entry details is to be added.
203
Cyberoam User Guide
204
Cyberoam User Guide
Manage Schedule
Use to modify:
1. Schedule Name
2. Description
3. Add Schedule Entry details
4. Delete Schedule Entry details
Select Firewall Schedule Manage Schedule and click Schedule name to be updated
205
Cyberoam User Guide
206
Cyberoam User Guide
Delete Schedule
Select Firewall Schedule Manage Schedule to view the list of Schedules
207
Cyberoam User Guide
Services
Services represent types of Internet data transmitted via particular protocols or applications.
208
Cyberoam User Guide
Select Firewall Services Manage to view the list of custom services. Click service to be
modified
Click to add
Select protocol
For IP - Select Protocol No.
For TCP - Specify Source and Destination port
For UDP - Specify Source and Destination port
For ICMP Select ICMP Type and Code
Click Add
Delete button Allows to delete protocol details
209
Cyberoam User Guide
Click to select
Select All Allows to select all the services for deletion
Click to select
Delete button Deletes all the selected service(s)
Click to delete
Table - Delete Custom Service screen elements
Note
Default Services cannot be deleted
210
Cyberoam User Guide
Service Group is the grouping of services. Custom and default services can be grouped in a single group.
Using right arrow button move all the services that are to
be grouped in the Member Services list
211
Cyberoam User Guide
Using right arrow button move all the services that are to
be grouped in the Member Services list
212
Cyberoam User Guide
Select Firewall Service Group Manage to view the list of groups created.
Click to select
Select All Allows to select all the groups for deletion
Click to select
Delete button Deletes all the selected group(s)
Click to delete
Table Delete Service Group
213
Cyberoam User Guide
Categories
Cyberoams content filtering capabilities prevent Internet users from accessing non-productive or
objectionable websites that take valuable system resources from your network at the same time prevents
hackers and viruses that can gain access to your network through their Internet connections.
Cyberoam lets you prevent Internet users from accessing URLs that contain content the company finds
objectionable. Cyberoams Categories Database contains categories covering Web page subject matter
as diverse as adult material, astrology, games, job search, and weapons. It is organized into general
categories, many of which contain collections of related Internet sites with specific content focus. In other
words, database is a collection of site/host names that are assigned a category based on the major
theme or content of the site.
Web category Grouping of Domains and Keywords. Default web categories are available for use only if
Web and Application Filter subscription module is registered.
Application protocol Grouping of protocols. Standard protocol definitions are available for use only if
Web and Application Filter subscription module is registered.
Apart from the default categories provided by Cyberoam, custom category can also be created if
required. Creating custom category gives increased flexibility in managing Internet access for your
organization. After creating a new category, it must be added to a policy so that Cyberoam knows when
to enforce it and for which groups/users.
214
Cyberoam User Guide
Web Category
Web category is the grouping of Domains and Keywords used for Internet site filtering. Domains and any
URL containing the keywords defined in the Web category will be blocked.
Each category is grouped according to the type of sites. Categories are grouped into four types and
specifies whether accessing sited specified those categories is considered as productive or not:
Neutral
Productive
Non-working
Un-healthy
For your convenience, Cyberoam provides a database of default Web categories. You can use these or
even create new web categories to suit your needs. To use the default web categories, the subscription
module Web and Application Filter should be registered.
Depending on the organization requirement, allow or deny access to the categories with the help of
policies by groups, individual user, time of day, and many other criteria.
Custom web category is given priority over default category while allowing/restricting the access.
Search URL
Use Search URL to search whether the URL is categorized or not. It searches the specified URL and
displays Category name under which the URL is categorized and category description.
When a custom category is created with a domain/URL which is already categorized in default category
then the custom category overrides the default category and the search result displays custom category
name and not the default category name.
215
Cyberoam User Guide
If the module is not registered, page is displayed with the message Web and Application Filter module is
not registered. See Register Add on Modules for registering Web and Application Filter module. Module
can also be registered as Demo version if you have yet not purchased but will expire after 15 days of
registration.
Once the module is registered, the default categories can be used in Internet Access for filtering.
Select Categories Web Category Manage Default to view list of default Web Categories
Note
Default Web categories cannot be modified or deleted.
Custom web category is given the priority over the default category while allowing/restricting access.
