Deploying Cyberoam

Labs ....................................................................................................................................................................... 1 Lab #1 Factory Reset ..................................................................................................................................................1 Web Admin Console of the appliance ...................................................................................................................1 CLI of Appliance .....................................................................................................................................................1 Lab #2 Deployment in Bridge Mode (Optional) .........................................................................................................3 Lab #3 Deployment in Gateway Mode ......................................................................................................................7 Lab #4 Registration & Subscription............................................................................................................................9 Lab #5 Upgrade (Optional) ......................................................................................................................................12

Deploying Cyberoam

Cyberoam Certified Network & Security Professional

Labs Lab #1 Factory Reset Factory Reset will remove entire user configurations of your Cyberoam appliance, and boot the appliance with factory default settings. So it is recommended to take back up of the appliance before factory reset. There are 2 ways of performing Factory Reset on the appliance: Web Admin Console of the appliance 

Access Web Admin Console with user having “Administrator” profile



Go to System -> Maintenance -> Firmware and page displays the list of available firmware versions downloaded. Maximum of two firmware versions are available simultaneously in Cyberoam and one of the two firmware versions is active i.e. the firmware is deployed.



Click on the icon which you want to boot with factory reset settings as shown below:



Boot with factory default configuration – Appliance will be rebooted and will load default configuration. Entire configuration will be lost if you choose this option.



Click on the “Boot with Factory default configuration” and it will ask you to take back up of your configuration. Note: All the configurations will be removed after factory reset. Change the IP address of your machine in the subnet of 172.16.16.0/24, to access the Web Admin Console of Cyberoam over port A, which is accessible through default IP address 172.16.16.16. CLI of Appliance Access Cyberoam CLI using a serial connection. Factory reset from the CLI requires physical connectivity between the appliance and Management Console. Hence, it can be done using a serial connection only, and not other remote sessions like Telnet and SSH. You can connect a serial console to the Serial port of any of the Cyberoam appliance models. Once the connection is successfully established, specify Cyberoam CLI password i.e. “admin” at the prompt, press Enter and you will get the following screen. Choose Option 5 – Cyberoam Management and it will lead you to sub menus, asking about factory reset option

1


Deploying Cyberoam

Chose option 3 - Reset to Factory Defaults to factory reset the appliance. Press ‘y’ to reset appliance to factory default.

Appliance will reboot, and come with factory default settings. In a case where the password to CLI and GUI are forgotten, Serial connection can be made to the appliance and on the password prompt type “RESET” in upper case without the quotes. This is show the below menu.

2



On pressing 1, all the configuration will be reset, but there will be no changes on the signature and report databases.



On pressing 2, all configuration and signatures will be flushed, but there will be no changes on the report database.



On pressing 3, all configuration, signatures, and reports will be flushed from the appliance.

Deploying Cyberoam


Lab #2 Deployment in Bridge Mode (Optional) By default, all Cyberoam appliances are configured to work in gateway mode. We already know the scenario when an appliance works in the bridge mode. 

Connect port A of the appliance to your computer using a cross-over cable.



Connect port B of the appliance to the WAN switch using a straight-through cable.



The lab setup should look like the diagram below. Please note that the diagram represents only an individual learner.



Every learner now needs to access their Cyberoam appliance web admin console. The appliance has to following settings



Port A IP Address is 172.16.16.16/24



By default the DHCP server service is on for Port A, therefore each learner will be assigned an IP Address by their Cyberoam appliance. If Cyberoam has not assigned an IP Address to the learner’s computer. The learner may now change his IP Address in range of 172.16.16.x/24.



Browse to https://172.16.16.16 and you should see the Cyberoam Web Admin Console login page. Enter the credentials, username should be Cyberoam and password is cyber.



If you cannot log on, verify the following configurations:



Did you plug your computer Ethernet cable into the port A on the appliance? - Deployment can only be performed through port A.



Is the link light glowing on both the computer and the Appliance? – If not, check and replace the cable



Is your computer set to a static IP address of 172.16.16.16 and subnet as 255.255.255.0?



Did you enter correct IP address in your Web browser?



Starting with the configuration: Click the wizard button at the top of the dashboard. This will start the network configuration wizard.

3


4

Deploying Cyberoam



Click start on the network configuration wizard screen and follow the steps listed the screens below.



Select bridge mode the options shown on the network configuration wizard window



The Network configuration wizard will now show the zone configuration window in which the learner shall select the ports on which the bridge needs to created.

Deploying Cyberoam




After the zones are configured, the network configuration wizard will now show the network configuration window. In this window, we shall enter the IP Address of the bridge, gateway IP Address, and DNS configuration.



