Cyberoam Console Guide

CYYBBEERRO
OA M CO
AM ONNSSO
OLLEE GU
UIID
DEE
VEERRSSIIO
ONN: 7
IMPORTANT NOTICE
Elitecore has supplied this Information believing it to be accurate and reliable at the time of printing, but is
presented without warranty of any kind, expressed or implied. Users must take full responsibility for their
application of any products. Elitecore assumes no responsibility for any errors that may appear in this document.
Elitecore reserves the right, without notice to make changes in product design or specifications. Information is
subject to change without notice.
SOFTWARE LICENSE
The software described in this document is furnished under the terms of Elitecore’s software license agreement.
Please read these terms and conditions carefully before using the software. By using this software, you agree to
be bound by the terms and conditions of this license. If you do not agree with the terms of this license, promptly
return the unused software and manual (with proof of payment) to the place of purchase for a full refund.
LIMITED WARRANTY
Software: Elitecore warrants for a period of ninety (90) days from the date of shipment from Elitecore: (1) the
media on which the Software is furnished will be free of defects in materials and workmanship under normal use;
and (2) the Software substantially conforms to its published specifications except for the foregoing, the software
is provided AS IS. This limited warranty extends only to the customer as the original licenses. Customers
exclusive remedy and the entire liability of Elitecore and its suppliers under this warranty will be, at Elitecore or its
service center’s option, repair, replacement, or refund of the software if reported (or, upon, request, returned) to
the party supplying the software to the customer. In no event does Elitecore warrant that the Software is error
free, or that the customer will be able to operate the software without problems or interruptions.
DISCLAIMER OF WARRANTY
Except as specified in this warranty, all expressed or implied conditions, representations, and warranties
including, without limitation, any implied warranty or merchantability, fitness for a particular purpose, non-
infringement or arising from a course of dealing, usage, or trade practice, and hereby excluded to the extent
allowed by applicable law.
In no event will Elitecore or its supplier be liable for any lost revenue, profit, or data, or for special, indirect,
consequential, incidental, or punitive damages however caused and regardless of the theory of liability arising out
of the use of or inability to use the product even if Elitecore or its suppliers have been advised of the possibility of
such damages. In the event shall Elitecore’s or its suppliers liability to the customer, whether in contract, tort
(including negligence) or otherwise, exceed the price paid by the customer. The foregoing limitations shall apply
even if the above stated warranty fails of its essential purpose.
In no event shall Elitecore or its supplier be liable for any indirect, special, consequential, or incidental damages,
including, without limitation, lost profits or loss or damage to data arising out of the use or inability to use this
manual, even if Elitecore or its suppliers have been advised of the possibility of such damages.
RESTRICTED RIGHTS
Copyright 2000 Elitecore Technologies Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of
Elitecore Technologies Ltd. Information supplies by Elitecore Technologies Ltd. Is believed to be accurate and
reliable at the time of printing, but Elitecore Technologies assumes no responsibility for any errors that may
appear in this documents. Elitecore Technologies reserves the right, without notice, to make changes in product
design or specifications. Information is subject to change without notice
Corporate Headquarters
Elitecore Technologies Ltd.

904 Silicon Tower,
Off. C.G. Road,
Ahmedabad – 380015, INDIA
www.cyberoam.com
Cyberoam Console Guide
Contents
Guide Audience ______________________________________________________________________ 1