216
Cyberoam User Guide
217
Cyberoam User Guide
Create button Creates a new custom Web Category. Web Category configuration is
incomplete until domain names or keywords are attached
Domain Management
Add button Use to define domains for the web category. Depending on the users
Internet access policy, accessing specified domain(s) will be allowed
or denied.
Click to add
Click to add
Note
Custom category name cannot be same as default category name.
Add Domain
218
Cyberoam User Guide
Note
Domains can be added at the time of creation of web category or whenever required.
Add Keyword
Note
Keywords can be added at the time of creation of web category or whenever required.
219
Cyberoam User Guide
Select Categories Web Category Manage Custom to view the list of Web categories and
click Web Category to be modified
Click to add
Click to remove
220
Cyberoam User Guide
Keywords Management
Add button Allows to add keyword(s) to the web category
Click to add
Click to remove
Click to Update
Cancel button Cancels the current operation and returns to the Manage Custom Web
Category page
Table - Update Custom Web category screen elements
Delete Domain
Click to remove
Table Delete Domain screen elements
221
Cyberoam User Guide
Delete Keyword
Click to remove
Table - Delete keywords screen elements
222
Cyberoam User Guide
Prerequisite
Not attached to any Policy
Select Categories Web Category Manage Custom to view the list of Web Categories.
Click to select
Select All Allows to select all the web categories for deletion
Click to select
Delete button Deletes all the selected web categories
Click to delete
Table - Delete Custom Web Category screen elements
223
Cyberoam User Guide
For your convenience, Cyberoam provides several default File Types categories. You can use these or
even create new categories to suit your needs.
Depending on the organization requirement, allow or deny access to the categories with the help of
policies by groups, individual user, time of day, and many other criteria.
Select Categories File Type Category Manage Default to view the list of default File
Type Categories. Click the Category to view extensions included in the Category.
224
Cyberoam User Guide
Select Categories File Type Category Create Custom to open the create page
225
Cyberoam User Guide
Select Categories File Type Category Manage Custom to view the list of File Type
Categories and click File Type Category to be modified.
Click to Update
Cancel button Cancels the current operation and returns to the Manage Custom
File Type Category page
Screen - Manage Custom File Type Category
226
Cyberoam User Guide
Prerequisite
Not attached to any Policy
Select Categories File Type Category Manage Custom to view the list of File Type
Categories created
Click to delete
Table - Delete Custom File Type screen elements
227
Cyberoam User Guide
You can also filter Internet requests based on protocols or applications other than HTTP, HTTPS or FTP,
for example those used for instant messaging, file sharing, file transfer, mail, and various other network
operations.
For your convenience, Cyberoam provides a database of default Application Protocol categories. To use
the default Application Protocol categories, the subscription module Web and Application Filter should
be registered.
If the module is not registered, page is displayed with the message Web and Application Filter module is
not registered.
See Register Add on Modules for registering Web and Application Filter module. Module can also be
registered as Demo version if you have yet not purchased but will expire after 15 days of registeration.
Once the module is registered, the default protocol categories can be used in Internet Access for filtering.
Select Categories Application Protocol Category Manage Default to view the list of
default Application protocols Categories
228
Cyberoam User Guide
Select Categories Application Protocol Category Create Custom to open the create
page
229
Cyberoam User Guide
Click to add
Note
Custom category name cannot be same as default category name.
230
Cyberoam User Guide
Select Categories Application Protocol Category Manage Custom to view the list of
custom Application Protocol Categories. Click Application Protocol Category to be modified.
Click to add
Click to remove
Click to Update
Cancel button Cancels the current operation and returns to the Manage Custom
Application Protocol Category page
Table Manage Custom Application Protocol Category screen elements
231
Cyberoam User Guide
Click to delete
Table Delete Application Protocol Category screen elements
232
Cyberoam User Guide
Prerequisite
Not attached to any Policy
Select Categories Application Protocol Category Manage Custom to view the list of
Application Protocol Categories created
Click to select
Select All Allows to select all the Categories for deletion
Click to select
Delete button Deletes all the selected Categories
Click to delete
Table - Delete Custom Application Protocol Category screen elements
233
Cyberoam User Guide
Access Control
Use Local ACLs to limit the Administrative access to the following Cyberoam services from
LAN/WAN/DMZ:
Admin Services
Authentication Services
Proxy Services
Network Services
Admin Services
HTTPS (TCP port 443) and SSH (TCP port 22) services will be open for administrative functions
for LAN zone
Authentication Services
Cyberoam (UDP port 6060) and HTTP Authentication (TCP port 8090) will be open for User
Authentication Services for LAN zone. User Authentication Services are not required for any of
the Administrative functions but required to apply user based internet surfing, bandwidth and
data transfer restrictions.
