Cyberoam User Guide Version 6.0.0

CYYBBEERRO
OAAMM USSE R GU
ER UIID
DEE
VEERRSSIIO
ONN: 6.0.0.0
IMPORTANT NOTICE
Elitecore has supplied this Information believing it to be accurate and reliable at the time of printing, but is
presented without warranty of any kind, expressed or implied. Users must take full responsibility for their
application of any products. Elitecore assumes no responsibility for any errors that may appear in this document.
Elitecore reserves the right, without notice to make changes in product design or specifications. Information is
subject to change without notice.
SOFTWARE LICENSE
The software described in this document is furnished under the terms of Elitecore’s software license agreement.
Please read these terms and conditions carefully before using the software. By using this software, you agree to
be bound by the terms and conditions of this license. If you do not agree with the terms of this license, promptly
return the unused software and manual (with proof of payment) to the place of purchase for a full refund.
LIMITED WARRANTY
Software: Elitecore warrants for a period of ninety (90) days from the date of shipment from Elitecore: (1) the
media on which the Software is furnished will be free of defects in materials and workmanship under normal use;
and (2) the Software substantially conforms to its published specifications except for the foregoing, the software
is provided AS IS. This limited warranty extends only to the customer as the original licenses. Customers
exclusive remedy and the entire liability of Elitecore and its suppliers under this warranty will be, at Elitecore or its
service center’s option, repair, replacement, or refund of the software if reported (or, upon, request, returned) to
the party supplying the software to the customer. In no event does Elitecore warrant that the Software is error
free, or that the customer will be able to operate the software without problems or interruptions.
DISCLAIMER OF WARRANTY
Except as specified in this warranty, all expressed or implied conditions, representations, and warranties
including, without limitation, any implied warranty or merchantability, fitness for a particular purpose, non-
infringement or arising from a course of dealing, usage, or trade practice, and hereby excluded to the extent
allowed by applicable law.
In no event will Elitecore or its supplier be liable for any lost revenue, profit, or data, or for special, indirect,
consequential, incidental, or punitive damages however caused and regardless of the theory of liability arising out
of the use of or inability to use the product even if Elitecore or its suppliers have been advised of the possibility of
such damages. In the event shall Elitecore’s or its suppliers liability to the customer, whether in contract, tort
(including negligence) or otherwise, exceed the price paid by the customer. The foregoing limitations shall apply
even if the above stated warranty fails of its essential purpose.
In no event shall Elitecore or its supplier be liable for any indirect, special, consequential, or incidental damages,
including, without limitation, lost profits or loss or damage to data arising out of the use or inability to use this
manual, even if Elitecore or its suppliers have been advised of the possibility of such damages.
RESTRICTED RIGHTS
Copyright 2000 Elitecore Technologies Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of
Elitecore Technologies Ltd. Information supplies by Elitecore Technologies Ltd. Is believed to be accurate and
reliable at the time of printing, but Elitecore Technologies assumes no responsibility for any errors that may
appear in this documents. Elitecore Technologies reserves the right, without notice, to make changes in product
design or specifications. Information is subject to change without notice
Corporate Headquarters
Elitecore Technologies Ltd.

904 Silicon Tower,
Off. C.G. Road,
Ahmedabad – 380015, INDIA
www.cyberoam.com
Cyberoam Installation Guide
Welcome to Cyberoam User Guide

Welcome to the user guide of Cyberoam, eLitecore Technologies Ltd.’s IT resource management
software.
Congratulations on the purchase of the IT resource management software - ‘Cyberoam’ and

welcome to the Cyberoam family.
This Guide helps you manage and customize Cyberoam to meet your organization’s various
requirements including creating groups and users and assigning policies to control internet and
printer access.
Note that by default, Cyberoam Web Interface Username is ‘cyberoam’ and password is ‘cyber’. It
is recommended that you change the default password immediately after installation to avoid
unauthorized access.
Guide Organization
This Guide provides information regarding the administration, maintenance, and customization of
Cyberoam.
How do I search for relevant content?
For help on how to perform certain task use Contents
For help on a specific menu or screen function use Menu wise – Screen and Table Index
This Guide is organized into 2 parts:

Part I - Basic Configuration
It describes how to define groups and users to meet the specific requirements of your
Organization. It also describes how to define Authentication and migration process of the exisiting
groups and users from Windows.
Define User Groups and Users. Describes how to add new Users and User Group
Define Authentication process. Describes Authentication process and user migration process from
Windows.
Define Host groups. Describes how to add new host groups.
Part II Management
It describes how to manage and customize Cyberoam
Manage Groups and Users. Describes how to edit and delete Users and User Groups
Manage & Customize Policies. Describes how to define and manage Surfing quota policy, Access
time policy, Security policy, Bandwidth policy, and Printing policy
Manage Host groups. Describes how to edit and delete host groups
Manage Cyberoam server
eLitecore Technologies Ltd. 1

Manage Cache server

Manage Mail server
Customize Services, Schedules and Web categories. Describes how to create and manage Web
categories, Schedules and Services
Upgrade Cyberaom
Guide Sets
Guide Describes
Installation & Registration Guide Installation & registration of Cyberoam
User Guide
Part I – Basic Configuration Basic configuration of Cyberoam
Part II – Management Management and Customization of
Cyberoam
Detailed statistics – Reports Detailed reports
Console Guide Console Management
Client Guide Installation & configuration of Cyberoam
Clients
Analytical tool Guide Using the Analytical tool for diagnosing
and troubleshooting common problems
Technical Support
You may direct all questions, comments, or requests concerning the software you purchased, your
registration status, or similar issues to Customer care/service department at the following address:
Corporate Office
eLitecore Technologies Ltd.
904, Silicon Tower
Off C.G. Road
Ahmedabad 380015
Gujarat, India.
Phone: +91-79- 6405600
Fax: +91-79-6462200
Web site: www.elitecore.com
Cyberoam contact:
Technical support (Corporate Office): +91-79- 6400707
Email: support@cyberoam.com
Web site: www.cyberoam.com
Visit www.cyberoam.com for the regional and latest contact information.

Typographic Conventions
Material in this manual is presented in text, screen displays, or command-line notation.
Item Convention Example

Server Machine where Cyberoam Software - Server component is
installed
Client Machine where Cyberoam Software - Client component is
installed
User The end user
Username Username uniquely identifies the user of the system
Part titles Bold and
Report
shaded font
typefaces
Topic titles Shaded font
Introduction
typefaces
Subtitles Bold & Black

typefaces Notation conventions
Navigation link Bold typeface Group Management → Groups → Create

it means, to open the required page click on Group
management then on Groups and finally click Create tab
Name of a Lowercase Enter policy name, replace policy name with the specific
particular italic type name of a policy
parameter / Or
field / command Click Name to select where Name denotes command button
button text text which is to be clicked
Cross Hyperlink in refer to Customizing User database Clicking on the link will
references different color open the particular topic
Notes & points Bold typeface

to remember between the Note
black borders
Prerequisites Bold typefaces Prerequisite
between the • Prerequisite details
black borders

Cyberoam User Guide Introduction
Contents
Welcome to Cyberoam User Guide 1
Guide Organization 1
Guide Sets 2
Technical Support 2
Typographic Conventions 3
Contents 4
Introduction 7
What is Cyberoam? 7
Benefits of Cyberoam 7
Accessing Cyberoam 8
Accessing the Web Interface 8
Accessing Console via remote login utility - TELNET 8
Log on & log off from the Cyberoam Web Interface 9
BASIC CONFIGURATION 15
Define Group 18
Group 18
Define User 24
User 24
User Migration 33
Define Authentication process 35

Local (Cyberoam) Authentication 36
NTLM Authentication 36
Define Host Group 42

Host Group 42
MANAGEMENT 44
Group Management 44
Manage Group 44
Delete Group 49
User Management 50
Search User 50
Live User 51
Manage User 53
Policy Management 68
Surfing Quota policy 68
Access time policy 73
Security policy 77
Bandwidth policy 84
Printing Policy 102
Host Group Management 107

Search Node 107
Update Host Group 108

Delete Host Group 111
System Management 112

Network Management 112
Multiple Gateway configuration 112
Interface Configuration 116
DNS Configuration 117
Security – Firewall 119
DHCP 126
Reset Console Password 127
Data Store 128
Client Services 134
Cache Management 137

Enable Cache Server 138
Configure Cache 139
Define WCCP Routers 141
Define Cache 143
Routing Policy 146
Malicious HTTP traffic 148
Mail Management 151

Intra POP Service 151
Delete Intra POP service 158
Alias 159
Delete Alias 162
SMTP Configuration 163
Configure Mail Access 165
Services 167
Monitoring Bandwidth Usage 169
CUSTOMIZATION 174
Services 174
Create new Service 174
Update Service 175
Delete Service 176
Schedule 177
Create Schedule 177
Update Schedule 178
Delete Schedule 180
Web Categories 181

Create a new Web category 181
Update Web Categories 183
Delete Web Category 190
Manage File types 191
Upgrade Cyberoam 193
Module licensing 194
View and Update Company information 195
View Registration details 196

Download Clients 197

Menu wise Screen and Table Index 198

Introduction
Organizations around the world are leveraging the Internet and Information technology to gain a
competitive advantage.
Organizations invest vast amount of money in building networking infrastructures, which can
support their business goals and objectives. Staying ahead of the technology curve and achieving
competitive advantage comes at a heavy price. Despite the high levels of investment in
infrastructure and other IT resources, many organizations fail to deploy even the most basic tools
to manage their IT resources effectively.
Networking environments have become increasingly complex, with a variety of security and access
management issues. Organizations face challenges in configuring and giving access to various IT
resources and making sure the result supports organization policies.
What is Cyberoam?
Cyberoam is complete IT resource Management software that enables Business houses,
Educational institutes and other organizations to monitor and manage IT resources. It also
provides better Bandwidth management, increases Employee productivity and reduces legal
liability associated with undesirable Internet content.
Benefits of Cyberoam
1. Boost Employee productivity by
a. Blocking access to the sites like Gaming, Shopping, news, Pornography
2. Conserve bandwidth by
a. Controlling access to non-productive site access during working hours
b. Controlling rate of uploading & downloading of data
3. Load balancing over multiple links
a. Improved User response time
b. Failover solution
c. Continuous availability of Internet
d. Reduced bandwidth bottlenecks
4. Conserve Printer usage
5. Enforce acceptable Internet use, printer use and mailing policies
6. Comprehensive, easy-to-use reporting tool enabling the IT managers to compile reports on
Internet and other resources usage and consumption patterns

Cyberoam User Guide Accessing Cyberoam
Accessing Cyberoam
Three ways to access/manage Cyberoam:
1. Web based Administration console
• Used for policy configuration
• Managing users, groups and policies
• Managing System resources like printer, mail server
• Managing Firewall rules
• Managing Bandwidth
• Viewing bandwidth graphs as well as reports
2. Text based Administration/telnet console

• Used for Network and System configuration (setting up IP Addresses, setting up
gateway)
• Managing Cyberoam application
a) Using Console Interface via remote login utility – TELNET
b) Direct Console connection - attaching a keyboard and monitor directly to Cyberoam server
Accessing the Web Interface

Cyberoam Web Interface (GUI) access requires Microsoft Internet Explorer 5.5 or above
Note
Cyberoam Web Interface access requires Internet Explorer 5.5 or above
If you have logged on for the first time & not yet registered Cyberoam, refer to Installation guide for
registration. Change the default password, the first time you log on. Refer to Manage Users, Change
Personal details
Accessing Console via remote login utility - TELNET

Access Cyberoam Console with the help of TELNET utility. To use TELNET, IP Address of the
Cyberoam server is required.
To start the TELNET utility:

Click Start, and then click Run
In Open, type TELNET xxx.xxx.x.xxx
Click OK, opens a console login window and prompts to enter Password
Default password for Cyberoam TELNET console is “admin”.
Screen - Console access

Screen - Console login screen
Log on & log off from the Cyberoam Web Interface

The Log on procedure verifies validity of user and creates a session until the user logs off.
Log on procedure
To get the log in window, open the browser and type the IP Address in browser’s URL box. A
dialog box appears prompting you to enter username and password to log in. Use the default user
name ‘cyberoam’ and password ‘cyber’ to log in if you are logging in for the first time.
Asterisks are the placeholders in the password field.

Methods of Login
HTTP log in
To open unencrypted login page, in the browser’s Address box, type
http://<IP address of Cyberoam>
Screen - HTTP login screen

HTTPS log in
Cyberoam provides the secured communication method by which the User log in information is
encrypted and prevents the unauthorized users from viewing the user information. For this,
Cyberoam uses https protocol.
The secure hypertext transfer protocol (HTTPS) is a communications protocol designed to transfer
encrypted information between computers over the World Wide Web. HTTPS is http using a
Secure Socket Layer (SSL). A secure socket layer is an encryption protocol invoked on a Web
server that uses HTTPS.
HTTPS protocol opens a secure hypertext transfer session with the specified site address.
To open login over secure HTTP, type

http://<IP address of Cyberoam>
Screen - HTTPS login

Screen - HTTPS login
Screen Elements Description

Browser Address Browser opens the page specified in the Browser Address box
box
Opens the Cyberoam login screen
Webmail link Open a new login page for Web based Email
To login, enter mail account login name and password

Reports link Open a new login page for Cyberoam Reports
To login, enter Cyberoam reports login name and password

Analytical tool link Open a new login page of Network
To login, enter Network login name and password

My Account Open a new login page for My Account
To login, enter My Account login name and password

Login
User name Uniquely identifies the User of Cyberoam
If logging on for the first time, type

administrator as username
Password Password for the User name
If logging on for the first time, type

admin as the password
Login button Logs on to the Cyberoam server

Click Login
If login is successful and the copy of Cyberoam is already registered, Live

Users screen is displayed otherwise Online registration page is displayed.
Register your copy of Cyberoam if Online registration page is displayed.
To register please refer to Registration in Installation Guide.
Table - Login screen elements
Screen - Live Users screen

Screen - Registration screen
If Registration page opens, use Online or Manual registration process for registering the copy of
Cyberoam. Refer to Installation guide - Registration for detail on registration process.
Web console Authorization and Access control

By default, Cyberoam has four types of user groups:
Administrator group
Log in as Administrator group User to maintain, control and administer Cyberoam.
Administrator group User can create, update and delete system configuration & user information.
Administrator can create multiple administrator level users.
Manager group
Manager group User can only view the reports.
User group
User group User is the user who accesses the resources through cyberoam.
Clientless group
User group User who can bypass Cyberoam Client login to access resources. Cyberoam itself
takes care of login of this level user.

Log out procedure

To avoid un-authorized users from accessing Cyberoam, log off after you have finished working.
This will end the session and exit from Cyberoam.

Cyberoam User Guide Basic Configuration
PART
Basic Configuration
Once you have configured the network and registered the copy of Cyberoam, you can start using
Cyberoam. After you login successfully, following screen will be displayed which is the main
navigation point for Cyberoam. Each menu on the right most part of the screen provides access to
a different Cyberoam functionality:
Main menu
Screen - Navigation screen
Main Menu Allows to

System Management • Configure Network
• Protect Internal network from unauthorized
access
• Start and Stop utilities like DHCP server, Mail
server, Cyberoam and IntraPOP server, DNS
• Reset Console password
• Set schedule for Backup, Restore and Purge
• Set customized messages on various actions
performed
Cache Management • Configure Cache server

• Start and Stop Cache server

• Enable & Disable Caching
• Add External Cache and Routing policy
• Set Web category for blocking Malicious traffic
External Authentication • Set client authentication scheme

• Migrate Users
Policy configuration Create & manage

• Schedules
• Web Category
• Services
Policy management Create & manage

• Surfing Quota policy
• Access time policy
• Security policy
• Bandwidth policy
• Printing policy
Group Management • Create Group (Normal & Clientless)

• Manage Group
User Management • Register, Activate, Deactivate, Delete User

(Normal & Clientless)
• Add, Manage Host Group
• Search User and Node
• View Graphical Bandwidth Usage report
Mail Management • Add, Configure and Manage IntraPOP & SMTP

server
• Create and Manage Aliases
Reports • Web surfing Trends

• Web surfing reports
• Internet usage reports
• Audit log report
• Mail report
• Printer Usage report
• Cache report
Help Allows to
• Register Cyberoam
• Upgrade Cyberoam
• Download Cyberoam Client software
• Access documentations
Logout Exit Cyberoam

Table - Navigation screen elements
For your convenience, Cyberoam has certain predefined setting like - groups, policies and
services. These predefined settings are immediately available for use until configured otherwise.

If the predefined setting does not satisfy your organizations requirement, Cyberoam lets you define
Groups, Users and customized policies to define different levels of access for different users.

Basic Configuration
Cyberoam User Guide Define Group
Define Group
Group
Group is a collection of users having common policies and a mechanism of assigning access of
resources to a number of users in one operation/step.
In the form of various policies, set the appropriate bandwidth usage limit, security for preventing
users from accessing malicious sites, Internet and printer access time and combine to form a
Group.
Various policies that can be attached to the group are:

Surfing Quota policy specifying the duration of surfing time and the period of subscription
Access time policy specifying the time period during which the user will be allowed access
Security policy specifying the access strategy for the user and sites
Bandwidth policy specifying the bandwidth usage limit of the user
Printing policy specifying the printing quota of the user
For the details on the various policies, refer to Policy Management.
Using groups simplifies the management of users’ access to IT resources.
For example,
‘Research’ Group for employees of Research Department who have similar requirement like ‘Need
Internet access through the working hours’
‘DTP’ Group for employees of Printing department who have similar requirement like ‘Printer
access round the clock’
Group types
Two types of groups:
1. Normal
2. Clientless
Normal A user of this group need to logon to Cyberoam using the Cyberoam Client to access IT
resources controlled through Cyberoam.
Clientless A user of this group need not logon to Cyberoam using the Cyberoam Client to access
IT resources controlled through Cyberoam. The access is controlled using the IP Address of a
client. Symbolically represented as Group name (C)
The following decision matrix will help you in deciding which type of group is well suited for your
network configuration and purpose of use.

