Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
OAAMM USSE R GU
ER UIID
DEE
VEERRSSIIO
ONN: 6.0.0.0
IMPORTANT NOTICE
Elitecore has supplied this Information believing it to be accurate and reliable at the time of printing, but is
presented without warranty of any kind, expressed or implied. Users must take full responsibility for their
application of any products. Elitecore assumes no responsibility for any errors that may appear in this document.
Elitecore reserves the right, without notice to make changes in product design or specifications. Information is
subject to change without notice.
SOFTWARE LICENSE
The software described in this document is furnished under the terms of Elitecore’s software license agreement.
Please read these terms and conditions carefully before using the software. By using this software, you agree to
be bound by the terms and conditions of this license. If you do not agree with the terms of this license, promptly
return the unused software and manual (with proof of payment) to the place of purchase for a full refund.
LIMITED WARRANTY
Software: Elitecore warrants for a period of ninety (90) days from the date of shipment from Elitecore: (1) the
media on which the Software is furnished will be free of defects in materials and workmanship under normal use;
and (2) the Software substantially conforms to its published specifications except for the foregoing, the software
is provided AS IS. This limited warranty extends only to the customer as the original licenses. Customers
exclusive remedy and the entire liability of Elitecore and its suppliers under this warranty will be, at Elitecore or its
service center’s option, repair, replacement, or refund of the software if reported (or, upon, request, returned) to
the party supplying the software to the customer. In no event does Elitecore warrant that the Software is error
free, or that the customer will be able to operate the software without problems or interruptions.
DISCLAIMER OF WARRANTY
Except as specified in this warranty, all expressed or implied conditions, representations, and warranties
including, without limitation, any implied warranty or merchantability, fitness for a particular purpose, non-
infringement or arising from a course of dealing, usage, or trade practice, and hereby excluded to the extent
allowed by applicable law.
In no event will Elitecore or its supplier be liable for any lost revenue, profit, or data, or for special, indirect,
consequential, incidental, or punitive damages however caused and regardless of the theory of liability arising out
of the use of or inability to use the product even if Elitecore or its suppliers have been advised of the possibility of
such damages. In the event shall Elitecore’s or its suppliers liability to the customer, whether in contract, tort
(including negligence) or otherwise, exceed the price paid by the customer. The foregoing limitations shall apply
even if the above stated warranty fails of its essential purpose.
In no event shall Elitecore or its supplier be liable for any indirect, special, consequential, or incidental damages,
including, without limitation, lost profits or loss or damage to data arising out of the use or inability to use this
manual, even if Elitecore or its suppliers have been advised of the possibility of such damages.
RESTRICTED RIGHTS
Copyright 2000 Elitecore Technologies Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of
Elitecore Technologies Ltd. Information supplies by Elitecore Technologies Ltd. Is believed to be accurate and
reliable at the time of printing, but Elitecore Technologies assumes no responsibility for any errors that may
appear in this documents. Elitecore Technologies reserves the right, without notice, to make changes in product
design or specifications. Information is subject to change without notice
Corporate Headquarters
This Guide helps you manage and customize Cyberoam to meet your organization’s various
requirements including creating groups and users and assigning policies to control internet and
printer access.
Note that by default, Cyberoam Web Interface Username is ‘cyberoam’ and password is ‘cyber’. It
is recommended that you change the default password immediately after installation to avoid
unauthorized access.
Guide Organization
This Guide provides information regarding the administration, maintenance, and customization of
Cyberoam.
For help on a specific menu or screen function use Menu wise – Screen and Table Index
Define User Groups and Users. Describes how to add new Users and User Group
Define Authentication process. Describes Authentication process and user migration process from
Windows.
Define Host groups. Describes how to add new host groups.
Part II Management
It describes how to manage and customize Cyberoam
Manage Groups and Users. Describes how to edit and delete Users and User Groups
Manage & Customize Policies. Describes how to define and manage Surfing quota policy, Access
time policy, Security policy, Bandwidth policy, and Printing policy
Manage Host groups. Describes how to edit and delete host groups
Customize Services, Schedules and Web categories. Describes how to create and manage Web
categories, Schedules and Services
Upgrade Cyberaom
Guide Sets
Guide Describes
Installation & Registration Guide Installation & registration of Cyberoam
User Guide
Part I – Basic Configuration Basic configuration of Cyberoam
Part II – Management Management and Customization of
Cyberoam
Detailed statistics – Reports Detailed reports
Console Guide Console Management
Client Guide Installation & configuration of Cyberoam
Clients
Analytical tool Guide Using the Analytical tool for diagnosing
and troubleshooting common problems
Technical Support
You may direct all questions, comments, or requests concerning the software you purchased, your
registration status, or similar issues to Customer care/service department at the following address:
Corporate Office
eLitecore Technologies Ltd.
904, Silicon Tower
Off C.G. Road
Ahmedabad 380015
Gujarat, India.
Phone: +91-79- 6405600
Fax: +91-79-6462200
Web site: www.elitecore.com
Cyberoam contact:
Technical support (Corporate Office): +91-79- 6400707
Email: support@cyberoam.com
Web site: www.cyberoam.com
Typographic Conventions
Report
shaded font
typefaces
Introduction
typefaces
Name of a Lowercase Enter policy name, replace policy name with the specific
particular italic type name of a policy
parameter / Or
field / command Click Name to select where Name denotes command button
button text text which is to be clicked
Cross Hyperlink in refer to Customizing User database Clicking on the link will
references different color open the particular topic
Contents
Welcome to Cyberoam User Guide 1
Guide Organization 1
Guide Sets 2
Technical Support 2
Typographic Conventions 3
Contents 4
Introduction 7
What is Cyberoam? 7
Benefits of Cyberoam 7
Accessing Cyberoam 8
Accessing the Web Interface 8
Accessing Console via remote login utility - TELNET 8
Log on & log off from the Cyberoam Web Interface 9
BASIC CONFIGURATION 15
Define Group 18
Group 18
Define User 24
User 24
User Migration 33
MANAGEMENT 44
Group Management 44
Manage Group 44
Delete Group 49
User Management 50
Search User 50
Live User 51
Manage User 53
Policy Management 68
Surfing Quota policy 68
Access time policy 73
Security policy 77
Bandwidth policy 84
Printing Policy 102
Services 167
CUSTOMIZATION 174
Services 174
Create new Service 174
Update Service 175
Delete Service 176
Schedule 177
Create Schedule 177
Update Schedule 178
Delete Schedule 180
Introduction
Organizations around the world are leveraging the Internet and Information technology to gain a
competitive advantage.
