How To Generate Cyberoam UTM Log of Different Module For Open IView

Open iView
Log Generation of Different Module of

CYBEROAM in Open iView
ABOUT CYBEROAM:
Device:CR25iNG
Firmware Version:10.6.1 MR-4
Firmware Build: 862
Open iView Software Version:0.1.2.8
Document Date: Friday, November 28, 2014
Author: Gaurav Patel

Cyberoam Technologies Pvt. Ltd.
CyberoamHouse, Sai Gulshan Complex,Opp. Sanskruti,
Beside White House, Panchwati Cross Road,Ahmedabad-380006.Gujarat,INDIA.
Contents
Log Generation of CYBEROAM UTM for Open iView
Introduction ........................................................................................................................................... 2
Prerequisite ............................................................................................................................................ 2
Web Usage Logs ..................................................................................................................................... 4
Blocked Web Attempts Logs................................................................................................................ 10
Application Logs ................................................................................................................................... 15
Block Application Logs ......................................................................................................................... 19
Firewall Rule Based Usage ................................................................................................................... 24
Mail Usage Logs ................................................................................................................................... 28
Spam Logs ............................................................................................................................................ 32
Attacks Logs ......................................................................................................................................... 35
IM Usage Logs ...................................................................................................................................... 38
Block IM Attempts Logs ....................................................................................................................... 45
Search Engine Logs............................................................................................................................... 54
FTP Logs ................................................................................................................................................ 59
Virus Logs ............................................................................................................................................. 62
WAF Logs .............................................................................................................................................. 74
SSL VPN Logs ........................................................................................................................................ 79
Denied SSL VPN Logs............................................................................................................................ 93
VPN Logs............................................................................................................................................. 107
Internet Usage Logs ........................................................................................................................... 135
Introduction
This document describes the method of generating logs in Open iView for
different modules of Cyberoam UTM. This document describe step by step
configuration of Cyberoam UTM for each modules to generate the logs of the
same modules in Open iView.
Prerequisite
Below Mention Configuration is required in Cyberoam side.
1) Firewall:
Two default rules are available in Cyberoam. There is no need to configure anything.
1.1. Make sure that Log Firewall Traffic Button is enable in Firewall Rule .Edit Firewall Rule
and Check for it.
2) Logs & Reports:

Syslog Server configuration from Logs & Report module should be configured properly in
order to send all logs to configured OpeniView Server.
2.1.Add Syslog Server in Cyberoam UTM Device.
Logs & Reports>>Configuration>>Syslog Server
2.2. Now, Go to Log Setting and Tick Mark on Log type which you want in Open iView.
3. Gateway
Make your Cyberoam UTM as your System Gateway.
4. All Subscriptions and License should Up to Date.
Web Usage Log

To generate Web Usage logs in Open iView we need to configure Web Filter Policy in
Cyberoam UTM. Below are the steps of Web Filter Module configuration for Web Usage
logs generation in Open iView.
1. First of all make one custom Web Filter Policy from Web Filter>>>Policy>>Add>>Enter
Name and Click OK Button.

2. After making Custom Policy, Add Web Filter Policy Rule just below it. In Web Filter
Policy rule, you need to select Category Type as Web Category, Select category
which you want to allow and must define HTTP and HTTPS action as Allow. You can
also assign schedule to this rule. By default it marks as All the time.
3. Now, Apply this Web Filter Policy in Lan to Wan Firewall Rule.
Go to Firewall Rule>>Edit the Rule >>Security Policies>>Select Your Custom Web Filter
Policy in Web Filter tab.
4. Now, Do Web Surfing from your Host Machine. Open some website from your browser
like www.gmail.com, www.facebook.com, etc.
You can find Web Filter log from LOG Viewer.
Logs & Reports>>>Log Viewer>>>Select View Logs for Web Filter.
Web Usage Log in Open iView Server

You can find Cyberoam UTM Web Usage Logs in Open iView at Report>>>Web
Usage
Blocked Web Attempts Logs

To generate Block Web Usage logs in Open iView we need to configure Web Filter
Policy in Cyberoam UTM. Below are the steps of Web Filter Module configuration for
Block Web Usage logs generation in Open iView.
1. First of all make one custom Web Filter Policy from Web Filter>>>Policy>>Add>>Enter
Name and Click OK button.
2. After making Custom Policy, Add Web Filter Policy Rule just below it. In Web Filter
Policy rule, you need to select Category Type as Web Category, Select category
which you want to block and must define HTTP and HTTPS action as Deny. You can
also assign schedule to this rule. By default it marks as All the time.
10
3. Now, Apply this Web Filter Policy in Lan to Wan Firewall Rule.
Go to Firewall Rule>>Edit the Rule >>Security Policies>>Select Your Custom Web Filter
Policy in Web Filter tab.
11
4. Now, Do Web Surfing from your Host Machine. You can find Web Filter log from Log
Viewer.
Logs & Reports>>>Log Viewer>>>Select View Logs for Web Filter.
12
13
Block Web Attempts Log in Open iView Server