234
Cyberoam User Guide
Admin Services
Enable/disable access to Cyberoam using following service from the specified zone and
network:
HTTP
HTTPS
Telnet
Authentication Services
Enable/disable following service from the specified zone and network:
Cyberoam
HTTP
Proxy Services
Enable/disable HTTP service from the specified zone and network
Network Services
Enable/disable following service from the specified zone and network:
DNS
ICMP
235
Cyberoam User Guide
Syslog Configuration
Syslog is an industry standard protocol/method for collecting and forwarding messages from devices to a
server running a syslog daemon usually via UDP Port 514. The syslog is a remote computer running a
syslog server. Logging to a central syslog server helps in aggregation of logs and alerts.
Cyberoam appliance can also send a detailed log to an external Syslog server in addition to the standard
event log. The Cyberoam Syslog support requires an external server running a Syslog daemon on any of
the UDP Port.
The Cyberoam captures all log activity and includes every connection source and destination IP address,
IP service, and number of bytes transferred.
A SYSLOG service simply accepts messages, and stores them in files or prints. This form of logging is
the best as it provides a Central logging facility and a protected long-term storage for logs. This is useful
both in routine troubleshooting and in incident handling.
236
Cyberoam User Guide
Default: 192.168.1.254
Syslog Port Specify the port number for communication with the syslog
server.
Default: 514
Syslog Facility Select facility to be used. Cyberoam supports following
facilities for log messages received from remote servers
and network devices.
237
Cyberoam User Guide
238
Cyberoam User Guide
Click Cyberoam icon (on the rightmost corner of the screen) to get the information.
239
Cyberoam User Guide
Upgrade Cyberoam
Cyberoam provides two types of upgrades:
Automatic Correction to any critical software errors, performance improvement or changes in
system behavior leads to automatic upgrade of Cyberoam without manual intervention or
notification.
Manual Manual upgrades requires human intervention.
Automatic Upgrade
By default, AutoUpgrade mode is ON. It is possible to disable the automatic upgrades. Follow the
procedure to disable the AutoUpgrade mode:
Manual Upgrade
240
Cyberoam User Guide
Page displays the list of available upgrades and the upgrade details like release date and size. Order
specifies the sequence in which Cyberoam should be upgraded.
Type the file name with full path or select using Browse and click Upload
241
Cyberoam User Guide
Step 4. Upgrade
Once the upgrade file is uploaded successfully, log on to Console to upgrade the version.
Log on to Cyberoam Telnet Console.
Type 6 to upgrade from the Main menu and follow the on-screen instructions.
Successful message will displayed if upgraded successfully.
Repeat above steps if more than one upgrade is available. If more than one upgrade is available, please
upgrade in the same sequence as displayed on the Available Upgrades page.
242
Cyberoam User Guide
Licensing
You need a customer account to
register your Cyberoam appliance
avail 8 X 5 support
register subscription modules
subscribe for free 30-days Trial subscription
Select Help Licensing to view the list of subscription modules. Screen shows licensing status of
Appliances and subscription modules along with the subscription expiry date if subscribed.
Screen Licensing
243
Cyberoam User Guide
Select Help Licensing and click Register against your appliance name.
You need to create a customer account to register appliance. If you have already created an account,
type your username and password to register appliance and click register
244
Cyberoam User Guide
If you have not created account, fill in the form to create your customer account and register appliance.
