Cyberoam Virtual Security
Appliance - Installation
Guide for XenServer
Version 10
Contents
Preface... 4
Base Configuration ... 4
Installation Procedure ... 4
Cyberoam Virtual Security Appliance Installation ... 5
Cyberoam Virtual Security Appliance Configuration ... 11
Typographic Conventions
All contents in this guide including text or screenshots follow the given list of conventions.
Item Convention Example
Server Machine where Cyberoam Software - Server component is installed
Client Machine where Cyberoam Software - Client component is installed
User The end user
Username Username uniquely identifies the user of the system Topic titles Shaded font
typefaces
Introduction
Subtitles Bold & Blacktypefaces
Notation conventions
Navigation link Bold typeface Group Management Groups Create
it means, to open the required page click on Group management then on Groups and finally click Create tab
Name of a particular parameter / field / command button text Lowercase italic type
Enter policy name, replace policy name with the specific name of a policy
Or
Click Name to select where Name denotes command button text which is to be clicked
Cross references
Hyperlink in different color
Refer to Customizing User database Clicking on the link will open the particular topic
Notes & points to remember
Bold typeface between the black borders
Note
Prerequisites Bold typefaces between the
Preface
Welcome to Installation and Deployment Guide of Cyberoam Virtual Security Appliance for XenServer platform. This guide describes how you can download, deploy and run Cyberoam as a virtual machine on XenServer.
Base Configuration
There underlies a base virtual hardware configuration without which Cyberoam Virtual Security Appliance goes into “FAILSAFE” mode. The base virtual hardware requirements for XenServer platform is as follows:
One vCPU 1GB vRAM 3 vNIC
Primary Disk with 4GB size Report Disk with 80GB size
To know more about what happens when your appliance goes into “FAILSAFE” mode and how to recover from it, refer to the Cyberoam KB article Failsafe Troubleshooting for Virtual UTM Appliance.
Installation Procedure
Pre-requisite
Make sure that XenServer is already installed in your network. For XenServer installation instructions, refer to the XenServer Quick Installation guide:
http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/citrix-xenserver-quick-installation-and-licensing-guide.pdf
Cyberoam Virtual Security Appliance Installation
1. Download and Extract OVF Package
Download the .zip file containing the Cyberoam OVF image and store it in your machine.
2. Import OVF file
Open XenCenter and select the XenServer where you want to deploy Cyberoam Virtual Security Appliance. Right click on the selected XenServer and click Import to open the downloaded .ovf file.
Screen - Import OVF file
Screen - Open Cyberoam Virtual Security Appliance
Click Open to open the selected .ovf file. Click Next to launch the “Import OVF/OVA Package” wizard.
3. Import OVF/OVA Package Wizard
Screen - Select location
Click Next to select the storage repositories in the destination pool or standalone server. You can choose to import Cyberoam’s virtual storage disks on the location selected in the previous step or onto specific target storage repositories.
Screen - Select Target Storage
Screen - Select security settings
Click Next to enable/disable Operating System Fixup, a feature when enabled, ensures hypervisor interoperability. Generally, Operating System Fixup is not required and by default, “Don’t use Operating System Fixup” is selected. Cyberoam recommends that you do not change the default selection.
Screen - Select Target Storage
From the drop-down list against ‘Network’, select the network on which the temporary VM will run. Specify an unused IP Address from the pool or standalone server you selected in the very beginning of Step 3. Alternatively, you can choose to automatically obtain network settings using DHCP.
Screen - Select Target Storage .
Click Next to continue to the final step of the “Import OVF/OVA Package” wizard i.e. reviewing the import settings.
Click Finish to exit the “Import OVF/OVA Package” wizard. The deployment process takes time to complete. Please wait while the process completes.
This installs Cyberoam Virtual Security Appliance on your machine.
Note:
To optimize the performance of your Virtual Appliance, configure vCPU and vRAM according to the license you have obtained. While configuring number of vCPUs, ensure that you do not exceed the maximum number limit specific to your license else Cyberoam will go into “FAILSAFE” mode. For example, for a CRiV-4C you can allocate a maximum of 4 vCPUs. Any number higher than that will put the Virtual Appliance into “FAILSAFE” mode.
Following is the Model wise recommended vRAM: CRiV-1C & CRiV-2C: 1GB
CRiV-4C & CRiV-8C: 2GB CRiV-12C & CRiV-UNL: 4GB
Cyberoam Virtual Security Appliance allows you to configure a maximum of 26 vNICs. However, this number varies according to your hypervisor. For example, XenServer allows allotment of a maximum of 7 vNICs to a virtual machine.
For details on how to modify allotted virtual hardware configurations, refer to http://www.citrix.com/.
4. Start VM
Right click the deployed Virtual Appliance and click Start to access Cyberoam.
Screen – Power on the Cyberoam Virtual Security Appliance
Screen – Enter administrator password
Cyberoam Virtual Security Appliance Configuration
To configure Cyberoam Virtual Security Appliance, you need to log into the Cyberoam Web Admin Console. From the management computer:
Browse to https://172.16.16.16
Log on to the Cyberoam Web Admin Console using default username ‘admin’ and default password ‘admin’.
Click Wizard icon to launch the Network Configuration Wizard.