You can find Cyberoam UTM Block Web Attempts Logs in Open iView at
Report>>>Blocked Web Attempts
14
Application Logs
To generate Application logs in Open iView we need to configure Application Filter
Policy in Cyberoam UTM. Below are the steps of Application Filter Module configuration
for Application logs generation in Open iView.
1. First of all make one custom Application Filter Policy from Application
Filter>>>Policy>>Add>>Write Name and Click OK button.
2. After making Custom Policy, Add Application Filter Policy Rule from just below it. In
Application Filter Policy rule, Select Category, Risk, Characteristics and Technology form
Application Filter Criteria and always select action as "Allow. You can also assign
schedule to this rule. By default it marks as All the time.
15
3.Now,Apply this Application Filter Policy in Lan to Wan Firewall Rule.

Go to Firewall Rule>>Edit the Rule >>Security Policies>>Select Your Custom Application
Filter Policy in Application Filter tab.
16
4. Now, Pass Traffic using application from your host like Yahoo Messenger,
Skype,Gtalk,etc.
5. Allow Application logs automatically display Under Application Widget in Open
iView.
17
Application Logs in Open iView Server

You can find Cyberoam UTM Application Logs in Open iView at
Report>>>Application
18
Block Application Logs

To generate Block Application logs in Open iView we need to configure Application
Filter Policy in Cyberoam UTM. Below are the steps of Application Filter Module
configuration for Block Application logs generation in Open iView.
1. First of all make one custom Application Filter Policy from Application
Filter>>>Policy>>Add>>Write Down Name and Click on Ok button.
2. After making Custom Policy, Add Application Filter Policy Rule just below it. In
Application Filter Policy rule, Select Category, Risk, Characteristics and Technology form
Application Filter Criteria and always select action as "Deny. You can also assign
schedule to this rule. By default it marks as All the time.
19
3. Now, Apply this Application Filter Policy in Lan to Wan Firewall Rule.
Go to Firewall Rule>>Edit the Rule >>Security Policies>>Select Your Custom Application
Filter Policy in Application Filter tab.
20
4. Now, Pass Traffic using application from your host like Yahoo Messenger, Skype,
Gtalk,etc. .You can find Application Filter log from LOG Viewer.
Logs & Reports>>>Log Viewer>>>Select View Logs for Application Filter.
21
22
Block Application Logs in Open iView Server

You can find Cyberoam UTM Block Application Logs in Open iView at
Report>>>Blocked Application
23
Firewall Rule Based Usage

1.For Allow traffic, We need to just make one firewall rule and do web surfing, pass
traffic via any application,etc. Allow logs automatically display under Top Accept Rule,
Top Accept Rules - Application Category Wise, Top Accept Rules - Host Wise, Top
Accept Rules - Destination Wise. Also, Make sure that Log Firewall Traffic button
enable in your Firewall rule.
24

2. For Denied Firewall Rule Logs, We need to make one firewall rule and apply Action
for that rule as Drop.
2.1. Firewall>>Edit Rule>>>Apply Action as Drop.
2.2. Also, Make sure that Log Firewall Traffic button enable in your Firewall rule.
3. Now, Just do web surfing and pass traffic via some application. Deny logs
automatically display under Top Deny Rule, Top Deny Rules - Application Category
Wise, Top Deny Rules - Host Wise, Top Deny Rules - Destination Wise.
25
Firewall Rule Based Usage log in Open iView Server

You can find Cyberoam UTM Firewall Rule Logs in Open iView at
Report>>>Firewall Rule Based Usage
26
27
Mail Usage Logs

To Generate Mail Usage logs, We need to make one firewall Rule and make a tick mark
on SMTP,POP3 and IMAP under AV & AS Scanning tab at Security Policies.
1. Firewall Rule>>>Edit it>>>Security Policies>>>AV & AS Scanning>>>Tick Mark on SMTP,
POP3 and IMAP
2. Now, Open Your Mail Client like Thunder Bird. Now, Do send/Receive Mail.
28
3. We also find Mail log at LOG Viewer.