Screen Registration
Cannot be modified
Contact person Specify name of the contact person in the company
Address, City, State, Specify complete address of the company
Country, Zip, Phone,
Fax
245
Cyberoam User Guide
Configure for proxy server if HTTP Proxy Server is used to connect to Web
Proxy Server Specify HTTP proxy server setting (name or IP address) to
connect to Cyberoam registration server
Proxy Port Specify port number if proxy server is running on the port than
other than the default port (80)
Username and Specify username and password to be used to log on to proxy
Password server (if configured)
Register button This process will create user account and register the appliance
Table - Registration screen elements
Subscribe Modules
Cyberoam includes following Subscription modules, which are not included in basic package:
Intrusion Detection and Prevention
Gateway Anti Virus
Gateway Anti Spam
Web and Application Filter
Customer has to procure a different license and subscribe for using any of the Subscription modules. You
can also subscribe for the 30-days free Trial subscription of any of the modules.
Prerequisite
Account created
Appliance registered
Select Help Licensing and click Subscribe against the module to be subscribed.
246
Cyberoam User Guide
Configure for proxy server if HTTP Proxy Server is used to connect to Web
Proxy Server Specify HTTP proxy server setting (name or IP address) to
connect to Cyberoam registration server
Proxy Port Specify port number if proxy server is running on the port than
other than the default port (80)
Username and Specify username and password to be used to log on to proxy
Password server (if configured)
Subscribe/Trial button Registers the specified module
Table Subscribe Module
247
Cyberoam User Guide
Download
Clients
Cyberoam Client supports Users using following platforms:
Windows Enables Users using Windows Operating System to log-on to Cyberoam Server
Linux Enables Users using Linux Operating System to log-on to Cyberoam server
HTTP Enables Users using any other Operating System than Windows & Linux to log-on to Cyberoam
Server
Single Sign on Client Enables Windows-migrated Users to log on to Cyberoam using Windows
Username and password.
248
Cyberoam User Guide
Documentation
Select Help Guides to download various guides
249
Cyberoam User Guide
Cyberoam Audit log can identify what action was taken by whom and when. The existence of such logs
can be used to enforce correct user behavior, by holding users accountable for their actions as recorded
in the audit log.
An audit log is the simplest, yet also one of the most effective forms of tracking temporal information. The
idea is that any time something significant happens you write some record indicating what happened and
when it happened.
Screen - Reports
2. Log on to Reports, click on the Reports link to open the reports login page in a new window
250
Cyberoam User Guide
Tailor the report by setting filters on data by arbitrary date range. Use the Calendar to select the date
range of the report.
251
Cyberoam User Guide
Entity Cyberoam Component through which the event was generated/Audit Resource Type
Entity Name Unique Identifier of Entity
Action Operation requested by entity/Audit Action
Action By User who initiated the action/Accessor name
Action Status Action result/Audit Outcome
Action IP
Entity Entity Name Action Action By Message Explanation
Status Address
Report GUI Login <username> Successful - <IP Login attempt to
address> Report GUI by User
<username> was
successful
Report GUI Login <username> Failed Wrong <IP Login attempt to
username or address> Report GUI by User
password <username> was not
successful because of
wrong username and
password
Management Login <username> Successful - <IP Login attempt to
GUI address> Management GUI by
User <username> was
successful
Management Login <username> Failed User not found <IP Login attempt to
GUI address> Management GUI by
User <username> was
not successful
because system did
not find the User
<username>
Management Login <username> Failed User has no <IP Login attempt to
GUI previllege of address> Management GUI by
Administration User <username> was
not successful as user
does not have
administrative
privileges
Configuration Started <username> Successful - <IP User <username>s
Wizard address> request to start
Configuration Wizard
was successful
Configuration Finished <username> Successful - <IP User <username>s
Wizard address> request to close
Configuration Wizard
was successful
System Started <username> Successful Cyberoam- <IP Cyberoam was
System address> successfully started by
Started the User <username>
SSh authentication <username> Successful User admin, <IP <username> trying to
coming from address> log on from <ip
192.168.1.241, address> using SSH
authenticated. client was successfully
authenticated
SSh authentication <username> Failed Login Attempt <IP Authentication of
failed from address> <username> trying to
192.168.1.241 log on from <ip
by user root address> using SSH
client was not
successful
SSh authentication <username> Failed Password <IP Log on to account
authentication address> <username> using
failed. Login to SSH client was not
account hello successful
not allowed or
account non-
existent
telnet authentication <username> Successful Login <IP Remote Login attempt
252
Cyberoam User Guide
253
Cyberoam User Guide
254
Cyberoam User Guide
by <username>
DoS Bypass DoS Bypass Insert <username> Successful - <IP DoS Bypass rule
address> inserted successfully
by
user <username>
DoS Settings DoS Settings Update <username> Successful - <IP DoS settings updated
address> successfully by
user <username>
Online Register <username> Successful - <IP User <username>
Registraion address> successfully registered
Appliance/Subscription
module(s) through
Online Registration
Upload Upload <username> Successful - <IP User <username>
Version Version address> successfully uploaded
the version
Date Update <username> Successful System time <IP Request to update the
changed from address> Date from Console by
2006-06-19 User <username> was
23:15:50 IST successful
to 2006-07-19
23:15:03 IST
Apart from the tabular format, Cyberoam allows to view the log details in:
Printable format Click to open a new window and display the report in the printer
friendly format. Report can be printed from File -> Print.