Organizations invest vast amount of money in building networking infrastructures, which can
support their business goals and objectives. Staying ahead of the technology curve and achieving
competitive advantage comes at a heavy price. Despite the high levels of investment in
infrastructure and other IT resources, many organizations fail to deploy even the most basic tools
to manage their IT resources effectively.
Networking environments have become increasingly complex, with a variety of security and access
management issues. Organizations face challenges in configuring and giving access to various IT
resources and making sure the result supports organization policies.
What is Cyberoam?
Cyberoam is complete IT resource Management software that enables Business houses,
Educational institutes and other organizations to monitor and manage IT resources. It also
provides better Bandwidth management, increases Employee productivity and reduces legal
liability associated with undesirable Internet content.
Benefits of Cyberoam
1. Boost Employee productivity by
a. Blocking access to the sites like Gaming, Shopping, news, Pornography
2. Conserve bandwidth by
a. Controlling access to non-productive site access during working hours
b. Controlling rate of uploading & downloading of data
3. Load balancing over multiple links
a. Improved User response time
b. Failover solution
c. Continuous availability of Internet
d. Reduced bandwidth bottlenecks
4. Conserve Printer usage
5. Enforce acceptable Internet use, printer use and mailing policies
6. Comprehensive, easy-to-use reporting tool enabling the IT managers to compile reports on
Internet and other resources usage and consumption patterns
Accessing Cyberoam
Three ways to access/manage Cyberoam:
1. Web based Administration console
• Used for policy configuration
• Managing users, groups and policies
• Managing System resources like printer, mail server
• Managing Firewall rules
• Managing Bandwidth
• Viewing bandwidth graphs as well as reports
Note
Cyberoam Web Interface access requires Internet Explorer 5.5 or above
If you have logged on for the first time & not yet registered Cyberoam, refer to Installation guide for
registration. Change the default password, the first time you log on. Refer to Manage Users, Change
Personal details
Log on procedure
To get the log in window, open the browser and type the IP Address in browser’s URL box. A
dialog box appears prompting you to enter username and password to log in. Use the default user
name ‘cyberoam’ and password ‘cyber’ to log in if you are logging in for the first time.
HTTPS log in
Cyberoam provides the secured communication method by which the User log in information is
encrypted and prevents the unauthorized users from viewing the user information. For this,
Cyberoam uses https protocol.
The secure hypertext transfer protocol (HTTPS) is a communications protocol designed to transfer
encrypted information between computers over the World Wide Web. HTTPS is http using a
Secure Socket Layer (SSL). A secure socket layer is an encryption protocol invoked on a Web
server that uses HTTPS.
HTTPS protocol opens a secure hypertext transfer session with the specified site address.
Click Login
If Registration page opens, use Online or Manual registration process for registering the copy of
Cyberoam. Refer to Installation guide - Registration for detail on registration process.
PART
Basic Configuration
Once you have configured the network and registered the copy of Cyberoam, you can start using
Cyberoam. After you login successfully, following screen will be displayed which is the main
navigation point for Cyberoam. Each menu on the right most part of the screen provides access to
a different Cyberoam functionality:
Main menu
Help Allows to
• Register Cyberoam
• Upgrade Cyberoam
• Download Cyberoam Client software
• Access documentations
For your convenience, Cyberoam has certain predefined setting like - groups, policies and
services. These predefined settings are immediately available for use until configured otherwise.
If the predefined setting does not satisfy your organizations requirement, Cyberoam lets you define
Groups, Users and customized policies to define different levels of access for different users.
Define Group
Group
Group is a collection of users having common policies and a mechanism of assigning access of
resources to a number of users in one operation/step.
In the form of various policies, set the appropriate bandwidth usage limit, security for preventing
users from accessing malicious sites, Internet and printer access time and combine to form a
Group.
For example,
‘Research’ Group for employees of Research Department who have similar requirement like ‘Need
Internet access through the working hours’
‘DTP’ Group for employees of Printing department who have similar requirement like ‘Printer
access round the clock’
Group types
Two types of groups:
1. Normal
2. Clientless
Normal A user of this group need to logon to Cyberoam using the Cyberoam Client to access IT
resources controlled through Cyberoam.
Clientless A user of this group need not logon to Cyberoam using the Cyberoam Client to access
IT resources controlled through Cyberoam. The access is controlled using the IP Address of a
client. Symbolically represented as Group name (C)
The following decision matrix will help you in deciding which type of group is well suited for your
network configuration and purpose of use.
Create Group
Create Yes
requiredpolicy
Assign
Security policy Assign Printing
policy
Assign Bandwidth
policy
Assign
Printing policy
Apply Login
restriction
Prerequisite
• Surfing Quota policy created
• Access time policy created
• Security policy created
• Bandwidth policy created
• Printing policy created
• Host group created if login is to be restricted to a particular Node/IP Address
Select Group Management Æ Groups Æ Create to open the create group pane
Group type
By default, ‘Unlimited policy’ is assigned to ‘Clientless’
Group type
Available options
1) Allowed login from all nodes
Allows Users defined under the Group to login from all the
nodes
Click to select
Create button Creates the Group
Cancel button Cancels the current operation
Table - Create Group screen elements
Note
You can create the group and add the user to the group later
Define User
User
Users are identified by an IP address or a user name and assigned to a group. All the users in a
group inherit the policy defined for that group. Refer to Policy Management to define new policies.
User types
Two types of Users:
1. Normal
2. Clientless
3. Single Sign on
Normal User has to logon to Cyberoam. Cyberoam client (client.exe) installed on the User
machine or user can use HTTP Client component and all the policy-based restriction are applied.
Clientless Cyberoam client component (client.exe) not installed on the User machines.