Guide Sets___________________________________________________________________________ 2
Technical Support_____________________________________________________________________ 3
Typographic Conventions_______________________________________________________________ 4
Introduction ___________________________________________________________________ 4
Notation conventions __________________________________________________________________ 4
Introduction ___________________________________________________________________ 5
Accessing Cyberoam Console_____________________________________________________ 5
Accessing Console via TELNET _________________________________________________________ 5
00. Post Installation wizard ______________________________________________________ 7
Change Deployment mode ______________________________________________________________ 7
R. Restart Management Services _________________________________________________ 14
1. Network configuration _______________________________________________________ 15
Set IP Address ______________________________________________________________________ 15
Set Alias ___________________________________________________________________________ 16
2. System configuration_________________________________________________________ 17
2.1 Set Console Password______________________________________________________________ 17
2.2 Set System Date __________________________________________________________________ 17
2.3 View Access logs _________________________________________________________________ 18
2.4 Set Cyberoam Administrator Email ID_________________________________________________ 19
2.5 Traceroute Utility _________________________________________________________________ 20
2.6 Set Module Info __________________________________________________________________ 20
2.7 Bandwidth Graph Setting ___________________________________________________________ 20
2.8 Advanced NIC Setting _____________________________________________________________ 21
2.9 Manage Internal Network ___________________________________________________________ 21
2.10 Enable/Disable LAN Bypass _______________________________________________________ 22
2.0 Exit ____________________________________________________________________________ 22
3. Route configuration__________________________________________________________ 23
3.1 Add Route_______________________________________________________________________ 23
3.2 Delete Route _____________________________________________________________________ 24
3.3 Show Route______________________________________________________________________ 24
3.0 Exit ____________________________________________________________________________ 25
4. Cyberoam Console __________________________________________________________ 26
5. Cyberoam Management ______________________________________________________ 27
5.1 Restart Management Services________________________________________________________ 27
5.2 Remove Firewall Rules_____________________________________________________________ 27
5.3 Reset Management Password ________________________________________________________ 28
5.4 Database Utilities _________________________________________________________________ 28
5.5 Download Backup ________________________________________________________________ 29
5.6 Restore Backup___________________________________________________________________ 30
5.7 DHCP Client Settings ______________________________________________________________ 30
5.8 View Audit Logs__________________________________________________________________ 30
5.9 Check and Upgrade New version _____________________________________________________ 30
5.10 Auto Upgrade status ______________________________________________________________ 31
5.11 Check and Update Webcat Latest Database ____________________________________________ 31
5.12 Webcat Auto Upgrade Status _______________________________________________________ 31
5.12 Custom Menu ___________________________________________________________________ 31
5.0 Exit ____________________________________________________________________________ 31
6. Upgrade version_____________________________________________________________ 32
7300-1.0-9/20/2005 1
7. Dialup Connection___________________________________________________________ 33
7.1 Connect Dialup ___________________________________________________________________ 33
7.2 Disconnect Dialup ________________________________________________________________ 33
7.3 Edit PPP Settings _________________________________________________________________ 33
7.4 View PPP Logs ___________________________________________________________________ 34
7.5 View Current PPP Logs ____________________________________________________________ 34
7.6 Initialize Modem__________________________________________________________________ 34
7.7 Start DialonDemand Service ________________________________________________________ 35
7.8 Stop DialonDemand Service_________________________________________________________ 35
7.0 Exit ____________________________________________________________________________ 35
8. DNS Services _______________________________________________________________ 36
8.1 Create Domain ___________________________________________________________________ 36
8.2 Delete Domain ___________________________________________________________________ 36
8.3 Modify entry on Domain ___________________________________________________________ 37
8.4 List of Domains __________________________________________________________________ 38
8.0 Exit ____________________________________________________________________________ 38
9. Bandwidth Monitor__________________________________________________________ 39
10 Mail Server Menu___________________________________________________________ 40
10.1 User Migration Utility for Mail server ________________________________________________ 40
10.2 Configuration Menu ______________________________________________________________ 40
10.3 Restart Mail services______________________________________________________________ 42
10.4 View Intrapop Logs ______________________________________________________________ 43
10.0 Exit ___________________________________________________________________________ 43
11. Trend AntiVirus Menu ______________________________________________________ 44
11.1 IMSS Menu_____________________________________________________________________ 44
11.2 IWSS Menu ____________________________________________________________________ 45
11.3 Configure to run IMSS ____________________________________________________________ 46
11.4 Configure to run IWSS ____________________________________________________________ 46
11.5 Remove Configuration of Trend_____________________________________________________ 46
11.0 Exit ___________________________________________________________________________ 46
12. VPN Management __________________________________________________________ 47
12.1 Regenerate RSA Key _____________________________________________________________ 47
12.2 Restart VPN service ______________________________________________________________ 47
12.3 View VPN Logs _________________________________________________________________ 48
12.0 Exit ___________________________________________________________________________ 48
13. Shutdown/Reboot Cyberoam _________________________________________________ 49
0. Exit _______________________________________________________________________ 49
Annexure I ___________________________________________________________________ 50
7300-1.0-9/20/2005 2
Annexure I - Contents
arp ............................................................................................................................................50
cacheclient...............................................................................................................................50
clear .........................................................................................................................................50
cyberoam..................................................................................................................................50
dnslookup ................................................................................................................................51
ip ..............................................................................................................................................52
message....................................................................................................................................63
ping ..........................................................................................................................................63
route.........................................................................................................................................64
set .............................................................................................................................................65
show .........................................................................................................................................66
tcpdump ...................................................................................................................................67
telnet ........................................................................................................................................68
traceroute.................................................................................................................................68
7300-1.0-9/20/2005 3
Preface
Welcome to the Console Guide of Cyberoam, eLitecore Technologies Ltd.’s integrated Internet
Security Solution.
Cyberoam Console guide helps you administer, monitor and manage Cyberoam with the help of
Console.
Note that by default, Cyberoam Console password is ‘admin’. It is recommended to change the
default password immediately after Installation.
Guide Audience
Cyberoam Console Guide provides functional and technical information of the Cyberoam Software.
This Guide is written to serve as a technical reference and describes features that are specific to
the Console.
Guide also provides the brief summary on using the Console commands.
This guide is intended for the Network Administrators and Support personnel who perform the
following tasks:
1. Configure System & Network
2. Manage and maintain Network
3. Manage various services
4. Troubleshooting
This guide is intended for reference purpose and readers are expected to possess basic-to-
advanced knowledge of systems networking.
Note
The Corporate and individual names, data and images in this guide are for demonstration purposes only
and do not reflect the real data
If you are new to Cyberoam, use this guide along with the ‘Cyberoam User Guide’
7300-1.0-9/20/2005 1
Guide Sets
Guide Describes
Installation & Registration Guide Installation & registration process
User Guide
Part I – Getting Started How to start using Cyberoam
Part II – Management Management and Customization of Cyberoam
Detailed statistics – Reports Detailed reports
Console Guide Console Management
Windows Client Guide Installation & configuration of Cyberoam Windows
Client
Linux Client Guide Installation & configuration of Cyberoam Linux
Client
HTTP Client Guide Installation & configuration of Cyberoam HTTP
Client
Analytical Tool Guide Using the Analytical tool for diagnosing and
troubleshooting common problems
Cyberoan - LDAP Integration Configuration for integrating LDAP with Cyberoam
guide for external authentication
Cyberoam – ADS Integration Configuration for integrating ADS with Cyberoam
Guide for external authentication
Data transfer Management Configuration and Management of user based data
Guide transfer policy
Mail Management Configuration and Management of Mail server
Multi Link Manager User Guide Configuration of Multiple Gateways, load balancing
and failover
VPN Management Implementing and managing VPN
Printer Usage Management Configuration and Management of user based
Guide printing quota policy
Printer Installation and Installation and Configuration of Elitecore Print
Configuration Guide Manager
These documents are available at the site: www.cyberoam.com/cyberoam/product.htm
7300-1.0-9/20/2005 2
Technical Support
You may direct all questions, comments, or requests concerning the software you purchased, your
registration status, or similar issues to Customer care/service department at the following address:
Corporate Office
eLitecore Technologies Ltd.
904, Silicon Tower
Off C.G. Road
Ahmedabad 380015
Gujarat, India.
Phone: +91-79-26405600
Fax: +91-79-26462200
Web site: www.elitecore.com
Cyberoam contact:
Technical support (Corporate Office): +91-79- 26400707
Email: [email protected]
Web site: www.cyberoam.com
Visit www.cyberoam.com for the regional and latest contact information.
7300-1.0-9/20/2005 3
Typographic Conventions
Material in this manual is presented in text, screen displays, or command-line notation.
Item Convention Example

Server Machine where Cyberoam Software - Server component is installed
Client Machine where Cyberoam Software - Client component is installed
User The end user
Username Username uniquely identifies the user of the system
Topic titles Shaded font
typefaces
Introduction
Subtitles Bold and
Black Notation conventions
typefaces
Navigation Bold Group Management → Groups → Create
link typeface it means, to open the required page click on Group management then
on Groups and finally click Create tab
Notes & Bold

points to typeface Note
remember between the
black borders
7300-1.0-9/20/2005 4
Introduction
Cyberoam console provides a collection of tools to administer, monitor and control certain
Cyberoam system components.
Accessing Cyberoam Console

There are two ways to access Cyberoam Console as explained below
1. Direct Console connection - attaching a keyboard and monitor directly to the Cyberoam
server
2. Remote connection - Using remote login utility TELNET - Telnet provides user support for the
Telnet protocol, a remote access protocol you can use to log on to a remote computer,
network device, or private TCP/IP network.
Accessing Console via TELNET