Logs & Reports>>>Log Viewer>>>Select View Logs for Anti-Spam.
29
30
Mail Usage Logs in Open iView Server

You can find Cyberoam UTM Mail Usage Logs in Open iView at Report>>>Mail
Usage.
31
Spam Logs
1.To Generate Spam logs, We need to make one firewall Rule and make a tick mark on
SMTP,POP3 and IMAP under AV & AS Scanning tab at Security Policies.
2. Now, Make one Spam Rule.

A. AntiSpam>>>Spam Rules>>>Add.
B.Add Name for Spam Rule.
C. Now, Set Recipient Email Equals as Any.
D. Now, Set Sender Email Equals as Any.
E. Now,Go to IF condition tab and select Inbound Anti Spam Module Has Identified
Mail a s Spam.
F. Now, Go to Than condition tab and Select SMTP Action as Drop and make a
tick mark on Quarantine tab.
32

G. Now, Select POP3/IMAP action as Prefix Subject and write down subject name
at TO field (You can write subject name whatever u like.) and click on OK button.
3. Now, Send mail via Mail client with Subject RPD Spam Test: Spam. We also find
Spam log at Log Viewer.
Logs & Reports>>>Log Viewer>>>Select View Logs for AntiSpam.
33
34
Spam Logs in Open iView Server

You can find Cyberoam UTM Spam Logs in Open iView at Report>>>Spam
35
Attacks Logs
1. To Generate Attacks logs, we need to make one firewall Rule and Select IPS as
lantown_Strictpolicy at Security Policies.
2. Now, Go to Command Prompt and fire below command.

COMMAND PROMPT> tracert www.facebook.com (You can write any of website
address here.)
36
3. We also find Attack logs at Log Viewer.

Logs & Reports>>>Log Viewer>>>Select View Logs for IPS.
37
Attack Logs in Open iView Server

You can find Cyberoam UTM Attacks Logs in Open iView at Report>>>Attacks
38
IM Usage Logs
1. To Generate IM Usage logs, we need to Edit firewall Rule and Enable IM Scanning
from Security Policies.
2.Now, Go to IM>>IM Rule

A. Edit imloginrule1 for Yahoo Contacts and make sure action for login rule is Allow.
Please tick mark on Privacy Disclaimer and Logging tab in that rule.
39
B. Edit conversationrule1 and select Allow for One-to-One Conversation and Group
Conversation tab. Also, Enable Content Filter and Logging tab. Select Full Data for
Logging Level Tab.
40
C. Edit filetransferrule2 and select action as Allow. Also, Enable Virus Scanning and
Logging tab.
41
D. Now, Edit webcamrule3 and select Action as Allow. Also, Enable logging tab.
42
3. Now, Open yahoo application in your system and pass traffic via that application.
Send some messages, Files and Web Cam request via Yahoo application.
4. We also find IM logs at Log Viewer.
Logs & Reports>>>Log Viewer>>>Select View Logs for IM.
43
44
IM Logs in Open iView Server

You can find Cyberoam UTM IM Usage Logs in Open iView at Report>>>IM
Usage
45
Block IM Attempts Logs

1.To Generate Block IM Attempts logs, we need to make one firewall Rule and Enable
IM Scanning from Security Policies.
2. Now,Go to IM>>IM Rule

A. Edit imloginrule1 for Yahoo Contacts and make sure action for login rule is Deny.
Please Enable Logging tab in that rule.
46
B. Now, Open Yahoo Messenger Application and try to login. Doing this exercise we are
able to generate Login Denied log.
47
C. For Login in to Yahoo Messenger Application, Edit imloginrule1 for Yahoo Contacts
and make sure action for login rule is Allow. Please tick mark on Privacy Disclaimer
and Logging tab in that rule.
48
D. Edit conversationrule1 and select Deny for One-to-One Conversation and Group
Conversation tab. Also, Enable Logging tab. Select Full Data for Logging Level Tab.
49
E. Edit filetransferrule2 and select action as Deny. Also,Enable Logging tab.
50
F. Now, Edit webcamrule3 and select Action as Deny. Also, Enable logging tab.
51
3. Now, Open yahoo application in your system and pass traffic via that application.
Send some messages, Files and Web Cam request via Yahoo application.
4. We also find Block IM logs at Log Viewer.
Logs & Reports>>>Log Viewer>>>Select View Logs for IM.
52
53
Block IM Attempts Logs in Open iView Server

You can find Cyberoam UTM Block IM Attempts Logs in Open iView at
Report>>>Blocked IM Attempts
54
Search Engine Logs