Export as CSV (Comma Separated Value) Click to export and save the report in CSV
format. Report can be very easily exported to MS Excel and all the Excel functionalities can be
used to analyze the data.
255
Cyberoam User Guide
By default, only the firewall rule logging will be ON i.e. only traffic allowed/denied by the firewall will be
logged. Refer to Cyberoam Console Guide on how to enable/disable logging.
SR.
DATA FIELDS TYPE DESCRIPTION
No.
1. Date date Date (yyyy-mm-dd) when the event occurred
For the dropped traffic - the date when the packet was dropped
by Cyberoam
2. Time time Time (hh:mm:ss) when the event occurred
For the allowed traffic - the tome when the connection was
started on Cyberoam
For the dropped traffic - the time when the packet was dropped
by Cyberoam
3. Device Name String Model Number of the Cyberoam Appliance
4. Device Id String Unique Identifier of the Cyberoam Appliance
5. Log Id string Unique 7 characters code (c1c2c3c4c5c6c7) e.g. 0101011,
0102011
Possible values:
01 Traffic - Entire traffic intended for Cyberoam
5. Log Component string Component responsible for logging
Possible values:
01 - Firewall rule
256
Cyberoam User Guide
02 - Local ACL
Event due to any traffic allowed or dropped based on the local
ACL configuration or all other traffic intended for the firewall
03 - DoS Attack
Event due to any packets dropped based on the dos attack
settings i.e. Dropped tcp, udp and icmp packets.
04 - Invalid traffic
Event due to any traffic dropped which does not follow the
protocol standards, invalid fragmented traffic and traffic whose
packets Cyberoam is not able to relate to any connection.
Refer to Invalid traffic list for more details.
06 - ICMP redirect
Event due to any ICMP Redirected packets dropped based on
the DoS attack setting
08 Fragmented traffic
Event when any fragmented traffic is dropped due to Advanced
Firewall settings. Refer to Console Guide Page no. 59 for more
details.
6. Log Sub Type string Decision taken on traffic
Possible values:
01 Allowed
Traffic permitted to and through Cyberoam based on the
firewall rule settings
02 Violation
Traffic dropped based on the firewall rule settings, local ACL
settings, DOS settings or due to invalid traffic.