To use TELNET, IP Address of the Cyberoam server is required.
To start the TELNET utility:

Click Start from Windows Taskbar followed by Run
In Open, type TELNET xxx.xxx.x.xxx
Click OK, opens new window and prompts to enter IP address of Password
Cyberoam server
Default password for Cyberoam console is “admin”.
7300-1.0-9/20/2005 5
On successful login, following Main menu screen will be shown.
To access any of the menu items, type the number corresponding to the menu item in the ‘Select
Menu Number’ field and press <Enter> key.
Example
To access Type
System Configuration 2
DNS services 8
Exit 0 or Ctrl -C
7300-1.0-9/20/2005 6
00. Post Installation wizard

Use this menu to
• View current server configuration
• Change deployment mode
Following screen displays current Cyberoam server configuration i.e. deployment mode of
Cyberoam, IP address and Gateway details.
Change Deployment mode

To change the deployment mode of Cyberoam i.e. from Bridge to Gateway or vice versa, type ‘B’
or ‘G’ accordingly and press <Enter> key
Installation of Cyberoam as Bridge

Step 1: For placing Cyberoam as Bridge, type ‘b’ or ‘B’ followed by <Enter>
Step 2: Enter the IP address by which you wish to manage Cyberoam through the telnet console
as well as the Web console
By default internal interface is set as eth0 and external interface is set as eth1, modify if required.
7300-1.0-9/20/2005 7
Step 4: Automatically detects and displays the current Ethernet configuration of all the Internal
Networks defined. Add or delete the defined networks.
Step 3: Enter the Default Gateway name & IP address, all the traffic will be routed to the IP
address defined in this screen
Step 4: Update time zone and current date for server clock, if not properly set
7300-1.0-9/20/2005 8
Step 5: Enter Administrator Email Id. Please enter the correct Email Id as it will be used to by
Cyberoam to send system Alerts
Step 6: After the system configuration is updated successfully, following screen will be displayed.
Press <Enter> to continue. Configuration details screen will be displayed.
7300-1.0-9/20/2005 9
Press <Enter> to return to the Console Main menu and reboot Cyberoam.
Installation of Cyberoam as Gateway

Step 1: For placing Cyberoam as Gateway, press ‘g’ or ‘G’ followed by <Enter>
Step 2: Automatically detects and displays the current Ethernet configuration of Internal Interface.
Also displays the Port used by Internal network.
Internal Interface connects the server with the clients (Internal LAN). By default, eth0 is termed as
the Internal Interface.
It is not necessary to use Port A for Internal Network. It depends on how the physical connection is
done. You can connect Internal Network through any other port also.
Change IP address and Net mask, if required.
Step 3: Automatically detects and displays the current Ethernet configuration of External Interface.
Also displays the Port used by External network.
By default, eth1 is termed as the External Interface
7300-1.0-9/20/2005 10
It is not necessary to use Port B for External Network. It depends on how the physical connection
is done. You can connect External Network through any other port also.
Change IP address and subnet mask, if required.
Step 4: Automatically detects and displays the current Ethernet configuration of all the Internal
Networks defined. Add or delete the defined networks.
If you do not want to add or delete the network details, press <Enter>
Note
Do not forget to restart management services after adding or deleting the Network
Step 5: Displays the configured Gateway details - gateway name and IP address, modify if
required.
Step 6: Displays time zone and current date, modify if required
7300-1.0-9/20/2005 11
Step 7: Enter Administrator Email Id. Please enter the correct Email Id as it will be used to by
Cyberoam to send system alerts.
Step 8: After the system configuration is updated successfully, following screen will be displayed.
Press <Enter> to continue. Configuration details screen will be displayed.
7300-1.0-9/20/2005 12
Press <Enter> to return to the Console Main menu.
7300-1.0-9/20/2005 13
R. Restart Management Services

Use to restart the Management services. It will restart all the Cyberoam services.
Message ‘Restarting Authentication service ...... Done’ displayed

Press <Enter> to return to the Main menu.
7300-1.0-9/20/2005 14
1. Network configuration
Use this menu to
• View & change network setting
• Set IP address
• Set Alias
Following screen displays the current Network setting like IP address & Net mask for Internal &
External Network Interfaces. In addition, displays IP address and Net mask of any Aliases bound.
Internal Interface connects the server with the clients (Internal LAN). By default, eth0 is the Internal
Interface
External Interface connects the server to the Outside world. By default, eth1 is the External
Interface
Set IP Address
Following screen allows setting or modifying the IP address for a Network card. Type ‘y’ and press
<Enter> to set IP address
Displays the current IP address and Net mask and prompts for the new IP address and Net mask.
Press <Enter> if you do not want to change any details.
7300-1.0-9/20/2005 15
In ‘’Net type’ type

‘i’ - if the details entered is for the Internal Interface
‘e’ - if the details entered is for the External Interface
Set Alias
To bind Alias, type ‘s’. It displays the details of Aliases bound.
Type Alias number, IP address and Net mask for the Alias
Note
One can assign or bind more than one IP address to the same Ethernet or the Network card. These are
Aliases. It is possible to define Aliases for both Internal as well as External network. Maximum eight IP
addresses (Aliases) can be bound to a single Network card.
Displays message on successful completion of the operation and restarts management services.
7300-1.0-9/20/2005 16
2. System configuration
Use this menu to
• View & change various system properties
2.1 Set Console Password

Use to change the Console password
Type new password, retype for confirmation, and press <Enter>
Displays message on successful completion of the operation.
Press <Enter> to return to the System Setting Menu.
2.2 Set System Date

Use to change time zone and system date
Type ‘y’ to set new time and press <Enter>
Select the appropriate zone by using ‘Tab’ key and press ‘OK’ followed by <Enter>
7300-1.0-9/20/2005 17
Type ‘y’ to reset Date and press <Enter>

Type Month, Day, Year, Hour, Minutes
Press <Enter> to return to the System Menu
2.3 View Access logs

Use to view Access log
Displays list of IP addresses from where the Console was accessed along with Date & time
7300-1.0-9/20/2005 18
2.4 Set Cyberoam Administrator Email ID

Use to change the Email ID of Cyberoam Administrator. Cyberoam sends system alert mails on
the specified Email ID.
Type Email ID and press <Enter>. It displays the new Email ID.
Press <Enter> to return to the System Setting Menu
7300-1.0-9/20/2005 19
2.5 Traceroute Utility