1. To Generate Search Engine logs, we need to make one firewall Rule and apply tick
mark on HTTP, HTTPS at AV & AS Scanning in Security Policies.
Firewall>>>Edit Lan to Wan Rule.
Screen Shot:
55
2.There are 6 types of Search Engine logs display by Open iView i.e. Google Search, Yahoo
Search, Bing Search, Wikipedia Search, Rediff Search and eBay Search.
For generating Search Engine Logs open below links & Search appropriate words.
1) www.google.com
2) http://search.yahoo.com
3) http://www.bing.com
4) http://www.wikipedia.org
5) http://search.rediff.com
6) http://www.ebay.com
56
Search Engine Logs in Open iView Server

You can find Cyberoam UTM Google Search Logs in Open iView at
Report>>>Search Engine>>>Google Search
You can find Cyberoam UTM Yahoo Search Logs in Open iView at
Report>>>Search Engine>>>Yahoo Search
57

You can find Cyberoam UTM Bing Search Logs in Open iView at
Report>>>Search Engine>>>Bing Search
You can find Cyberoam UTM Wikipedia Search Logs in Open iView at
Report>>>Search Engine>>>Wikipedia Search
58

You can find Cyberoam UTM Rediff Search Logs in Open iView at
Report>>>Search Engine>>>Rediff Search
You can find Cyberoam UTM eBay Search Logs in Open iView at
Report>>>Search Engine>>>eBay Search
59
FTP Logs
1.To Generate FTP logs, we need to make one firewall Rule and apply tick mark on FTP
at AV & AS Scanning in Security Policies.
Firewall>>>Edit Lan to Wan Rule.
2. Now, Access FTP server which deploy on WAN side. Here, We use local FTP server
ftp://172.16.5.222.
60

3. Upload and Download some file from that server and after some time FTP logs
available in Open Iview.
61
FTP Logs in Open iView Server

You can find Cyberoam UTM FTP Logs in Open iView at Report>>>FTP Usage
62
Virus Logs
In Open iView, we Support Web Virus Log, FTP Virus Log and Mail Virus Log.
A. Web Virus Log:
1.To Generate Web Virus logs, we need to make one firewall Rule and apply tick mark
on HTTP and HTTPS at AV & AS Scanning in Security Policies.
2. Now, Download virus from any website like http://www.eicar.org.
63
3. When you try to download virus from that website, you can see Virus detection
Message on your Screen.
4. We also find Web Virus logs at Log Viewer.

Logs & Reports>>>Log Viewer>>>Select View Logs for Anti-Virus.
64
65
WEB Virus Logs in Open iView Server

You can find Cyberoam UTM Web Virus Logs in Open iView at
Report>>>Virus>>>Web Virus
66
B.FTP Virus:
1. To Generate FTP Virus logs, we need to make one firewall Rule and apply tick mark
on FTP at AV & AS Scanning in Security Policies.
2. Now, Download Virus from FTP Server. Here, We use local FTP server Ftp://172.16.5.222
67

68
69
FTP Virus Logs in Open iView Server

You can find Cyberoam UTM FTP Virus Logs in Open iView at
Report>>>Virus>>>FTP Virus
70

C. Mail Virus:
1.To Generate Mail Virus logs, we need to make one firewall Rule and apply tick mark
on SMTP,POP3 and IMAP at AV & AS Scanning in Security Policies.
71
2. Now, Send mail which contain Virus attachment via your mail client.
72
Mail Virus Logs in Open iView Server

You can find Cyberoam UTM Mail Virus Logs in Open iView at
Report>>>Virus>>>Mail Virus.
73
WAF Logs
1.To generate WAF log need to configure Webserver at WAF>>>WEB SERVER.
Follow below steps to configure web server:
A.Define Web Server Name.(For example, Cyberoam)
B.Select Zone as Wan.
C.Select PublicIP/FQDN for Web Server Hosted on.
D.Add FQDN host in Public IP/FQDN.
D.1.Click on tab Add FQDN Host.
D.2. Write down any name at Name tab.
D.3.Apply any website address at FQDN tab.(Here, I use www.cyberoam.com)
E.Select Web Server Protocol as HTTP Only.