Symbolically represented as User name (C)
Single Sign on If the User is configured for Single sign on, whenever User logs on to Windows,
he/she is automatically logged to the Cyberoam. Symbolically represented as User name (S)
Use following decision matrix to decide which type of the user should be created.
Create a User
Prerequisite
• Group created – for Normal Users only
Select User Management Æ Manage Users Æ Create to open the create user pane
Click to select
Personal details link Allows to enter the personal details of the user
Prerequisite
• Clientless Group created
Select User Management Æ Clientless Users Æ Bulk Registration to open the create
user pane
policy
Description Full description
Prerequisite
• Group created
• Host group created
NOTE
Duplicate Usernames cannot be created
If you are assigning a new user to a group, the group must be created first. Refer to Create Groups to
create new groups
User Migration
Cyberoam provides a facility to migrate the existing users from (Primary Domain Controller) PDC
server. This reduces the Administrator’s burden of creating the same users again in Cyberoam.
All the migrated users will be created under the Group type – ‘Normal’ and default policies will be
applied. Administrator can change the assigned group or status at this stage or later.
Step 2: Opens the File Download window and prompts to run or save the utility. Select the
appropriate option and click OK button
Step 3: Opens a new browser window and prompts for the login. Provide the administrator
username and password. E.g. Username: “cyberoam” and password: “cyber”
Step 4: On successful authentication, following screen will be shown. Upload the specified file.
Step 5: Change the group or status of the user at this stage, if required. To migrate all the users,
click Select All or select the individual users and click Migrate Users.
Note
After migration, for Cyberoam login password will be same as the username
Once the users are migrated, configure for single sign on login utility.The configuration is required
to be done on the Cyberoam server.
If the user is configured for Single sign on, whenever User logs on to Windows, he/she is
automatically logged to the Cyberoam also. Single sign on also supports multiple log on facility.
If Single sign on is enabled then NTLM should be enabled so that Users can check their
Myaccount using their windows password
Use the following decision matrix for defining the Authentication type for the various users.
Authentication
No
NTLM Cy beroam Authentication
required
Single Sign
on
Recommended
NTLM Authentication
This authentication mechanism allows Users to access using their Windows authentication tokens.
(login/user name and password).
Cyberoam sends the user authentication request to the PDC and the Windows server
authenticates the user as per supplied tokens.
Note
If the PDC server is down then the authentication request will always return as a message as ‘Wrong
username/password’
It is necessary to have shared NETLOGON directory on PDC with the following permissions:
Read, Read & Execute, List Folder Contents
Once the Users are migrated successfully, follow the procedure to configure for Single Sign on
login utility.
If Single sign on is configured then NTLM authentication should be enabled so that Users can
check their Myaccount using their windows password
Step 1 Download the Cyberoam Single Sign on client as shown in the below screen shot and save
SSCyberoam.exe to the NETLOGON scripts directory on the domain controller or as per your
configuration. The logon scripts contain the configuration parameters for the initial user
environment.
Note
If logon scripts for all the Users already exist, please do not download “Logon Script Updation Utility” and
execute the script “defaultlogonscript.bat”,
Step 2 If the logon scripts are already created, then Update them. Edit the logon script using
any of the available Editors like Notepad and add the following line in the script and save the
script:
Copy the script - “defaultlogonscript.bat” to NETLOGON scripts directory. Refer to step 1 to find
location of the NETLOGON scripts directory
Download Logon Script Updation Utility as shown in the below screen shot and save the script as
“updatelogonscript.bat” in the root directory of the server
Whenever the User tries to logon in Windows, the script “defaultlogonscript.bat” will be executed
which in turn executes the Cyberoam logon program with the Windows Username and
automatically logs in User to the Cyberoam.
If the User has logged in successfully using Single Sign on utility, then (S) will shown besides the
Username e.g. Joe (S) in the Live User list
1. If the User does not exist in Cyberoam, message ‘Wrong Username/Password’ will be displayed
2. Logon script will not execute if Domain Controller is down and User will not be able to log on to
Cyberoam and Internet access will not be available
3. If Cyberoam is down or not reachable, the Cyberoam Single Sign client will continuously try to logon,
and as soon as it is up Internet access will be available
Type
Server IP Address
Server Details
Click OK
Note
Add IP addresses/Nodes at the time of creation of Host group or after the creation.
Prerequisite
• Bandwidth policy created
PART
Management
Group Management
Manage Group
Select Group Management Æ Group Æ Manage and click the Group to modify
Cannot be modified
Expiry date Displays the Expiry date of the Surfing Quota policy
Cannot be modified
Used Surfing time Displays the total time used by the Group members
Cannot be modified
Access time policy Displays the currently attached Access time policy to the
Only for ‘Normal’ Group Group
type
To change
Click Access time policy list to select
To change
Click Security policy list to select
To change
Click Bandwidth policy list to select
To change
Click Printing policy list to select
Note
Update Group
Need may arise to change the Group setting after the creation of Group.
To Click
View Group members ShowGroupMembers button
Only for ‘Normal’ Group type Refer to Select Node for details
Change Surfing Quota Policy Change Policy button
Delete Group
Prerequisite
• No Group members defined
Select Group Management Æ Group Æ Manage and view the list of Groups
User Management
Search User
Use Search User Tab to search the User
Live User
Live users report gives the details of all the users currently logged in Users.
Click to change the display Click User name link to View/Update user details
order
Name Employee name
Manage User
Update User
Manage Normal & Single Sign on Client Users
Select User Management Æ Manage Users Æ Manage Active to view the list of Users
and click the User name to modify
OR
Select User Management Æ Manage Users Æ Manage Deactive to view the list of
Users and click the User name to modify
Cannot be modified
Edit Personal details/Change Allows to change the Users personal details and
Cannot be modified
Birth date Displays Birth date of User
Email Displays Email ID of User
User My Account button Click to view/update the my account details
Cannot be modified
Policy Information
Group Displays Group name in which User is defined
Change Group button Allows to change the Group of the User
Cannot be modified
User Expiry date Displays User Expiry date
Cannot be modified
Time used (HH:mm) Displays total time used by the User in the format
hours:Minutes
Cannot be modified
Access time policy Displays the currently attached Access time
policy to the User
Cannot be modified
Login Restriction
Display the currently applied login restriction to
the User
Change login restriction button Click to change the login restriction
Need may arise to change the User setting after the creation of User.