Use to trace the path taken by a packet from the source system to the destination system, over the
Internet.
The typical path taken by data packets sent by the source to the destination has been depicted by
the below figure:
Source System → Router of the Source Network → Router of the Source Network’s ISP → Router
of the Destination’s ISP → Router of the Destination Network → Destination System
Traceroute displays all the routers through which data packets pass on way to the destination
system from the source system. Thus, in effect, we come to know the exact path taken by the data
packets in the data transit.
Press <Enter> to return to the System Setting Menu
2.6 Set Module Info

Use to add the NIC details after the Card is added physically
2.7 Bandwidth Graph Setting

Cyberoam generates Gateway wise – Total and Composite as well as Host Group wise bandwidth
usage graphs, which allows Administrator to monitor the amount of data uploaded or downloaded.
If the graphs are generated with erroneous data due to data corruption, the analysis of the graphs
will results into wrong information. To flush the bandwidth graphs generated with erroneous data
use this option.
Flushing deletes graph and along with the data with which the graph was generated. Graphs
generated after flushing will be generated using the new data.
7300-1.0-9/20/2005 20
2.7.1 Flush Host group Graphs

Use to flush the graph generated for different Host groups defined in the Cyberoam
2.7.2 Flush Gateway Graphs

Use to flush the graph generated for different Gateways defined in the Cyberoam
2.7.3 Flush All Bandwidth Graphs

Use to flush all the Bandwidth graphs generated
2.7.4 Flush Cache Graphs

Use to flush the Cache graphs generated
2.7.0 Exit
Type ‘0’ to exit from the Bandwidth Graph Menu and return to the System Settings Menu
2.8 Advanced NIC Setting

Use to add a new Network card details.
Displays total cards configured in the Server. Press <Enter> followed by ‘y’ to add a new card
Searches for the newly added card and if card is found allows to enter details for the cards else
returns to the System Setting menu.
2.9 Manage Internal Network

Use to add and delete Internal Network
Automatically detects and displays the current Ethernet configuration of all the Internal Networks
defined.
Type ‘a’ to add Ethernet configuration of Internal network

Type networkid and netmask and press <Enter>
7300-1.0-9/20/2005 21
Type ‘d’ to delete the defined Internal network

Type networkid and netmask and press <Enter>
Please do not forget to restart management services after adding or deleting the network
2.10 Enable/Disable LAN Bypass

Use to enable/disable LAN Bypass
Option available only if Cyberoam is in Bridge mode
2.0 Exit
Type ‘0’ to exit from System Setting menu and return to the Main Menu.
7300-1.0-9/20/2005 22
3. Route configuration
Use to configure and view permanent Route details
Cyberoam supports two types of Routes:

1. Permanent – These routes once created, are saved permanently until you explicitly delete
them. In this section, we are talking about permanent routes.
2. Temporary – Flushed when the system is rebooted. Use option 4 – Cyberoam Console in
Cyberoam Main menu to define them.
3.1 Add Route

Use to add 1) Network route 2) Host route
3.1.1 Add Network Route

Use to add route for the Network
Type Network, Net mask and Gateway Address and press <Enter>
7300-1.0-9/20/2005 23
3.1.2 Add Host route

Use to add route for a single Host
Type Host and Gateway Address and press <Enter>
3.1.0 Exit
Type ‘0’ to exit from Add Route menu and return to the Routing tables menu
3.2 Delete Route

Use to delete Network or Host route
3.2.1 Delete Network Route

Use to delete the Network route already created.
Type Network, Subnet mask and Gateway address for the Network to be deleted.
3.2.2 Delete Host Route

Use to delete the Host route already created.
Type IP address of the Host to be deleted.
3.2.0 Exit
Type ‘0’ to exit from Add Route menu and return to the Routing tables menu
3.3 Show Route

Use to view the routing table
Routing is the technique by which data finds its way from one host computer to another. Within any
host, there will be a routing table that the host uses to determine which physical interface address
to use for outgoing IP datagrams.
7300-1.0-9/20/2005 24
There are four basic items of information in such a routing table
1. A destination IP address
2. A gateway IP address
3. Various flags usually displayed as U, G, H and sometimes D and M. U means the route is up,
G means the route is via a gateway, H means the destination address is a host address as
distinct from a network address
4. The physical interface identification
3.0 Exit
Type ‘0’ to exit from Routing tables menu and return to Main Menu.
7300-1.0-9/20/2005 25
4. Cyberoam Console
Use to perform various checks and view logs for troubleshooting
Generally, when using command line help, one has to remember parameters/arguments of the
command or has to go to the help and check for the parameters. Users using command line for the
first time face difficulty in both the situation.
To remove the above difficulty, Cyberoam has inbuilt the help at the command prompt itself.
Press ‘Tab’ to view the list of commands supported.
Type command and then press tab to view the list of argument(s) supported or required. For
example after typing ping press tab, it shows what all parameters are required or allowed
Type command and then press question mark to view the list of argument(s) supported with its
description. For example after typing ping press question mark, it shows what all parameters are
required or allowed with description
Type Exit to return to the Main menu
Refer to Annexure I for the detailed help on various commands supported.
7300-1.0-9/20/2005 26
5. Cyberoam Management
Use this menu to
• Restart management services
• Reset Web management password
• Restore Backup
• Remove Firewall rules
• Manage various Databases
• Setup/Configure DHCP client
• View Audit logs
5.1 Restart Management Services

Use to restart Management service
5.2 Remove Firewall Rules

Firewall defines certain rules that determine what traffic should be allowed in or out of the Internal
network. One can restrict access to certain IP addresses or domain names, or block certain traffic
by blocking the TCP/IP ports used.
7300-1.0-9/20/2005 27
By default, Cyberoam does not allow outbound traffic to pass through. Removing all the firewall
rules will allow all the inbound and outbound traffic to pass through Cyberoam.
5.3 Reset Management Password

Use to reset Web management password.
The password for the username ‘cyberoam’ is reset to ‘cyber’
5.4 Database Utilities

Use to repair databases in case of any corruption in data.
5.4.1 Database Quick Repair

Use to repair database if User is not able to login and receives message ‘Login request
unsuccessful, Contact Administrator’.
It does not repair any of the log tables
Automatically restarts the Management services.
Note
Use Database full repair if you want to repair all databases along with log tables.
To repair only the log tables, use the respective repair log options
7300-1.0-9/20/2005 28
5.4.2 Database Full Repair

Use this repair if any inconsistency found in any of the log data tables or user database.
Automatically restarts the Management services.
Use this option rarely as the time taken to repair the full database is directly proportional to the size
of log tables.
Use the full repair option if the system was shut down abnormally and is giving some unexpected
results.
Database quick repair is a more preferred option.
5.4.3 Repair Web Surfing logs