F.Apply Web Server Http port 80.
G.At last, Click on OK button.
74
2. Now, Make one Lan to Wan firewall rule and do below changes.
A. Name: Apply Name whatever u like (Here, I use WAF.)
B. Description: Write down Description if you want.(Here, I left this field blank.)
C. Select Source Zone as LAN and Destination Zone as WAN.
D. Make a tick mark on Attach Identity tab.
75

E. Select Any User for Identity tab.
F. Select Source Network/Host as Any IP Address and Destination Network/Host as
Cyberoam under Web Server Tab.
G. Services automatically selected as #Cyberoam.
H. Select Schedule as All the Time.
I. Select Action as Allow and make a tick mark on Apply NAT tab.
J. Dont Change Application Filter, Web Filter, IM Scanning and AV & AS scanning and
IPS Configuration.
K. Make a Tick mark on WAF tab.
L. Enable Log Firewall Traffic and Click on OK button.
76
3. After Making this rule, Move this rule to TOP position.

4. Now, access website www.cyberoam.com and find WAF log at Log Viewer.
Logs & Reports>>>Log Viewer>>>Select View Logs for WAF.
77
78
WAF Logs in Open iView Server

You can find Cyberoam UTM WAF Logs in Open iView at Report>>>WAF
79
SSL VPN Logs

There are two types of logs in SSL VPN Module:
A. Top WEB Access User
B. Top Tunnel Access User
A.Top Web Access User
1.Lan to wan Firewall rule should available.
2.Go to VPN>>>SSL.
3.Add bookmark from that location.
A.Go to VPN>>>SSL>>>Bookmark>>>Click on Add Button.
B.Apply Name for that bookmark.(Here, I use name Cyberoam.)
C.Select type as HTTP.
D.Write Down www.cyberoam.com in URL field.
E.Now,Click on OK button.
80

F. Make 10-12 different bookmark like this.
4. Now, Make SSL VPN Policy from VPN>>>SSL.
A. Go to VPN>>>SSL>>>Add.
B. Apply name whatever you want for this policy. (Here, I apply name Cyberoam.)
C. Click on All Access Mode.(Here, I select Tunnel Access, Web Access and Application
Access Mode).
D. Select Tunnel type as a Full Tunnel.
E. Enable Arbitary URL Access at Accessible Resources.
F. Select All Bookmark you added earlier and finally click on Apply button.
81
5. Now, Make one User from Identity>>>Users.

A.Go to Identity>>>Users>>Add
B.Apply Username.(Here, I use Cyber)
C.Apply Name. (Here, I use Cyber)
D.Apply Password for user we create.
E.Select User Type as User.
F.Write down proper Email Address.
G.Add Description if you want.
82
H.Select Group as Open Group.

I.Apply SSL VPN policy as Cyberoam which we created earlier and Click on OK
button to complete this process.
6. Now, Open SSL VPN portal via using WAN interface with port 8443.(Here, I use
https://172.16.6.9:8443)
83
7. Now, Login with Username Cyber which we created earlier.

8. After Login, Access Configured Bookmarks displayed under Web Access Mode.
9. You can find SSL VPN Web Access Mode log at log viewer.
84

Logs & Reports>>>Log Viewer>>>Select View Logs for System.
85
B. Top Tunnel Access User:

1. Go to VPN>>>SSL>>Tunnel Access and do below settings. In Tunnel Access Setting,
A. Select Protocol as TCP.
B. Select SSL Server Certificate as Appliance Certificate.
C. Do not change IP Lease Range.(By Default IP range is 10.81.234.5-10.81.234.55)
D. Do not Change Subnet Mask.(By default Subnet mask is /24 (255.255.255.0).)
E. Write Down Primary and Secondary DNS.(Here, I use 4.2.2.2 and 8.8.8.8).
F. Do not Change any other default configuration and Click on Apply button.
86
https://172.16.6.9:8443)
3. Login in to this portal with user Cyber which we created earlier and down load SSL
VPN Client for Windows and Configuration for SSL VPN Client .
4. Now, Install that client in another Windows machine which gateway is not your
cyberoam and Import Client configuration.
87
88
5. Now, Make one VPN to WAN Rule .

A. Go to Firewall>>>Rule>>>Add.
B. Apply Rule name.(Here, I use name VPN to WAN)
C. Add Description if you want or leave it as it is.
D. Select Source Zone as VPN and Destination Zone as WAN.
E. Do not make a tick mark on Attach Identity.
89

F. Do not change default configuration of Identity, Network/Host, Services and
Schedule.
G. Select Action as Accept.
H. Make a tick mark on Apply NAT and Select MASQ.
I. Do not change default configuration of Application Filter, Web filter IPS, IM Scanning,
WAF and AV & AS Scanning.
J. Enable Log Firewall Traffic tab and Clock on OK button.
90
6. Now,Open SSL VPN Client and Login with user Cyber which we created earlier.
91