To Click
Change the personal details or password Edit personal details/Change Password
of the User
Refer to Change Personal details for
details
View User Accounts details User My Account
Cannot be modified
Update button Updates the changes made
Cancel button Cancels the current operation
Table - Change User personal details screen elements
User My Account
User My Account gives details like Personal details, Internet and Printer usage of a particular user.
User can change his/her password using this tab.
1. Administrator can view details of various users from User management → Manage
Users → Manage Active and click User My Account button, it opens a new browser window.
In the task bar, double click the Cyberoam client icon and click My Account. It opens a new
window and prompts for MyAccount login Username and Password.
Opens a new window with following sub modules: Personal, Client, Account status, Logout
Personal
Allows viewing and updating password and personal details of the user
Change Password
Select Personal → Change Password
Account status
Allows viewing Internet & Printer usage of the user
Internet Usage
Note
User My Account can be access from login screen also. Refer to Logon & log off from Cyberoam Web
Interface for details.
Change Group
To override the access time policy for the User and assign another
policy – Click Access policy list to select
Security policy Assigns Security policy
To override the Security policy for the User and assign another
policy – Click Security policy list to select
Bandwidth Management
Bandwidth policy Assigns Bandwidth policy
To override the bandwidth policy for the User and assign another
policy -Click Bandwidth policy list to select
Printing Management
Printing policy (only Assigns Printing policy
if Printing module is
enabled) To override the Printing policy for the User and assign another
policy -Click Printing policy list to select
Save Saves the changes
Table - Change Individual policy
Delete User
To delete active user, click User management → Manage Users → Manage Active
Deactivate User
User is de-activated automatically in case he has overused one of the resources defined by
policies assigned. In case, need arises to de-activate user manually, select User management
→ Manage Users → Manage Active
View the list of deactivated users by User management → Manage Users → Manage
Deactive
Activate User
To activate normal and Single sign on Client user, click User management → Manage
Users → Manage Deactive
Policy Management
Cyberoam allows controlling access to various resources with the help of Policy.
Cyberoam comes with several predefined policies or you can create additional policies to meet
your organization’s requirements.
The Surfing quota policy allows allocating Internet access time on a cyclic or non-cyclic basis.
Select Policy Management Æ Surfing Quota Policy Æ Create to open the create policy
pane
Available options
Daily – restricts surfing hours up to cycle hours defined on daily basis
Weekly – restricts surfing hours up to cycle hours defined on weekly
basis
Monthly – restricts surfing hours up to cycle hours defined on monthly
basis
Yearly – restricts surfing hours up to cycle hours defined on yearly basis
Non-cyclic – no restriction
Cycle hours Specifies upper limit of surfing hours for cyclic type policies
Not available
for ‘Non cyclic’ At the end of each Cycle, cycle hours are reset to zero i.e. for ‘Weekly’
cycle type Cycle type, cycle hours will to reset to zero every week even if cycle
hours are unused/ not exhausted
Allotted time Allots surfing time in Hours & minutes
or or
Unlimited time Creates Unlimited time policy
Allotted Days Allots allowed surfing days
or or
Unlimited Days Creates Unlimited days policy
Shared allotted Specifies whether the allotted time will be shared among all the group
time with group members
members
Click to share
Select Policy management → Surfing quota policy → Manage and Click Policy name
link to update
Unlimited Days
Shared allotted time Displays whether the total allotted time is shared among
with group members the group members or not, modify if required
Description Displays description of the policy, modify if required
Select Policy management → Surfing time policy → Manage to view list of policies
The Access time policy enables to set time periods for access with the help of schedules. Refer to
Schedules for details.
Allow strategy
By default, access is allowed for the schedule applied
Disallow strategy
By default, access is disallowed for the schedule applied
Prerequisite
• Schedule created
Select Policy Management Æ Access time Policy Æ Create to open the create policy
pane
Select Policy management → Access time policy → Manage and Click Policy name
link to update
To modify,
Click Schedule list to select new schedule
Select Policy management → Access time policy → Manage to view list of policies
Security policy
Security policy controls User’s web access. It helps to manage web access specific to the
organization’s need. It specifies which user has access to which sites or applications and allows
defining powerful security policies based on almost limitless policy parameters like:
Individual users
Groups of users
Time of day
Location/Port/Protocol type
Content type
Bandwidth usage (for audio, video and streaming content)
When defining a policy, you can deny or allow access to an entire application category, or to
individual file extensions within a category. For example, you can define a policy that blocks
access to all audio files with .mp3 extensions.
Default Allow
By default, Allows the user to view everything except the sites and files specified in the web
categories
E.g. To allow access to all sites except Mail sites
Default Disallow
By default, Prevents the user from viewing everything except the sites and files specified in the
web categories
E.g. To disallow access to all sites except certain sites
Select Policy Management Æ Security Policy Æ Create Policy to open the create
policy pane
Select Policy Management Æ Security Policy Æ Manage Policy and click the policy
name to be updated
Cannot be modified
Description Displays the description of the policy, modify if required
Save button Saves the modified details
Manage Web Category button Allows to add/remove web category details
Click to select
Strategy Allows/Disallows the access to the web categories
during the period defined in the schedule
Schedule Allows/Disallows the access to the Web categories
according to the strategy defined during the period
defined in the schedule
Click to view
Click Close to close the window
Add to Security policy button Assigns the web category to the security policy
Click to assign
Cancel button Cancels the current operation
Table - Add Web category screen elements
Bandwidth policy
Bandwidth is the amount of data passing through a media over a period of time and is measured in
terms of kilobytes per second (kbps) or kilobits per second (kbits) (1 Byte = 8 bits).
Bandwidth policy allocates & restricts the bandwidth usage of the user and controls web and
network traffic.
The Internet influences your organization’s network in such a way that if left unchecked, streaming
media and recreational Web surfing can clog network with unneeded and insignificant traffic and
starve mission-critical applications of the bandwidth necessary to run effectively. Bandwidth policy
allows to define limits for the maximum bandwidth individual users can request.