Use to repair Web surfing log tables if any inconsistency found in the log data tables.
Web surfing log stores the information of all the websites visited by all the users.
5.4.4 Repair User Session logs

Use to repair User Session log tables.
Use this option when user accounting reports are not coming or are mismatched.
Also, use this option if there is some problem in user logout. This might be because the user
accounting record is not being put into the user session table.
Every time the user logs in, session is created. User session log stores the session entries of all
the users and specifies the login and logout time.
5.4.5 Repair Live User Data

Use to repair Live User data table if user login/logout is being affected.
This table stores the current/live user data
5.4.6 Synchronize Live User Data

Use this option if a certain user is not able to logon into Cyberoam.
This happens if the user has not logged out cleanly from his last Cyberoam session due to network
errors.
This option synchronizes the current/live user data with the current scenario.
5.4.7 Repair Summary table Data

Use this option if you are not getting web surfing or internet usage reports.
This option repairs the summary tables.
5.4.0 Exit
Type ‘0’ to exit from the Database Utilities Menu and return to Cyberoam Management Menu
5.5 Download Backup

Use to download backup taken
7300-1.0-9/20/2005 29
5.6 Restore Backup

Use to restore backup taken from Web Interface
5.7 DHCP Client Settings

Use to enable DHCP for a particular interface.
The configured interface will obtain an IP address automatically from a DHCP server running on
the network connected to that interface.
5.8 View Audit Logs

Use to view Audit log
This log stores the details of all the actions performed the User administrating Cyberoam.
Displays operation performed, IP address of the User and result of the operation
5.9 Check and Upgrade New version

Use to check and upgrade to new version
7300-1.0-9/20/2005 30
5.10 Auto Upgrade status

Use to check the auto upgrade status.
5.11 Check and Update Webcat Latest Database

Use to check and upgrade latest webcat database
5.12 Webcat Auto Upgrade Status

Use to check the auto upgrade status
5.12 Custom Menu

Any customized menu option provided especially for the client.
5.0 Exit
Type ‘0’ to exit from Cyberoam Management menu and return to Main menu
7300-1.0-9/20/2005 31
6. Upgrade version
Use to upgrade Cyberoam version
Before using this option, please check upgrade file is uploaded properly.
Follow the screen instructions and upgrade the Cyberoam version
Some of the common errors:
1. Error message: “Upgrade File not found. Please upload version File Properly”
Reason/Solution: This error may occur if the upgrade file is not uploaded from Cyberoam
Web Interface. Go to Cyberoam Web Interface and upload the file again
2. Error message: “System requires Restart of Cyberoam, Please reboot System before
doing upgrade”
Reason/Solution: This error may occur if system is in inconsistent state, reboot the
system from Cyberoam Console and try again. If still not able to upgrade contact
Cyberoam Support
3. Error message/Solution: “Could not extract upgrade file, Please upload upgrade file
properly”
Reason/Solution: This error may occur if upgrade file is corrupted, download Upgrade file
again and repeat the above steps to upgrade
4. Error message: “Could not find upgrade file, Please upload upgrade file properly”
Reason/Solution: This error may occur if upgrade file is corrupted, download Upgrade file
again and repeat the above steps to upgrade
5. Error message: “Cyberoam already Upgraded to Version”

Reason/Solution: This error may occur if you try to upgrade to the same version that is
running currently
6. Error message: “Cyberoam can not be upgraded from Current Version to Newer Version”
Reason/Solution: This error may occur if you are trying to upgrade the version, which is
lower than the current version i.e. from Version 5.0.6.2 to Version 5.0.6.0 or from Version
5.0.6.2 to Version 4.0.0
7300-1.0-9/20/2005 32
7. Dialup Connection
Dial up provides connectivity between Cyberoam server and Internet.
7.1 Connect Dialup

Use to connect to Internet using a normal or an ISDN phone line.
Removes the previous setting for connecting
7.2 Disconnect Dialup

Disconnects the Dialup connection and sets the previous gateway settings.
7.3 Edit PPP Settings

Use to modify the Dialup settings
7300-1.0-9/20/2005 33
Press <ESC>, a small menu box pops up. Press <Enter> on Exit to return to the Dialup menu
7.4 View PPP Logs

Use to view connection log
This log stores connection details. Displays Dialer details, Username, Password etc.
Press <ESC>, a small menu box pops up. Press <Enter> on Exit to return to the Dialup menu
7.5 View Current PPP Logs

Use to view the current log
Press ‘Esc’ key, a small menu box pops up. Press <Enter> on Exit to return to the Dialup menu
7.6 Initialize Modem

Use to configure and initialize modem for Dialup connection
7300-1.0-9/20/2005 34
7.7 Start DialonDemand Service

Use to start DialonDemand service.
Once the service is started, it automatically connects to the Internet when requested.
Connection is automatically disconnected/terminated if remains idle for 2 minutes and reconnects
automatically when requested again.
7.8 Stop DialonDemand Service

Use to stop DialonDemand service
Resets all the previous Gateway settings
7.0 Exit
Type ‘0’ to exit from Dialup menu and return to Main Menu
7300-1.0-9/20/2005 35
8. DNS Services
Cyberoam can also act as a Domain Name server. A Domain Name Server translates domain
names to IP addresses.
Use this option to configure/setup DNS
8.1 Create Domain

Use to add Domain name
Type Name & IP address of a Domain. With this entry, users that try to go to the domain will get
the right IP address.
MX (Mail Exchange) records are used to have mail delivered to users on your domain. Domain
MUST have an MX record, primarily because people typically use an E-mail address with your
domain name ("[email protected]").
Type ‘y’ to create MX record
Press <Enter> to return to DNS configuration menu
8.2 Delete Domain

Use to delete Domain
Type name of the Domain to be deleted.
7300-1.0-9/20/2005 36
Press <Enter> to return to the DNS configuration menu
8.3 Modify entry on Domain

Use to modify entry in Domain
Type name of the Domain to be modified and press <Enter>. Open a new menu
8.3.1 Add Entry in Domain

Use to add Host or MX entry to Domain
To add Host entry

Type ‘h’ followed by Host name and IP address
To add MX entry
Type ‘m’ followed by Domain name
Press <Enter> to return to the menu
8.3.2 Delete Entry from Domain

Use to delete the entry from Domain
To add Host entry

Type ‘h’ followed by Host name
To add MX entry
Type ‘m’ followed by Domain name
7300-1.0-9/20/2005 37
After message ‘Entry Deleted successfully’ displayed and press <Enter> to return to the menu
8.3.3 List Entry in Domain
Use to view the list of Entries in Domain
Press <Enter> to return to the menu
8.3.0 Exit
Type ‘0’ to return to the DNS configuration menu
8.4 List of Domains

