Cyberoam Unified Threat Management - Cisco

3y ago
942.32 KB
8 Pages
Last View : 15d ago
Last Download : 6m ago
Upload by : Rosemary Rios

CyberoamUnified Threat ManagementQUICK START GUIDECR 50iCR 100iCR 250iCR 500iAppliancesF000000116Version: QSG 50-500i/9410-1.0-17/01/2007

DEFAULTSPackage ContentsDefault IP addressesEthernet PortABIP AddressZone172.16.16.16/ LAN192.168.2.1/ the package contents - Check that thepackage contents are complete.One Cyberoam ApplianceOne AC Power cableOne Serial Cable (Null-Modem Cable)One Crossover Ethernet CableOne Straight-through Ethernet CableOne Cyberoam Quick Start GuideDocumentation CDDefault Username & passwordWeb Admin ConsoleUsername:cyberoamPassword:cyber**Telnet Console (SSH/Serial Connection)*Password:Serial CableBlue Straight-throughEthernet CableDocumentationCDPower CableRed CrossoverEthernet CableQuick StartGuideadmin* Username and Password are case sensitiveIf any items from the package are missing. pleasecontact Cyberoam Support at support@cyberoam.com2UNDERSTANDING THE APPLIANCEFRONT PANELUSBSerial PortSerial cable connects herePortsŸ Crossover Ethernet cable connects toManagement computerŸ Straight-through Ethernet cableconnects to LAN through hub or switchSerial Port - Use to connect to the Management computerUSB port - Provided for future use#Ports A,B,C,D,E,F - Use these ports to connectthe Appliance to the Ethernet networkCR 250i and CR 500i - If you want to bypass Cyberoam incase of power or Appliance failure when deployed as Bridge, use C andD ports.CR 50i and CR 100i - Hardware Bypass option is not available.As Cyberoam does not pre-configure any ports for LAN, WAN, DMZ networks, it is not necessary to use any particular port forthem. Usage of ports depends on how the physical connection is required or planned.#Total number of ports are appliance specific

BACK PANELUSB PortPower ButtonSerialPortPowerOutletPowerSwitchSerial Port - Provided for future usePower button - Keep the button pressed for 5 seconds to power off. Press to power on.3PLANNING THE CONFIGURATIONBefore configuring, you need to plan the installation mode of Cyberoam. Cyberoam can be placed in Bridge orGateway/Route mode according to your requirement.To control the Internet access through Cyberoam the entire Internet bound traffic from the LAN network should passthrough Cyberoam.Gateway ModeBridge ModeConfigure as Gateway if you want to use Cyberoam asConfigure as Bridge if1.2.3.1.You have a private network behind an existing firewallor behind a router and you do not want to replace thefirewall.2.You are already masquerading outgoing traffic.A firewall or replace an existing FirewallA gateway for routing trafficDeploy Cyberoam's Gateway failover with link loadbalancingApart from configuring Gateway IP address (IP addressthrough which all the traffic will be routed), you must alsoconfigure LAN and WAN IP addresses.Cyberoam can be bypassed only if deployed asBridge.LAN NetworkLAN NetworkCR 500InternetLAN topublic networkWANCyberoam in204.23.1.5 Gateway modeGateway modepolicies controllingtraffic betweenLAN networks.CR 500204.23.1.510.10.10.2Cyberoamin Bridge modeInternetCR 500Gateway modepolicies controllingtraffic betweenLAN and WANnetworks.WANDMZ Network10.10.10.1CR 50010. IPLANBridge mode policiescontrolling traffic betweenLAN and WAN networksYou will be able to manage and monitor the entire Internet traffic passing through Cyberoam, control web access and applybandwidth and application restrictions, apply virus and spam scanning policy and IDP policy in either of the modes.Refer to the documentation CD-ROM for information on how to control traffic, and how to configure antivirus protection, contentfiltering, spam filtering, intrusion detection and prevention (IDP), and virtual private networking (VPN).