Basic Configuration
Decision matrix for creation of Group
Feature Normal Group Clientless Group

Logon into Cyberoam required Yes No
Type of User
Normal Yes No
Clientless No Yes
Apply Login restriction Yes No
Apply Surfng Quota policy Yes No
Apply Access time policy Yes No
Apply Bandwidth policy Yes Yes
Apply Security policy Yes Yes
Apply Printer policy Yes Yes
Table - Group creation - Decision matrix

Basic Configuration
Create Group
Is U ser and Network

No
requirement satisf ied
by def ault policies
Create Yes
requiredpolicy
NormalGroup Clientless Group
AssignSurf ing Assign

time policy Security policy
Assign Access Assign

time policy Bandwidth
policy
Assign
Security policy Assign Printing
policy
Assign Bandwidth
policy
Assign
Printing policy
Apply Login
restriction

Basic Configuration
Cyberoam User Guide Create a New Group
Create a New Group

To create a new group, first define the group and assign policies to that group. After the creation of
the group, add as many of users required in the group.
Prerequisite
• Surfing Quota policy created
• Access time policy created
• Security policy created
• Bandwidth policy created
• Printing policy created
• Host group created if login is to be restricted to a particular Node/IP Address
Select Group Management Æ Groups Æ Create to open the create group pane
Screen - Create Normal group

Basic Configuration
Screen - Create Clientless group

Create Group
Group name Assigns name to the Group. Choose a name that best
describes the Group
Allows maximum of 30 characters

Can be any combination of A – Z, a – z, ‘_’, 0 - 9
Group type Specifies type of Group
Click Group type to select
Select Normal if Group members have to login to Cyberoam

Client
Select Clientless if Group members do not have to login to
Cyberoam Client
Surfing Quota Policy Assigns Surfing Quota Policy to the Group
Only for ‘Normal’ Click Surfing Quota Policy list to select

Group type
By default, ‘Unlimited policy’ is assigned to Clientless
Group type
Refer to Surfing Quota Policy for details

Access time Policy Assigns Access time Policy to the Group
Only for ‘Normal’ Click Access time Policy list to select

Basic Configuration
Group type
By default, ‘Unlimited policy’ is assigned to ‘Clientless’
Group type
Refer to Access time Policy for details

Security Policy Assigns Security Policy to the Group
Click Security Policy list to select
Refer Security Policy for details

Bandwidth Policy Assigns Bandwidth Policy to the Group
Click Bandwidth Policy list to select
Refer Bandwidth Policy for details

Printing Policy Assigns Printing Policy to the Group
Click Printing Policy list to select
Refer Printing Policy for details

Login Restriction
(Only for ‘Normal’ Group type)
Select any one option Allow to apply login restriction
Available options
1) Allowed login from all nodes
Allows Users defined under the Group to login from all the
nodes
2) Allowed login from the selected nodes

Allow Users defined under the Group to login from the selected
nodes only. Refer to Manage Group - Add Node for assigning
the login nodes restrictions to the Group
Click to select
Create button Creates the Group
Cancel button Cancels the current operation
Table - Create Group screen elements
Note
You can create the group and add the user to the group later

Define User
Cyberoam User Guide Create a User
Define User
User
Users are identified by an IP address or a user name and assigned to a group. All the users in a
group inherit the policy defined for that group. Refer to Policy Management to define new policies.
User types
Two types of Users:
1. Normal
2. Clientless
3. Single Sign on
Normal User has to logon to Cyberoam. Cyberoam client (client.exe) installed on the User
machine or user can use HTTP Client component and all the policy-based restriction are applied.
Clientless Cyberoam client component (client.exe) not installed on the User machines.
Symbolically represented as User name (C)
Single Sign on If the User is configured for Single sign on, whenever User logs on to Windows,
he/she is automatically logged to the Cyberoam. Symbolically represented as User name (S)
Use following decision matrix to decide which type of the user should be created.
Decision matrix for creation of User
Feature Normal User Clientless User Single Sign on User

User Login required Yes No No
Type of Group
Normal Yes No Yes
Clientless No Yes No
Apply Login restriction Yes Yes Yes
Apply Surfng Quota policy Yes No No
Apply Access time policy Yes No No
Apply Bandwidth policy Yes Yes Yes
Apply Security policy Yes Yes Yes
Apply Printer policy Yes Yes Yes
Table - Create User - Decision matrix

Define User

Define User
Create a User
Prerequisite
• Group created – for Normal Users only
Select User Management Æ Manage Users Æ Create to open the create user pane
Screen - Create User

User Information
Name Name of the User

Can be any combination of A – Z, a – z, ‘_’, 0 – 9
Username A name that uniquely identifies user & used for logging

Can be any combination of A – Z, a – z, ‘_’, 0 – 9
Password Assigns Password

Define User

Confirm Password Confirms password
Should be same as typed in Password field

User Type Specifies the type of User
Click User type list to select
Refer to Add Clientless User to create clientless user

User Group Information
Group Assigns User to the User Group
Click Group list to select

Show details link Open a new Window and displays the details of the selected Group
Refer to Show details table

Login Restriction
Select any one Allows to apply login restriction
option
Available options
1) Allowed login from all nodes
Allows Users to login from all the nodes in the network
2) Allowed login from the Group nodes

Allows Users to login only from the nodes assigned to the group
3) Allowed login from the selected nodes

Allows Users to login from the selected nodes only
Nodes from which the User is allowed login can be assigned after
creating the user.
Click to select
Personal details link Allows to enter the personal details of the user
Refer to Personal details table

Table - Create User screen elements
Show details table

Group name Group name
Surfing Quota policy Surfing Quota policy assigned to the group
Access time policy Access time policy assigned to the group
Security policy Security policy assigned to the group
Bandwidth policy Bandwidth policy assigned to the group
Printing policy Printing policy assigned to the group
Allotted time (HH:mm) Allotted time to the group
Expiry date Expiry date
Used minutes Used minutes
Close button Closes window
Table - Show Group details screen elements

Define User
Personal details table

Personal Information
Birth date Birth date of the User
Use Popup Calendar to enter date

Email Email ID
Table - Personal details screen elements

Define User
Create Clientless users
To add multiple clientless users

Creates Clientless users with given IP addresses as their username. Change the Username of the
clientless users if required.
Prerequisite
• Clientless Group created
Select User Management Æ Clientless Users Æ Bulk Registration to open the create
user pane
Screen - Create multiple Clientless users

Host Group Details
Host Group name Name of the Host group

Is Host group public Click to Select, if the IP Addresses assigned to the
Users are live IP Addresses
Bandwidth policy Assigns Bandwidth Policy to the User
Click Show details link to view the details of the

Define User
policy
Description Full description

Machine details
From – To Range of IP Address will be used by the Users to
login
Machine name Machine name

Select Group
Group Assigns User to the selected group

Create Creates a Clientless User
Table - Create multiple Clientless user screen elements

Define User
Add a single clientless user
Prerequisite
• Group created
• Host group created
Select User Management Æ Clientless Users Æ De Activated Clientless Users Æ

Add Clientless User to open the create user pane
Screen - Create single Clientless user

User Information
Name Name of the User or IP Address

Username A name that uniquely identifies user & used for logging

Auto login Specifies whether the user should be logged in automatically after
registering
Yes – Automatically logs in as soon as registered successfully i.e.

becomes a live user
No – User is registered but is in De-active mode and has to be activated

before he/she can log in. Refer to Activate Clientless User for details

Define User
User type Displays User type

User Group Information
Group Defines User in the selected Group

Show details link Open a new window and displays the details of the selected group
Click to view details

Login Restriction
Allowed Login from IP Specifies the IP address from which the User is allowed to Login
Address
Click Select Node, opens a new window and allows select the IP Address
Refer to Select Node table for details

Personal details link Allows to enter the personal details of the user
Refer to Personal details table

Register Registers a clientless user
Table - Create single Clientless user screen elements

Birth date Birth date of the User
Use Popup Calendar to enter date

Email Email ID
Select Node table

Host Group name Host group from which the Node/IP address is to
be added
Click Host Group name list to select

Select Selects the Node
Apply Restriction button Applies login restriction
Close button Closes the window
Table - Select Node screen elements
NOTE
Duplicate Usernames cannot be created
Make sure that subnets or individually defined IP addresses do not overlap
If you are assigning a new user to a group, the group must be created first. Refer to Create Groups to
create new groups

Basic Configuration
Cyberoam User Guide Define Authentication process
User Migration
Cyberoam provides a facility to migrate the existing users from (Primary Domain Controller) PDC
server. This reduces the Administrator’s burden of creating the same users again in Cyberoam.
All the migrated users will be created under the Group type – ‘Normal’ and default policies will be
applied. Administrator can change the assigned group or status at this stage or later.
After migration, Username will be set as password in Cyberoam.
Select External Authentication Æ User Data Migration Æ User Data Migration to

open the migration pane
Step 1: Click Download User Migration Utility link
Screen - Download User Migration Utility
Step 2: Opens the File Download window and prompts to run or save the utility. Select the
appropriate option and click OK button
Screen - Save User Migration Utility

Basic Configuration
Step 3: Opens a new browser window and prompts for the login. Provide the administrator
username and password. E.g. Username: “cyberoam” and password: “cyber”
Step 4: On successful authentication, following screen will be shown. Upload the specified file.
Screen – Upload downloaded User Migration Utility
Step 5: Change the group or status of the user at this stage, if required. To migrate all the users,
click Select All or select the individual users and click Migrate Users.
Screen - Register migrated users
Note
After migration, for Cyberoam login password will be same as the username
Once the users are migrated, configure for single sign on login utility.The configuration is required
to be done on the Cyberoam server.
If the user is configured for Single sign on, whenever User logs on to Windows, he/she is
automatically logged to the Cyberoam also. Single sign on also supports multiple log on facility.

Basic Configuration
Define Authentication process

User has to be authenticated by Cyberoam before accessing any resources controlled by
Cyberoam. Clientless users need not logon into Cyberoam but automatically logs on at system
startup. Single sign on Client users automatically logs on into Cyberoam when they log on in
Windows.
If Single sign on is enabled then NTLM should be enabled so that Users can check their
Myaccount using their windows password
Cyberoam supports two types of Authentication:

1. Local (Cyberoam)
2. NTLM
Use the following decision matrix for defining the Authentication type for the various users.
Decision matrix for Authentication
Type of User Authentication

Migrated User NTLM
Normal User Local (Cyberoam)
Clientless User No authentication required
Table - Authentication - Decision matrix
Authentication
MigratedUsers NormalUsers Clientless Users
No
NTLM Cy beroam Authentication
required
Single Sign
on
Recommended

Basic Configuration
Local (Cyberoam) Authentication

The Cyberoam server performs authentication i.e. User is authenticated directly by the Cyberoam
server.
NTLM Authentication
This authentication mechanism allows Users to access using their Windows authentication tokens.
(login/user name and password).
Cyberoam sends the user authentication request to the PDC and the Windows server
authenticates the user as per supplied tokens.
Note
If the PDC server is down then the authentication request will always return as a message as ‘Wrong
username/password’
It is necessary to have shared NETLOGON directory on PDC with the following permissions:
Read, Read & Execute, List Folder Contents

Basic Configuration
Single Sign on Client Configuration

Single sign on provides password synchronization for Users of Windows and Cyberoam. i.e. if the
user is configured for Single sign on, whenever User logs on to Windows, he/she is automatically
logged to the Cyberoam also.
Once the Users are migrated successfully, follow the procedure to configure for Single Sign on
login utility.
If Single sign on is configured then NTLM authentication should be enabled so that Users can
check their Myaccount using their windows password
Step 1 Download the Cyberoam Single Sign on client as shown in the below screen shot and save
SSCyberoam.exe to the NETLOGON scripts directory on the domain controller or as per your
configuration. The logon scripts contain the configuration parameters for the initial user
environment.
The default location of NETLOGON directory is given below:
Server OS NETLOGON default location

Windows NT %SYSTEMROOT%/system32/Repl/Import/Scripts
Windows 2000 %SYSTEMROOT%/SYSVOL/sysvol/%USERDNSDOMAIN%/Scripts
Table - Default NETLOGON directory location

Basic Configuration
Screen - Download Single sign on Client
Go to step 2 if logon scripts for the Users are already created

Go to step 3 if logon scripts for the Users are not created
Note
If logon scripts for all the Users already exist, please do not download “Logon Script Updation Utility” and
execute the script “defaultlogonscript.bat”,
Step 2 If the logon scripts are already created, then Update them. Edit the logon script using
any of the available Editors like Notepad and add the following line in the script and save the
script:
start \\PDCServerName\netlogon\SSCyberoam.exe IP address of the Cyberoam Server

E.g., start \\mypdc\netlogon\SSCyberoam.exe 192.168.1.100
Whenever the User tries to logon in Windows, the logon script will be executed. The above
statement in logon script executes the Cyberoam logon program with the Windows Username and
automatically logs in User to the Cyberoam.
Step 3 If the logon scripts are not created

Create a new script - “defaultlogonscript.bat” using any of the available Editor like Notepad
Add line
start \\PDCServerName\netlogon\SSCyberoam.exe IP address of the Cyberoam Server
E.g., start \\mypdc\netlogon\SSCyberoam.exe 192.168.1.100
Copy the script - “defaultlogonscript.bat” to NETLOGON scripts directory. Refer to step 1 to find
location of the NETLOGON scripts directory
Download Logon Script Updation Utility as shown in the below screen shot and save the script as
“updatelogonscript.bat” in the root directory of the server
Open the command prompt

Basic Configuration
Screen - Download User Logon Script Updation utility
Execute “updatelogonscript.bat” at the command prompt as follows:

updatelogonscript.bat defaultlogonscript.bat
This will update/add the logon script of the Users in the domain to defaultlogonscript.bat
Screen - LOGON script change utility
Whenever the User tries to logon in Windows, the script “defaultlogonscript.bat” will be executed
which in turn executes the Cyberoam logon program with the Windows Username and
automatically logs in User to the Cyberoam.
If the User has logged in successfully using Single Sign on utility, then (S) will shown besides the
Username e.g. Joe (S) in the Live User list
Some Exception Conditions
1. If the User does not exist in Cyberoam, message ‘Wrong Username/Password’ will be displayed

Basic Configuration
2. Logon script will not execute if Domain Controller is down and User will not be able to log on to
Cyberoam and Internet access will not be available
Once PDC is up, Users will have to re-logon
3. If Cyberoam is down or not reachable, the Cyberoam Single Sign client will continuously try to logon,
and as soon as it is up Internet access will be available
Select External Authentication Æ Client Authentication Æ Client Authentication
Screen - Add Authentication server

Current Authentication Scheme
Current Displays the current authentication mechanism and allows
Authentication to update
Click Current Authentication list to select

Authentication Servers
Add button Allows to add IP Address of NTLM server
Click Add to add

Opens a new window
Type

Basic Configuration
Server IP Address
Server Details
Click OK
Repeat above steps to add more than one server

Remove button Removes the selected server from the list
Update button Updates the list
Table - Add Authentication screen elements
Note
It is possible to authenticate Users of multiple PDC servers

Basic Configuration
Cyberoam User Guide Define Host Group
Define Host Group

Host Group
Host group is a collection of a single IP addresses or range of IP addresses.
Add IP addresses/Nodes at the time of creation of Host group or after the creation.
Create a new Host Group
Prerequisite
• Bandwidth policy created
Select User Management Æ Host Group Management Æ Create
Screen - Create Host group

Host Group Details
Host Group name Name of the Host group

Is Host group public Public IP addresses are IP addresses which are routable over
the Internet and do not need Network Address Translation
(NAT)

Basic Configuration
Cyberoam User Guide Define Host Group
Click to Select, if the IP Addresses assigned to the Users are

Public IP addresses
Bandwidth policy Assigns Bandwidth Policy to the host group
Click Show details link to view the details of the policy


Machine details
From – To Range of IP Address
Machine name Machine name
Create Creates a Host group
Table - Create Host group screen elements

Management
Cyberoam User Guide Group Management
PART
Management
Group Management
Manage Group
Select Group Management Æ Group Æ Manage and click the Group to modify
Screen - Manage Group

Management

Group Information
Show Group members Opens a new window and displays the details of all the
button group members
Surfing Quota policy Displays the currently attached Surfing Quota policy to
the Group
Change policy button Click to change the attached Surfing Quota policy
Only for ‘Normal’ Group
type Opens a new window and allows to select a new Surfing
Quota policy
Click Change policy

Click Select to select from available policy
Click Done to confirm the selection
Click Cancel to cancel the operation
Surfing quota policy, Time allotted & Expiry date changes

accordingly
Time allotted Displays the total surfing time allotted by the Surfing
Quota policy to the Group
Cannot be modified
Expiry date Displays the Expiry date of the Surfing Quota policy
Cannot be modified
Used Surfing time Displays the total time used by the Group members
Cannot be modified
Access time policy Displays the currently attached Access time policy to the
Only for ‘Normal’ Group Group
type
To change
Click Access time policy list to select
To view the details of the access time policy

Click Show details
Security policy Displays the currently attached Security policy to the
Group
To change
Click Security policy list to select
To view the details of the Security policy

Click Show details
Bandwidth policy Displays the currently attached Bandwidth policy to the
Group
To change
Click Bandwidth policy list to select
To view the details of the bandwidth policy

Click Show details
Printing policy Displays the currently attached Printing policy to the
Group

Management
To change
Click Printing policy list to select
To view the details of the printing policy

Click Show details
Login Restriction
Only for ‘Normal’ Group type
Display the login restriction applied to the Group
Change Login Restriction Click to change the login restriction
button
Refer to Change Login restriction for details
Save button Saves the modified details
Reapply Current policy Reapplies all the current policies at the time renewal
button
Table - Manage Group screen elements
Note
Any changes made are applicable to all the group members
Update Group
Need may arise to change the Group setting after the creation of Group.
To Click
View Group members ShowGroupMembers button
Refer to View Group members for details

Select Node/IP address for Login restriction Change Login Restriction button
Only for ‘Normal’ Group type Refer to Select Node for details
Change Surfing Quota Policy Change Policy button

Change Access time Policy Access time Policy list
Change Security Quota Policy Security Quota Policy list
Change Bandwidth Policy Bandwidth Policy list
Change Login Restriction Change Login Restriction button

Table - Need to Update group
View Group members
Screen - View Group members

Management

Total members Total members/users of the Group
Username User name
Name with which the Employee logs in

Employee Name Employee name
Allotted Time Total Allotted time to the user
Refer to Access time policy for details

Expiry Date Expiry date of the policy attached to the User
Refer to Surfing time policy for details

Used time Total time used by the User
Close button Closes the window
Table - View Group members screen elements
Select Node/IP address for Login restriction
Screen - Apply Login restriction