Bandwidth policy allows speeding up time-critical applications and users and pace less-urgent
traffic based on organization’s priorities.
It can be defined for:
1. Host Group
2. User
3. IP address
It enables to assign fixed minimum and maximum amounts of bandwidth to users. By borrowing
excess bandwidth when it is available, users are able to burst above guaranteed minimum limits,
up to the burst-able rate. Guaranteed rates also assure minimum bandwidth to critical users to
receive constant levels of bandwidth during peak and non-peak traffic periods.
Guaranteed represents the minimum guaranteed bandwidth and burst-able represents the
maximum bandwidth that a user can use, if available.
Select Policy Management Æ Bandwidth Policy Æ Create to open the create policy
pane
Select Policy Management Æ Bandwidth Policy Æ Create to open the create policy
pane
Bandwidth usage Bandwidth specified can be for a particular User or Shared among all
the users who have been assigned this policy
Bandwidth usage Bandwidth specified can be for a particular User or Shared among
all the users who have been assigned this policy
Select Policy management → Bandwidth policy → Manage and Click Policy name link
to update
Update button Updates the changes made in ‘Bandwidth restriction details’ and
‘Default values to be applied all the time’
Add details button Attaches schedule to override default bandwidth restriction
For Total
Total Bandwidth - Allocates maximum amount of Total bandwidth,
expressed in terms of kbps
For Individual
Upload Bandwidth - Allocates maximum amount of Upstream bandwidth,
expressed in terms of kbps
Committed
For Total
Guaranteed(Min) Bandwidth - Allocates minimum guaranteed amount of Total
bandwidth, expressed in terms of kbps
For Individual
Guaranteed(Min) Upload Bandwidth - Allocates minimum guaranteed amount
of Upstream bandwidth, expressed in terms of kbps
Cannot be modified
Description Displays description of the policy, modify if required
Default values to be applied all the time
Implementation on Displays implementation type
Cannot be modified
Total Bandwidth Displays total bandwidth allocated, modify if required
Only if Implemented on ‘Total’
Upload bandwidth Displays Upload bandwidth allocated, modify if required
Only if Implemented on
‘Individual’
Download bandwidth Displays Upload bandwidth allocated, modify if required
Only if Implemented on
‘Individual’
button
Click Apply restriction
Cancel button Cancels the current operation
Table - Add IP address to IP address based Bandwidth policy screen elements
Remove IP Addresses from IP Address based bandwidth policy
Screen - Remove IP address from IP address based Bandwidth policy screen elements
Prerequisite
• Bandwidth policy not attached to any host group, user or IP address
Select Policy management → Bandwidth policy → Manage to view the list of policies
Printing Policy
To restrict the usage of printers, define printer policy. It allows to restrict printing of total number of
pages for groups, individual user or IP address.
Select Policy Management Æ Printing Policy Æ Create to open the create policy pane
Available options
Daily – restricts printing up to pages number defined on daily basis
Weekly – restricts printing up to page numbers defined on weekly basis
Monthly – restricts printing up to page numbers defined on monthly
basis
Yearly – restricts printing up to page numbers defined on yearly basis
All the time – no restriction
Pages per cycle Specifies upper limit for printing pages for cyclic type policies
Not available for ‘All
the time’ cycle type
Total Allotted pages Allots total number of pages that can be printed
or or
Unlimited pages Creates Unlimited pages printing policy
Description Full description of the policy
Select Policy Management Æ Printing Policy Æ Allow Printing and click Add IP
Address
Select Policy management → printing policy → Manage to view the list of policies
Add Node
Delete Node
Prerequsite
• Not assigned to any User
Prerequisite
• IP address from Group not assigned to any User
System Management
Network Management
Network setting consists of Interface Configuration, Gateway Configuration and DNS
Configuration. Configure Network from Console and update if required, from GUI. For details, refer
to the Installation Guide for Network.
The first step is to add the Gateway details using Gateway configuration, update Interface
Configuration if required and specify the DNS (Domain Name Server).
Note
Before you configure network, make sure that you have the correct information and any needed IP
addresses. If you configure incorrectly, the server will not be able to connect to the network (Internal or
external)
To cope with this situation, organizations opt for multiple gateways. However, simply adding one
more gateway is not an end to the problem. Optimal utilization of all the gateways is also
necessary.
Cyberoam supports multiple gateways and provides a way to utilize total bandwidth of all the
gateways.
Cyberoam provides the load balancing & failover feature to utilize total bandwidth of all the
gateways optimally.
2. Provide redundancy and failover protection. If one link goes down then one of the other links
can step in and take over. Users will not experience any downtime.
Add Gateway
Delete Gateway
Click to select
Select All Select all the Gateways for deletion
Click to delete
Table - Delete Gateway screen elements
Note
If only one gateway is defined then it cannot be deleted
Interface Configuration
Use to view the Gateway and Interface configuration
DNS Configuration
A Domain Name Server translates domain names to IP addresses. You can configure the domain
name server for your network as follows.
Click Add
Type IP address
Click OK
Remove button Removes IP address of the Domain Name Server
Click Update
DNS Redirection
Enable button Redirects all the DNS traffic to Cyberaom
Click to redirect
Table - DNS Configuration
To add multiple DNS repeat the above-described procedure. Use the up & down buttons to change
the order of DNS. If more than one Domain name server exists, query will be resolved according to
the order specified.
Security – Firewall
A firewall protects the network from unauthorized access and typically guards the Internal network
against malicious access; however, firewalls may also be configured to limit the access of Internal
users.
Firewall defines certain rules that determine what traffic should be allowed in or out of the Internal
network. One can restrict access to certain IP addresses or domain names, or block certain traffic
by blocking the TCP/IP ports used.
Cyberoam has the above-described basic features of a firewall. For defining firewall rules refer to
Defining Firewall.
Various Options
Hence, while adding multiple rules, it is necessary to put specific rules before general rules.
Otherwise, a general rule might allow a packet that you specifically have a rule written to deny later
in the list. When a packet matches the rule, the packet is immediately dropped or forwarded
without being tested by the rest of the rules in the list.
Here if the order is changed i.e. Rule 2 precedes Rule 1 then Host 192.168.1.76 will be able to
access www.yahoo.com even though the DROP rule is specified.