4GETTING CONFIGURATION INFORMATIONUse the tables given below to gather the information you need before proceeding to deploy Appliance.Bridge ModeGateway ModeFor all the required PortsPort APort BPort CPort DIP addressSubnet MaskZone TypeIP addressSubnet MaskZone TypeIP addressSubnet MaskZone TypeIP addressSubnet MaskZone Type. . . . .LAN/WAN/DMZ. . . . .LAN/WAN/DMZ. . . . .LAN/WAN/DMZ. . . . .LAN/WAN/DMZBridgeIP addressIP address Subnet Mask. . . . .The LAN IP address and Subnet Mask mustbe valid for the respective networks.GENERAL SETTINGSIP address of the Default GatewayA default gateway is required forCyberoam to route connections to the Internet. . .DNS IP Address. . .System Time ZoneSystem Date and TimeEmail ID of the administrator where CyberoamWill send System Alerts5CONNECTING CYBEROAMEthernet connection1.2.Connect the Cyberoam Appliance's 'Port A' to amanagement computer’s Ethernet interface.Use a cross-over Ethernet cable to connect thedevices directly or use straight-through Ethernetcable to connect the devices through a hub or switch.Change the IP address of the management computerto172.16.16.2 and the subnet mask to255.255.255.0.From the management computer:1. Browse to Log on to the Cyberoam Web Admin Console usingdefault username ‘cyberoam’ and password ‘cyber’.3. Click Wizard icon to launch the NetworkConfiguration wizard.Prerequisite1.Ethernet connection between management computerand Cyberoam.2.Internet Explorer 5.5 or Mozilla Firefox 1.5 isrequired to access Cyberoam Web Admin Console.Note: If you change the LAN IP address (Gateway mode) or Bridge IP address (Bridge mode), you must use this address to reconnect tothe Web Admin Console. You might also have to change the IP address of the management computer to be on the same subnet as thenew IP address.

6CONFIGURING THE CYBEROAM APPLIANCENetwork Configuration Wizard will guide you step-by-stepthrough configuration of the network parameters like IPaddress, subnet mask, and default gateway for Cyberoam.Use the configuration settings you have noted in section 4.Click 'Start' to start the configuration.The Identity BasedUTM ApplianceSecure your enterprisewith Cyberoam integratedInternet securityCONFIGURE MODEGateway modeBridge modeTo configure Cyberoam in Gateway mode, select GatewayMode option and clickbutton.To configure Cyberoam in Bridge mode, select BridgeMode option and clickbutton.Follow the on screen steps to configure:1.1.2.Configure static IP address and subnet maskProvide Gateway details: ISP name and IP addressor if you want to enable Interface for PPPoE, providePPPoE details: User Name and Password (only forWAN zone)Click 'Next' button to repeat the above procedure for eachport3.Configure Bridge IP address and subnet mask.CR 250i and CR 500i - If you want to bypassCyberoam incase of power or Appliance failure whendeployed as Bridge, use C and D ports.CR 50i and CR 100i - Hardware Bypass option is notavailable.2.Provide Gateway and DNS IP address.Provide DNS IP addressCONFIGURE INTERNET ACCESSConfigure Internet access policy for LAN to WAN traffic.'Monitor Only' policy allows LAN to WAN traffic12'General Internet' policy enables IDP and Virus scanningand allows LAN to WAN traffic except Unhealthy Web andInternet traffic as defined by Cyberoam. This will include sitesrelated to Adult contents, Drugs, Crime and Suicide,Gambling, Militancy and Extremist, Violence, Weapons,Phishing and Fraud and URL Translation sites.12'Strict Internet' policy enables IDP and Virus scanning andallows only authenticated LAN to WAN traffic.Please select policy for LAN WAN trafficMonitor Only Allows access withoutauthentication Does not block anytrafficGeneral Internet Policy Blocks unhealthy weband Internet traffic Scan HTTP Traffic forViruses Strict Internet Policy Click1Does not allow accesswithout authenticationbutton to configure the mail settingsUntil Intrusion Detection and Prevention module is subscribed, IDP scanning will not be effective.Until Gateway Anti Virus module is subscribed, virus scanning will not be effective.2

CONFIGURE MAIL SETTINGS1.2.3.Specify Administrator Email IDSpecify Mail server IP addressSpecify email address that should be used to send the System AlertsClickbutton for Date and Time zone configurationCONFIGURE DATE AND TIME ZONESet time zone and current dateClickbutton to view the configured details. Copy the configured details for future use.Click 'Finish'. It will take few minutes to save the configuration details.Configuring Gateway ModeWait for SometimeOn successful configuration following page will be displayed.Https:// click to access web admin consoleClick the URL to access the Web Admin Console.Click Close to close the Network Configuration Wizard window