Management

Login Restriction
Displays the current login restriction
Click to change the current restriction
Save button Saves if the restriction is changed
Select Node(s) button Click to select the Node for restriction
Only if the option ‘Allowed login
from selected nodes’ is selected
IP address Displays IP address
Machine name Displays Machine name if given
Allowed from Click to select
Multiple nodes can be selected

Apply Restriction button Applies the login restriction for the group members i.e.
Group members will be able to login from the above
selected nodes only
Table - Apply Login restriction screen elements

Management
Delete Group
Prerequisite
• No Group members defined
Select Group Management Æ Group Æ Manage and view the list of Groups
Screen - Delete Group

Del Select Group(s) for deletion
Click Del to select
More than one Group can also be selected

Select All Selects all the Groups
Click Select All to select all the Groups for

deletion
Delete Group button Delete the selected Group(s)
Table - Delete Group screen elements

Management
Cyberoam User Guide User Management
User Management
Search User
Use Search User Tab to search the User
Select User Management Æ Manage Users Æ Search User
Screen - Search User

Search User
Enter Username or name of the Search criteria
employee
Search User button Searches all types of users based on the
entered criteria
Click Search to search

Table - Search User screen elements
Search criteria Result

Mark Details of the user ‘Mark’
A Details of all the users whose User name or Name contains ‘a’
192.9.203.102 Details of the user ‘192.9.203.102’
8 Details of all the users whose User name or Name contains ‘8’
Table - Search User - Result

Management
Live User
Live users report gives the details of all the users currently logged in Users.
Select User Management Æ Live Users Æ Live User
Screen - Live Users
Report Columns Description

Total Users connected Displays currently connected total users (Normal Clientless &
Single sign on client Users)
Current System time Displays current system time in the format - Day, Month
Date,HH:MM
User name Name with which user has logged in
Click to change the display Click User name link to View/Update user details
order
Name Employee name
Click Name link to view Group and policies details attached to

the User
Connected from IP address of the machine from which user has logged in
Click to change the display

order
Live IP Live IP address if User has logged in using live IP
Start time Login time

order
Time (HH:mm) Time used in hours and minutes
Upload Data transfer Data uploaded

order

Management
Download Data transfer Data downloaded

order
Bandwidth (bits/sec) Bandwidth used
Select Select User for sending message or disconnecting
More than one User can be selected

Send message button Send message to the selected User(s)
Disconnect button Disconnects the selected User(s)
Table - Live User screen elements

Management
Manage User
Update User
Manage Normal & Single Sign on Client Users
Select User Management Æ Manage Users Æ Manage Active to view the list of Users
and click the User name to modify
OR
Select User Management Æ Manage Users Æ Manage Deactive to view the list of
Users and click the User name to modify
Manage Clientless Users

Select User Management Æ Clientless Users Æ Deactivated Clientless Users to
view list of Users and click the User name to modify
OR
Select User Management Æ Live Users Æ Live User to view list of Users and click the
User name to modify

Management
Screen - Manage User

Username Displays the username with which the user has
logged on
Cannot be modified
Edit Personal details/Change Allows to change the Users personal details and

Management
Password button login password
Click Edit Personal details to change
Refer to Personal details table for details

Name Displays User/Employee name
Cannot be modified
Birth date Displays Birth date of User
Email Displays Email ID of User
User My Account button Click to view/update the my account details
Refer to User My Accounts

Cannot be modified
Policy Information
Group Displays Group name in which User is defined
Change Group button Allows to change the Group of the User
Opens a new window and allows to select a new

Group
Time Allotted to User (HH:mm) Displays total time allotted to User in the format
Hours:Minutes
Cannot be modified
User Expiry date Displays User Expiry date
Cannot be modified
Time used (HH:mm) Displays total time used by the User in the format
hours:Minutes
Cannot be modified
Access time policy Displays the currently attached Access time
policy to the User
To view the details of the access time policy

Click Show details
Refer to Change Individual Policy for details

Security policy Displays the currently attached Security policy to
the User
To view the details of the Security policy

Click Show details

Bandwidth Management
Bandwidth policy Displays the currently attached Bandwidth policy
to the User
To view the details of the bandwidth policy

Click Show details

Printing Management

Management
Printing policy Displays the currently attached Printing policy to

the User
To view the details of the Printing policy

Click Show details

Total pages printed Displays total number of pages printed by the
User
Cannot be modified
Login Restriction
Display the currently applied login restriction to
the User
Change login restriction button Click to change the login restriction
Refer to Change Login restriction for details

Re-apply Current policy button Reapplies all the current policies at the time
renewal
Table - Manage User screen elements
Need may arise to change the User setting after the creation of User.
To Click
Change the personal details or password Edit personal details/Change Password
of the User
Refer to Change Personal details for
details
View User Accounts details User My Account
Refer to User My Account for details

Change the User Group Change Group
Refer to Change Group for details

Change the Access time Policy assigned Access time policy list
to the User
Refer to Change Individual Policy for
details
Change the Security Quota Policy Security policy list
assigned to the User
details
Change the Bandwidth Policy assigned to Bandwidth policy list
the User
details
Change the Printing Policy assigned to the Printing policy list
User
details
Change the Login Restriction of the User Change Login restriction button

Management
Refer to Change Login restriction for

details
Table - Need to Update User
Change Personal details
Screen - Change User Personal details

Username Displays the name with which user has logged in
Name User name
New password Type the new password
Re-enter New password Re-enter new password
Should be same as new password

Birth date Displays birth date
Use Popup Calendar to change

Email Displays Email ID of the user
Cannot be modified
Update button Updates the changes made
Table - Change User personal details screen elements
User My Account
User My Account gives details like Personal details, Internet and Printer usage of a particular user.
User can change his/her password using this tab.
Administrator and User both can view these details.

Management
1. Administrator can view details of various users from User management → Manage
Users → Manage Active and click User My Account button, it opens a new browser window.
Screen - User My Account
2. User can view his/her MyAccount details from task bar.
In the task bar, double click the Cyberoam client icon and click My Account. It opens a new
window and prompts for MyAccount login Username and Password.
Opens a new window with following sub modules: Personal, Client, Account status, Logout
Personal
Allows viewing and updating password and personal details of the user

Management
Change Password
Select Personal → Change Password
Screen - Change Password

Change Password
Current Password Type the current password
New password Type the new password
Re-enter New password Re-enter new password
Should be same as new password

Update Update the changes made
Table - Change password screen elements

Select Personal → Personal Detail
Screen - Change Personal details


Management

Name User name
Birth date Displays birth date
Use Popup Calendar to change

Email Displays Email ID of the user
Update Update the changes made
Table - Change Personal details screen elements
Account status
Allows viewing Internet & Printer usage of the user
Internet Usage
Screen - Internet Usage

Policy Information
Group Displays the name of the User Group
Time allotted to User (HH:mm) Displays total surfing time allotted to the user in the
Surfing time policy
User Expire date Displays User expiry date
Time used by the User (HH:mm) Displays the total time used by the User
Get Internet Usage information Select Month
for month Select Year
Submit button Click to view the Internet usage report for the
selected period
Table - Internet Usage screen elements
Report details

Management
Report columns Description

IP address IP address from where User has logged in
Start time Session logon time
Stop time Session stop time
Used time Total time used
Download data Data downloaded during the session
Upload data Data uploaded during the session
Total Data transfer Total data transferrred during the session
Table - Internet Usage - Report elements
Printer usage
Screen - Printer Usage

Policy Information
Group Displays the name of the User Group
Pages allotted to the User Displays total printer usage allowed to the User in Printing
policy
Total pages printed by the User Displays the total pages printed by the User
Get Printer Usage information Select Month
for month Select Year
Submit button Click to view the Internet usage report for the selected
period
Table - Printer Usage screen elements
Report details
Report columns Description

IP address IP address using which User has logged in
Print time Time when printer was used
No of pages Total pages printed
Document name Name of the document printed
Table - Printer Usage - Report elements
Note

Management
User My Account can be access from login screen also. Refer to Logon & log off from Cyberoam Web
Interface for details.
Single Sign on Client can access from login screen only.
Change Group
Screen - Change Group

Policy Information
Change Group button Opens a new window and displays list of Groups
Click to change the User group

Select Select Group
Done button Adds User to the Group
Cancel Cancels the current operation
Table - Change Group screen elements

Management
Change Individual Policy

Policy Information
Access time policy Assigns Access time policy
To override the access time policy for the User and assign another
policy – Click Access policy list to select
Security policy Assigns Security policy
To override the Security policy for the User and assign another
policy – Click Security policy list to select
Bandwidth Management
Bandwidth policy Assigns Bandwidth policy
To override the bandwidth policy for the User and assign another
policy -Click Bandwidth policy list to select
Printing Management
Printing policy (only Assigns Printing policy
if Printing module is
enabled) To override the Printing policy for the User and assign another
policy -Click Printing policy list to select
Save Saves the changes
Table - Change Individual policy

Management
Change Login Restriction
Screen - Change Login restriction

Login restriction
Change login restriction Click to change the login restriction
button
Allowed login from all the Allows user to login from all the nodes of the Network
nodes
Allowed login from Group Allows Users to login only from the nodes assigned to the
node(s) group
Allowed login from selected Allows user to login from the selected nodes only
node(s)
To select node
Click Select node
Select a Host Group from the host Group name list
Click Select to select the IP addresses to be added to the policy
Click Select All to select all IP addresses
Click Apply Restriction to add the IP addresses to the policy
Click Close to cancel the operation
Save button Saves the above selection
Cancel button Cancel the current operation
Table - Change Login restriction

Management
Delete User
To delete active user, click User management → Manage Users → Manage Active
Screen - Delete Active User

To delete de-active user, click User management → Manage Users → Manage
Deactive
Screen - Delete Deactive User

To delete Clientless user, click User management → Clientless Users → Deactivated
Clientless Users
Screen - Delete Clientless User

Select Select User
Click Select to select
More than one user can be selected

Select All Selects all the users
Click Select All to select

Delete User button Deletes the selected User(s)
Table - Delete User

Management
Deactivate User
User is de-activated automatically in case he has overused one of the resources defined by
policies assigned. In case, need arises to de-activate user manually, select User management
→ Manage Users → Manage Active
Screen - Deactivate User

Select Select User

Select All Select all the users
Deactivate button Deactivates the selected User(s)
Table - Deactivate User screen element
View the list of deactivated users by User management → Manage Users → Manage
Deactive

Management
Activate User
To activate normal and Single sign on Client user, click User management → Manage
Users → Manage Deactive
To activate Clientless user, click User management → Clientless Users → Manage

Deactive
Screen - Activate Normal User
Screen - Activate Clientless User

Select Select User
Click Activate to select

Click Select All to select

Activate button Activates the selected User(s)
Table - Activate User screen element

Policy Management
Cyberoam User Guide Surfing Quota policy
Policy Management
Cyberoam allows controlling access to various resources with the help of Policy.
Cyberoam comes with several predefined policies or you can create additional policies to meet
your organization’s requirements.
Cyberoam allows defining following types of policies:

1. Surfing Quota policy
2. Access time policy
3. Bandwidth policy
4. Security policy
5. Printing policy
Surfing Quota policy

Surfing quota policy defines the duration of Internet surfing time. The surfing time duration is the
allowed time in hours for a Group or an Individual User to access Internet.
The Surfing quota policy allows allocating Internet access time on a cyclic or non-cyclic basis.
A single policy can be applied to number of Groups or Users.
Create Surfing Quota policy
Select Policy Management Æ Surfing Quota Policy Æ Create to open the create policy
pane

Policy Management
Screen - Create Surfing Quota policy

Create Surfing time policy
Policy name Assign name to the policy. Choose a name that best describes the policy

Cycle type Assigns cycle type
Available options
Daily – restricts surfing hours up to cycle hours defined on daily basis
Weekly – restricts surfing hours up to cycle hours defined on weekly
basis
Monthly – restricts surfing hours up to cycle hours defined on monthly
basis
Yearly – restricts surfing hours up to cycle hours defined on yearly basis
Non-cyclic – no restriction
Cycle hours Specifies upper limit of surfing hours for cyclic type policies
Not available
for ‘Non cyclic’ At the end of each Cycle, cycle hours are reset to zero i.e. for ‘Weekly’
cycle type Cycle type, cycle hours will to reset to zero every week even if cycle
hours are unused/ not exhausted
Allotted time Allots surfing time in Hours & minutes
or or
Unlimited time Creates Unlimited time policy
Allotted Days Allots allowed surfing days
or or
Unlimited Days Creates Unlimited days policy
Shared allotted Specifies whether the allotted time will be shared among all the group
time with group members
members
Click to share
Only if policy is defined for Unlimited time or for Non-cyclic cycle

type
Description Full description of the policy

Create button Creates the policy
After successful creation, policy is automatically added to the lists of

available policies for assigning to users and groups
Table - Create Surfing Quota policy screen elements

Policy Management
Update Surfing Quota policy
Select Policy management → Surfing quota policy → Manage and Click Policy name
link to update
Screen - Update Surfing quota policy

Edit Surfing time policy
Policy name Displays policy name, modify if required

Cycle Displays Cycle, modify if required
Allotted Periodic Allotted Cycle hours
hours
Allotted time Displays allotted time in hours, minutes, modify if required
Or
Unlimited time
Allotted Days Displays allotted days, modify if required
Or

Policy Management
Unlimited Days
Shared allotted time Displays whether the total allotted time is shared among
with group members the group members or not, modify if required
Description Displays description of the policy, modify if required

Update button Updates and saves the policy
Table - Update Surfing quota policy screen elements

Policy Management
Delete Surfing Quota policy
Select Policy management → Surfing time policy → Manage to view list of policies
Screen - Delete Surfing quota policy

Del Select the Surfing quota policy for deletion
Click Del to select
More than one policy can also be selected

Select All Select all the surfing quota policies for deletion
Click Select All to select all the policies

Delete policy button Delete the selected policy/policies
Table - Delete Surfing quota policy screen elements

Policy Management
Cyberoam User Guide Access time policy
Access time policy

Access time is the time period during which the user will be allowed access. An example would be
“only office hours access” for a certain set of users.
The Access time policy enables to set time periods for access with the help of schedules. Refer to
Schedules for details.
Define access time policy on two basic strategies:

1. Allow strategy
2. Disallow strategy
Allow strategy
By default, access is allowed for the schedule applied
Disallow strategy
By default, access is disallowed for the schedule applied
Create Access time policy
Prerequisite
• Schedule created
Select Policy Management Æ Access time Policy Æ Create to open the create policy
pane
Screen - Create Access time policy

Policy Management
Cyberoam User Guide Access time policy

Access time policy details
Policy name Assign name to the policy. Choose a name that best describes
the policy to be created

Schedule Assigns a schedule to the policy
Click Schedule list to select
Click Show details link to view the details of the policy

Strategy for Select basic strategy
selected Schedule

Table - Create Access time policy screen elements

Access time policy
Cyberoam User Guide Update Access time policy
Update Access time policy
Select Policy management → Access time policy → Manage and Click Policy name
link to update
Screen - Update Access time policy

Access time policy details
Name Displays policy name, modify if required
Schedule Displays selected schedule
To modify,
Click Schedule list to select new schedule
Click Show Details link to view details of the selected schedule

Strategy for selected Displays the Schedule strategy
Schedule
Cannot be modified
Description Displays the description of the policy, modify if required
Table - Update Access time policy screen elements

Access time policy
Cyberoam User Guide Update Access time policy
Delete Access time policy
Select Policy management → Access time policy → Manage to view list of policies
Screen - Delete Access time policy

Del Select the Access time policy for deletion
Click Del to select

Select All Select all the Access time policies for deletion

Table - Delete Access time policy screen elements

Policy Management
Cyberoam User Guide Security policy
Security policy
Security policy controls User’s web access. It helps to manage web access specific to the
organization’s need. It specifies which user has access to which sites or applications and allows
defining powerful security policies based on almost limitless policy parameters like:
Individual users
Groups of users
Time of day
Location/Port/Protocol type
Content type
Bandwidth usage (for audio, video and streaming content)
When defining a policy, you can deny or allow access to an entire application category, or to
individual file extensions within a category. For example, you can define a policy that blocks
access to all audio files with .mp3 extensions.
Two basic types of security policy:

1. Default Allow
2. Default Disallow
Default Allow
By default, Allows the user to view everything except the sites and files specified in the web
categories
E.g. To allow access to all sites except Mail sites
Default Disallow
By default, Prevents the user from viewing everything except the sites and files specified in the
web categories
E.g. To disallow access to all sites except certain sites

Policy Management
Create a new Security policy
Select Policy Management Æ Security Policy Æ Create Policy to open the create
policy pane
Screen - Create Security policy

Security policy details
Name Assign name to the policy. Choose a name that best
describes the policy to be created

Security policy type Select default policy

Create button Creates policy and allows to add web category
restriction
Refer to Add Web Categories to add web category

restriction
Table - Create Security policy screen elements

Policy Management
Update Security policy
Select Policy Management Æ Security Policy Æ Manage Policy and click the policy
name to be updated
Screen - Update Security policy

Security policy details
Name Displays the name of the policy, modify if required
Security policy type Displays the type of the policy
Cannot be modified
Description Displays the description of the policy, modify if required
Manage Web Category button Allows to add/remove web category details
Refer to Manage Web Category for details

Show details button Open a new window and displays the web category
restriction details
Click Close to close the window

Show Policy Members button Open a new window and displays details of all the policy
members

Table - Update Security policy screen elements

Policy Management
Manage Web Category
Screen - Manage Web category

Add Web category button Allows to add a web category
Delete Web category button Allows to delete the web category
Manage Security Policy button Returns back to the previous screen
Update button Updates and saves the modified details
Moveup button Moves the selected web category one step up
Click on the web category which is to be moved up

followed by Move Up button
The selected web category will be highlighted
Click MoveUp to move the selected web category by

one step upwards
Move down button Moves the selected web category one step down
Click on the web category which is to be moved up

followed by Move Down button
The selected web category will be highlighted
Click MoveDown to move the selected web category

by one step downwards
Table - Manage Web category screen elements

Policy Management
Add Web Category
Screen - Add Web category

Web Category details
Name of Security policy Displays security policy name to which the detail will
be attached
Security policy description Displays policy description
Web category name list Allows to select web category
Click to select
Strategy Allows/Disallows the access to the web categories
during the period defined in the schedule
Schedule Allows/Disallows the access to the Web categories
according to the strategy defined during the period
defined in the schedule
Allow/Disallow will depend on the strategy selected

Show details link Opens a new window and displays the details of the
schedule
Click to view
Add to Security policy button Assigns the web category to the security policy
Click to assign
Table - Add Web category screen elements