7. Status string Ultimate state of traffic (accept/deny)
8. Priority string Severity level of traffic
Possible values:
01 Notice
9. Duration integer Durability of traffic
10. Firewall Rule ID integer Firewall rule id of traffic
11. User string User Id
12. User Group string Group Id of user
13. IAP integer Internet Access policy Id applied for traffic
14. In Interface string Interface for incoming traffic e.g. eth0
257
Cyberoam User Guide
Invalid traffic
Cyberoam will define following traffic as Invalid traffic:
Short IP Packet
IP Packets with bad IP checksum
IP Packets with invalid header and/or data length
Truncated/malformed IP packet
Packets of Ftp-bounce Attack
Short ICMP packet
ICMP packets with bad ICMP checksum
ICMP packets with wrong ICMP type/code
Short UDP packet
Truncated/malformed UDP packet
UDP Packets with bad UDP checksum
Short TCP packet
Truncated/malformed TCP packet
TCP Packets with bad TCP checksum
TCP Packets with invalid flag combination
Cyberoam TCP connection subsystem not able to relate TCP Packets to any connection
If Strict Internet Access Policy is applied then Cyberoam will define following traffic also as Invalid traffic:
UDP Packets with Destination Port 0
TCP Packets with Source Port and/or Destination Port 0
258
Cyberoam User Guide
Land Attack
Winnuke Attack
TCP Syn Packets contains Data
IP Packet with Protocol Number 0
IP Packet with TTL Value 0
259
Cyberoam User Guide
260
Cyberoam User Guide
to Cricket activities
CrimeAndSuicide UnHealthy Advocating, instructing, or giving advice on performing
illegal acts such as phone, service theft, evading law
enforcement, lock-picking, burglary techniques and
suicide
CulturalInstitutions Neutral Sites sponsored by museums, galleries, theatres ,
libraries, and similar institutions; also, sites whose
purpose is the display of artworks
DatingAndMatrimon Non Working Sites assisting users in establishing interpersonal
ials relationships, friendship, excluding those of exclusively
gay, or lesbian or bisexual interest and Matrimonial
Sites providing photos and details of individuals seeking
life partners
DownloadFreeware UnHealthy Sites whose primary purpose is providing freeware and
AndShareware shareware downloads of application, software, tools,
screensavers, wallpapers, and drivers
Drugs UnHealthy Sites providing information about the cultivation,
preparation, or use of prohibited drugs
EducationalInstition Productive Sites sponsored by schools, colleges, institutes, online
s education and other educational facilities, by non-
academic research institutions or that relate to
educational events and activities
EducationAndRefer Productive Sites offering books, reference-shelf content such as
enceMaterial atlases, dictionaries, encyclopedias, formularies, white
and yellow pages, and public statistical data
Electronics Neutral Sites providing information on manufacturing of
electronics and electrical equipments, gadgets,
instruments like air conditioners, Semi conductors,
Television, Storage Devices, LCD Projectors, Home
Appliances, and Power Systems etc.
Entertainment Non Working Sites providing entertainment sources for Movies,
Celebrities, Theatres, about or promote motion pictures,
non-news radio and television, humor, Comics, Kids and
Teen amusement, Jokes, and magazines
Finance Non Working Sites providing information on Money matters,
investment, a wide range of financial services,
economics and accounting related sites and sites of
National & International Insurance companies providing
details for all types of Insurances & Policies
Gambling UnHealthy Sites providing information about or promote gambling
or support online gambling, involving a risk of losing
money
Games Non Working Sites providing information about or promote electronic
games, video games, computer games, role-playing
games, or online games
Government Neutral Sites sponsored by countries, government, branches,
bureaus, or agencies of any level of government
including defence. Government associated Sites
providing comprehensive details on Tax related issues
excluding Government sites providing Visa and
Immigration services
HealthAndMedicine Productive Sites providing information or advice on personal health
s and fitness. Sites of pharmaceutical companies and
sites providing information about Medicines
HobbiesAndRecrea Non Working Sites providing information about or promote private and
tion largely sedentary pastimes, but not electronic, video, or
online games. Homelife and family-related topics,
including parenting tips, gay/lesbian/bisexual (non-
261
Cyberoam User Guide
262
Cyberoam User Guide
263
Cyberoam User Guide
264
Cyberoam User Guide
Appendix D Services
Service Name Details
All Services All Services
Cyberoam UDP (1024:65535) / (6060)
AH IP Protocol No 51 (IPv6-Auth)
AOL TCP (1:65535) / (5190:5194)
BGP TCP (1:65535) / (179)
DHCP UDP (1:65535) / (67:68)
DNS TCP (1:65535) / (53), UDP (1:65535) / (53)
ESP IP Protocol No 50 (IPv6-Crypt)
FINGER TCP (1:65535) / (79)
FTP TCP (1:65535) / (21)