Network Configuration Wizard
After logging into the Cyberoam Web Admin Console, click Wizard icon on the top right corner of your Cyberoam Dashboard to launch the Network Configuration wizard.
Screen 1 – Launch Network Configuration Wizard
Network Configuration Wizard guides you step-by-step through configuration of the network parameters like IP address, subnet mask, and default gateway for Cyberoam. Use the configuration settings you noted i earlier.
Screen 2 –Network Configuration Wizard
Configure Mode
Gateway mode
To configure Cyberoam in Gateway mode, select Gateway Mode and click . Follow the on screen steps to: 1. Configure Interface: Configure IP
Address, Subnet Mask and Zone for each port. By default, Cyberoam binds ports A, B and C to LAN, WAN and DMZ zones, respectively.
Refer to the screen titled Screen 3 - Configure Interface.
To enable interface for PPPoE, provide PPPoE details - Username and
Password (only for WAN zone). Click Next to repeat the above steps for each part
2. Configure DNS server address: Click “Obtain an IP from DHCP” to override appliance DNS and use DNS received from the external DHCP server.
Refer to the screen titled Screen 4 - DNS Configuration.
Bridge Mode
To configure Cyberoam in Bridge mode, select Bridge Mode and click .
1. Configure Bridge IP Address and subnet mask.
Screen 3 – Configure Interface
Configure Internet Access
Configure Internet access policy for LAN to WAN traffic.
Monitor Only policy allows LAN to WAN traffic
General Internet policy enables IPS1 and Virus2 scanning and allows LAN to WAN traffic except Unhealthy Web and Internet traffic as defined by Cyberoam. This will include sites related to Adult contents, Drugs, Crime and Suicide, Gambling, Militancy and Extremist, Violence, Weapons, Phishing and Fraud and URL Translation sites.
Strict Internet policy enables IPS1 and Virus2 scanning and allows only authenticated LAN to WAN traffic.
Click button to configure the mail settings.
Screen 5 – Configure Internet Access Note
1
Until Intrusion Prevention System module is subscribed, IPS scanning will not be effective. 2
Configure Mail Settings
Specify Administrator Email ID. Specify Mail server IP address.
Specify email address that should be used to send the System Alerts.
Click “Authentication Required” to enable SMTP authentication, if required and specify username and password.
Click button for Date and Time zone configuration.
Configure Date And Time Zone
Set time zone and current date.
Enable clock synchronization with NTP server to tune Cyberoam's clock using global time servers.
Screen 7 – Configure Date and Time
Click button to view the configured details. Copy the configured details for future use.
Screen 8 – Network Configuration Wizard On successful configuration following page will be displayed.
Screen 9 – Network Configuration Wizard
Congratulations!!!
This finishes the basic configuration of Cyberoam.
Your network is now protected from Internet-based threats and access to Adult contents, Drugs, Crime and Suicide, Gambling, Militancy and Extremist, Violence, Weapons, Phishing and Fraud and URL Translation sites will be blocked.
Note
If Cyberoam Virtual Security Appliance is not connected to the Internet for 30 days in a row, it will lead to de-activation of the appliance. In case of de-activation, contact [email protected].
What Next?
1. Avail Subscriptions
To subscribe for free 15-days trial subscription of Web and Application Filtering, IPS, Anti Virus and Anti Spam, browse to http://customer.cyberoam.com and login with the credential provided at the time of account creation.
Access Cyberoam Web Admin Console
Browse to https://<IP address of cyberoam> and log on using the default username (admin) and password (admin).
Note: Internet Explorer 7+ or Mozilla Firefox 1.5+ is required to access the Cyberoam Web Admin Console.
Go to System Maintenance Licensing page and synchronize the registration details. Registration and subscription details will be displayed only after synchronization.
2. Configure DNS
Configure the correct firewall rule for your Domain Name Server (DNS). You may not be able to access Internet if not configured properly.
3. Enable Virus Scanning
Go to Firewall Rule Rule and edit default firewall rules to enable virus scanning.
4. Set authentication parameters
Go to Identity Authentication Authentication Server to define the authentication parameters.
Additional Resources
Visit following links for more information to configure Cyberoam Technical Documentation - http://docs.cyberoam.com
Cyberoam Knowledge Base - http://kb.cyberoam.com Cyberoam Security Center - http://csc.cyberoam.com Cyberoam Upgrades - http://customer.cyberoam.com
Important Notice
Cyberoam Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Cyberoam Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document. Cyberoam Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice.
USER’S LICENSE
Use of this product is subject to acceptance of the terms and conditions of Cyberoam End User License Agreement (EULA) at the time of installation.
RESTRICTED RIGHTS
Copyright 1999 - 2014 Cyberoam Technologies Private Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of Cyberoam Technologies Pvt. Ltd.
Corporate Headquarters
Cyberoam Technologies Pvt. Ltd. 901, Silicon Tower, Off. C.G. Road, Ahmedabad - 380 006, INDIA Phone: +91-79-66065606 Fax: +91-79-26407640 Web site: www.cyberoam.com
Technical Support
You may direct all questions, comments, or requests concerning the software you purchased, your registration status, or similar issues to Customer care/service department at the following address:
Email: [email protected] Web site: www.cyberoam.com