Policy Management
Remove Web Category
Screen - Delete Web category

Del Select the Web category for deletion
Click Del to select
More than one category can also be selected

Select All Select all the categories for deletion
Click Select All to select all the categories for deletion

Delete Web Category Delete the selected categories
button
Table - Delete Web category screen elements

Policy Management
Delete Security Policy
Select Policy Management Æ Security Policy Æ Manage Policy
Screen - Delete Security policy

Del Select the policy for deletion
Click Del to select
More than one policy can be selected

Select All Select all the policies for deletion
Click Select All to select all the policies for deletion

Delete policy button Delete the selected policies
Table - Delete Security policy screen elements

Policy Management
Cyberoam User Guide Bandwidth policy
Bandwidth policy
Bandwidth is the amount of data passing through a media over a period of time and is measured in
terms of kilobytes per second (kbps) or kilobits per second (kbits) (1 Byte = 8 bits).
Bandwidth policy allocates & restricts the bandwidth usage of the user and controls web and
network traffic.
As bandwidth is a limited resource, it needs to be managed efficiently. The primary objective of

bandwidth policy is to manage and distribute total bandwidth on certain parameters and user
attributes.
The Internet influences your organization’s network in such a way that if left unchecked, streaming
media and recreational Web surfing can clog network with unneeded and insignificant traffic and
starve mission-critical applications of the bandwidth necessary to run effectively. Bandwidth policy
allows to define limits for the maximum bandwidth individual users can request.
Bandwidth policy allows speeding up time-critical applications and users and pace less-urgent
traffic based on organization’s priorities.
It can be defined for:
1. Host Group
2. User
3. IP address
Host Group based bandwidth policy

It restricts the bandwidth of a host group i.e. all the users defined under the host group will share
the allocated bandwidth.
User based bandwidth policy

It restricts the bandwidth of a particular user. There are two types of bandwidth restriction
1. Strict
2. Committed
Strict
In this type of bandwidth restriction, user cannot exceed the defined bandwidth limit. Two ways to
implement strict policy:
1. Total (Upstream + Downstream)
2. Individual Upstream and Individual Downstream
Implementation on Bandwidth specified Example

Total Total bandwidth Total bandwidth is 20 kbps
(Upstream + upstream and downstream
Downstream) combined cannot cross 20 kbps
Individual Upstream Individual bandwidth i.e. Upstream and Downstream
and Individual separate for both bandwidth is 20 kbps then either
Downstream cannot cross 20 kbps
Table - Implementation types for Strict - Bandwidth policy

Policy Management
Strict policy – Bandwidth usage
Bandwidth usage Bandwidth specified

Individual for a particular user
Shared Shared among all the users who have been assigned this policy
Table - Bandwidth usage for Strict - Bandwidth policy
Committed
In this type of bandwidth restriction, user is allocated the guaranteed amount of bandwidth and can
draw bandwidth up to the defined burst-able limit, if available.
It enables to assign fixed minimum and maximum amounts of bandwidth to users. By borrowing
excess bandwidth when it is available, users are able to burst above guaranteed minimum limits,
up to the burst-able rate. Guaranteed rates also assure minimum bandwidth to critical users to
receive constant levels of bandwidth during peak and non-peak traffic periods.
Guaranteed represents the minimum guaranteed bandwidth and burst-able represents the
maximum bandwidth that a user can use, if available.
Two ways to implement committed policy:

1. Total (Upstream + Downstream)
2. Individual Upstream and Individual Downstream
Implementation on Bandwidth specified Example

Total Guaranteed bandwidth Guaranteed bandwidth is 20 kbps
(Upstream + upstream and downstream combined
Downstream) will get 20 kbps guaranteed (minimum)
bandwidth
Burstable bandwidth Burstable bandwidth is 50 kbps

upstream and downstream combined
can get up to 50 kbps of bandwidth
(maximum), if available
Individual Upstream Individual Guaranteed Individual guaranteed bandwidth is 20
and Individual and Brustable bandwidth kbps
Downstream i.e. separate for both Individually get 20 kbps guaranteed
(minimum) bandwidth
Individual brustable bandwidth is 50

kbps
Individually get maximum bandwidth
up to 50 kbps, if available
Table - Implementation types for Committed - Bandwidth policy
Committed policy – Bandwidth usage
Bandwidth usage Bandwidth specified

Individual for a particular user
Shared Shared among all the users who have been assigned this policy
Table - Bandwidth usage for Committed - Bandwidth policy

Policy Management
IP address based bandwidth policy

It restricts the bandwidth for a particular IP address. It is similar to the User based policy with the
same type of restrictions on Implementation type & Bandwidth usage.
Create Bandwidth policy
Select Policy Management Æ Bandwidth Policy Æ Create to open the create policy
pane
Screen - Create Bandwidth policy
Common Screen Elements

Bandwidth restriction details
Policy name Assign name to the policy. Choose a name that best
describes the policy to be created


Table - Create Bandwidth policy - Common screen elements

Bandwidth policy
Cyberoam User Guide Create Host Group based bandwidth policy
Create Host Group based bandwidth policy
Select Policy Management Æ Bandwidth Policy Æ Create to open the create policy
pane
Screen - Create Host group based Bandwidth policy

Bandwidth Restriction Details
Policy based on Click Host Group to create host group based policy
Total Bandwidth Allocates maximum amount of bandwidth, expressed in
terms of kbps
Maximum bandwidth limit is 4096 kbps

Table - Create Host group based Bandwidth policy screen elements

Bandwidth policy
Cyberoam User Guide Create User/IP address based Strict bandwidth policy
Create User/IP address based Strict bandwidth policy
Screen - Create User/IP based Strict Bandwidth policy

Policy based on Creates policy
Click User to create User based policy

Click IP Address to create IP address based policy
Policy type Type of bandwidth restriction
Click Strict to apply strict policy

Implementation on Implements Bandwidth restriction depending on the selection
Click Total to implement bandwidth restriction on the Total (Upstream

+ Downstream)
Click Individual to implement bandwidth restriction on the Individual

Upstream and Individual Downstream bandwidth
Total bandwidth Allocates maximum amount of Total bandwidth, expressed in terms of
(Only for ‘TOTAL’ kbps
implementation type)
Minimum bandwidth allowed is 2 kbps and Maximum is 4096 kbps
Upload Bandwidth Specifies maximum amount of Upstream Bandwidth, expressed in
(Only for ‘INDIVIDUAL’ terms of kbps
Download Bandwidth Specifies maximum amount of Downstream Bandwidth, expressed in
(Only for ‘INDIVIDUAL’ terms of kbps

Bandwidth policy
Cyberoam User Guide Create User/IP address based Strict bandwidth policy
Bandwidth usage Bandwidth specified can be for a particular User or Shared among all
the users who have been assigned this policy
Click Individual for a particular User

Click Shared to be shared among the users
Table - Create User/IP based Strict Bandwidth policy screen elements

Bandwidth policy
Cyberoam User Guide Create User/IP address based committed bandwidth policy
Create User/IP address based committed bandwidth policy
Screen - Create User/IP based Committed Bandwidth policy

Policy based on Creates policy based on the selection
Click User to create User based policy

Click IP Address to create IP address based policy
Click Committed to apply committed policy

Implementation on Implements Bandwidth restriction depending on the selection
Click Total to implement bandwidth restriction on the Total

(Upstream + Downstream)
Click Individual to implement bandwidth restriction on the Individual

Upstream and Individual Downstream bandwidth
Guaranteed (Min)/ Allocates Guaranteed and Burstable amount of Total bandwidth,
Burstable(Max) expressed in terms of kbps
(Only for ‘TOTAL’
implementation type) Minimum bandwidth allowed is 2 kbps and Maximum is 4096 kbps
Guaranteed (Min)/ Specifies Guaranteed and Burstable amount of Upstream
Burstable(Max) Upload Bandwidth, expressed in terms of kbps
Bandwidth
(Only for ‘INDIVIDUAL’ Minimum bandwidth allowed is 2 kbps and Maximum is 4096 kbps
Guaranteed (Min)/ Specifies Guaranteed and Burstable amount of Downstream
Burstable(Max) Download Bandwidth, expressed in terms of kbps
Bandwidth
(Only for ‘INDIVIDUAL’ Minimum bandwidth allowed is 2 kbps and Maximum is 4096 kbps

Bandwidth policy
Cyberoam User Guide Create User/IP address based committed bandwidth policy
Bandwidth usage Bandwidth specified can be for a particular User or Shared among
all the users who have been assigned this policy
Click Individual for a particular User

Click Shared to be shared among the users
Table - Create User/IP based Committed Bandwidth policy screen elements

Bandwidth policy
Cyberoam User Guide Update Bandwidth policy
Update Bandwidth policy

Need to update Bandwidth Policy
1. Add/remove schedule based details to User/IP address based policy
2. Add/remove IP addresses attached to the IP address based policy
3. Update bandwidth values
Select Policy management → Bandwidth policy → Manage and Click Policy name link
to update
Screen - Update Bandwidth policy

Common Screen Elements

Policy name Displays the Bandwidth policy name, modify if
required
Description Displays the Bandwidth policy description, modify if
required
Table - Update Bandwidth policy Common screen elements

Bandwidth policy
Cyberoam User Guide Update Host group based bandwidth policy
Update Host group based bandwidth policy
Screen - Update Host group based Bandwidth policy

Show members link Opens a new browser window and displays bandwidth
restriction details and the member groups of the policy
Click Close to close the new window

Policy based on Cannot be modified
Default values to be applied all the time
Implementation on Cannot be modified
Total Bandwidth Displays total bandwidth for the group, modify if required
Maximum bandwidth limit is 4096 kbps

Table - Update Host group based Bandwidth policy screen elements

Bandwidth policy
Cyberoam User Guide Update User based Bandwidth policy
Update User based Bandwidth policy
Screen - Update User based Bandwidth policy

Bandwidth Restriction details
Show members link Opens a new browser window and displays bandwidth restriction
details, schedule details and the members/users of the policy

Policy based on Cannot be modified
Implementation on Cannot be modified
Total Bandwidth Displays the total bandwidth value, modify if required
This option is available only when the bandwidth policy

implementation is based on Total (Upstream + Downstream)
Upload Bandwidth Modifies the Upstream bandwidth value

implementation is based on Individual(Upstream / Downstream)
Download Bandwidth Modifies the Downstream bandwidth value

implementation is based on Individual(Upstream / Downstream)
Policy type Cannot be modified

Bandwidth policy
Update button Updates the changes made in ‘Bandwidth restriction details’ and
‘Default values to be applied all the time’
Add details button Attaches schedule to override default bandwidth restriction
Click Add details

To add schedule details refer to Attach Schedule details
Table - Update User based Bandwidth policy screen elements
Attach Schedule details
Strict
Screen – Assign Schedule to User based Strict Bandwidth policy

Policy name Displays the policy name
Click Strict to apply strict policy

Implementation on Implements bandwidth restriction on Total or Upstream & downstream
individually
For Total
Total Bandwidth - Allocates maximum amount of Total bandwidth,
expressed in terms of kbps
For Individual
Upload Bandwidth - Allocates maximum amount of Upstream bandwidth,
Download Bandwidth - Allocates maximum amount of Downstream

bandwidth, expressed in terms of kbps
Schedule Schedule to be attached

Show details link Opens the new browser window and displays the details of the schedule
selected

Table – Assign Schedule to User based Strict Bandwidth policy screen elements

Bandwidth policy
Committed
Screen - Assign Schedule to User based Committed Bandwidth policy

Policy name Displays the policy name
Click Committed to apply committed policy

Implementation on Implements bandwidth restriction on Total or Upstream & downstream
individually
For Total
Guaranteed(Min) Bandwidth - Allocates minimum guaranteed amount of Total
Brustable(Max) Bandwidth - Allocates maximum amount of Total bandwidth,

For Individual
Guaranteed(Min) Upload Bandwidth - Allocates minimum guaranteed amount
of Upstream bandwidth, expressed in terms of kbps
Brustable(Max) Upload Bandwidth - Allocates maximum amount of Upstream

Guaranteed(Min) Download Bandwidth - Allocates minimum guaranteed

amount of Downstream bandwidth, expressed in terms of kbps
Brustable(Max) Download Bandwidth - Allocates maximum amount of

Downstream bandwidth, expressed in terms of kbps
Schedule Schedule to be attached

Show details link Opens the new browser window and displays the details of the schedule
selected

Table – Assign Schedule to User based Committed Bandwidth policy screen elements

Bandwidth policy
Remove Schedule details
Screen - Remove Schedule from User based Bandwidth policy

Select Selects the Schedule detail(s) for deletion
More than one schedule details can also be selected

Select All Selects all the details for deletion
Click Select All to select all the details

Remove Detail button Removes the selected schedule detail(s)
Table - Remove Schedule from User based Bandwidth policy screen elements

Bandwidth policy
Cyberoam User Guide Update IP address based bandwidth policy
Update IP address based bandwidth policy
Screen - Update IP address based Bandwidth policy

Policy based on Displays policy based on
Cannot be modified
Implementation on Displays implementation type
Cannot be modified
Total Bandwidth Displays total bandwidth allocated, modify if required
Only if Implemented on ‘Total’
Upload bandwidth Displays Upload bandwidth allocated, modify if required
Only if Implemented on
‘Individual’
Download bandwidth Displays Upload bandwidth allocated, modify if required
Only if Implemented on
‘Individual’

Bandwidth policy
Policy type Cannot be modified

Update button Updates the changes made in ‘Bandwidth restriction
details’ and ‘Default values to be applied all the time’
Add Detail button Attaches schedule to override default bandwidth
restriction
Click Add details
To add details refer to Attach Schedule details

Add IP Address button Attach policy to IP address
Click Add IP Address

To add IP address refer to Add IP Addresses to IP
Address based bandwidth policy
Add IP Addresses to IP Address based bandwidth policy
Screen – Add IP address to IP address based Bandwidth policy

Host group name Host group from which IP address is to be added

Select Selects the IP address(s) to be added
More than one IP address can also be selected

Select All Selects all the IP addresses
Apply Restriction Add the IP addresses to the policy

Bandwidth policy
button
Click Apply restriction
Table - Add IP address to IP address based Bandwidth policy screen elements
Remove IP Addresses from IP Address based bandwidth policy
Screen - Remove IP address from IP address based Bandwidth policy screen elements

Select Selects IP address to be removed

Select All Selects all IP addresses
Click Select All to select all the IP addresses

Remove IP Address button Removes the selected IP addresses
Table - Remove IP address from IP address based Bandwidth policy screen elements

Policy Management
Cyberoam User Guide Printing Policy
Delete Bandwidth policy
Prerequisite
• Bandwidth policy not attached to any host group, user or IP address
Select Policy management → Bandwidth policy → Manage to view the list of policies
Screen - Delete Bandwidth policy

Del Selects the Bandwidth policy for deletion
Click Del to select

Select All Selects all the polices for deletion

Delete button Delete the selected policy/policies
Table - Delete Bandwidth policy screen elements

Policy Management
Cyberoam User Guide Printing Policy
Printing Policy
To restrict the usage of printers, define printer policy. It allows to restrict printing of total number of
pages for groups, individual user or IP address.
Create Printing policy
Select Policy Management Æ Printing Policy Æ Create to open the create policy pane
Screen - Create Printing policy

Policy name Assign name to the policy. Choose a name that best describes the
policy

Cycle type Assigns cycle type
Available options
Daily – restricts printing up to pages number defined on daily basis
Weekly – restricts printing up to page numbers defined on weekly basis
Monthly – restricts printing up to page numbers defined on monthly
basis
Yearly – restricts printing up to page numbers defined on yearly basis
All the time – no restriction
Pages per cycle Specifies upper limit for printing pages for cyclic type policies
Not available for ‘All
the time’ cycle type
Total Allotted pages Allots total number of pages that can be printed
or or
Unlimited pages Creates Unlimited pages printing policy

Table - Create Printing policy screen elements

Printing Policy
Cyberoam User Guide Define IP address for Unrestricted printer access
Define IP address for Unrestricted printer access
Select Policy Management Æ Printing Policy Æ Allow Printing and click Add IP
Address
Screen - Unrestricted Printer access
Screen – Add IP address for Unrestricted Printer access

Printing Policy
Cyberoam User Guide Define IP address for Unrestricted printer access

Host group name Host group from which IP address is to be added

Select Selects the IP address(s) to be added

Select All Selects all the IP addresses
Allow printing Places no restriction for printer usage on IP
button addresses specified
Click Allow printing

Table – Add IP address for Unrestricted Printer access screen elements

Printing Policy
Cyberoam User Guide Update Printing policy
Update Printing policy
Select Policy management → printing policy → Manage to view the list of policies
Screen - Update Printing policy

Edit Printing policy
Cycle type Displays Cycle type, modify if required
Pages per cycle Displays upper limit of number of pages that can be printed in the
selected cycle, modify if required
Total Allotted pages Displays total allotted pages, modify if required
Or
Unlimited pages
Table - Update Printing policy screen elements

Printing Policy
Cyberoam User Guide Delete Printing policy
Delete Printing policy
Screen - Delete Printing policy

Del Selects the printing policy for deletion
Click Del to select

Select All Selects all the polices for deletion

Table - Delete Printing policy screen elements

Management
Cyberoam User Guide Host Group Management
Host Group Management

Search Node
Use Search Node Tab to search the Node/IP address based on: IP address OR MAC address
Select User Management Æ Host Group Management Æ Search Node
Screen - Search Node
Example Search criteria Result

‘1’ list of nodes whose address contains ‘1’
‘192’ list of nodes whose address contains
‘192’
‘192.9.203.203 ‘ node whose address is ‘192.9.203.203’
‘b’ list of nodes whose address contains ‘B’
‘4C’ list of nodes whose address contains ‘4C’
‘B7’ list of nodes whose address contains ‘B7’
Table - Search Node results

Management
Update Host Group

Select User Management Æ Host Group Management Æ Manage Host and click the
host group name link to which Node is to modify
Screen - Update Host group

Host group details
Host group name Displays Host group name, modify if required
Is host group Public Displays whether host group is of public IP addresses
or not
Bandwidth policy Displays bandwidth policy attached, modify if required
Show details link Opens the new browser window and displays
bandwidth restriction details and policy members
Description Displays description of the Host group, modify if
required
Show Nodes link Displays IP addresses defined under the Host group.
Allows to Add or Delete node