Click to delete
Table - Delete Firewall access screen elements
DHCP
Dynamic Host Configuration Protocol (DHCP) is a protocol that assigns a unique IP address to a
device, releases and renews the address as device leaves and re-joins the network. The device
can have different IP address every time it connects to the network.
In other words, it provides a mechanism for allocating IP address dynamically so that addresses
can be re-used.
Click Submit
Table - Reset Console Password screen elements
Data Store
Backup data
Backup is the essential part of the data protection. No matter how well you treat your system, no
matter how much care you take, you cannot guarantee that your data will be safe if it exists in only
one place.
Backups are necessary in order to recover data from the loss due to the disk failure, accidental
deletion or file corruption. There are many ways of taking backup and just as many types of media
to use as well.
Cyberoam provides facility of taking regular and reliable data backup. Backup consists of all the
policies, logs and all other user related information.
User session log Every time the user logs in, session is created. This log stores the session
entries of all the users and specifies the login and logout time.
Audit log This log stores the details of all the actions performed the User administrating
Cyberoam
Virus log This log stores the details of malicious traffic requests received.
Mail log This log stores the information of all the mails sent and received by all the users.
Screen - Backup
Select
FTP backup
Mail backup
Only for FTP backup
FTP server IP address of FTP server
User name User name for FTP server
Password Password for FTP server
Only for Mail backup
To Mail Id Email address to which the backup will be mailed
Save details button Saves the configuration
System Data Backup to Date
(Does not include logs)
Backup data button Takes the recent backup and allows to download
Restore Data
With the help of restore facility, restore data from the backup taken. Restoring data older than the
current data will lead to the loss of current data.
Screen – Restore
Note
Restore facility is version dependant i.e. it will work only if the backup and restore versions are same e.g.
if backup is taken from Cyberoam version 5.0.0 then restore will work only for version 5.0.0 and not for
any other version.
Purge
Purging of data means periodic deletion of the data.
Cyberoam provides Auto purge and Manual purge facility for deleting log records.
Auto purge
Note
System will preserve logs only for the specified number of days and automatically purges the logs
generated there after.
Manual purge
Use manual purge to delete log records manually
Note
Client Services
The Message Management tab allows Administrator to send messages to the various users.
Messages help Administrator in notifying users about problems as well as Administrative alerts in
areas such as access, user sessions, successful log in and log off, incorrect password etc.
Message can be up to 256 characters and send to the number of users at a time.
Screen - Messages
Messages Description/Reason
DeactiveUser Administrator has deactivated the User and the User will not be
able to log on
DisconnectbyAdmin When the administrator disconnects the user from the live users
page
InvalidMachine Message is sent if User tries to login from the IP address not
assigned to him/her
LoggedoffsuccessfulMsg Message is sent when User logs off successfully
LoggedonsuccessfulMsg Message is sent when User logs on successfully
Loggedinfromsomewhereelse Message is sent if User has already logged in from other
machine
MultipleLoginnotallowed Message is sent if User is not allowed multiple login
NotAuthenticate Message is sent if User name or password are incorrect
NotCurrentlyAllowed Message is sent if User is not permitted to access at this time
The surfing time duration is the time in hours the User is allowed
Internet access that is defined in Surfing time policy. If hours are
exhausted, User is not allowed to access.
SurfingtimeExpired Administrator has temporarily deactivated the User and will not
be able to log in because User surfing time policy has expired
LiveIPinuse Message is sent if connection is requesting a live IP address
from the server that is already in use
Nmpoolexceedlimit Message is sent if the maximum number of IP addresses in the
live host group at any given time has exceeded the limit
Table - List of predefined messages
Parameters
Cyberoam Windows’s client launches the default browser to open the specified URL after
successful log on.
Leave this field blank, if you do not want to open any specific
page every time you log in
Update button Updates the configuration
HTTP client pop up
HTTP client pop up Whenever User tries to surf without logging, page with a
message ‘Cyberoam Access Denied‘ displayed
Cache Management
A HTTP Cache helps in improving the performance of network by reducing access time and traffic.
Cyberoam can also act as a cache server. All visited static sites are cached on the Cyberoam server
hard drive or in the memory. The advantage of a cache server is that it will cache the static web pages
once requested and serve them locally when requested the next time.
Cyberoam will act as a cache server only if caching is enabled. To enable caching refer to Enable
Cache server and to configure the cache server refer to Configure cache.
Cyberoam also provides facility to define WCCP router for Caching. WCCP (Web Cache
Communication Protocol) provides mechanism to redirect traffic flow to caches. To define WCCP router
refer to Define WCCP router.
Cyberoam provides the facility to define an External cache server also. To define External cache, refer
to Define External cache.
Cyberoam examines all the client traffic and redirects traffic to the appropriate cache server according to
the predefined policies.
When the page is requested for the first time, Cyberoam intercepts flow and directs data to the local
cache or to the remote/external cache server to cache the data according to the defined routing policy.
When the cached content is requested, it is served from local or remote/external cache. Non-cached
traffic is automatically redirected to the Internet.
Click to disable
Cache Start Configuration
Autostart Automatically starts the Cache server with the
startup of Cyberoam server
Manual Start Cache server manually
Save configuration Save the cache server configuration
Table - Manage Cache screen elements
Cannot be modified
Cache size (MB) Specify Cache size (in MB)
Click to select
To button Moves the selected category to the Selected
Categories list
Click to move
Remove button Removes the selected category from the Selected
Categories list
Click to remove
Selected Categories list List of web categories which will not be cached
Ok button Saves the configuration
Cancel button Cancels the current operation
Table - Manage cache category screen elements
Add router
Delete router
Define Cache
Routing Policy
Select Cache Management → Cache → Routing Policy
Add Network
Delete Network
Manage Traffic
Select Cache Management →Malicious HTTP traffic → Manage and click the required ‘web
category name’ link
Click to save
Keyword Management
Manage Keyword button Allows to manage (add and delete) keywords
defined for the web category
Table - Manage HTTP Malicious traffic - Web category
Manage keywords
Add Keywords
Delete Keyword
Click to select
Mail Management
Used to control which mail servers users can reach and send/receive mails from what domains
Options:
POP3
POP2
APOP
RPOP
Available options
Click to update
IntraPOP startup Configuration
Specifies startup configuration of IntraPOP server
Options:
1) Autostart Automatically starts the IntraPOP server with the startup of Cyberaom
server
Select Mail Management → Intra POP → Manage Intra POP Service to view the list of
mail servers defined
Select Mail Management → Intra POP → Manage Intra POP Service to view the list of
mail servers defined and click the Mail server name to be modified
Available options
Click Select User to specify the user. Opens a new window and
allows to select the user
Click Select Alias to specify the Alias. Opens a new window and
allows to select the Alias
Options
Keep copy of Mail on Displays the configured option of whether the copy of Mails to be kept
server on the server also or not, modify if required
Alias
Send a message to a group of users by creating a Alias (mailing group) containing their names. Then,
just type the Alias name in the To box when you send messages. You can create multiple Aliases, and
message can belong to more than one Alias.
