How To - Deploy Cyberoam in Bridge Mode

Download as pdf or txt
Download as pdf or txt
You are on page 1of 12

How To - Deploy Cyberoam in Bridge Mode

Cyberoam appliance can be deployed in a network in two modes: Bridge mode. Popularly known as Transparent mode Gateway mode. Popularly known as Route mode Article provides step-by-step procedure to configure Cyberoam in Bridge mode. Configuration steps are provided assuming that you have not configured Cyberoam appliance and are using factory default settings of the appliance. If your appliance has any custom settings, rollback to factory default setting before following the steps provided in the article. We are going to consider a hypothetical network example with firewall serving as a Gateway. We will be placing the Cyberoam in bridge mode with existing firewall without changing the existing network LAN schema. Article covers: Features supported in Bridge Mode Deployment steps How to verify configuration Advance configuration

Overview
Bridge Mode Cyberoam when deployed in Bridge mode acts as a transparent bridge and will operate in Layer 2 - MAC layer. Bridge mode provides the ideal solution for networks that already have an existing firewall or router acting as a Gateway and customer does not want to replace the firewall, but still wish to add the security through Cyberoams deep-packet inspection, Intrusion Detection and Prevention Services, Gateway Anti Virus, and Gateway Anti spam. If you do not have Cyberoam security modules subscriptions, you may register for free trial. This mode of deployment is agreed without changing any network schema of the organizations internal infrastructure. Features supported in Bridge mode Cyberoam does not support the following features in Bridge mode: 1) Virtual Private Network (VPN) 2) Multi Link Manager (MLM) 3) DMZ Zones 4) High Availability (HA)

How To Deploy Cyberoam in Bridge mode

Sample Schema
Throughout the article we will use the following network parameters. The below given network diagram depicts a network where the existing Firewall or Router is present at the perimeter of the network. Cyberoam is to be deployed in bridge mode for providing the Security services.

After deploying Cyberoam, outbound traffic from hosts connected to the LAN will be permitted through the Cyberoam to the gateways, while inbound traffic from the WAN would, by default, not be permitted. If public servers like mail, web and database servers reside in LAN zone, a WAN-to-LAN firewall rule with the appropriate IP addresses and services should be added. This will permit inbound traffic to those servers.

Document version 1.0-27/08/2008

How To Deploy Cyberoam in Bridge mode

Preparing to configure
Cyberoam Appliance is shipped with the following default configuration: Port A IP address (LAN zone):172.16.16.16/255.255.255.0 Port B IP address (WAN zone): 192.168.2.1/255.255.240.0 Gather DNS IP address, date and time zone and well as administrator email address.

Deployment steps
Connecting Appliance Connect port A of the Appliance to a management computers Ethernet interface. You can use a cross-over Ethernet cable to connect directly or use straight-through Ethernet cable to connect through hub or switch. Both the cables are provided along with the Appliance. By connecting management computer to port A, we are assigning port A to LAN zone. Set the IP address of the management system to 172.16.16.2/24. Document version 1.0-27/08/2008

How To Deploy Cyberoam in Bridge mode

Connecting to Web Admin Console Browse to https://172.16.16.16 to access Cyberoam Web Console (GUI). Cyberoam login page is displayed and you are prompted to enter login credentials. Use default username and password to log on.

Internet Explorer 5.5+ or Mozilla Firefox 1.5+ is required to access Web Admin Console. If you cannot log on, verify the following configurations: Did you plug your management workstation into the port A on the appliance? Deployment can only be performed through port A. Is the link light glowing on both the management computer and the Appliance? If not, check and replace the cable Is your management computer set to a static IP address of 172.16.16.16 and subnet as 255.255.255.0? Did you enter correct IP address in your Web browser? Starting Network Configuration Wizard Click Wizard button on the top right of the Dashboard to start Network Configuration Wizard and click Start.

Document version 1.0-27/08/2008

How To Deploy Cyberoam in Bridge mode

Configuring deployment mode and IP addresses

Document version 1.0-27/08/2008

How To Deploy Cyberoam in Bridge mode

Document version 1.0-27/08/2008

How To Deploy Cyberoam in Bridge mode

Configuring default Internet Access policy (IAP) For your convenience, Cyberoam provides 3 pre-defined Internet Access policy. Based on the Internet Access policy, Cyberoam decided which outbound traffic is to be allowed or dropped. Monitor Only policy allows entire outbound traffic i.e. all the sessions origination from LAN to WAN without authentication traffic will not be subjected to virus and spam scanning traffic will not be subjected to content filtering General Internet policy allows entire outbound traffic i.e. all the sessions origination from LAN to WAN without authentication traffic will be subjected to virus and spam scanning traffic will be subjected to content filtering and following categories will be blocked Porn, Nudity, AdultContent, URL TranslationSites, Drugs, CrimeandSuicide, Gambling, MilitancyandExtremist, PhishingandFraud, Violence, Weapons Strict Internet policy blocks entire unauthenticated outbound traffic traffic will be subjected to virus and spam scanning traffic will be subjected to intrusion checks and scanned by IDP engine As IAP can altogether disable protection or block all access to the Internet, hence it is recommended to apply Monitor Only policy. Document version 1.0-27/08/2008

How To Deploy Cyberoam in Bridge mode

Please note, if you apply General Internet policy, access to certain URLs will be blocked. Configuring Mail Settings Configure mail server IP address, administrator email address from where the notification mails will be send and the email address of the notification recipient.

Configuring Date and Time zone

Document version 1.0-27/08/2008

How To Deploy Cyberoam in Bridge mode

Cyberoam will take time to restart, please wait for some time before clicking to access the Web Admin Console. Document version 1.0-27/08/2008

How To Deploy Cyberoam in Bridge mode

Note: After changing the LAN IP address, you must use this IP address to reconnect to the web admin console. You might also have to change the IP address of the management station to be on the same subnet as the new IP address.

This finishes the basic configuration of Cyberoam and now you are ready to use the Appliance.

Verifying configuration using Dashboard


Browse to https:\\192.168.0.5 and log on to Web Admin Console using default username and password. Dashboard page is displayed on successful log on. 1. Verify appliance information Check the Appliance Information section of Dashboard to verify configuration.

Document version 1.0-27/08/2008

How To Deploy Cyberoam in Bridge mode

2. Verify gateway status Check the Gateway Status of Dashboard and verify that the status of the gateway green i.e. UP.

3. Verify IP assignments Go to System> Network Configure > Manage Interface page and check IP address assigned to Interfaces. If you have not configured IP scheme properly, you can run the Network Configuration wizard and change the IP address.

Document version 1.0-27/08/2008

How To Deploy Cyberoam in Bridge mode 4. Verify DNS status Browse to http://<Cyberoam IP address>/dg.html and log on with default username and password and verify that DNS status is Ok.

5. If due to incorrect IP address configuration, you are not able to access appliance, rollback to factory default settings and re-configure Cyberoam by repeat the entire deployment steps given in this document.

What next?
If Cyberoam is up and running, you are now ready to use the Appliance. You can now: Monitor network activities using Cyberoam Reports. Detect your network traffic i.e. applications and protocols accessed by your users. Configure authentication to monitor and log user activities based on User names Refer to Getting Started Guide from: http://docs.cyberoam.com/default.asp?id=162&Lang=1&SID=

Rollback to factory default settings


Access Telnet Console using any of the SSH client. Start SSH client and create new Connection with the following parameters: Hostname - <Cyberoam server IP Address> Username admin Password RESET This will rollback Cyberoam configuration to its factory default settings.

Document version 1.0-27/08/2008

You might also like