Management
Click Show nodes
Click Add Node

To add node refer to Add node
Click Delete Node

To delete node refer to Delete node
Update button Updates and saves the details
Cancel button Cancels the current
Table - Update Host group screen elements
Add Node
Screen - Add Node

Machine details
IP address IP address of the Node to be added to the host group
Range link Click to add range of IP Address
From – To - IP addresses to be included in the host group

Machine name Specify machine name
Create button Adds the nodes to the host group
Table - Add Node screen elements

Management
Delete Node
Prerequsite
• Not assigned to any User
Screen - Delete Node

Select Select the IP address of the node for deletion
More than one node can also be selected

Select All Selects all the nodes for deletion
Click Select All to select all the nodes

Delete Node button Delete the selected Node(s)
Table - Delete Node screen elements

Management
Delete Host Group
Prerequisite
• IP address from Group not assigned to any User
Select User Management Æ Host Group Management Æ Manage Host
Screen - Delete Host group

Del Select the Host group(s) for deletion
Click Del to select
More than one host group can also be selected

Select All Select all the host groups for deletion
Click Select All to select all the host groups for

deletion
Delete Host Group Delete the selected host group(s)
button
Table - Delete Host group screen elements

System Management
Cyberoam User Guide Network Management
System Management
Network Management
Network setting consists of Interface Configuration, Gateway Configuration and DNS
Configuration. Configure Network from Console and update if required, from GUI. For details, refer
to the Installation Guide for Network.
The first step is to add the Gateway details using Gateway configuration, update Interface
Configuration if required and specify the DNS (Domain Name Server).
To configure, follow the steps:
Note
Before you configure network, make sure that you have the correct information and any needed IP
addresses. If you configure incorrectly, the server will not be able to connect to the network (Internal or
external)
Multiple Gateway configuration

Gateway routes the traffic between the networks and if the gateway fails the communication with
the outside Network is not possible. In this case, organization and its customers are left with
significant downtime and financial loss.
To cope with this situation, organizations opt for multiple gateways. However, simply adding one
more gateway is not an end to the problem. Optimal utilization of all the gateways is also
necessary.
Cyberoam supports multiple gateways and provides a way to utilize total bandwidth of all the
gateways.
Cyberoam provides the load balancing & failover feature to utilize total bandwidth of all the
gateways optimally.
Load balancing & failover

Load balancing distributes traffic across various gateways, optimizing the utilization of links to
accelerate performance and cut operating costs. Employing a weighted round robin algorithm for
load balancing, Cyberoam enables maximum utilization of capacities across the various links.
Load balancing serves two distinct purposes:

1. Prevent links from becoming overloaded, because of too much traffic. Spreading the load of
one link over several links can lead to huge performance improvements.
2. Provide redundancy and failover protection. If one link goes down then one of the other links
can step in and take over. Users will not experience any downtime.
Select System Management Æ Network Æ Gateway Configuration

System Management
Screen - Gateway Configuration

Gateway Name Displays Gateway name
Gateway IP address Displays IP address of the Gateway configured
The IP address of the device Cyberoam uses to reach

devices on a different Network, typically a router
Weight Displays weight assigned to the Gateway
Add Gateway button Adds a new Gateway
Refer to Add Gateway for details

Delete Gateway button Deletes the selected gateway
(Only if more than one
gateway is defined) Refer to Delete Gateway for details
Table - Gateway Configuration screen elements
Add Gateway
Screen - Add Gateway

Gateway Details
Gateway name Assign name to the Gateway
IP address IP address of the Gateway
Weight Assign weight to the gateway
Depending on the weight assigned, Cyberoam will select

gateway for load balancing
Create button Defines a new Gateway

System Management

Table - Add Gateway screen elements
Delete Gateway
Screen - Delete Gateway

Select Select the gateway to be deleted
Click to select
Select All Select all the Gateways for deletion
Click Select All to select all the

Gateways for deletion
Delete Gateway button Deletes the selected gateway
Click to delete
Table - Delete Gateway screen elements
Note
If only one gateway is defined then it cannot be deleted

System Management
Gateway specific routing

It is possible to route a particular Network through a particular gateway.
Select System Management Æ Network Æ Gateway Configuration and click the

gateway name link to which Network is to added
Screen - Add Network

Gateway details
Gateway name Displays Gateway name
IP address Displays Gateway IP address
Weight Displays the weight assigned to the gateway
Add Network button Allows to add a network which will be routed through the
selected gateway
Click Add Network to add

Delete Network button Allows to delete a network
Click Delete Network to delete

Network ID Specify the Network ID for the Network to be added to
the above specified Gateway
Net mask Specify the Net mask for the Network
Show Nodes link Displays the list of Nodes

System Management
Ok button Adds Network to the Gateway

Table - Add Network screen elements
Interface Configuration
Use to view the Gateway and Interface configuration
Select System Management Æ Network Æ Interface Configuration
Screen - Interface Configuration

Gateway information
Gateway Displays Gateway IP address
Interface name (Internal)
IP address Displays IP address of the Internal Interface
Internal Interface connects the server with the clients.

By default, eth0 is termed as the Internal Interface
Net mask Displays the Net mask
Interface name (External)
IP address Displays IP address of the External Interface
External Interface connects the server to the external

network
By default, eth1 is termed as the External Interface
Net mask Displays the Net mask
Table - Interface Configuration screen elements

System Management
DNS Configuration
A Domain Name Server translates domain names to IP addresses. You can configure the domain
name server for your network as follows.
Select System Management Æ Network Æ DNS Configuration
Screen - DNS Configuration

DNS Service Search order
Add button Opens a new windows to add IP address of the Domain
Name Server
Multiple DNS server can be defined
Click Add
Type IP address
Click OK
Remove button Removes IP address of the Domain Name Server
Click IP address to select

Click Remove
Up button Changes the order of IP address when more than one
DNS server is defined
Down button Changes the order of IP address when more than one
DNS server is defined
Update button Updates the DNS details and order if modified
Click Update

System Management
DNS Redirection
Enable button Redirects all the DNS traffic to Cyberaom
Click to redirect
Table - DNS Configuration
To add multiple DNS repeat the above-described procedure. Use the up & down buttons to change
the order of DNS. If more than one Domain name server exists, query will be resolved according to
the order specified.

System Management
Cyberoam User Guide Security – Firewall
Security – Firewall
A firewall protects the network from unauthorized access and typically guards the Internal network
against malicious access; however, firewalls may also be configured to limit the access of Internal
users.
Firewall defines certain rules that determine what traffic should be allowed in or out of the Internal
network. One can restrict access to certain IP addresses or domain names, or block certain traffic
by blocking the TCP/IP ports used.
Cyberoam has the above-described basic features of a firewall. For defining firewall rules refer to
Defining Firewall.
Define Firewall rule
Select System Management Æ Firewall Æ Create Access

System Management
Screen - Create Firewall rule

Source Information
Source domain name/IP Source Domain name, IP address or Network for which the rule
Address is to be defined
Generally Source address is the Internal Network address

Source Port Specify source port address.
Range of ports can be specified using ‘:’ e.g. 20:25
Port type Specify source port type
Select Include or Exclude

Destination Information
Destination domain Destination Domain name or IP address for which the rule is to

System Management
name/IP Address be defined
Generally Destination address is the External address

Destination Port Specify destination port address
Range of ports can be specified using ‘:’ e.g. 20:25
Port type Specify destination port type
Action to be taken
Select Action Click Select Action list to select
Accept – Allow access
Drop – Denies access
Proxy – Allow access
Port forwarding – Allows access through forwarded port.To
define port refer to ‘Only for Port forwarding’
Protocol
TCP TCP protocol
UDP UDP protocol
ICMP ICMP protocol
All Protocols All protocols
Description
Description Full description of the rule

Can be any combination of A-Z, a-z,’_’, 0-9
Save button Saves the rule
Table - Create Firewall rule screen elements

System Management
Only for Port forwarding
Screen - Create Port Forward Firewall rule

Forwarding Address Information
Forwarded IP Address IP address to which request is to be forwarded
Forwarded Port Port number to which request is to be forwarded
Table - Create Port Forward Firewall rule screen elements
Various Options
Source IP Source Destination IP Destination Result

address/Domain Port address/Domain Port
name name
Action - Accept/Proxy
* * * * Access from all the IP
addresses to all the IP
addresses
* * www.yahoo.com * All IP addresses are
allowed to access
yahoo.com
192.168.1.242 * * * 192.168.1.242 is
allowed access all the
IP addresses
192.168.1.242 * 242.128.34.54 * 192.168.1.242 is
allowed to access
242.128.34.54
Action – Deny
* * * * Access to all is denied
(want to stop access
temporarily due to
some technical
reasons)
* * www.hotmail.com * All the IP addresses

System Management
are denied access to

hotmail.com
192.168.1.242 * * * 192.168.1.242 is
denied the access to all
192.168.1.242 * 242.128.34.54 * 192.168.1.242 is
denied the access to
242.128.34.54
Action - Port forwarding
Forwarded IP – 192.168.1.58
Port – 80
* * 242.128.34.54 9090 All the connections to
port 9090 should be
redirected to port 80 on
192.168.1.58
Table - Firewall rules - Result
Manage Firewall access

Rules are ordered by their priority. When the rules are applied they are processed from the top
downwards and the first suitable rule found is applied.
Hence, while adding multiple rules, it is necessary to put specific rules before general rules.
Otherwise, a general rule might allow a packet that you specifically have a rule written to deny later
in the list. When a packet matches the rule, the packet is immediately dropped or forwarded
without being tested by the rest of the rules in the list.
Example of Firewall rule order for DROP action

Rule 1 – Source IP address: 192.168.1.76
Destination: www.yahoo.com
Action: Drop
Rule 2 – Source: *
Destination: www.yahoo.com
Action: Allow
Here if the order is changed i.e. Rule 2 precedes Rule 1 then Host 192.168.1.76 will be able to
access www.yahoo.com even though the DROP rule is specified.
Select System Management Æ Firewall Æ Manage Access
Screen - Manage Firewall access

System Management

Select Select Access to change the order
Select All Select all the Accesses
MoveUp button Moves the selected rule one step up
Click on the Rule which is to be moved up

followed by Move Up button
Click MoveUp to move the selected firewall

rule by one step upwards
MoveDown button Moves the selected rule one step down
Click on the Rule which is to be moved down

followed by Move Down button
Click MoveDown to move the selected firewall

rule by one step downwards
Table - Manage Firewall access screen elements

System Management
Delete firewall access
Select System Management Æ Firewall Æ Manage Access
Screen - Delete Firewall access

Select Select Access to be deleted
More than one access can also be selected

Select All Select all the Accesses
Click Select All to select all the accesses

Delete button Deletes all the selected Access
Click to delete
Table - Delete Firewall access screen elements

System Management
Cyberoam User Guide DHCP
DHCP
Dynamic Host Configuration Protocol (DHCP) is a protocol that assigns a unique IP address to a
device, releases and renews the address as device leaves and re-joins the network. The device
can have different IP address every time it connects to the network.
In other words, it provides a mechanism for allocating IP address dynamically so that addresses
can be re-used.
Select System Management → DHCP → DHCP
Screen - DHCP configuration

DHCP configuration
Select Network Displays Network Interface
Interface
Interface IP Displays Interface IP address
Netmask Displays Netmask
IP address IP address range for clients
From – To
The DHCP server assigns an available IP address in the range to the
client upon request
Domain name Domain name for the specified subnet
Subnet Mask Specifies the subnet mask for the client/network
Gateway Gateway IP address
Domain name server Domain name server IP address
Update DHCP button Updates the configuration
Table - DHCP configuration screen elements

System Management
Cyberoam User Guide Reset Console Password
Reset Console Password

Change Console password from GUI or Console itself. To change the password from Console,
refer to the Console guide.
Select System Management → Console → Reset Console Password
Screen - Reset Console Password

New password Assigns new console password
Confirm New password Type again the password as entered in the New
password field
Submit button Saves the new password
Click Submit
Table - Reset Console Password screen elements

System Management
Cyberoam User Guide Data Store
Data Store
Backup data
Backup is the essential part of the data protection. No matter how well you treat your system, no
matter how much care you take, you cannot guarantee that your data will be safe if it exists in only
one place.
Backups are necessary in order to recover data from the loss due to the disk failure, accidental
deletion or file corruption. There are many ways of taking backup and just as many types of media
to use as well.
Cyberoam provides facility of taking regular and reliable data backup. Backup consists of all the
policies, logs and all other user related information.
Cyberoam maintains five logs:

Web surfing log This log stores the information of all the websites visited by all the users
User session log Every time the user logs in, session is created. This log stores the session
entries of all the users and specifies the login and logout time.
Audit log This log stores the details of all the actions performed the User administrating
Cyberoam
Virus log This log stores the details of malicious traffic requests received.
Mail log This log stores the information of all the mails sent and received by all the users.
Select System Management → Data store → Backup

System Management
Screen - Backup

System Data Backups (Does not include Logs)
Frequency of Backup Backup report schedule
Select any one

Daily – backup will be send daily
Weekly – backup will be send weekly
Monthly – backup will be send monthly
Never – backup will never be send
In general, it is best to schedule backup on regular basis.

Depending on how much information you add or change will
help you determine the schedule
Incremental Backup of Logs (in CSV format)
Frequency of Backup Select any one
Daily – backup will be send daily

System Management
Weekly – backup will be send weekly

Never – backup will never be send
Log Types Select the logs for backup
Available logs for backup:

1. Web surfing
2. Virus
3. Mail
4. Audit
Configure mode of backup
Backup mode Specifies how backup will be send
Select
FTP backup
Mail backup
Only for FTP backup
FTP server IP address of FTP server
User name User name for FTP server
Password Password for FTP server
Only for Mail backup
To Mail Id Email address to which the backup will be mailed
Save details button Saves the configuration
System Data Backup to Date
(Does not include logs)
Backup data button Takes the recent backup and allows to download
Click Backup data to take backup

Download button Download the backup already taken. Also displays date and
time when backup was taken
Click Download to download

To download follow the screen instructions
Log Backup to Date(in CSV format)
Log Types Selected logs backup will be taken
Select the logs for backup

1. Web surfing
2. Virus
3. Mail
4. Audit
Backup data button Takes the recent backup of logs and allows to download
Click Backup data to take the recent backup

Download button Download the backup of logs already taken. Also displays date
and time when backup was taken
Click Download to download

To download follow the screen instructions
Table - Backup screen elements

System Management
Restore Data
With the help of restore facility, restore data from the backup taken. Restoring data older than the
current data will lead to the loss of current data.
Select System Management → Data store → Restore
Screen – Restore

Upload data file to restore data
Backup file name Name of backup file
Browse button Select the backup file
Upload file button Uploads the backup file
Table - Restore screen elements
Note
Restore facility is version dependant i.e. it will work only if the backup and restore versions are same e.g.
if backup is taken from Cyberoam version 5.0.0 then restore will work only for version 5.0.0 and not for
any other version.

System Management
Cyberoam User Guide Client Services
Purge
Purging of data means periodic deletion of the data.
Cyberoam provides Auto purge and Manual purge facility for deleting log records.
Auto purge
Select System Management → Data store → Auto purge
Screen - Auto purge

Purge Data Input
Keep Web surfing logs for Specifies number of days after which web surfing
log will be purged
Save Configuration Saves purging schedule configuration
Popup Alert Configuration
Alert me when data is purged Click to send popup alert message before
by the system purging the logs
Save Configuration Saves popup alert configuration
Table - Auto purge screen elements
Note
System will preserve logs only for the specified number of days and automatically purges the logs
generated there after.

System Management
Manual purge
Use manual purge to delete log records manually
Select System Management → Data store → Manual purge
Screen - Manual purge

Date till
Date Select the date from Calendar till which the
selected log is to be purged
Select log for purging
Web surfing logs
User session logs
Purge button Purges the selected log till the specified date
Click Purge to purge

Table - Manual purge screen elements
Note
Auto purge option is always on

System Management
Client Services
The Message Management tab allows Administrator to send messages to the various users.
Messages help Administrator in notifying users about problems as well as Administrative alerts in
areas such as access, user sessions, successful log in and log off, incorrect password etc.
Message is send to the User whenever the event occurs.
Message can be up to 256 characters and send to the number of users at a time.
Select System Management → Client Services → Message management
Screen - Messages

Message Key Message key
Click Message link to modify the message
Click Save to save the changes

Click Cancel to cancel the current operation
Message Message description
Table - Message screen elements

System Management
List of Predefined messages
Messages Description/Reason
DeactiveUser Administrator has deactivated the User and the User will not be
able to log on
DisconnectbyAdmin When the administrator disconnects the user from the live users
page
InvalidMachine Message is sent if User tries to login from the IP address not
assigned to him/her
LoggedoffsuccessfulMsg Message is sent when User logs off successfully
LoggedonsuccessfulMsg Message is sent when User logs on successfully
Loggedinfromsomewhereelse Message is sent if User has already logged in from other
machine
MultipleLoginnotallowed Message is sent if User is not allowed multiple login
NotAuthenticate Message is sent if User name or password are incorrect
NotCurrentlyAllowed Message is sent if User is not permitted to access at this time
Access time policy applied to the User account defines the

allowed access time and not allowed access at any other time.
Someoneloggedin Message is sent if someone has already logged in on that
particular machine
SurfingtimeExhausted Message is sent when User is disconnected because his/her
allotted surfing time is exhausted
The surfing time duration is the time in hours the User is allowed
Internet access that is defined in Surfing time policy. If hours are
exhausted, User is not allowed to access.
SurfingtimeExpired Administrator has temporarily deactivated the User and will not
be able to log in because User surfing time policy has expired
LiveIPinuse Message is sent if connection is requesting a live IP address
from the server that is already in use
Nmpoolexceedlimit Message is sent if the maximum number of IP addresses in the
live host group at any given time has exceeded the limit
Table - List of predefined messages

System Management
Parameters
Cyberoam Windows’s client launches the default browser to open the specified URL after
successful log on.
Select System Management → Client Services → Parameters
Screen - Parameter setting

Open following site after client logs on to the server
URL Specifies URL address
Leave this field blank, if you do not want to open any specific
page every time you log in
Update button Updates the configuration
HTTP client pop up
HTTP client pop up Whenever User tries to surf without logging, page with a
message ‘Cyberoam Access Denied‘ displayed
If HTTP client pop up option is selected, User will get a HTTP

Client pop up along with the ‘Cyberoam Access Denied‘ page.
Once User logs on successfully using the HTTP client, he/she

will be able to surf the requested site.
Update button Updates the configuration
Table - Parameter setting screen elements

Management
Cyberoam User Guide Cache Management
Cache Management
A HTTP Cache helps in improving the performance of network by reducing access time and traffic.
Cyberoam can also act as a cache server. All visited static sites are cached on the Cyberoam server
hard drive or in the memory. The advantage of a cache server is that it will cache the static web pages
once requested and serve them locally when requested the next time.
Cyberoam will act as a cache server only if caching is enabled. To enable caching refer to Enable
Cache server and to configure the cache server refer to Configure cache.
Cyberoam also provides facility to define WCCP router for Caching. WCCP (Web Cache
Communication Protocol) provides mechanism to redirect traffic flow to caches. To define WCCP router
refer to Define WCCP router.
Cyberoam provides the facility to define an External cache server also. To define External cache, refer
to Define External cache.
How WCCP works?
Cyberoam examines all the client traffic and redirects traffic to the appropriate cache server according to
the predefined policies.
When the page is requested for the first time, Cyberoam intercepts flow and directs data to the local
cache or to the remote/external cache server to cache the data according to the defined routing policy.
When the cached content is requested, it is served from local or remote/external cache. Non-cached
traffic is automatically redirected to the Internet.