Use to view list of domains created
Press <Enter> to return to DNS configuration menu
8.0 Exit
Type ‘0’ to return to the Main menu
7300-1.0-9/20/2005 38
9. Bandwidth Monitor
Use to monitor the bandwidth used by each Interface.
Displays bandwidth used for receiving, transmitting and total bandwidth used by each interface.
Press ‘q’ or ‘Q’ to return to the Main menu
7300-1.0-9/20/2005 39
10 Mail Server Menu

Before using this option, please check whether server is registered or not.
Register server from Cyberoam GUI (Select Help Æ Register Add on Modules)
Use to add and configure Mail server other than Cyberoam mail server.
10.1 User Migration Utility for Mail server

Use this option to migrate Users
It is necessary to migrate all the Users if the default domain is changed.
Type ‘y’ to modify user entries

Message ‘User migration completed successfully’ displayed if users are migrated successfully
Press <Enter> to return to Mail Server menu
10.2 Configuration Menu

Use to configure Users
7300-1.0-9/20/2005 40
10.2.1 Modify User Quota

Use to limit the size of messages the User can receive and send.
Type the User name whose limit you want to change and specify the size
10.2.1 Modify User Account Status

Use to change the user status, can Activate or Deactivate the User
10.2.2 Modify User Detail

Use to modify the User details like Address, ID, and Account date
10.2.3 Disable Forwarding of User

If enabled, disables the message forwarding for the user
10.2.4 Disable Autoresponder of User

If enabled, disables the Autoresponder option
10.2.5 Check User property

Use to view the User properties set
10.2.6 Check mails in Queue

Use to view the mail queue.
Displays process id, total number of messages in queue and number of messages yet to be
processed.
7300-1.0-9/20/2005 41
10.2.7 Flush mail in Queue

Use to flush mail queue
10.2.8 Delete mail from Queue

Use to delete mails from queue
To delete mails, you have to specify process id. To obtain the process id, go to 10 Mail Server
menu > 2 Configuration menu > 10.2.6 Check Mails in Queue
10.2.9 Mailbox of User

Use to view the users’ mailbox size and usage
10.2.10 Backup of Mail Server

Use to take the backup of mail server
10.0 Exit
Type ‘0’ to exit from Configuration menu and return to the Mail Server menu
10.3 Restart Mail services

Use to restart Mail services
7300-1.0-9/20/2005 42
10.4 View Intrapop Logs

Use to view Intrapop logs
10.0 Exit
Type ‘0’ to exit from Mail Server menu and return to the Main menu
7300-1.0-9/20/2005 43
11. Trend AntiVirus Menu

Cyberoam comes with a third party SMTP and HTTP Virus scanner.
Use this option to start antivirus server.
Before using this option, please check whether server is registered or not.
Register Antivirus server from Cyberoam GUI (Select Help Æ Register Add on Modules)
Antivirus software checks for the virus in the Emails and traffic passing through the Server.
Depending on the configuration, action will be taken (infected file(s) will be deleted or quarantined)
and reported to the Administrator.
11.1 IMSS Menu

Use to manage IMSS (Interscan Messaging Security Suite). IMSS runs on port 10025 and GUI is
accessible from port 8081.
11.1.1 Restart IMSS services

Use to restart IMSS services
11.1.2 Create POP connection

Use to create POP connection
Specify port number for pop3 connection
11.1.3 View IMSS logs

Use to view IMSS log
7300-1.0-9/20/2005 44
11.0 Exit
Type ‘0’ to exit from IMSS menu and return to the Trend Menu
11.2 IWSS Menu

Use to manage IWSS (Interscan Web Security Suite). IWSS runs on port 8080 and GUI is
accessible from port 1812.
11.2.1 Restart IWSS services

Use to restart IWSS services
11.1.2 View IWSS logs

Use to view IWSS log
11.0 Exit
Type ‘0’ to exit from the IMSS menu and return to the Trend Menu
7300-1.0-9/20/2005 45
11.3 Configure to run IMSS

Configure for using IMSS
11.4 Configure to run IWSS

Configure for using IWSS
11.5 Remove Configuration of Trend

Use to remove trend configuration.
11.0 Exit
Type ‘0’ to exit from Trend menu and return to the Main menu
7300-1.0-9/20/2005 46
12. VPN Management

VPN Management is an add-on module which needs to be registered before use.
12.1 Regenerate RSA Key

Use to regenerates the local public key used for authenticating users.
Public key authentication uses two keys – public key available to anyone and a private key held by
only one individual. The sender encrypts the data with the recipient’s public key. Only the recipient
can decrypt the data, being the only one who possesses the corresponding private key.
RSA key is used for authenticating user, when authentication type is defined as ‘Public key’ for Net
to Net connection. Connection type and Authentication type are defined from Web based
Administration Console.
Public key available to all is termed as Local Public/RSA key while private key known to only one
individual is termed as Remote Public key.
Longer the key life, larger the risk as it becomes easier to intercept the ciphered text, hence it is
better to regenerate the RSA key after certain time interval.
Once the key is generated it is to be send to all the users.
12.2 Restart VPN service

Use to restart VPN Service
7300-1.0-9/20/2005 47
12.3 View VPN Logs

Use to view VPN logs for troubleshooting
12.0 Exit
Type ‘0’ to exit from VPN menu and return to the Main menu
7300-1.0-9/20/2005 48
13. Shutdown/Reboot Cyberoam

Use to shutdown or reboot Cyberoam server.
0. Exit
Type ‘0’ to exit from Cyberoam Console Management
7300-1.0-9/20/2005 49
Annexure I
arp
Used for debugging purposes, to get a complete dump of the ARP cache
Syntax
arp [ping] [show]
Parameter list & description

ping Sends ICMP ECHO_REQUEST packets to network hosts. Refer to Ping command
for details.
Show Show / manipulate arp cache. Refer to Show command for details.
cacheclient
Client to query cache server using URL as argument
Syntax
cacheclient <string>
clear
Clears the screen
Syntax
clear
cyberoam
Cyberoam Management
Syntax
cyberoam [bandwidth] [database] [dhcp] [dialup-menu] [firewall] [mail-services] [register] [reset]
[restore] [services] [shutdown] [upgrade] [view] [webmail-services]
bandwidth Bandwidth Management