For example, if certain mails are to be forwarded to ‘Marketing’ department staff only then create an
alias ‘Marketing staff’ and add the names of all the employees of ‘Marketing’ department. Mails
forwarded to ‘Marketing staff’ Alias will be forwarded to the employees of ‘Marketing’ department only.
Create Alias
Add Users
Select Mail Management → Aliases → Manage and click the Alias name link to add the users
Screen - Create Alias - Add Users
Click to select
Show all Users Shows all the users
Show button Shows the all the users defined under the selected
group
Click to select
Select All Selects all the users
Click to select
Add button Adds selected users from the Group to the Alias
Click to add
Cancel button Cancels the current operation
Table - Create Alias - Add Users screen elements
Delete Users
Select Mail Management → Aliases → Manage and click the Alias name link from which the
users are to be deleted
Click to select
Select All Allows to select all the Users for deletion
Click to select
Delete Users button Deletes all the selected Users(s)
Click to delete
Table - Create Alias - Delete Users screen elements
Delete Alias
Select Mail Management → Aliases → Manage
Click to select
Select All Allows to select all the Aliases for deletion
Click to select
Delete Alias button Deletes all the selected Aliases
Click to delete
Table - Delete Alias screen elements
SMTP Configuration
Cyberoam provides facility of SMTP redirection that allows re-directing the SMTP traffic through
Cyberoam server for sending mails.
Configure SMTP
Click Enable
SMTP Mail server startup Configuration
Specifies startup configuration of SMTP mail server
Options:
1) Autostart Automatically starts the SMTP server with the startup of Cyberaom server
Select Yes or No
Save details button Save the configuration
Table - Configure SMTP screen elements
Services
Use Services tab to Start/Stop and Enable/Disable Autostart various configured servers. According
to the requirement, one can Start, Stop, Enable or Disable the services.
Running – if server is on
Stopped – if server is off
Commands Starts or stops the respective servers
Enables or disables Autostart
Action table
Button Usage
Start Starts the Server
Bandwidth usage graphical report allows Administrator to monitor the amount of data uploaded or
downloaded by the Users. Administrator can use this information to help determine:
• Whether to increase or decrease the bandwidth limit?
• Whether all the gateways are utilized optimally?
• Which gateway is underutilized?
• What type of traffic is consuming the majority of the Bandwidth?
• Which inbound/ outbound traffic has consumed the most Bandwidth in the last week/month?
Daily
Yesterday
Weekly
Monthly
Yearly
Table - Bandwidth usage screen elements
1. Live users - Graph shows time and live users connected to Internet. In addition, shows minimum,
maximum and average no. of users connected during the selected graph period. This will help in
knowing the peak hour of the day.
X axis – Hours
Y axis – No. of users
Peak hour – Maximum no. of live users
2. Total data transfer – Graph shows total data transfer (upload + download) during the day. In
addition, shows minimum, maximum and average data transfer.
X axis – Hours
Y-axis – Total data transfer (upload + download) in KB/Second
Maximum
data transfer
Minimum
data
3. Composite data transfer – Combined graph of Upload & Download data transfer. Colors differentiate
upload & download data traffic. In addition, shows the minimum, maximum and average data
transfer for upload & download individually
X axis – Hours
Y-axis – Upload + Download in Bits/Second
4. Download data transfer – Graph shows only download traffic during the day. In addition, shows the
minimum, maximum and average download data transfer.
X axis – Hours
Y-axis – Download data transfer in Bits/Second
5. Upload data transfer - Graph shows only upload traffic during the day. In addition, shows minimum,
maximum and average upload data transfer.
X axis – Hours
Y-axis – Upload data transfer in Bits/Second
6. Integrated total data transfer for all Gateways – Combined graph of total (Upload + Download) data
transfer for all the gateways. Colors differentiate gateways. In addition, shows the minimum,
maximum and average data transfer of individual gateway
X axis – Hours
Y-axis – Total (Upload + Download) data transfer in Bits/Second
7. Integrated Download data transfer of all Gateways – Graph shows only the download traffic of all the
gateways during the day. In addition, shows the minimum, maximum and average download data
transfer.
X axis – Hours
Y-axis – Download data transfer in Bits/Second
8. Integrated Upload data transfer for all the Gateways - Graph shows only the upload traffic of all the
gateways during the day. In addition, shows minimum, maximum and average upload data transfer.
X axis – Hours
Y-axis – Upload data transfer in Bits/Second
Customization
Services
Service is Protocol based criteria for traffic classification. Protocols may be TCP and UDP type.
TCP and UDP protocols are defined based on port type.
Click to select
Service Description Full description
Update Service
Select Policy Configuration Æ Services Æ Manage Service to view the list of Services.
Click the Service to be updated
Delete Service
Select Policy Configuration Æ Services Æ Manage Service to view the list of Services
Click to select
Select All Allows to select all the Services for deletion
Click to select
Delete Service button Deletes all the selected Service(s)
Click to delete
Table - Delete Service screen elements
Schedule
Schedule defines a time schedule for the policy. It specifies the hours during which the policy can
be active on each day of the week. You can define a different schedule for each day of the week,
or same schedule for every day of the week.