Management
Enable Cache Server

Select Cache Management → Cache → Manage
Screen - Manage Cache

Cache Server status
Start Cache Server button Click to start Cache server
Only if status is ‘Cache Engine
Stopped’
Cache Server status
Stop Cache Server button Click to stop Cache server
Only if status is ‘Cache Engine
Running’
Restart button Click to restart Cache server
Disable Caching In Proxy Server
Disable Caching button Disable Caching if you do not want
Proxy server to cache pages
Need Cyberoam for URL filtering
Click to disable
Cache Start Configuration
Autostart Automatically starts the Cache server with the
startup of Cyberoam server
Manual Start Cache server manually
Save configuration Save the cache server configuration
Table - Manage Cache screen elements

Management
Configure Cache
Select Cache Management → Cache → Configure
Screen - Configure Cache

Add Cache size in MB
Recommended Cache size Recommended size is the optimum size of cache determined
(MB) based on the memory and the disk size
Cannot be modified
Cache size (MB) Specify Cache size (in MB)
It is recommended that cache size defined be equal to or more

than the recommended size
Save button Save the cache configuration
Empty Cache
Empty Cache button Deletes any previous cached entities. Empty cache if corruption
is found
Click to empty cache

Configure Cache policies
Manage Cache Category URLs falling under the web categories defined here will be not be
button cached
Click Manage Cache category

To set web categories refer Manage Cache category
Table - Configure Cache screen elements

Management
Manage Cache Category
Screen - Manage cache category

Categories Available list Displays list of predefined categories
Click to select
To button Moves the selected category to the Selected
Categories list
Click to move
Remove button Removes the selected category from the Selected
Categories list
Click to remove
Selected Categories list List of web categories which will not be cached
Ok button Saves the configuration
Table - Manage cache category screen elements

Management
Define WCCP Routers

Select Cache Management → Cache → Advanced Configuration
Screen - WCCP Configuration

WCCP Router Address
Add router button Adds WCCP router
Click Add router
To add router refer Add router

Delete router button Deletes defined router
Click Delete router
To delete router refer Delete router

Table - WCCP Configuration screen elements

Management
Add router
Screen - Add Router

Add router
Router address IP address of the Router
Add button Adds router
Table - Add Router screen elements
Delete router
Screen - Delete Router

Select Select Router IP address to be deleted
More than one router can be selected

Select All Select all the IP addresses
Click Select All to select all the routers

Delete Router button Delete the selected Router(s)
Table - Delete Router screen elements

Management
Define Cache
Select Cache Management → Cache → Advanced Configuration
Screen - Define External Cache

External Cache IP address
Cache Type Defines Cache type
Local – Uses Cyberoam Server for caching
External – Uses machine other than cyberaom

server for caching
Only for the External Cache
IP address IP address of the machine which is to be used for
caching
Click Add domain for defining caching criteria.

Refer to Add domain
Port Port number of External cache
Save button Saves the configuration
Domain’s for the External Cache

Management
Add Domain button Allows to add domain for Exaternal caching
Cache Port setting
(Only for the Local Cache)
Cache Port Port number for local cache
Table - Define Cache screen elements

Management
Add Domain – Only for External Cache
Screen - Add Domain

Add Domain
Domain type Specifies whether domain names are to be included or
excluded from caching
Click any one

Include – includes specified domain names in caching
Exclude – excludes specified domain names from caching
Domains Domain names which are to be included/excluded in cache
Add button Adds the criteria
Table - Add Domain screen elements
Delete Domain – Only for External Cache
Screen - Delete Domain

Select Select Domain to be deleted from cache criteria
More than one domain can also be selected

Select All Select all the Domains
Click Select All to select all the domains

Delete Domain button Delete all the selected Domain(s)
Table - Delete Domain screen elements

Management
Routing Policy
Select Cache Management → Cache → Routing Policy
Screen - Add Routing policy

Add Network button Add the routing policy for the network
Click Add network
To add network refer to Add Network

Table - Add Routing policy screen elements
Add Network
Screen - Add Network

Add Interface
Network ID/Netmask Network whose caching is to be routed through the
selected Interface
Show Nodes button Shows the list of nodes in the specified Network
Select Interface Click Select Interface to select

Management
IP Address IP address of the Interface
Add button Adds the interface
Delete Network
Screen - Delete Network

Select Select Network to be deleted
More than one network can also be selected

Select All Select all the Networks
Click Select All to select all the networks

Delete Network button Delete the selected Network(s)
Table - Delete Network screen elements

Management
Cyberoam User Guide Mail Management
Malicious HTTP traffic

Use to identify and block HTTP malicious traffic by defining the keywords
Select Cache Management →Malicious HTTP traffic → Create
Screen - Create HTTP Malicious traffic - Web category

Web category details
Name Assigns name to the category. Choose a name that best
describes the category
Allows maximum of 60haracters

Description Full description of the category

Create button Creates the category for blocking the malicious traffic
Click Create to create
Click Manage Keywords to set keywords, refer Manage

Keywords for details
Table - Create HTTP Malicious traffic - Web category screen elements

Management
Manage Traffic
Select Cache Management →Malicious HTTP traffic → Manage and click the required ‘web
category name’ link
Screen - Manage HTTP Malicious traffic - Web category

Name Displays the name of the Web category, modify
if required
Description Displays the description , modify if required
OK button Saves the modified details, if any
Click to save
Keyword Management
Manage Keyword button Allows to manage (add and delete) keywords
defined for the web category
Table - Manage HTTP Malicious traffic - Web category

Management
Manage keywords
Add Keywords
Screen - Add Keywords

Add Keyword
Add to Specifies whether keywords are to be included or excluded
from blocking
Click any one

Include – Blocks the traffic with keywords specified
Exclude – Passes the traffic with keywords specified
Domains Actual keywords which are to be included/excluded
Add Keywords Adds the criteria
button
Table - Add Keywords screen elements
Delete Keyword

Select Selects keywords to be deleted from web
category
Click to select
More than one keyword from any of the lists

can be selected
Delete Domain button Delete all the selected keyword(s)
Table - Delete Keywords screen elements

Management
Mail Management
Used to control which mail servers users can reach and send/receive mails from what domains
Intra POP Service
Create Intra POP Service
Select Mail Management → Intra POP → Create Intra POP Service
Screen - Create IntraPOP service

Management

Intra POP Configuration
Mail server IP address or Domain name of Mail server
Username User name for the mail account
Password Password for the mail account
Confirm Password Retype the same password for confirmation
Domain names Domains from which mails will be fetched
Protocol Configures Mail server for connecting to the protocol selected
Options:
POP3
POP2
APOP
RPOP
Click Protocol list to select

Mail Redirection
Allows to redirect the mails received
Available options
1) Deposit Mail in the respective User mailbox – Directly

send the mails to the respective user mailbox
2) Redirect mails to Local user – Redirects mails to the

specified user
Click Select User to specify the user. Opens a new window

and allows to select the user
3) Redirect mails to Alias – Redirects mails to the specified

Alias
Click Select Alias to specify the Alias. Opens a new window

and allows to select the Alias
Options
Keep copy of Mail Specifies whether the copy of Mails to be kept on the server
on server also or not
Click to keep the copy on server also

Create button Creates mail service
Table - Create IntraPOP service screen elements

Management
Configure Intra POP server
Select Mail Management → Intra POP → Intra POP Configuration
Screen - Configure IntraPOP server

Management

Intra POP Server status
Status of the IntraPOP server Displays the status of the IntraPOP server
IntraPOP server Running – if server is on

Click Stop IntraPOP server to stop the server
IntraPOP server Stopped – if server is off

Click Start IntraPOP server to start the server
IntraPOP settings
Time Interval (in minutes) Specifies schedule for receiving mails i.e. if time
interval specified is 15 minutes, mails will be fetched
after every 15 minutes
Update button Updates the server status and/or time interval setting
Click to update
IntraPOP startup Configuration
Specifies startup configuration of IntraPOP server
Options:
1) Autostart Automatically starts the IntraPOP server with the startup of Cyberaom
server
2) Manual Administrator has to start IntraPOP server manually

Save Configuration button Saves the server configuration
Table - Configure IntraPOP server screen elements

Management
Manage Intra POP Service
Select Mail Management → Intra POP → Manage Intra POP Service to view the list of
mail servers defined
Screen - Manage IntraPOP service

Mail server link Opens a new window and diplays the details of the mail server.
Click to view/update the configuration of the mail server. Refer to

Update Mail server for details.
Fetch mails button Allows to fecth mails from the selected mail server
Click Select to select the mail server
More than one Mail server can also be selected

Delete IntraPOP Allows to delete the service
service button
Refer to Delete Intra POP service for details
Table - Manage IntraPOP service screen elements

Management
Update Mail server
mail servers defined and click the Mail server name to be modified
Screen - Update IntraPOP service

Management

Intra POP Configuration
Mail server Displays IP address or Domain name of Mail server, modify if
required
Username Dispalys the Username for the mail account, modify if required
Password Password for the mail account , modify if required
Confirm Password Retype the same password for confirmation
Domain names Displays Domains from which mails will be fetched, , modify if
required
Protocol Displays the protocol configured, modify if required
Mail Redirection
Displays the redirection configuration, modify if required
Available options
1) Deposit Mail in the respective User mailbox – Directly send the

mails to the respective user mailbox
2) Redirect mails to Local user – Redirects mails to the specified

user
Click Select User to specify the user. Opens a new window and
allows to select the user
3) Redirect mails to Alias – Redirects mails to the specified Alias
Click Select Alias to specify the Alias. Opens a new window and
allows to select the Alias
Options
Keep copy of Mail on Displays the configured option of whether the copy of Mails to be kept
server on the server also or not, modify if required
Click to keep the copy on server also

Update button Updates the mail service
Table - Update IntraPOP service screen elements

Management
Delete Intra POP service

mail servers defined

Select Select Mail server to be deleted
More than one Mail server can also be selected

Select All Select all the Mail server(s)
Click Select All to select all the Mail servers

Delete Network button Delete the selected Mail servers(s)
Table - Delete IntraPOP service screen elements

Management
Alias
Send a message to a group of users by creating a Alias (mailing group) containing their names. Then,
just type the Alias name in the To box when you send messages. You can create multiple Aliases, and
message can belong to more than one Alias.
For example, if certain mails are to be forwarded to ‘Marketing’ department staff only then create an
alias ‘Marketing staff’ and add the names of all the employees of ‘Marketing’ department. Mails
forwarded to ‘Marketing staff’ Alias will be forwarded to the employees of ‘Marketing’ department only.
Create Alias
Select Mail Management → Aliases → Create
Screen - Create Alias

Aliases
Alias name Assign name to Alias
Description Full description of the Alias

Save button Saves the alias created
Refer to Add Users to add users to the Alias

Table - Create Alias screen elements

Management
Add Users
Select Mail Management → Aliases → Manage and click the Alias name link to add the users
Screen - Create Alias - Add Users

Select Users
Show Groups Allows to select the Group
Click to select
Show all Users Shows all the users
Show button Shows the all the users defined under the selected
group

Management
Select Selects the user
Click to select
Click to select
Add button Adds selected users from the Group to the Alias
Click to add
Table - Create Alias - Add Users screen elements
Delete Users
Select Mail Management → Aliases → Manage and click the Alias name link from which the
users are to be deleted
Screen - Create Alias - Delete Users

Del Select the User for deletion
More than one User can be selected
Click to select
Select All Allows to select all the Users for deletion
Click to select
Delete Users button Deletes all the selected Users(s)
Click to delete
Table - Create Alias - Delete Users screen elements

Management
Delete Alias
Select Mail Management → Aliases → Manage
Screen - Delete Alias

Del Select the Alias for deletion
More than one Alias can be selected
Click to select
Select All Allows to select all the Aliases for deletion
Click to select
Delete Alias button Deletes all the selected Aliases
Click to delete
Table - Delete Alias screen elements

Mail Management
Cyberoam User Guide
SMTP Configuration
SMTP Configuration
Cyberoam provides facility of SMTP redirection that allows re-directing the SMTP traffic through
Cyberoam server for sending mails.
Configure SMTP
Select Mail Management → SMTP Configuration → Configure
Screen - Configure SMTP

SMTP Mail server status
Status of the SMTP Displays the status of the SMTP mail server
Mail server

Mail Management
Cyberoam User Guide
SMTP Configuration
Mail server Running – if server is on
Click Stop Mail server to stop the server
Mail server Stopped – if server is off

Click Start Mail server to start the server
Configure
Enable button Enable SMTP redirection and to configure Cyberoam to Relay
messages from Internal IP addresses
Click Enable
SMTP Mail server startup Configuration
Specifies startup configuration of SMTP mail server
Options:
1) Autostart Automatically starts the SMTP server with the startup of Cyberaom server
2) Manual Administrator has to start SMTP server manually

SMTP Access
Access SMTP server Allows to access SMTP server before/after Cyberoam login
Select Yes or No
Save details button Save the configuration
Table - Configure SMTP screen elements

Mail Management
Cyberoam User Guide
SMTP Configuration
Configure Mail Access

Use to configure Mail server to relay certain mail domains or IP addresses
Add Domain to RELAY
Select Mail Management → Mail Relay → Configure Mail Access
Screen - Add Domain

Add Domains
Domain Name/IP Address Domain name or IP address which will be
allowed RELAY mails through Cyberoam
Add Domain to Relay button Adds the Domain name or IP address
Table - Add domain screen elements

Mail Management
Cyberoam User Guide
SMTP Configuration
Delete Domain from RELAY

Del Select Domain name to be deleted
Click Del to select
More than one Domain name can also be selected

Select All Select all the Domain names
Click Select All to select all the Domain names

Delete button Delete the selected Domain name(s)

Management
Cyberoam User Guide Monitoring Bandwidth Usage
Services
Use Services tab to Start/Stop and Enable/Disable Autostart various configured servers. According
to the requirement, one can Start, Stop, Enable or Disable the services.
Types of the servers available:

1. DHCP
2. DNS
3. Mail server
4. IntraPOP server
5. Cyberoam server
Select System Management → Services → Control Services
Screen - Manage Control services

Service name Name of the server
Status Status of the respective server
Running – if server is on
Stopped – if server is off
Commands Starts or stops the respective servers
Enables or disables Autostart
Refer to Action table

Table - Manage Control Service screen elements

Management
Cyberoam User Guide Monitoring Bandwidth Usage
Action table
Button Usage
Start Starts the Server
For configured servers whose status is ‘Stopped’

Stop Stops the server
For configured servers whose status is ‘Started’

Enable Autostart Automatically starts the configured server with the
startup of Cyberaom server
Disable Autostart Disables the Autostart process
Restart Restarts Cyberoam server
Only for Cyberoam server

All the servers with ‘Enable Autostart’ will restart
Shutdown Shutdown Cyberoam server
Only for Cyberoam server

All the servers will be stopped
Table - Manage Control Service - Action

Customization
Cyberoam User Guide Services
Monitoring Bandwidth Usage

Bandwidth is the amount of data passing through a media over a period. In other words, it is the
amount of data accessed by the Users. Each time the data is accessed – uploaded or
downloaded, the amount is added to the total bandwidth. Because of the limited resource, it needs
periodic monitoring.
Bandwidth usage graphical report allows Administrator to monitor the amount of data uploaded or
downloaded by the Users. Administrator can use this information to help determine:
• Whether to increase or decrease the bandwidth limit?
• Whether all the gateways are utilized optimally?
• Which gateway is underutilized?
• What type of traffic is consuming the majority of the Bandwidth?
• Which inbound/ outbound traffic has consumed the most Bandwidth in the last week/month?
Select User management → Bandwidth usage → Report
Screen - Bandwidth Usage

Bandwidth report
Graph type Generates graph
Select any one
Gateway wise – Displays list of Gateways defined, click the Gateway

whose data transfer report is to be generated
Host Group wise – Displays list of Host groups defined, click the host
group whose data transfer report is to be generated
Total – Generates total (all gateways and host groups) data transfer
report. Also generates Live user report
Gatewaywise breakup - Generates total (all gateways) data transfer
report.
Graph period Generates graph based on time interval selected
Click Graph period to select

Customization
Daily
Yesterday
Weekly
Monthly
Yearly
Table - Bandwidth usage screen elements
It generates eight types of graphical reports:
1. Live users - Graph shows time and live users connected to Internet. In addition, shows minimum,
maximum and average no. of users connected during the selected graph period. This will help in
knowing the peak hour of the day.
X axis – Hours
Y axis – No. of users
Peak hour – Maximum no. of live users
Screen - Bandwidth usage - Live Users graph
2. Total data transfer – Graph shows total data transfer (upload + download) during the day. In
addition, shows minimum, maximum and average data transfer.
X axis – Hours
Y-axis – Total data transfer (upload + download) in KB/Second
Maximum
data transfer
Minimum
data
Screen - Bandwidth usage - Total Data transfer graph

Customization
3. Composite data transfer – Combined graph of Upload & Download data transfer. Colors differentiate
upload & download data traffic. In addition, shows the minimum, maximum and average data
transfer for upload & download individually
X axis – Hours
Y-axis – Upload + Download in Bits/Second
Orange Color - Upload traffic

Blue Color – Download traffic
Screen - Bandwidth usage - Composite Data transfer graph
4. Download data transfer – Graph shows only download traffic during the day. In addition, shows the
minimum, maximum and average download data transfer.
X axis – Hours
Y-axis – Download data transfer in Bits/Second
Screen - Bandwidth usage - Download Data transfer graph