[graph-settings] [monitor]
7300-1.0-9/20/2005 50
graph-settings opens Bandwidth Graph Management menu. It allows to flush the

generated graphs
monitor displays bandwidth bonsumed by all clients
database Repair Web Surfing log and User Session log tables
[repair]
dhcp DHCP Client Settings

[setup]
dialup-menu Opens Dial Up Connection Menu
dns-menu Opens DNS Services menu
firewall Firewall Settings

[rules | remove]
mail-services Mail Services
register Register Mail Server and Webmail
reset Reset Cyberoam Environment
restart Restart Cyberoam Machine
restore Restore Cyberoam Server Configuration
services Authentication services

restart Restart Services
shutdown Shutdown Cyberoam Machine
upgrade Upgrade the Existing Version to a Newer Version
view Show Logs

audit-log View Audit Log
webmail-services Webmail Services
dnslookup
Query Internet domain name servers for hostname resolving
Syntax
7300-1.0-9/20/2005 51
dnslookup [host | server]
server Internet name or address of the name server

[- | <ipaddress> [host]| <string>]
host Host to find

[<ipaddress> [dot_notation_address | queryclass <string> | querytype <string> | time <number>]|
<string> | [queryclass <string> | time <number>]]
ip
IP Utility from iproute2 package
Syntax
ip [ -family | addr | dnet | inet | inet6 | ipx | link | maddr | monitor | mroute | neigh | no_protocol |
route | rule | tunnel ]

-family Protocol family identifier: inet, inet6, ipx, dnet or link
[ dnet | inet | inet6 | ipx | no_protocol ]
Specifies the address family which affects interpretation of the remaining parameters.
Since an interface can receive transmissions in differing protocols with different
naming schemes, specifying the address family is recommended.
addr Protocol Address Management

[add | del | flush | show]
add Add a new Protocol address

[ <ipaddress> | dev | peer ]
del Delete a Protocol address

[ <ipaddress> | dev | peer ]
dev Device name

[ eth0 | lo ]
peer For PointToPoint Interfaces

[<ipaddress> | anycast | broadcast | dev | label | scope]
anycast - Destinations are anycast addresses

[<ipaddress> | broadcast | dev | label | scope]
broadcast Broadcast address on the interface
7300-1.0-9/20/2005 52
[<ipaddress> | anycast | dev | label | scope]
scope The scope of the area where this address is valid

[<number> | anycast | broadcast | dev | global | host | label | link]
label Each address may be tagged with a label string

[<string> | anycast | broadcast | dev | scope]
global
[anycast | broadcast | dev | label]
host
link
flush Flush Protocol addresses

[deprecated | dev | dynamic | label | permanent | primary | scope | secondary |
tentative | to ]
show Display Protocol addresses

[deprecated | dev | dynamic | label | permanent | primary | scope | secondary |
tentative | to]
deprecated (IPv6 only) list deprecated addresses

[dev | label | scope | to]
dev Device name

[ eth0 | lo ]
dynamic List addresses installed due to stateless address

configuration
label Each address may be tagged with a label string

[<string> | deprecated | dev | dynamic | permanent | primary | scope |
secondary | tentative | to ]
permanent Permanent addresses only

primary Primary addresses only

scope Scope of the area where this address is valid

[<number> | deprecated | dev | dynamic | global | host | label | | link |
permanent | primary | secondary | tentative | to ]
7300-1.0-9/20/2005 53
secondary Secondary addresses only

tentative (IPv6 only) Addresses which did not pass

duplicate address detection
to List addresses matching this prefix

[<string> | deprecated | dev | dynamic | label | permanent | primary |
secondary | tentative]
global
[deprecated | dev | dynamic | label | permanent | primary | secondary
| tentative | to]
host
| tentative | to]
link
| tentative | to]
dnet
[addr | link | maddr | monitor | mroute | neigh | route | rule | tunnel]
inet
inet6
ipx
link Network Device Configuration

[set | show [eth0 | lo]]
set
[eth0 | lo] [address | allmulti | arp | broadcast | down | dynamic | mtu | multicat | name
| promisc | txqueuelen | up]
address Change the Station address of the Interface

[<string>]
allmulti Device receives all Multicast Packets on the link

[off | on]
arp Change the NOARP flag on the Device.

[off | on]
7300-1.0-9/20/2005 54
broadcast Change the link layer Broadcast Address.

[<string>]
down Change the State of Device to DOWN
dynamic Flag indicating that Interface is dynamically

created/destroyed
[off | on]
mtu Change the MTU of the Device.

[<number>]
name Change the Name of the Device

[<text>]
multicast Flag indicating that the Interface is aware of Multicasting

[off | on]
promisc Device listens to and feeds to the kernel all traffic on the link
[off | on]
txqueuelen Transmit Queue Length

[<number>]
up Change the State of Device to UP
maddr Link Layer Multicast Address Management

[add | del | show]
add Add a Multicast Address

[<string> | dev]
del Delete a Multicast Address

[<string> | dev]
dev Device to join/leave this Multicast Address

[eth0 | lo]
show List Multicast Addresses

[dev]
monitor State Monitoring

[<string> | all]
mroute Multicast Routing Cache Management

[show [from <string>| interface [eth0 | lo]| to <string>]]
no_protocol
7300-1.0-9/20/2005 55
neigh Neighbour/Arp Tables Management

[add | change | del | flush | replace | show]
add Add a new Neighbour entry

[<ipaddress> [dev | lladdr | nud] | proxy [dev]]
lladdr lladdr Link Layer Address of neighbour

[<text> | dev | nud]
nud Neighbour Unreachability Detection

[noarp | permanent | reachable | stale] [dev | lladdr]
change Change an Existing entry

del Delete a Neighbour entry

flush Flush Neighbour Entries

[dev | nud | to <text>]
replace Add a new entry or Change an existing one

show List Neighbour Entries

[dev | nud | to <text>]
route Routing Table Management

[add | append | change | del | flush | get | list | replace]
add Add a new route

[<string> | blackhole | broadcast | local | multicast | nat | prohibit | throw | unicast |
unreachable]
append Adds route to the end of list

unreachable]
change Change a route

unreachable]
del Delete a route

unreachable]
flush Flush routing tables
7300-1.0-9/20/2005 56
[exact <string> | match <string> | proto | root | scope | table | type]
exact
[<string> | match <string> | proto | root | scope | table | type]
match
[<string> | exact | proto | root | scope | table | type]
proto
[<number> | boot | exact | kernel | match | root | scope | static | table |
type]
boot
[exact <string> | match <string> | root | scope | table | type]
kernal
static
root
[<string> | exact | match | proto | scope | table | type]
scope
[<number> | exact | global | host | link | match | proto | root | table |
type]
global
[exact | match | proto | root | table | type]
host
link
table
[<number> | all | default | exact | local | main | match | protoc | root |
scope | type]
type
[blackhole | broadcast | exact | local | match | multicast | nat | prohibit
| proto | root | scope | table | throw | unicast | unreachable]
get Get a single route