Congratulations!!!This finishes the basic configuration of Cyberoam and you are now ready to use the Appliance.71.WHAT NEXT?Access Cyberoam Web Admin ConsoleBrowse to https:// IP address of cyberoam and log on using the default username (cyberoam) and password(cyber).Note: Internet Explorer 5.5 or Mozilla Firefox 1.5 is required to access the Cyberoam Web Admin Console2.Create Customer Account and register AppliancePrerequisite: For customer account creation and appliance registration as well as module registration , Cyberoamserver must be able to connect to the Internet as Cyberoam server will contact the Cyberoam's central registrationsite with the Appliance detailsClick 'Register Now' on the main page to create customer account and register your appliance. As soon as youregister, you can avail 8 x 5 Support.You can go to Help Licensing and subscribe for free 30-day trial subscription for Web and Application Filtering,IDP, Anti Virus and Anti Spam.3.Go to FirewallManage Firewall page to centrally configure the Cyberoam Appliance’s UTM features. For furtherdetails refer to User Guide, Firewall section.4.Be sure to configure the correct firewall rule for your Domain Name Server (DNS). You may not be able to accessInternet if not configured properly.5.Access HelpFor accessing online help, click the Help button or F1 key on any of the screens to access the correspondingtopic's help. Use the Contents and Index options to navigate through the entire online help.You can go to Help6.Guides and download complete documentation set.Set authentication parametersGo to UserAuthentication Settings to define the authentication parameters.

Important NoticeElitecore has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind,expressed or implied. Users must take full responsibility for their application of any products. Elitecore assumes no responsibility for any errors thatmay appear in this document. Elitecore reserves the right, without notice to make changes in product design or specifications. Information is subject tochange without notice.User’s LicenseThe Appliance described in this document is furnished under the terms of Elitecore's End User license agreement. Please read these terms andconditions carefully before using the Appliance. By using this Appliance, you agree to be bound by the terms and conditions of this license. If you do notagree with the terms of this license, promptly return the unused Appliance and manual (with proof of payment) to the place of purchase for a full refund.Limited WarrantySoftware: Elitecore warrants for a period of ninety (90) days from the date of shipment from Elitecore: (1) the media on which the Software is furnishedwill be free of defects in materials and workmanship under normal use; and (2) the Software substantially conforms to its published specificationsexcept for the foregoing, the software is provided AS IS. This limited warranty extends only to the customer as the original licenses. Customersexclusive remedy and the entire liability of Elitecore and its suppliers under this warranty will be, at Elitecore or its service center's option, repair,replacement, or refund of the software if reported (or, upon, request, returned) to the party supplying the software to the customer. In no event doesElitecore warrant that the Software is error free, or that the customer will be able to operate the software without problems or interruptions. Elitecorehereby declares that the anti virus and anti spam modules are powered by Kaspersky Labs and the performance thereof is under warranty provided byKaspersky Labs. It is specified that Kaspersky Lab does not warrant that the Software identifies all known viruses, nor that the Software will notoccasionally erroneously report a virus in a title not infected by that virus.Hardware: Elitecore warrants that the Hardware portion of the Elitecore Products excluding power supplies, fans and electrical components will befree from material defects in workmanship and materials for a period of One (1) year. Elitecore's sole obligation shall be to repair or replace thedefective Hardware at no charge to the original owner. The replacement Hardware need not be new or of an identical make, model or part; Elitecoremay, in its discretion, replace the defective Hardware (or any part thereof) with any reconditioned product that Elitecore reasonably determines issubstantially equivalent (or superior) in all material respects to the defective Hardware.Disclaimer Of WarrantyExcept as specified in this warranty, all expressed or implied conditions, representations, and warranties including, without limitation, any impliedwarranty or merchantability, fitness for a particular purpose, non-infringement or arising from a course of dealing, usage, or trade practice, and herebyexcluded to the extent allowed by applicable law.In no event will Elitecore or its supplier be liable for any lost revenue, profit, or data, or for special, indirect, consequential, incidental, or punitivedamages however caused and regardless of the theory of liability arising out of the use of or inability to use the product even if Elitecore or its suppliershave been advised of the possibility of such damages. In the event shall Elitecore's or its supplier's liability to the customer, whether in contract, tort(including negligence) or otherwise, exceed the price paid by the customer. The foregoing limitations shall apply even if the above stated warranty failsof its essential purpose.In no event shall Elitecore or its supplier be liable for any indirect, special, consequential, or incidental damages, including, without limitation, lostprofits or loss or damage to data arising out of the use or inability to use this manual, even if Elitecore or its suppliers have been advised of thepossibility of such damages.Restricted RightsCopyright 2000 Elitecore Technologies Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of Elitecore Technologies Ltd. Informationsupplies by Elitecore Technologies Ltd. Is believed to be accurate and reliable at the time of printing, but Elitecore Technologies assumes noresponsibility for any errors that may appear in this documents. Elitecore Technologies reserves the right, without notice, to make changes in productdesign or specifications. Information is subject to change without noticeCorporate HeadquartersElitecore Technologies Ltd.904, Silicon TowerOff C.G. RoadAhmedabad 380015Gujarat, India.Phone: 91-79-66065606Fax: 91-79-26407640Web site: www.elitecore.comTechnical SupportYou may direct all questions, comments, or requests concerning the software you purchased, your registration status, or similar issues to Customercare/service department at the following address:Phone: 91-79-66065777Email: support@cyberoam.comWeb site: www.cyberoam.comVisit for the regional and latest contact information.Elitecore Technologies Limitedwww.elitecore.comCyberoamUnified Threat ManagementVisit: www.cyberoam.comContact: info@cyberoam.comUSA - Tel: 1-978-465-8400, Fax: 1-978-293-0200India - Tel: 91-79-66065606, Fax: 91-79-26407640