Customization
5. Upload data transfer - Graph shows only upload traffic during the day. In addition, shows minimum,
maximum and average upload data transfer.
X axis – Hours
Y-axis – Upload data transfer in Bits/Second
Screen - Bandwidth usage - Upload Data transfer graph
6. Integrated total data transfer for all Gateways – Combined graph of total (Upload + Download) data
transfer for all the gateways. Colors differentiate gateways. In addition, shows the minimum,
maximum and average data transfer of individual gateway
X axis – Hours
Y-axis – Total (Upload + Download) data transfer in Bits/Second
Orange Color – Gateway1

Blue Color – Gateway2

Customization
7. Integrated Download data transfer of all Gateways – Graph shows only the download traffic of all the
gateways during the day. In addition, shows the minimum, maximum and average download data
transfer.
X axis – Hours
Y-axis – Download data transfer in Bits/Second

8. Integrated Upload data transfer for all the Gateways - Graph shows only the upload traffic of all the
gateways during the day. In addition, shows minimum, maximum and average upload data transfer.
X axis – Hours
Y-axis – Upload data transfer in Bits/Second


Customization
Customization
Services
Service is Protocol based criteria for traffic classification. Protocols may be TCP and UDP type.
TCP and UDP protocols are defined based on port type.
Create new Service

Select Policy Configuration Æ Services Æ Create service to open the create service
pane
Screen - Add new Service

Service Information
Service name Assign name to service

Default Port Assign Port number
Port type Allows to select the port type for the service
Options : 1) TCP 2) UDP
Click to select
Service Description Full description

Create button Creates a new Service
Table - Add new Service screen elements

Customization
Update Service
Select Policy Configuration Æ Services Æ Manage Service to view the list of Services.
Click the Service to be updated
Screen - Update Service

Service Information
Service name Displays Service name, modify if required
Default Port Displays default port defined for the service,
modify if required
Port type Displays the port type, modify if required
Service description Displays service description, modify if required
Update button Updates the modified details
Table - Update Service screen elements

Customization
Delete Service
Select Policy Configuration Æ Services Æ Manage Service to view the list of Services
Screen - Delete Service

Del Select the Service for deletion
More than one Service can be selected
Click to select
Select All Allows to select all the Services for deletion
Click to select
Delete Service button Deletes all the selected Service(s)
Click to delete
Table - Delete Service screen elements

Customization
Cyberoam User Guide Schedule
Schedule
Schedule defines a time schedule for the policy. It specifies the hours during which the policy can
be active on each day of the week. You can define a different schedule for each day of the week,
or same schedule for every day of the week.
Create Schedule
Select Policy Configuration Æ Schedule Æ Create
Screen - Create Schedule

Schedule details
Name Assign name to the schedule. Choose a name that best
describes the schedule


Create button Creates schedule and allows to enter the schedule
details
Click Add schedule details to add details to the schedule,

refer to Managing Schedule - Create schedule details
Table - Create Schedule screen elements

Customization
Update Schedule
Select Policy Configuration Æ Schedule Æ Manage Schedule and click the Schedule
name link to update
Screen - Update Schedule

Schedule details
Schedule name Displays schedule name, modify if required
Schedule description Displays schedule description, modify if required
Save button Saves the updated details
Add Schedule details Allows to define the schedule details for the
button selected weekday to the schedule
Click Add Schedule details to add details. Refer

to Add Schedule details for details.
Table - Update Schedule screen elements
Add Schedule details
Screen - Add schedule details

Customization

Schedule details
Schedule name Displays schedule name to which details will be
added
Schedule description Displays schedule description
Weekday Select weekday
Start time & Stop time Defines the access hours/duration
Start & stop time cannot be same

Add schedule detail Attaches the schedule details for the selected
button weekday to the schedule
Table - Add schedule details screen elements
Delete Schedule details
Screen - Delete schedule details

Del Select schedule details to be deleted
Click Del to select schedule details
More than one schedule can also be selected

Select All Selects all the schedule details
Click Select All to select all the schedule details

Delete selected Deletes the selected schedule detail(s)
schedule details button
Table - Delete schedule details screen details

Customization
Delete Schedule
Select Policy Configuration Æ Schedule Æ Manage Schedule to view the list of
Schedules
Screen - Delete Schedule

Del Select schedule to be deleted
Click Del to select schedule
More than one schedule can also be selected

Select All Selects all the schedules
Click Select All to select all the schedules

Delete schedule button Deletes the selected schedule(s)
Table - Delete Schedule screen elements

Customization
Cyberoam User Guide Web Categories
Web Categories
Cyberoam allows Internet site filtering based on URLs and URL keywords.
Web category is the grouping of URLs and URL keywords used for Internet site filtering. The URLs
and any URL containing the keywords defined in the Web category will be blocked.
For your convenience, Cyberoam provides a database of predefined Web categories. You can use
these or even create new categories to suit your needs.
Depending on the organization requirement, allow or deny the access to the categories with the
help of policies by groups, individual user, time of day, and many other criteria.
Create a new Web category
Prerequisite
• Service created
Select Policy Configuration Æ Web Category Æ Create Web Category
Screen - Create Web category

Web Categories details
Name Assign name to the Web category.

Restrict HTTPUpload Specifies whether HTTP Upload is restricted or not


Customization
Cyberoam User Guide Web Categories
Create button Creates a new Web category. Web category configuration

is incomplete until file types or keywords are attached
Table - Create Web category screen elements

Customization
Cyberoam User Guide Upgrade Cyberoam
Update Web Categories

Select Policy Configuration Æ Web Category Æ Manage Web Category to view the
list of Web categories listed. Click the web category to be modified
Screen - Update Web category

Name Displays name of the Web category
Modify if necessary
Restrict HTTP Upload Displays whether HTTP upload is restricted or not
Modify if necessary
Description Displays description of the policy
Update button Updates the above modified details
Show All button Opens a new window and displays the complete details of the Web
category
Click to view details

Keyword Management
Manage keyword button Opens a new window and allows to add the word list for restriction
or remove from restriction

Customization
Click to manage
Refer to Manage Keyword for details

File type Management
Manage File type button Open a new window and allows to add the file type to place
restriction or remove from restriction
Click to manage
Refer to Manage File type for details

Web service
Management
Manage services button Open a new window and allows to add or remove services
Click to manage
Refer to Manage Services for details

Table - Update Web category screen elements
Manage Keyword
Use to assign keywords to the Web category for blocking. Enter the keywords you want blocked
for a category. Cyberoam blocks any site containing a keyword assigned to the category.
Cyberoam provides several predefined keywords for use in filtering. You can modify these, or even
create new file types to suit your needs.
Displays the lnclude and Exclude word list for the selected Web category
Screen - Manage Keywords

Add keyword button Opens a new window and allows to add a new
keyword to the selected category
Click to add
Refer to Add Keyword for details

Delete keyword button Allows to delete the selected keyword from the
category

Customization
Click the keywords to be deleted

Click Delete Keyword
Table - Manage Keywords screen elements
Add Keyword
Screen - Add keywords

Add Keyword
Add to Specifies whether the entered keywords are to be included or
excluded from restriction
Keywords Keywords which are to included or excluded from restriction
Add Keyword button Adds the keywords to the selected web category
Table - Add keywords screen elements
Delete Keyword
Screen - Delete keywords

Include Words list
Select words to be deleted
Click to select
More than one word can be selected

Exclude Words list
Select words to be deleted
Click to select

Customization
More than one word can be selected

Delete keyword button Deletes the selected word(s) from both the word
lists
Table - Delete keywords screen elements
Manage File types

Use to assign file types to the Web category for blocking. Select the file types you want blocked for
a category. Cyberoam blocks any site containing file types assigned to the category.
Displays the list of file types (file extensions)
Screen - Manage File types

Add File type button Opens a new window and allows to select a file
type
Click to add
Refer to Add File types for details

Remove File type button Allows to delete the selected file types from the
category
Click to delete
Refer to Remove File types for details

Table - Manage File types screen elements

Customization
Add File types
Screen - Add file types

Select File type list Allows to select a file type category to be attached
Click to add
Add button Adds the file type category
Table - Add file types screen elements
Remove File types
Screen - Remove file types

Del Click all the file types required to be removed
Select All button Allows to select all the File types for deletion
Click Select All to select all file types

Remove File type button Remove(s) the file type category
Click to remove
Table - Remove file types screen elements

Customization
Manage Services
Displays the list of services attached to the Web category
Screen - Manage Service

Add Service button Opens a new window and allows to attach a new
service to web category
Click to add
Refer to Attach Service for details

Delete Service button Allows to delete the service from web category
Refer to Delete Service for details

Table - Manage Service screen elements
Attach Service
Screen - Attach service

Web Service details
Name of Web Category Displays name of the web category to which the
service will be attached
Service name Allows to select the service
Click Service name list to select

Domain name Specify Domain name
Port Specify Port number

Customization
Port type Allows to select the port type for the service
Options : 1) TCP 2) UDP
Click to select
Add to Web category Attached the service to the selected web
button category
Click to attach
Cancel Cancels the current operation
Table - Attach service screen elements
Remove Service
Screen - Remove service

Del Click all the services required to be removed
Delete service button Deletes all the selected Service(s)
Click to delete
Table - Remove service screen elements

Customization
Delete Web Category
Prerequisite
• Not attached to any Policy
Select Policy Configuration Æ Web Category Æ Manage Web Category to view the
list of Web categories created. Click the web category to be deleted

Del Select the category for deletion
More than one category can be selected
Click to select
Select All Allows to select all the categories for deletion
Click to select
Delete Category button Deletes all the selected categories
Click to delete

Customization
Manage File types

File type is a grouping of file extensions used for the similar purpose. Cyberoam allows filtering
Internet content based on file extension. For example, you can restrict access to particular types of
files from sites within an otherwise-permitted category.
Cyberoam provides several predefined file types for use in filtering. You can modify these, or even
add new file types to suit your needs.
Create File type
Select Policy Configuration Æ Web Category Æ File types and click Add File Type to
add a new file type
Screen - Create File type

Customization

File Type details
Name Assign name to the file type.

Extensions Specifies the file extensions to be included in the file
type category.
Extensions defined here will be blocked or filtered


Create button Creates a new file type.
Table - Create File type screen elements
Delete File type
Screen - Delete File type

Del Click all the file types required to be deleted
Select All button Allows to select all the File types for deletion
Click Select All to select all file types

Delete File type Delete(s) the file type category
button
Click to delete
Table - Delete File type screen elements

Customization
Upgrade Cyberoam
Upload Upgrade version
Once the upgraded version update file is obtained (CD or Downloaded), upload the new version
file.
Select Help Æ Upgrade Cyberoam Æ Upload Upgrade Version
Click Upload Upgrade version.

Type the file name with full path or select using ‘Browse’
Click Upload
Screen - Upload Upgrade version

Customization
Module licensing
There are certain add on modules which are not included in the basic Cyberoam software. These
modules are not part of the default installation and enabled on request. The customer has to
procure a different license for enabling these add on modules.
Select Help Æ Register Cyberoam Æ Module License to view the list of Add on modules
Following screen shows whether these modules are registered or not and if registered license
expiry date.
Status for a module will be ‘Unregistered’, if the module is not registered
To register a module click the module name link, it will open the module registration form.
Screen – Module registration

Module Registration form
Public key Displays the public key of the software
Product ID Specify the Product ID
Unique ID Specify the Unique ID
Register button Registers the module
Table - Module registration screen elements

Customization
View and Update Company information
Use to update the company information provided at the time of registration
Select Help Æ Company Info Æ Company Info to view the company details. Modify the
details if required.
Screen - Company Information

Company Information
Company name Displays company name under which Cyberoam
is registered
Cannot be modified
Contact person Displays name of the contact person in the
company, modify if required
Address, City, State, Displays complete address of the company,
Country, Zip, Phone, Fax modify if required
Email ID Display Email ID of the contact person
Save button Saves any of the modified details
Table - Company information screen elements

Customization
View Registration details

Use to view the Cyberoam registration details
Select Help Æ About Æ About to view the registration details.
It displays installed version of Cyberoam, Product ID, Maximum Users Allowed (User license) and
company name under which Cyberoam is registered.
Screen - View Registration details

Customization
Download Clients
Cyberoam Client supports Users using following platforms:
Windows Enables Users using Windows Operating System to log-on to Cyberoam Server using
T T
the Cyberoam Client for Windows
Linux Enables Users using Linux Operating System to log-on to Cyberoam server using the
T T
Cyberoam Client for Linux
HTTP Enables Users using any other Operating System than Windows & Linux to log-on to
T T
Cyberoam Server through “Cyberoam Client for HTTP” to access resources
Single Sign on Client Enables Windows-migrated Users to log on to Cyberoam using Windows
Username and password.
Depending on the requirement, download the Cyberoam Client. Refer to the Client Installation
guide for details.
Select Help Æ Cyberoam Client Æ Download Cyberoam Client to download the

Cyberoam Client

Customization
Menu wise Screen and Table Index
Accessing Cyberoam
TU UT
Accessing the Web Interface

TU UT 8
Accessing Console via remote login utility - TELNET
TU UT 8
Screen - Console access
TU UT 8
Screen - Console login screen
TU UT 9
Log on & log off from the Cyberoam Web Interface
TU UT
HTTP log in
TU UT
Screen - HTTP login screen

TU UT 9
HTTPS log in
TU UT 10
Screen - HTTPS login screen
TU UT 10
Screen - HTTPS login screen
TU UT 11
Table - Login screen elements
TU UT 12
Screen - Live Users screen

TU UT 12
Screen - Registration screen

TU UT 13
BASIC CONFIGURATION
TU UT
Screen - Navigation screen

TU UT 15
Table - Navigation screen Elements
TU UT 16
System Management
TU UT
Network Management
TU UT
Gateway configuration
TU UT
Screen - Gateway Configuration

TU UT 113
Table - Gateway Configuration screen elements
TU UT 113
Add Gateway
TU UT
Screen - Add Gateway

TU UT 113
Table - Add Gateway screen elements
TU UT 114
Delete Gateway
TU UT
Screen - Delete Gateway

TU UT 114
Table - Delete Gateway screen elements
TU UT 114
Interface Configuration
TU UT
Screen - Interface Configuration

TU UT 116
Table - Interface Configuration screen elements
TU UT 116
DNS Configuration
TU UT
Screen - DNS Configuration

TU UT 117
Table - DNS Configuration
TU UT 118
Security – Firewall
TU UT
Define Firewall
TU UT
Screen - Create Firewall rule

TU UT 120
Table - Create Firewall rule screen elements
TU UT 121
Only for Port forwarding
TU UT
Screen - Create Firewall rule - Port Forward

TU UT 122
Table - Create Firewall rule - Port Forward screen elements
TU UT 122
Various Options
TU UT
Table - Firewall rules - Result

TU UT 123
Manage Firewall access
TU UT
Screen - Manage Firewall access

TU UT 123
Table - Manage Firewall access screen elements
TU UT 124
Delete firewall access
TU UT
Screen - Delete Firewall access

TU UT 125
Table - Delete Firewall access screen elements
TU UT 125
DHCPTU UT

Customization
Screen - DHCP configuration

TU UT 126
Table - DHCP configuration screen elements
TU UT 126
Services
TU UT
Screen - Manage Control services

TU UT 167
Table - Manage Control Service screen elements
TU UT 167
Table - Manage Control Service - Action
TU UT 168
TU UT
Screen - Reset Console Password

TU UT 127
Table - Reset Console Password screen elements
TU UT 127
Data Store
TU UT
Backup data
TU UT
Screen - Backup
TU UT 129
Table - Backup screen elements
TU UT 130
Restore Data
TU UT
Screen - Restore
TU UT 131
Table - Restore screen elements
TU UT 131
Purge
TU UT
Auto purge
TU UT
Screen - Auto purge

TU UT 132
Table - Auto purge screen elements
TU UT 132
Manual purge
TU UT
Screen - Manual purge

TU UT 133
Table - Manual purge screen elements
TU UT 133
Client Services
TU UT
Screen - Messages
TU UT 134
Table - Message screen elements
TU UT 134
List of Predefined messages
TU UT
Table - List of predefined messages

TU UT 135
Parameters
TU UT
Screen - Parameter setting

TU UT 136
Table - Parameter setting screen elements
TU UT 136
Cache Management
TU UT
Enable Cache Server

TU UT
Screen - Manage Cache

TU UT 138
Table - Manage Cache screen elements
TU UT 138
Configure Cache
TU UT
Screen - Configure Cache

TU UT 139
Table - Configure Cache screen elements
TU UT 139
Manage Cache Category
TU UT
Screen - Configure Cache - Manage cache category

TU UT 140
Table - Configure Cache - Manage cache category screen elements
TU UT 140
Define WCCP Routers
TU UT
Screen - WCCP Configuration

TU UT 141
Table - WCCP Configuration screen elements
TU UT 141
Add router
TU UT
Screen - WCCP configuration - Add Router

TU UT 142
Table - WCCP configuration - Add Router screen elements
TU UT 142
Delete router
TU UT
Screen - WCCP configuration - Delete Router

TU UT 142
Table - WCCP configuration - Delete Router screen elements
TU UT 142
Define External Cache
TU UT
Screen - Define External Cache

TU UT 143
Table - Define External Cache screen elements
TU UT 144
Add Domain
TU UT
Screen - Add Domain

TU UT 145
Table - Add Domain screen elements
TU UT 145
Delete Domain
TU UT

TU UT 145

Customization

TU UT 145
Routing Policy
TU UT
Screen - Add Routing policy

TU UT 146
Table - Add Routing policy screen elements
TU UT 146
Add Network
TU UT
Screen - Add Network TU UT 146

TU UT 147
Delete Network
TU UT
Screen - Delete Network

TU UT 147
Table - Delete Network screen elements
TU UT 147
Malicious HTTP traffic
TU UT
Screen - Create HTTP Malicious traffic - Web category

TU UT 148
Table - Create HTTP Malicious traffic - Web category screen elements
TU UT 148
Manage Traffic
TU UT
Screen - Manage HTTP Malicious traffic - Web category

TU UT 149
Table - Manage HTTP Malicious traffic - Web category
TU UT 149
Manage keywords
TU UT
Add Keywords
TU UT
Screen - Manage Web category - Add Keywords

TU UT 150
Table - Manage Web category - Add Keywords screen elements
TU UT 150
Delete Keyword
TU UT
Table - Manage Web category - Delete Keywords screen elements