FTP_GET TCP (1:65535) / (21)
FTP_PUT TCP (1:65535) / (21)
GOPHER TCP (1:65535) / (70)
GRE IP Protocol No 47
H323 TCP (1:65535) / (1720), TCP (1:65535) / (1503), UDP (1:65535) /
(1719)
HTTP TCP (1:65535) / (80)
HTTPS TCP (1:65535) / (443)
ICMP_ANY ICMP any / any
IKE UDP (1:65535) / (500), UDP (1:65535) / (4500)
IMAP TCP (1:65535) / (143)
INFO_ADDRESS ICMP 17 / any
INFO_REQUEST ICMP 15 / any
IRC TCP (1:65535) / (6660:6669)
Internet-Locator- TCP (1:65535) / (389)
Service
L2TP TCP (1:65535) / (1701), UDP (1:65535) / (1701)
LDAP TCP (1:65535) / (389)
NFS TCP (1:65535) / (111), TCP (1:65535) / (2049), UDP (1:65535) /
(111), UDP (1:65535) / (2049)
NNTP TCP (1:65535) / (119)
NTP TCP (1:65535) / (123), UDP (1:65535) / (123)
NetMeeting TCP (1:65535) / (1720)
OSPF IP Protocol No 89 (OSPFIGP)
PC-Anywhere TCP (1:65535) / (5631), UDP (1:65535) / (5632)
PING ICMP 8 / any
POP3 TCP (1:65535) / (110)
PPTP IP Protocol No 47, TCP (1:65535) / (1723)
QUAKE UDP (1:65535) / (26000), UDP (1:65535) / (27000), UDP (1:65535)
/ (27910), UDP (1:65535) / (27960)
RAUDIO UDP (1:65535) / (7070)
RIP UDP (1:65535) / (520)
RLOGIN TCP (1:65535) / (513)
SAMBA TCP (1:65535) / (139)
SIP UDP (1:65535) / (5060)
SIP-MSNmessenger TCP (1:65535) / (1863)
265
Cyberoam User Guide
266
Cyberoam User Guide
Application
Group Definition
Name
Any All Services
File Transfer FTP File Transfer Protocol is a method to transfer files from one location to
another, either on local disks or via the Internet
yahoofilexfer Yahoo Messenger file transfer
File Transfer gnucleuslan Gnucleuslan P2P client
client
imesh IMESH P2P client
File sharing Gnutella Gnutella is a system in which individuals can exchange files over the
Internet directly without going through a Web site. Gnutella is often
used as a way to download music files from or share them with other
Internet users
Kazaa A decentralized Internet peer-to-peer (P2P) file-sharing program
directconnect peer-to-peer (P2P) file-sharing program
Mail Protocol POP3 Transport protocol used for receiving emails.
SMTP A protocol for transferring email messages from one server to
another.
IMAP A protocol for retrieving e-mail messages
Chat ymsgr Yahoo Messenger
msnmessenger MSN Messenger
AOL Chat client
indiatimes Chat client
Media Player wmplayer Windows Media Player
quickplayer Quick Time Player
Voice over IP SIP (Session Initiation Protocol) Protocol for initiating an interactive user
session that involves multimedia elements such as video, voice, chat,
gaming, and virtual reality.
SIP works in the Application layer of the OSI communications model.
H323 A standard approved by the International Telecommunication Union
(ITU) that defines how audiovisual conferencing data is transmitted
across networks. It enables users to participate in the same
conference even though they are using different videoconferencing
applications.
RTSP (Real Time Streaming Protocol) A standard for controlling streaming
data over the World Wide Web
Printing IPP (Internet Printing Protocol) Protocol used for printing documents over
the web. IPP defines basic handshaking and communication
methods, but does not enforce the format of the print data stream.
Network DHCP Protocol for assigning dynamic IP addresses to devices on a network
267
Cyberoam User Guide
268
Cyberoam User Guide
269
Cyberoam User Guide
270
Cyberoam User Guide
271
Cyberoam User Guide
272
Cyberoam User Guide
273
Cyberoam User Guide
274
Cyberoam User Guide
275
Cyberoam User Guide
............224
Screen Manage Custom File Type Category...................................................................................................224
Screen - Create Custom File Type Category ......................................................................................................225
Table - Create Custom File Type screen elements ...........................................................................................225
Screen - Manage Custom File Type Category....................................................................................................226
Screen - Manage Custom File Type Category....................................................................................................226
Screen - Delete Custom File Type Category.......................................................................................................227
Table - Delete Custom File Type screen elements ...........................................................................................227
Screen - Manage Default Application Protocol Category ...............................................................................228
Screen - Create Custom Application Protocol Category ................................................................................229
Table Create Custom Application Category screen elements ...................................................................230
Screen Add Custom Application Protocol Category details.......................................................................230
276
Cyberoam User Guide
277