Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Cyberoam Upgrade Training v9.6 build 16

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam 1.Free On-Appliance SSL VPN 2.Complete Layer 2 to Layer 8 security 3.Category Based Bandwidth Management 4.Free RBL Support 5.IP Reputation Filtering Support in Anti-Spam New Features:

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Enhancements: 1.Provide Bandwidth to Branch offices over VPN 2.Total Threat Free Tunneling. 3.Clientless Automated SSO 4.Spam Quarantine Enhancements

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam New features

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam All free On-Appliance SSL VPN

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam On-Appliance SSL VPN Now the VPN feature is extended to include SSL VPN functionality within Cyberoam to provide secure access for the remote users. Easier to use and control to allow access to the Corporate network from anywhere, anytime. Any device that has browser can access SSL VPN

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam  Client and Location independent access  Authentication - AD, LDAP, RADIUS, Cyberoam  Multi-layered Client Authentication - Certificate, Username/Password  User & Group policy enforcement  Network access - Split and Full tunneling  End user Web Portal - Clientless access  SSL VPN Tunneling Client - Granular access control to all the Enterprise Network resources  Administrative controls: Session timeout, Dead Peer Detection,  Portal customization The SSL VPN feature would not be a chargeable module and would be enabled by default in all appliances 25i, 50i, 100i, 200i, 300i, 250i, 500i, 1000i and 1500i. License Free SSL-VPN:

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Key Advantages 1.Its FREE!!! (Promotional Offer) 2.Easy to use. No complicated configurations. 3.Device Independent. Can be used with Smart-phones, Iphones, Netbooks etc. 4.Works in restricted network environments where VPN traffic is blocked. 5.Data transfer is encrypted by SSL. Safe to use on an unsecured network. 6. VPNC certified

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam On appliance SSL VPN in detail

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Who should access what? Cyberoam’s on appliance SSL-VPN gives full flexibility to the administrators to decide what type of access should be given by creating policies. SSL VPN policy determines access mode available to the remote users and also controls the access to the private network (corporate network) in the form bookmarks.

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Two modes: Full Access and Web Access mode –Web Access mode ( Web based or clientless ) Does not require any client to be installed Can be accessed using browser Limited to use on web resources only –Full Access mode ( Client mode ) Require client to be installed Works in two modes –Split Tunnel »Allows access to only defined network resources in the policy –Full Tunnel »Routes all traffic to Cyberoam, internet through HO »Allows access to only defined internal network resources »Full access to WAN

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Creating SSL VPN Policy Select the access mode by clicking the appropriate option Accessible Resources allows restricting the access to the certain hosts of the private network Select tunnel type Accessible Resources allows restricting the access to the certain hosts of the private network Bookmarks are the resources that will be available through Web portal

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam It provides the ability to create point-to-point encrypted tunnels between remote employees and your company’s internal network It requires a combination of SSL certificates and a username/password for authentication to enable access to the internal resources. To restrict the access to the Corporate network, it operates in two modes: Full Access and Web Access mode. User’s access to private network is controlled through his SSL VPN policy while Internet access is controlled through his Internet Access policy.

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam User Authenticates himself Access web-based resources available to him Install SSL VPN Client End user experience

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Enhanced security with L2 Firewall support

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Identity-IP address-MAC address Enhanced security with Cyberoam. Cyberoam now extends down to the OSI Layer 2, to achieve a major security enhancement. Now MAC address (Machine Address) is also a decision parameter along with identity and ip address for the firewall policies All normal firewall policies like IAP, AV, IPS, Bandwidth policy etc can be applied on MAC firewall rule Now for any server running on dynamic IP Address, we can create a firewall rule to allow that server through firewall using MAC

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Create firewall rule based on MAC address

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Create MAC based host for Dynamic web server Now create MAC based firewall rule

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Web Category Bandwidth

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Web Category Bandwidth features Bandwidth Restriction can be applied on Web categories Configuration provided in Web Category and Firewall Bandwidth will be shared among all the users/firewall rules for particular Web category Web category bandwidth will take priority with respect to all other bandwidth configuration If a users is given 32kbps of bandwidth and Web category he is accessing is given 16kbps of bandwidth user can draw a maximum of kbps of bandwidth

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Create web category based bandwidth policy

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Allot bandwidth while creating web category

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam View which Bandwidth policy is applied to which web category

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Apply through the firewall rule

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Create a BW policy for online games sites Create a category for online games Apply the web based BW categorization to all the LAN users

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Free RBL support for Anti Spam Now get free Anti Spam protection with the RBL No need to purchase a separate license if you need RBL Anti Spam protection

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam IP Reputation Filtering Support in Anti-Spam Block 85% of incoming messages at entry-point even before these messages enter the network. Save load / processing power of mail server for unwanted spam messages. Save internet bandwidth.

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam How IP Reputation Filtering works? The sending SMTP host (Sender Mail Server) attempts to connect over port 25 to your mail transfer agent (MTA) the mail server hosted behind Cyberoam. The Cyberoam Anti-Spam engine delays the connection and queries the inbuilt reputation database about the reputation of the source and how to handle it. The Cyberoam Anti-Spam engine is responsible for collecting real-time and dynamically updated reputation data about the source by communicating to the Commtouch Datacenter over HTTP protocol.

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam How IP Reputation data is collected? The source data is gathered by monitoring its global sending behavior and is composed of the volume of sent s in several time frames,the spam ratio of its sent s, a calculated risk level, computed IP class and other relevant information. Additionally, Cyberoam Anti-Spam maintains local data in severaltime- basedwindows about the all the previous times that itwas already queried about this source. All of this information is used to generatea recommended action to apply on the source.