7. Now, Do web surfing from that windows machine.
8. You can find SSL VPN Tunnel Access Mode log at log viewer.
Logs & Reports>>>Log Viewer>>>Select View Logs for Firewall.
92
SSL VPN Logs in Open iView Server

You can find Cyberoam UTM SSL VPN Logs in Open iView at Report>>>SSL
VPN>>>Top SSL VPN Users
93
Denied SSL VPN Logs

There are two types of logs in Denied SSL VPN Module:
A. Top Blocked Web Access Users
B. Top Blocked Tunnel Access Users
A. Top Blocked Web Access User
1.Lan to wan Firewall rule should available.
2. Go to VPN>>>SSL.
3. Add bookmark from that location.
A. Go to VPN>>>SSL>>>Bookmark>>>Click on Add Button.
B. Apply Name for that bookmark.(Here, I use name Cyberoam.)
C. Select type as HTTP.
D. Write Down www.cyberoam.com in URL field.
E. Now, Click on OK button.
94

F. Make 10-12 different bookmark like this.
4. Now, Make SSL VPN Policy from VPN>>>SSL.
A. Go to VPN>>>SSL>>>Add.
B. Apply name whatever you want for this policy. (Here, I apply name Cyberoam.)
C. Click on All Access Mode.(Here, I select Tunnel Access, Web Access and Application
Access Mode).
D. Select Tunnel type as a Full Tunnel.
E. Do not Enable Arbitary URL Access at Accessible Resources.
F. Select All Bookmark you added earlier and finally click on Apply button.
95

A. Go to Identity>>>Users>>Add
B. Apply Username.(Here, I use Cyber)
C. Apply Name. (Here, I use Cyber)
D. Apply Password for user we create.
E. Select User Type as User.
F. Write down proper Email Address.
G. Add Description if you want.
H. Select Group as Open Group.
I. Apply SSL VPN policy as Cyberoam which we created earlier and Click on OK
button to complete this process.
96
https://172.16.6.9:8443)
97
7. Now, Login with Username Cyber which we created earlier.

8. After Login, Access Configured Bookmarks displayed under Web Access Mode.
9. You can find Denied SSL VPN Web Access Mode log at log viewer.
Logs & Reports>>>Log Viewer>>>Select View Logs for System.
98
B. Top Tunnel Access User:

1. Go to VPN>>>SSL>>Tunnel Access and do below settings. In Tunnel Access Setting,
A. Select Protocol as TCP.
B. Select SSL Server Certificate as Appliance Certificate.
C. Do not change IP Lease Range.(By Default IP range is 10.81.234.5-10.81.234.55)
D. Do not Change Subnet Mask.(By default Subnet mask is /24 (255.255.255.0).)
E. Write Down Primary and Secondary DNS.(Here, I use 4.2.2.2 and 8.8.8.8).
F. Do not Change any other default configuration and Click on Apply button.
99
https://172.16.6.9:8443)
3. Login in to this portal with User Cyber which we created earlier and download SSL
VPN Client for Windows and Configuration for SSL VPN Client .
100
4. Now, Install that client in another Windows machine which gateway is not your
cyberoam and Import Client configuration.
101
102
5. Now, Make one VPN to WAN Rule.

103

Schedule.
G. Select Action as Drop.
I. Do not change default configuration of Application Filter, Web filter IPS, IM Scanning,
104
6. Now ,Open SSL VPN Client and Login with user Cyber which we created earlier.
105
7. Now, Do web surfing from that windows machine.

8. You can find Denied SSL VPN Tunnel Access Mode log at log viewer.
Screen Shot:
106
Denied SSL VPN Logs in Open iView Server

Not able to display records in Top Blocked Tunnel Access Users due to bug.
Refer Bug ID : Clite-6768.
You can find Cyberoam UTM Denied SSL VPN Attempts Logs in Open iView at
Report>>>Denied SSL VPN Attempts
107
VPN Logs
There are three types of logs in VPN Module.
A.PPTP
B.L2TP
C. IPSec Connection
A.PPTP:
1. Make one VPN to WAN Rule.
Schedule.
I. Do not change default configuration of Application Filter, Web filter, IPS, IM Scanning,
108
109

I. Do Not Change Default Configuration of Web Filter, Application Filter, Surfing Quota,
Access Time, Data Transfer, QOS, SSL VPN, L2TP, Quarantine Digest, Simultaneous Login,
MAC Binding, MAC Address List and Login Restriction tab.
J. Enable PPTP tab and click on Apply Button.
110
2. Now, Go to VPN>>>PPTP and follow below steps:

A. Enable PPTP tab.
B. Assign IP Range in General Setting at Assign IP From tab.(Here, I use ip range from
1.2.3.4 to 1.2.3.100.)
C. Apply Primary and Secondary DNS server at Client Information tab. (Here, I use
4.2.2.2 and 8.8.8.8).
D. Now Click on Apply button.
111
3. Now, Follow below steps in your Physical Machine:

A. Go to Control Panel>>>All Control Panel Items>>>Network and Sharing Center
B. Click on Setup New Connection or Network Tab.
112
C.Choose Connection option as Connect to a Workplace and Click on NextButton.
113

D.Now, Click on USE MY INTERNET CONNECTION (VPN) tab.
E. Now, Write Down IP Address of WAN Interface of your Cyberoam UTM and Click on
Next Button.
114

F. Now, Type Username and Password which we created earlier and click on Next
button.
G. Now, Click on Skip button and close it.

H. Now, Network Connection and find out VPN Connection over there.
115

1.Now,Right Click on VPN Connection and Go to properties.
J. Now,Click on Security Tab and Select Type of VPN as PPTP,Data Encryption as No

Encryption Allowed (Server will disconnect if it requires encryption) .
K. Select Unencrypted Password (PAP) for Allow these Protocols at Authentication field.
116
4. Now, Go to Network Connection>>>VPN Connection and apply Username and

Password for it.
117
5 .After connecting via PPTP protocol from your system, Do web Surfing.
6. You can find Tunnel Traffic using PPTP protocol log at log viewer.
118
119

B.L2TP
1. Make one VPN to WAN Rule.
Schedule.
I. Do not change default configuration of Application Filter, Web filter, IPS, IM Scanning,
120

121

I. Do Not Change Default Configuration of Web Filter, Application Filter, Surfing Quota,
Access Time, Data Transfer, QOS,SSL VPN, PPTP, QuarantineDigest,Simultaneous
Login,MAC Binding,MAC Address List and Login Restriction tab.
J. Enable L2TP tab and click on Apply Button.
122

3. Now, Go to VPN>>>L2TP and follow below steps:
A. Enable L2TP tab.
B. Assign IP Range in General Setting at Assign IP From tab.(Here, I use ip range from
69.69.69.69 to 69.69.69.70.)
C. Apply Primary and Secondary DNS server at Client Information tab.(Here, I use 4.2.2.2
and 8.8.8.8).
D. Now Click on Apply button.
123
E. Now,Click on Connection Tab and again click on Add button.

F. Write Down Connection Name whatever you like.(Here, I write L2TP.)
G. Add Description if you want to add otherwise leave it.
H. Select Policy as DefaultL2TP.
I. Select Respond Only at Action on VPN restart Tab.
J. Select Authentication type as Preshared Key.
K. Apply Preshared Key two times.
L. Select Local Wan port as Wan Interface of Your Cyberoam UTM.(Here, It is 172.16.6.9.)
M. Do not Change Local ID configuration and leave it blank.
N. Select Remote Host as *.
O. Enable Allow NAT TRAVERSAL.
P. Select Remote LAN Network as Any.
Q. Do not change Remote ID configuration and leave it blank.
R. Select Local Port as 1701.
S. Select Remote Port as * and Click on OK button.
124

4. Now, Once Connection Created click on Active button under Status tab.
5. Now, Follow below steps in your Physical Machine:

A. Go to Control Panel>>>All Control Panel Items>>>Network and Sharing Center
B. Click on Setup a New Connection or Network Tab.
125
C.Choose Connection option as Connect to a Workplace and Click on NextButton.
126

D.Now,Click on USE MY INTERNET CONNECTION (VPN) tab.
E. Now, Write Down IP Address of WAN Interface of your Cyberoam UTM and Click on
Next Button.
127

F. Now, Type Username and Password which we created earlier and click on Next
button.
G. Now, Click on Skip button and close it.

H. Now, Network Connection and find out VPN Connection over there.
128

I.Now,Right Click on VPN Connection and Go to properties.
J. Now, Click on Security Tab and Select Type of VPN as L2TP/IPSEC,Data Encryption
as Optional Encryption (Connect Even if no Encryption.).
K. Select Unencrypted Password (PAP) for Allow these Protocols at Authentication field.
129
L. Now, Click on Advance Setting Just below Type Of VPN tab and again make a tick
mark at Use Preshared Key for Authentication.
M. Apply Same Preshared key in field which we apply while We Creating L2TP
connection in Cyberoam UTM.
130
6. Now, Go to Network Connection>>>VPN Connection and apply Username and

Password for it.
131
7. Do Some Web Surfing and You can find Tunnel Traffic using L2TP protocol log at log
viewer.
132
C.IPSEC
When we Connect client via L2TP connection and Do Some Web Surfing, IPSEC log
automatically displayed in Open iView under IPSEC Widget.
133
VPN Logs in Open iView Server

You can find Cyberoam UTM VPN Logs in Open iView at Report>>>VPN
134
Internet Usage Logs

1.First of all Drop By Default rule Name as #LAN_WAN_AnyTraffic available at
Firewall>>>Rule.
2. Now,Only One Rule available in Firewall Module.