After the network configuration, Cyberoam being a firewall device will block the traffic from different zones. The wizard will give an option the policy we wish to apply to the traffic from LAN > WAN. At this point simply select monitor only. We will discuss more on the policies in the modules to come.



The following are the three pre-defined policies:



Monitor Only: o o o



Allow all outbound traffic without any authentication. No scanning. No content filtering.

General Internet Policy: o Allow all outbound traffic without any authentication. o Web traffic will be scanned for virus / malware / spyware. o Content filtering will be “ON” by using default content filtering policy “General Corporate Policy” which blocks below web URL categories: o Porn, Nudity, Adult Content, URL Translation Sites, Drugs, Crime and Suicide, Gambling, Militancy and Extremist, Phishing and Fraud, Violence, Weapons

5


6

Deploying Cyberoam



Strict Internet Policy: o Block all outbound unauthenticated traffic. o Web traffic will be scanned for virus / malware / spyware. o All traffic will be scanned by IPS engine.



The next prompt from this window will be the email address settings required to alert the administrator.



Lastly, the network configuration will ask for updating and setting up the time zone. A summary page will be displayed at the end of the configuration and the learner will be required to click finish, to close the window. The Cyberoam appliance will take some time to configure and alert with the completion window.

Deploying Cyberoam


Lab #3 Deployment in Gateway Mode Connect port A of the Appliance to your computer’s Ethernet interface using the crossover Ethernet cable.

Connect port B of the Appliance to switch for WAN connectivity using the straight Ethernet cable. 1. Connect to the web admin console on 172.16.16.16. 2. Click the Wizard button on the top right of the Dashboard to start Network Configuration Wizard and click Start.

3. When the network configuration window appears, click start.

7


Deploying Cyberoam

4. On the next screen, network configuration wizard will be displayed where we will select the gateway mode.

5. In the next screens to follow, the network configuration wizard will run. This wizard allows us to configure each port on the appliance.

6. From the above screen, we can see that the appliance allows us to configure the Port A, however, utmost care has to be taken not to click next until the configuration is done. Most users make a mistake here by clicking next arrow instead of the highlighted next button. In the next screens, we choose the configuration for each port. After configuring all the ports, Internet access configuration wizard is displayed. This wizard allows setting the predefined policies.

8

Deploying Cyberoam


7. From the previous lab, we already know what policy is used for what configuration. The role of each policy will be discussed in the modules and labs to follow. As of now, the learners can select monitor only. Monitor only will put the Cyberoam appliance into monitor mode, in this mode the Cyberoam will not block any traffic, but still will be generating reports of all the traffic. The next screen to follow is the mail configuration settings.

8. Lastly, the network configuration will ask for updating and setting up the time zone. A summary page will be displayed at the end of the configuration and the learner will be required to click finish, to close the window. The Cyberoam appliance will take some time to configure and alert with the completion window.

Lab #4 Registration & Subscription To register the Cyberoam appliance, go to customer.cyberoam.com, and open a new account if you don’t have one, and register your appliance. Once registration is done, subscribe to all four modules using trial license. Firstly, we need to identify if Cyberoam is registered. 1. Go to System Maintenance licensing, there you will find “Appliance Registration Information”. It will show you the registration information of the appliance. If the appliance is not registered, you will get the message for the same.

9


Deploying Cyberoam

2. To register the appliance, go to customer.cyberoam.com. If you haven’t created any account with Cyberoam, click on the register tab on the main page, as shown in the diagram.

3. As soon as you will click on the tab “Registration”, you will see below page of registration. Please, provide proper Email ID, password and Appliance key, to register the appliance.

4. Please, note that: 5. Registration Email-id will be used as a username to access customer my account. 6. If you already have customer account with Cyberoam then you can provide the registration details to login into your account, but in Lab create new customer account. 7. If you already have customer account then login with the user credentials, and click on “Register Appliance” button as shown below:

10

Deploying Cyberoam


8. Once the appliance is registered, SystemMaintenanceLicensing.

you

can

verify

the

registration

from

9. If the registration information does not appear automatically, click on the Synchronize button as shown in the screen.

10. To subscribe to any module, go to customer my account and click on the appliance link and click on subscribe

11. The above screen shows how modules can be subscribed.

11


Deploying Cyberoam

Lab #5 Upgrade (Optional) Log in with the username and password provided when the appliance was registered.

Next, upon downloading the CyberoamOS file, upload the file to the appliance by navigating System-> Maintenance -> Firmware and click on the upload firmware button

Click to specify the location of the firmware image or browse to locate the file. You can simply upload the image or upload and boot from the image. The uploaded firmware can only be active after next reboot. The existing firmware will be removed and the new firmware will be available.

12

Deploying Cyberoam

Recommend Documents