Create Schedule
Select Policy Configuration Æ Schedule Æ Create
Update Schedule
Select Policy Configuration Æ Schedule Æ Manage Schedule and click the Schedule
name link to update
Delete Schedule
Select Policy Configuration Æ Schedule Æ Manage Schedule to view the list of
Schedules
Web Categories
Cyberoam allows Internet site filtering based on URLs and URL keywords.
Web category is the grouping of URLs and URL keywords used for Internet site filtering. The URLs
and any URL containing the keywords defined in the Web category will be blocked.
For your convenience, Cyberoam provides a database of predefined Web categories. You can use
these or even create new categories to suit your needs.
Depending on the organization requirement, allow or deny the access to the categories with the
help of policies by groups, individual user, time of day, and many other criteria.
Prerequisite
• Service created
Modify if necessary
Restrict HTTP Upload Displays whether HTTP upload is restricted or not
Modify if necessary
Description Displays description of the policy
Update button Updates the above modified details
Show All button Opens a new window and displays the complete details of the Web
category
Click to manage
Click to manage
Click to manage
Manage Keyword
Use to assign keywords to the Web category for blocking. Enter the keywords you want blocked
for a category. Cyberoam blocks any site containing a keyword assigned to the category.
Cyberoam provides several predefined keywords for use in filtering. You can modify these, or even
create new file types to suit your needs.
Displays the lnclude and Exclude word list for the selected Web category
Click to add
Click to select
Click to select
Click to add
Click to delete
Click to add
Add button Adds the file type category
Cancel button Cancels the current operation
Table - Add file types screen elements
Click to remove
Table - Remove file types screen elements
Manage Services
Displays the list of services attached to the Web category
Click to add
Attach Service
Port type Allows to select the port type for the service
Click to select
Add to Web category Attached the service to the selected web
button category
Click to attach
Cancel Cancels the current operation
Table - Attach service screen elements
Remove Service
Click to delete
Table - Remove service screen elements
Prerequisite
• Not attached to any Policy
Select Policy Configuration Æ Web Category Æ Manage Web Category to view the
list of Web categories created. Click the web category to be deleted
Click to select
Select All Allows to select all the categories for deletion
Click to select
Delete Category button Deletes all the selected categories
Click to delete
Table - Delete Web category screen elements
Cyberoam provides several predefined file types for use in filtering. You can modify these, or even
add new file types to suit your needs.
Select Policy Configuration Æ Web Category Æ File types and click Add File Type to
add a new file type
Upgrade Cyberoam
Upload Upgrade version
Once the upgraded version update file is obtained (CD or Downloaded), upload the new version
file.
Module licensing
There are certain add on modules which are not included in the basic Cyberoam software. These
modules are not part of the default installation and enabled on request. The customer has to
procure a different license for enabling these add on modules.
Select Help Æ Register Cyberoam Æ Module License to view the list of Add on modules
Following screen shows whether these modules are registered or not and if registered license
expiry date.
To register a module click the module name link, it will open the module registration form.
Select Help Æ Company Info Æ Company Info to view the company details. Modify the
details if required.
Cannot be modified
Contact person Displays name of the contact person in the
company, modify if required
Address, City, State, Displays complete address of the company,
Country, Zip, Phone, Fax modify if required
Email ID Display Email ID of the contact person
Save button Saves any of the modified details
Table - Company information screen elements
It displays installed version of Cyberoam, Product ID, Maximum Users Allowed (User license) and
company name under which Cyberoam is registered.
Download Clients
Cyberoam Client supports Users using following platforms:
Windows Enables Users using Windows Operating System to log-on to Cyberoam Server using
T T
Linux Enables Users using Linux Operating System to log-on to Cyberoam server using the
T T
HTTP Enables Users using any other Operating System than Windows & Linux to log-on to
T T
Single Sign on Client Enables Windows-migrated Users to log on to Cyberoam using Windows
Username and password.
Depending on the requirement, download the Cyberoam Client. Refer to the Client Installation
guide for details.
Accessing Cyberoam
TU UT
HTTP log in
TU UT
BASIC CONFIGURATION
TU UT
System Management
TU UT
Network Management
TU UT
Gateway configuration
TU UT
Define Firewall
TU UT
Services
TU UT
Backup data
TU UT
Screen - Backup
TU UT 129
Table - Backup screen elements
TU UT 130
Restore Data
TU UT
Screen - Restore
TU UT 131
Table - Restore screen elements
TU UT 131
Purge
TU UT
Auto purge
TU UT
Screen - Messages
TU UT 134
Table - Message screen elements
TU UT 134
List of Predefined messages
TU UT
Cache Management
TU UT
Add Keywords
TU UT
User Migration
TU UT
Services
TU UT
Schedule
TU UT
Create Schedule
TU U
Web Categories
TU UT
Policy Management
TU UT
Allow strategy
TU UT 73
Disallow strategy
TU UT 73
Create Access time policy
TU
Default Allow
TU UT 77
Default Disallow
TU UT 77
Create a new Security policy
TU
Strict
TU
Strict TU UT
Table – Assign Schedule to User based Strict Bandwidth policy screen elements
TU 95 UT
Committed TU UT
Table – Assign Schedule to User based Committed Bandwidth policy screen elements 96
TU UT
Table - Remove Schedule from User based Bandwidth policy screen elements
TU 97 UT
Screen - Remove IP address from IP address based Bandwidth policy screen elements100
TU UT
Table - Remove IP address from IP address based Bandwidth policy screen elements 100
TU UT
Printing Policy
TU UT
Group Management
TU UT
Define Group
TU UT
Group TU
Group types TU
U Manage Group
Screen - Manage Group
U U 44
Table - Manage Group screen elements
U U 46
Update Group
U
User Management
U U
Define User
U U
User U
User typesU U
Update User
U
Change Password
U U 59
Screen - User My Account - Change Password
U U 59
Table - User My Account - Change password screen elements
U U 59
Change Personal details
U U 59
Screen - User My Account – Change Personal details
U U 59
Table - User My Account - Change Personal details screen elements
U U 60
Account status
U U
Internet Usage
U U
Search Node
U U
Host Grou
U
Mail Management
U U
Create Alias
U U
Configure SMTP
U U
Upgrade Cyberoam
U U
Module licensing
U U