TU UT 150
Define Authentication process

TU UT
Decision matrix for Authentication

TU UT
Table - Authentication - Decision matrix

TU UT 35
Local (Cyberoam) Authentication
TU UT 36
NTLM Authentication
TU UT 36
Single Sign on Client Configuration
TU UT 37
Table - Default NETLOGON directory location
TU UT 37
Screen - Download Single sign on Client
TU UT 38
Screen - Download User Logon Script Updation utility
TU UT 39
Screen - LOGON script change utility
TU UT 39
Screen - Add Authentication server
TU UT 40
Table - Add Authentication screen elements
TU UT 41
User Migration
TU UT
Screen - Download User Migration Utility screen

TU UT 33
TU UT 33
TU UT 34
Screen - Register Migrated users screen
TU UT 34
Services
TU UT
Create new Service

TU UT
Screen - Add new Service TU UT 174

Table - Add new Service screen elements
TU UT 174
Update Service
TU UT
Screen - Update Service TU UT 175

Table - Update Service screen elements
TU UT 175
Delete Service
TU UT
Screen - Delete Service TU UT 176

Table - Delete Service screen elements
TU UT 176
Schedule
TU UT
Create Schedule
TU U
Screen - Create Schedule TU UT 177

Table - Create Schedule screen elements
TU UT 177
Update Schedule
TU UT
Screen - Update Schedule TU UT 178

Table - Update Schedule screen elements
TU UT 178

Customization
Add Schedule details

TU UT
Screen - Update Schedule - Add schedule details

TU UT 178
Table - Update Schedule - Add schedule details screen elements
TU UT 179
Delete Schedule details
TU UT
Screen - Update Schedule - Delete schedule details

TU UT 179
Table - Update Schedule - Delete schedule details screen details
TU UT 179
Delete Schedule
TU UT
Screen - Delete Schedule

TU UT 180
Table - Delete Schedule screen elements
TU UT 180
Web Categories
TU UT
Create a new Web category

TU UT
Screen - Create Web category

TU UT 181
Table - Create Web category screen elements
TU UT 182
Update Web Categories
TU UT
Screen - Update Web category

TU UT 183
Table - Update Web category screen elements
TU UT 184
Manage Keyword
TU UT
Screen - Update Web category - Manage Keywords

TU UT 184
Table - Update Web category - Manage Keywords screen elements
TU UT 185
Add KeywordTU UT
Screen - Manage Keywords - Add keywords

TU UT 185
Table - Manage Keywords - Add keywords screen elements
TU UT 185
Delete Keyword
TU UT
Screen - Manage Keywords - Delete keywords

TU UT 185
Table - Manage Keywords - Delete keywords screen elements
TU UT 186
Manage File types
TU UT

TU UT 186
Table - Manage File types screen elements
TU UT 186
Add File types
TU UT
Screen - Manage File types - Add file types

TU UT 187
Table - Manage File types - Add file types screen elements
TU UT 187
Remove File types
TU UT
Screen - Manage File types - Remove file types

TU UT 187
Table - Manage File types - Remove file types screen elements
TU UT 187
Manage Services
TU UT
Screen - Manage Service

TU UT 188
Table - Manage Service screen elements
TU UT 188
Attach Service
TU UT
Screen - Manage Service - Attach service

TU UT 188
Table - Manage Service - Attach service screen elements
TU UT 189
Remove Service
TU UT
Screen - Manage Service - Remove service

TU UT 189
Table - Manage Service - Remove service screen elements
TU UT 189
Delete Web Category
TU UT

TU UT 190
TU UT 190
Manage File types
TU UT

TU UT 191
Create File type
TU UT
Screen - Create File type

TU UT 191
Table - Create File type screen elements
TU UT 192
Delete File type 2
TU UT
Screen - Delete File type

TU UT 192
Table - Delete File type screen elements
TU UT 192
Policy Management
TU UT
Surfing Quota policy

TU UT
Create Surfing Quota policy

TU UT
Screen - Create Surfing Quota policy

TU UT 69

Customization
Table - Create Surfing Quota policy screen elements

TU UT 69
Update Surfing Quota policy
TU
Screen - Update Surfing quota policy

TU UT 70
Table - Update Surfing quota policy screen elements
TU UT 71
Delete Surfing Quota policy
TU
Screen - Delete Surfing quota policy

TU UT 72
Table - Delete Surfing quota policy screen elements
TU UT 72
Access time policy
TU UT
Allow strategy
TU UT 73
Disallow strategy
TU UT 73
Create Access time policy
TU
Screen - Create Access time policy

TU UT 73
Table - Create Access time policy screen elements
TU UT 74
Update Access time policy
TU
Screen - Update Access time policy

TU UT 75
Table - Update Access time policy screen elements
TU UT 75
Delete Access time policy
TU
Screen - Delete Access time policy

TU UT 76
Table - Delete Access time policy screen elements
TU UT 76
Security policy
TU UT
Default Allow
TU UT 77
Default Disallow
TU UT 77
Create a new Security policy
TU
Screen - Create Security policy

TU UT 78
Table - Create Security policy screen elements
TU UT 78
Update Security policy
TU
Screen - Update Security policy

TU UT 79
Table - Update Security policy screen elements
TU UT 79
Manage Web Category
TU
Screen - Update Security policy - Manage Web category

TU UT 80
Table - Update Security policy - Manage Web category screen elements
TU UT 80
Add Web Category
TU
Screen - Update Security policy - Add Web category

TU UT 81
Table - Update Security policy - Add Web category screen elements
TU UT 81
Remove Web Category
TU
Screen - Update Security policy - Delete Web category

TU UT 82
Table - Update Security policy - Delete Web category screen elements
TU UT 82
Delete Security Policy
TU
Screen - Delete Security policy

TU UT 83
Table - Delete Security policy screen elements
TU UT 83
Bandwidth policy
TU
Host Group based bandwidth policy

TU
User based bandwidth policy

TU
Strict
TU
Table - Implementation types for Strict - Bandwidth policy

TU UT 84
Strict policy – Bandwidth usage
TU
Table - Bandwidth usage for Strict - Bandwidth policy

TU UT 85
Committed
TU UT
Table - Implementation types for Committed - Bandwidth policy

TU UT 85
Committed policy – Bandwidth usage
TU UT 85
Table - Bandwidth usage for Committed - Bandwidth policy
TU UT 85
IP address based bandwidth policy
TU UT
Create Bandwidth policy

TU UT
Screen - Create Bandwidth policy

TU UT 86
Table - Create Bandwidth policy - Common screen elements
TU UT 86
Create Host Group based bandwidth policy
TU UT
Screen - Create Host group based Bandwidth policy

TU UT 87
Table - Create Host group based Bandwidth policy screen elements
TU UT 87
Create User/IP address based Strict bandwidth policy
TU UT
Screen - Create User/IP based Strict Bandwidth policy

TU UT 88

Customization
Table - Create User/IP based Strict Bandwidth policy screen elements

TU 89 UT
Create User/IP address based committed bandwidth policy

TU UT
Screen - Create User/IP based Committed Bandwidth policy

TU 90 UT
Table - Create User/IP based Committed Bandwidth policy screen elements

TU 91 UT
Update Bandwidth policy

TU UT
Screen - Update Bandwidth policy

TU 92 UT
Table - Update Bandwidth policy Common screen elements

TU 92 UT
Update Host group based bandwidth policy

TU UT
Screen - Update Host group based Bandwidth policy

TU 93 UT
Table - Update Host group based Bandwidth policy screen elements

TU 93 UT
Update User based Bandwidth policy

TU UT
Screen - Update User based Bandwidth policy

TU 94 UT
Table - Update User based Bandwidth policy screen elements

TU 95 UT
Attach Schedule details

TU UT
Strict TU UT
Screen – Assign Schedule to User based Strict Bandwidth policy

TU 95 UT
Table – Assign Schedule to User based Strict Bandwidth policy screen elements
TU 95 UT
Committed TU UT
Screen - Assign Schedule to User based Committed Bandwidth policy

TU 96 UT
Table – Assign Schedule to User based Committed Bandwidth policy screen elements 96
TU UT
Remove Schedule details

TU UT
Screen - Remove Schedule from User based Bandwidth policy

TU 97 UT
Table - Remove Schedule from User based Bandwidth policy screen elements
TU 97 UT
Update IP address based bandwidth policy

TU UT
Screen - Update IP address based Bandwidth policy

TU 98 UT
Add IP Addresses to IP Address based bandwidth policy

TU UT
Screen – Add IP address to IP address based Bandwidth policy

TU 99 UT
Table - Add IP address to IP address based Bandwidth policy screen elements

TU 100 UT
Remove IP Addresses from IP Address based bandwidth policy

TU UT
Screen - Remove IP address from IP address based Bandwidth policy screen elements100
TU UT
Table - Remove IP address from IP address based Bandwidth policy screen elements 100
TU UT
Delete Bandwidth policy

TU
Screen - Delete Bandwidth policy

TU 101 UT
Table - Delete Bandwidth policy screen elements

TU 101 UT
Printing Policy
TU UT

TU
Screen - Create Printing policy

TU 102
UT
Table - Create Printing policy screen elements

TU 102 UT
Define IP address with Unrestricted printer access

TU

TU 103 UT

TU 103 UT
Table - Unrestricted Printer access screen elements

TU 104 UT
Update Printing policy

TU
Screen - Update Printing policy

TU 105 UT
Table - Update Printing policy screen elements

TU 105 UT
Delete Printing policy

TU
Screen - Delete Printing policy

TU UT 106
Table - Delete Printing policy screen elements
TU 106 UT
Group Management
TU UT
Define Group
TU UT
Group TU
Group types TU
Decision matrix for creation of Group

TU

TU UT 19
Create a New Group
TU UT
Screen - Create Normal group screen

TU UT 21
Screen - Create Clientless group screen
TU UT 22
Table - Create GroupTU UT 23

Customization

TU UT 19
Create a New Group
TU
Screen - Create Normal group screen

TU UT 21
Screen - Create Clientless group screen
TU UT 22
Table - Create Group
TU UT 23 T
U Manage Group
Screen - Manage Group
U U 44
Table - Manage Group screen elements
U U 46
Update Group
U
Table - Need to Update group

U U 46
View Group members
U
Screen - View Group members

U U 46
Table - View Group members screen elements
U U 47
Select Node/IP address for Login restriction
U
Screen - Apply Login restriction

U U 47
Table - Apply Login restriction screen elements
U U 48
Delete Group
U U
Screen - Delete Group

U U 49
Table - Delete Group screen elements
U U 49
User Management
U U
Define User
U U
User U
User typesU U
Decision matrix for creation of User

U
Table - Create User - Decision matrix

U U 24
Create a User
U
Screen - Create User screen

U U 26
Table - Create User screen elements
U U 27
Table - Show Group details screen elements
U U 27
U U 28
Create Clientless users
U
To add multiple clientless users

U
Screen - Create multiple Clientless users

U U 29
Table - Create multiple Clientless user screen elements
U U 30
Add a single clientless user
U
Screen - Create single Clientless user

U U 31
Table - Create single Clientless user screen elements
U U 32
U

U U 32
Select Node table
U U
Table - Select Node screen elements

U U 32
Search User
U U
Screen - Search User

U U 50
Table - Search User screen elements
U U 50
Table - Search User - Result
U U 50
Live User
U U
Screen - Live Users

U U 51
Table - Live User screen elements
U U 52
Manage User
U U
Update User
U
Screen - Manage User

U U 54
Table - Manage User screen elements
U U 56
Table - Need to Update User
U U 57
U
Screen - Change User Personal details

U U 57
Table - Change User personal details screen elements
U U 57
User My Account
U U

U U 58

Customization

U U 58
Personal
U U
Change Password
U U 59
Screen - User My Account - Change Password
U U 59
Table - User My Account - Change password screen elements
U U 59
U U 59
Screen - User My Account – Change Personal details
U U 59
Table - User My Account - Change Personal details screen elements
U U 60
Account status
U U
Internet Usage
U U
Screen - User My Account - Internet Usage

U U 60
Table - User My Account - Internet Usage screen elements
U U 60
Table - User My Account - Internet Usage - Report elements
U U 61
Printer usage
U U
Screen - User My Account - Printer Usage

U U 61
Table - User My Account - Printer Usage screen elements
U U 61
Table - User My Account - Printer Usage - Report elements
U U 61
Change Group
U U
Screen - Manage User - Change Group

U U 62
Table - Manage User - Change Group screen elements
U U 62
Change Individual Policy
U
Table - Manage User - Change Individual policy

U U 63
Change Login Restriction
U U
Screen - Manage User - Change Login restriction

U U 64
Table - Manage User - Change Login restriction
U U 64
Delete User
U U
Screen - Delete Active User

U U 65
Screen - Delete Deactive User
U U 65
Screen - Delete Clientless User
U U 65
Table - Delete User
U U 65
Deactivate User
U U
Screen - Manage User - Deactivate User

U U 66
Table - Manage User - Deactivate User screen element
U U 66
Activate User
U U
Screen - Manage User - Activate Normal User

U U 67
Screen - Manage User - Activate Clientless User
U U 67
Table - Manage User - Activate User screen element
U U 67
Host Group Management

U U
Search Node
U U
Screen - Search Node

U U 107
Table - Search Node results
U U 107
Update Host Group
U U
Screen - Update Host group

U U 108
Table - Update Host group screen elements
U U 109
Add Node
U U
Screen - Update Host group - Add Node

U U 109
Table - Update Host group - Add Node screen elements
U U 109
Delete Node
U U
Screen - Update Host group - Delete Node

U U 110
Table - Update Host group - Delete Node screen elements
U U 110
Delete Host Group
U U
Screen - Delete Host group

U U 111
Table - Delete Host group screen elements
U U 111
Define Host Group

U U
Host Grou
U
Create a new Host Group

U U
Screen - Create Host group

U U 42
Table - Create Host group screen elements
U U 43

Customization
Monitoring Bandwidth Usage

U U
Screen - Bandwidth Usage

U U 169
Table - Bandwidth usage screen elements
U U 170
Screen - Bandwidth usage - Live Users graph
U U 170
Screen - Bandwidth usage - Total Data transfer graph
U U 170
Screen - Bandwidth usage - Composite Data transfer graph
U U 171
Screen - Bandwidth usage - Download Data transfer graph
U U 171
Screen - Bandwidth usage - Upload Data transfer graph
U U 172
Mail Management
U U
Intra POP Service

U U
Create Intra POP Service

U U
Screen - Create IntraPOP service

U U 151
Table - Create IntraPOP service screen elements
U U 152
Configure Intra POP server
U U
Screen - Configure IntraPOP server

U U 153
Table - Configure IntraPOP server screen elements
U U 154
Manage Intra POP Service
U U
Screen - Manage IntraPOP service

U U 155
Table - Manage IntraPOP service screen elements
U U 155
Update Mail server
U U
Screen - Update IntraPOP service

U U 156
Table - Update IntraPOP service screen elements
U U 157
Delete Intra POP service
U U
Table - Delete IntraPOP service screen elements

U U 158
Alias
U U
Create Alias
U U
Screen - Create Alias

U U 159
Table - Create Alias screen elements
U U 159
Add Users
U U
Screen - Create Alias - Add Users

U U 160
Table - Create Alias - Add Users screen elements
U U 161
Delete Users
U U
Screen - Create Alias - Delete Users

U U 161
Table - Create Alias - Delete Users screen elements
U U 161
Delete Alias
U U
Screen - Delete Alias

U U 162
Table - Delete Alias screen elements
U U 162
SMTP Configuration
U U
Configure SMTP
U U
Screen - Configure SMTP

U U 163
Table - Configure SMTP screen elements
U U 164
Configure Mail Access
U U
Add Domain to RELAY

U U
Screen - Configure Mail Access – Add Domain

U U 165
Table - Configure Mail Access – Add domain screen elements
U U 165
Delete Domain from RELAY
U U
Screen - Configure Mail Access – Delete Domain

U U 166
Table - Configure Mail Access – Delete Domain screen elements
U U 166
Upgrade Cyberoam
U U
Upload Upgrade version

U U 193
Screen - Upload Upgrade version
U U 193
Module licensing
U U
Screen – Module registration

U U 194
Table - Module registration screen elements
U U 194

Cyberoam User Guide Version 6.0.0

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Cyberoam User Guide Version 6.0.0

Caricato da

Copyright:

Formati disponibili

CYYBBEERRO

Elitecore Technologies Ltd.

Welcome to Cyberoam User Guide

Congratulations on the purchase of the IT resource management software - ‘Cyberoam’ and

How do I search for relevant content?

For help on how to perform certain task use Contents

This Guide is organized into 2 parts:

Manage Cyberoam server

eLitecore Technologies Ltd. 1

Manage Cache server

Visit www.cyberoam.com for the regional and latest contact information.

eLitecore Technologies Ltd. 2

Material in this manual is presented in text, screen displays, or command-line notation.

Item Convention Example

Topic titles Shaded font

Subtitles Bold & Black

Navigation link Bold typeface Group Management → Groups → Create

Notes & points Bold typeface

eLitecore Technologies Ltd. 3

Define Authentication process 35

Define Host Group 42

Host Group Management 107

eLitecore Technologies Ltd. 4

Delete Host Group 111

System Management 112

Cache Management 137

Mail Management 151

Monitoring Bandwidth Usage 169

Web Categories 181

Upgrade Cyberoam 193

Module licensing 194

View and Update Company information 195

View Registration details 196

eLitecore Technologies Ltd. 5

Download Clients 197

eLitecore Technologies Ltd. 6

eLitecore Technologies Ltd. 7

2. Text based Administration/telnet console

Accessing the Web Interface

Accessing Console via remote login utility - TELNET

To start the TELNET utility:

Screen - Console access

eLitecore Technologies Ltd. 8

Screen - Console login screen

Log on & log off from the Cyberoam Web Interface

Asterisks are the placeholders in the password field.

Screen - HTTP login screen

eLitecore Technologies Ltd. 9

To open login over secure HTTP, type

Screen - HTTPS login

eLitecore Technologies Ltd. 10

Screen - HTTPS login

Screen Elements Description

To login, enter mail account login name and password

To login, enter Cyberoam reports login name and password

To login, enter Network login name and password

To login, enter My Account login name and password

If logging on for the first time, type

If logging on for the first time, type

eLitecore Technologies Ltd. 11

If login is successful and the copy of Cyberoam is already registered, Live

Screen - Live Users screen

eLitecore Technologies Ltd. 12

Screen - Registration screen