3.Deploy Cyberoam's Gateway failover with link load balancing Apart from configuring Gateway IP address (IP address through which all the traffic will be routed), you must also configure LAN and WAN IP addresses. WAN Gateway mode policies controlling traffic between LAN and WAN networks. Cyberoam in Gateway mode CR 500 LAN Network CR 500

Related Documents:

Cisco Unified Workspace Licensing (CUWL) Cisco Unity FAX Server : Cisco IP Communicator . Cisco Unified Application Server : Cisco Unified Media Engine . Cisco Unified Communications Manager Attendant Console : Cisco Unified Presence . Cisco Emergency Responder : Cisco Unified Personal Communicator . Cisco Unified IP Interactive Voice Response

Cisco Unified MeetingPlace Express VT: Cisco Unified Personal Communicator: Cisco IP Communicator: Cisco Unified Video Advantage: Cisco Unfied Presence: Cisco Unified Mobility Advantage:

Configuring Cyberoam SSL VPN Client . 14. Cyberoam SSL VPN Installation and Configuration Guide Page 5 of 18 Typographic Conventions Material in this manual is presented in text, screen displays, or command-line notation. Item Convention Example User The end user Username Username uniquely identifies the user of the system .

Cisco ASA 5505 Cisco ASA 5505SP Cisco ASA 5510 Cisco ASA 5510SP Cisco ASA 5520 Cisco ASA 5520 VPN Cisco ASA 5540 Cisco ASA 5540 VPN Premium Cisco ASA 5540 VPN Cisco ASA 5550 Cisco ASA 5580-20 Cisco ASA 5580-40 Cisco ASA 5585-X Cisco ASA w/ AIP-SSM Cisco ASA w/ CSC-SSM Cisco C7600 Ser

Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unified Computing System (Cisco UCS), Cisco UCS B-Series Blade Servers, Cisco UCS C-Series Rack Servers, Cisco UCS S-Series Storage Servers, Cisco UCS Manager, Cisco UCS

Cisco Unified IP Phone 6901/6911/6921/6941/ 6961 Cisco Unified Personal Communicator Cisco IP Communicator Cisco Unified Wireless IP Phone 7921G/ 7925G/7925G-EX Cisco Unified Personal Communicator Cisco Unified CME 8.5 - IP Phone Portfolio Accessories Mobility Conference Video Business Manager

Supported Devices - Cisco SiSi NetFlow supported Cisco devices Cisco Catalyst 3560 Cisco 800 Cisco 7200 Cisco Catalyst 3750 Cisco 1800 Cisco 7600 Cisco Catalyst 4500 Cisco 1900 Cisco 12000 Cisco Catalyst 6500 Cisco 2800 Cisco ASR se

CECT 5940 (Holder of the authorisation Evonik Nutrition & Care GmbH) [Chickens for fattening; Chickens reared for laying] ; Commission Implementing Regulation (EU) 2020/1395 of 5 October 2020; OJ L 324, 06.10. 2020, p. 3