B. Apply Username.(Here, I use Cyberoam123)
C. Apply Name. (Here, I use Cyberoam123)
135

I. Do Not Change Rest of Default Configuration and Click on OK Button.
136
4. Now, Do Web Surfing from your Machine and You can find Authentication Page from
Cyberoam UTM.
137
5. Now, Apply User Name and Password and Do Web Surfing.
138

6. After Some time, Logout from Cyberoam Authentication Page.
7. You can find Internet Usage log after some time in Open iView.
Internet Usage Logs in Open iView Server

You can find Cyberoam UTM Internet Usage Logs in Open iView at
Report>>>Internet Usage
139
END
140

How To Generate Cyberoam UTM Log of Different Module For Open IView

Caricato da

Informazioni sul documento

Descrizione originale:

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

How To Generate Cyberoam UTM Log of Different Module For Open IView

Caricato da

Copyright:

Formati disponibili

Open iView

Log Generation of Different Module of

Author: Gaurav Patel

Log Generation of CYBEROAM UTM for Open iView

Log Generation of CYBEROAM UTM for Open iView

Log Generation of CYBEROAM UTM for Open iView

2) Logs & Reports:

Log Generation of CYBEROAM UTM for Open iView

Log Generation of CYBEROAM UTM for Open iView

Web Usage Log

Log Generation of CYBEROAM UTM for Open iView

Log Generation of CYBEROAM UTM for Open iView

Log Generation of CYBEROAM UTM for Open iView

Log Generation of CYBEROAM UTM for Open iView

Web Usage Log in Open iView Server

Log Generation of CYBEROAM UTM for Open iView

Blocked Web Attempts Logs

Log Generation of CYBEROAM UTM for Open iView

Log Generation of CYBEROAM UTM for Open iView

Log Generation of CYBEROAM UTM for Open iView

Log Generation of CYBEROAM UTM for Open iView

Block Web Attempts Log in Open iView Server

Log Generation of CYBEROAM UTM for Open iView

Log Generation of CYBEROAM UTM for Open iView

3.Now,Apply this Application Filter Policy in Lan to Wan Firewall Rule.

Log Generation of CYBEROAM UTM for Open iView

Log Generation of CYBEROAM UTM for Open iView

Application Logs in Open iView Server

Log Generation of CYBEROAM UTM for Open iView

Block Application Logs

Log Generation of CYBEROAM UTM for Open iView

Log Generation of CYBEROAM UTM for Open iView

Log Generation of CYBEROAM UTM for Open iView

Log Generation of CYBEROAM UTM for Open iView

Block Application Logs in Open iView Server

Log Generation of CYBEROAM UTM for Open iView

Firewall Rule Based Usage

Log Generation of CYBEROAM UTM for Open iView

Log Generation of CYBEROAM UTM for Open iView

Firewall Rule Based Usage log in Open iView Server

Log Generation of CYBEROAM UTM for Open iView

Log Generation of CYBEROAM UTM for Open iView

Mail Usage Logs

Log Generation of CYBEROAM UTM for Open iView

3. We also find Mail log at LOG Viewer.

Log Generation of CYBEROAM UTM for Open iView

Log Generation of CYBEROAM UTM for Open iView

Mail Usage Logs in Open iView Server

Log Generation of CYBEROAM UTM for Open iView

2. Now, Make one Spam Rule.

Log Generation of CYBEROAM UTM for Open iView

Log Generation of CYBEROAM UTM for Open iView

Log Generation of CYBEROAM UTM for Open iView

Spam Logs in Open iView Server

Log Generation of CYBEROAM UTM for Open iView

2. Now, Go to Command Prompt and fire below command.

Log Generation of CYBEROAM UTM for Open iView

3. We also find Attack logs at Log Viewer.

Log Generation of CYBEROAM UTM for Open iView

Attack Logs in Open iView Server

Log Generation of CYBEROAM UTM for Open iView

2.Now, Go to IM>>IM Rule