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam How to enable IP Reputation Filtering: Anti Spam -> Configuration -> General Configuration

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam How to check reputation of any given IP: Commtouch provides facility to check reputation of any given IP. You can check the same using below URL:

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Enhancements

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Branch office Internet Traffic Tunneling over VPN

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Branch office Internet Traffic Tunneling over VPN Cyberoam now facilitates central Internet access and control for an organization with multiple branch offices All the branch office can now use the Internet facility at the head office to browse Supported only in Net-Net connections

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam All the branches can access internet through HO

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Advantages Even if the branch offices don’t have internet access they can access internet through Head office. Centralized implementation of user policies from HO Central reporting in HO. Easy to manage the branch offices.

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Threat free tunneling

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Cyberoam VPN zone traffic is now totally secure. It extends its firewall rule gamut to L2TP and PPTP VPN traffic, which is scanned for Malware, Spam and inappropriate Web content. This ensures that nothing dangerous can sneak through. All normal firewall policies like IAP, AV, IPS, Bandwidth policy etc can be applied on L2TP and PPTP traffic

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Create L2TP configuration

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Create PPTP Configuration

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Create hosts for L2TP and PPTP configurations

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Firewall rules for L2TP and PPTP tunnel users

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Spoof prevention

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam You can configure MAC and/or IP address pair entry in IP-MAC trusted list to improve the security of your network Using MAC address filtering makes it more difficult for a hacker to guess and use a random MAC address It is also possible to filter packets based on IP-MAC pair

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Spoof Prevention –MAC filtering Does not allow any IP Address to connect other than trusted MAC –IP-MAC Pair filtering Drops traffic where IP-MAC pair does not match Allows all traffic for which MAC entry does not exists –Spoof prevention Drops any traffic that does not match with the subnet of the incoming NIC

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Spoof Prevention Settings Packets will be dropped if the MAC addresses not configured in the “Trusted MAC address” list. Packets will be dropped if IP and MAC do not match with any entry in the IP- MAC trusted list Packet will be dropped if matching route entry is not available

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam ARP Management

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Cyberoam ARP Management Features –Facility to mange ARP entries –Static entries can be added from GUI –Shows list of ARP entries, both Static and Dynamic –Do not add static ARP entry for any configured gateway, it will mark the gateway dead –Cyberoam maintains two types of table for ARP entries: ARP Cache and Static ARP

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam How does Static ARP work in Cyberoam? Add Static ARP. These entries will be stored in static ARP as well as ARP Cache table. When the Cyberoam appliance receives the ARP request on a particular port, Cyberoam performs the ARP lookup in the static ARP table. If there is any mismatch in IP address or port Cyberoam considers it as an ARP poisoning attempt and does not update its ARP Cache. If entry is not available in the table, Cyberoam will lookup in the ARP Cache and adds MAC address to ARP Cache if required.

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Add Static ARP

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Manage ARP Select from the drop down list to view ARP entries It lists IP address, MAC address, port and type of the entry

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Clientless - Automated Single Sign-On

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Clientless - Automated Single Sign-On Advantages No need to convince the administrators to modify the Logon scripts or make client side installations. With the new Clientless - Automated Single Sign On there is a single light weight installer that can be installed on any windows computer on the network Cyberoam will detect all logons and logoffs. Also works with Macintosh Clients authenticating with Microsoft Domain Controller.

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Features New clientless SSO is agent based solution in that no need to configure any logon script or no need to push SSO client software on any of the client machine. This is platform independent that means if client OS is integrated with Active Directory then Cyberoam will automatically login them into Cyberoam once they login into Active Directory, example: Mac-OS, Linux, Windows (All Versions). In this new SSO, we just need to install one agent software on AD controller which will automatically send login information to Cyberoam for authentication. In case of multiple AD controller of same domain, we just need to install agent on all the AD controller.

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Spam Digest

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Daily Spam Digest: Cyberoam will now mail the summary of Spam mails that have been quarantined by Cyberoam. Release the false positives to your mailbox: Now Cyberoam allows you to release the mail from the quarantine area and get it right in your mailbox, Promotes end user’s self-sufficiency Reduces network administrator’s dependency Spam digest features

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Spam digest configuration: Anti Spam -> Spam Quarantine -> Spam Digest Settings

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam User’s Antispam Quarantine Area User logon into his account Go to the spam quarantine area Access as well as release the spam quarantine mails

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Separate sub menu to manage digital certificates

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Bundle Subscription

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Details Applicable from version – Cyberoam’s “Bundle Subscription” service provides subscribers a purchase option to choose between single subscription module and a bundle of modules. Cyberoam will also continue to offer single subscription modules also. Bundle can be the combination of or all of the following modules: Gateway Anti Virus Gateway Anti-spam Intrusion Prevention System Web and Application Filter 8 X 5 Support

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Benefits Subscription bundle will reduce Administrator’s task of subscribing each module individually as all the modules in the bundle will be subscribed in a single step using just one key. Along with customers, the feature is also beneficial to the suppliers as one can achieve the desired cost reduction for the bundled pack.

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam How to subscribe Subscriber will be provided a single key for all the modules included in the bundle. For renewal, subscriber can choose to renew the pack or the single module.

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam One time subscription

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam DHCP Enhancements

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam DHCP Enhancements More user friendly interface Configuration for Dynamic as well as static lease IP Address conflict detection Facility to lease primary and secondary DNS Option to lease Cyberoam’s DNS configuration DHCP can now lease WINS server DHCP Relay configuration

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Configure for Dynamic Lease

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Configure for Static Lease

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Manage DHCP Servers

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam

Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Thank you