[<ipaddress> | from | output_iface | tos]
from from
7300-1.0-9/20/2005 57
[<ipaddress> | input_iface [eth0 | lo] | output_iface [eth0 | lo]| tos

<number>]
output_iface
[eth0 | lo | from | tos]
tos
[<number> | from | output_iface]
list List routes

unreachable]
replace Replace
unreachable]
blackhole Unreachable destinations

[<string> | advmss | cwnd | dev | equalize | metric | mtu | nexthop | onlink | pervasive |
proto | realms | rtt | rttvar | scope | ssthresh | table | tos | via | weight | window]
broadcast Destinations are broacast addresses

realms | rtt | rttvar | scope | ssthresh | table | tos | via | weight | window]
local Destinations are assigned to this host

multicast Used for mutlicasting routing

nat NAT route

prohibit Unreachable destinations

throw Route used with policy rules

unicast Route entry describes real paths to the destinations

unreachable Unreachable destinations
7300-1.0-9/20/2005 58
advmss Advertise Maximal Segment Size.

[<number> | cwnd | equalize | mtu | nexthop | realms | rtt | rttvar | ssthresh | window]
cwnd Clamp for congestion window.

[<number> | advmss | equalize | mtu | nexthop | realms | rtt | rttvar | ssthresh |
window]
dev The Output Device name.

[etho | lo] [ advmss | cwnd | equalize | mtu | nexthop | online | pervasive| realms | rtt |
rttvar | ssthresh | via | weight | window]
equalize Allow packet by packet randomization on multipath routes.

[nexthop | dev | online | pervasive | via]
metric Preference value of the Route

[<number> | advmss | cwnd | dev | equalize | mtu | nexthop | onlink | pervasive | proto
| realms | rtt | rttvar | scope | ssthresh | table | tos | via | weight | window]
mtu Maximal Transfer Unit

[<number> | advmss | cwnd | equalize | nexthop | realms | rtt | rttvar | ssthresh |
window]
nexthop The nexthop of a multipath route

[dev | onlink | pervasive | via | weigth]
onlink Pretend that nexthop is directly attached to this link.

[<number> | advmss | cwnd | equalize | nexthop | realms | rtt | rttvar | ssthresh |
window]
pervasive Pervasive hop

[advmss | cwnd | equalize | mtu | nexthop | realms | rtt | rttvar | ssthresh | window]
realms Route with this realm

[<string> | advmss | cwnd | equalize | mtu | nexthop | rtt | rttvar | ssthresh | window]
rtt Round Trip Time

[<number> | advmss | cwnd | equalize | mtu | nexthop | realms | rttvar | ssthresh |
window]
rttvar Initial RTT variance estimate

[<number> | advmss | cwnd | equalize | mtu | nexthop | realms | rtt | ssthresh |
window]
ssthresh Estimate for the initial slow start threshold.

[<tesx> | advmss | cwnd | equalize | mtu | nexthop | realms | rtt | rttvar | window]
via Address of the nexthop router.
7300-1.0-9/20/2005 59
[<ipaddress> | advmss | cwnd | dev | equalize | mtu | nexthop | onlink | pervasive |

realms | rtt | rttvar | ssthresh | weight | window]
weight Weight for this element of a multipath route reflecting its quality.
[<number> | advmss | cwnd | dev | equalize | mtu | nexthop | onlink | pervasive |
realms | rtt | rttvar | ssthresh | weight | window]
window Maximal window for TCP to advertise

[<number> | advmss | cwnd | equalize | mtu | nexthop | realms | rtt | rttvar | ssthresh]
rule Routing policy database management

[add | del | dev | from | fwmark | list | nat | pref | prohibit | realms | reject | table | to | tos |
unreacheable]
add Insert new rule

[dev | from | fwmark | nat | pref | prohibit | realms | reject | table | to | tos |
unreacheable]
del Delete rule

unreacheable]
dev Network device

[eth0 | lo] [from | fwmark | nat | pref | prohibit | realms | reject | table | to | tos |
unreacheable]
from Source prefix

[<string>] [dev | fwmark | nat | pref | prohibit | realms | reject | table | to | tos |
unreacheable]
fwmark fwmark value

[<string>] [dev | from | nat | pref | prohibit | realms | reject | table | to | tos |
unreacheable]
list List rules

unreacheable]
nat Base of the IP address block to translate

[<ipaddress>] [prohibit | realms | reject | table | unreacheable]
pref Rule priority

[<number>] [dev | from | fwmark | nat | pref | prohibit | realms | reject | table | to | tos |
unreacheable]
prohibit Prohibit Communication administratively

[nat | realms | table]
realms Select realm(s)
7300-1.0-9/20/2005 60
[<text>] [nat | prohibit | reject | table | unreacheable]
reject Bad Path

[nat | realms | table]
table Rules for this table

[<number>] [default | local | main | nat | prohibit | realms | reject | unreacheable]
to Destination prefix
[<string>] [dev | from | fwmark | nat | pref | prohibit | realms | reject | table | tos |
unreacheable]
tos TOS value

[<number>] [dev | from | fwmark | nat | pref | prohibit | realms | reject | table | to | tos |
unreacheable]
tunnel (IP tunnel devices only.) Configure the physical source and destination address for IP
tunnel interfaces
[add | change | del | show]
add Add a new tunnel

[<interface> | csum | dev | icsum | ikey | iseq | key | local | mode | nopmtudisc | ocsum
| okey | oseq | pmtudisc | remote | seq | tos | ttl]
change Change existing tunnel

del Delete a tunnel

show List tunnels

csum (only GRE tunnels) generate/require checksums for tunneled

packets
[<interface> | dev | ikey | iseq | key | local | mode | nopmtudisc | okey
| oseq | pmtudisc | remote | seq | tos | ttl]
dev Network device

[eth0 | lo ] [<interface> | csum | icsum | ikey | iseq | key | local | mode
| nopmtudisc | ocsum | okey | oseq | pmtudisc | remote | seq | tos | ttl]
icsum Generate/require checksums for tunneled packets

ikey Use keyed GRE with this Input key
7300-1.0-9/20/2005 61
[<ipaddress> | <number> ] [<interface> | csum | dev | icsum | iseq |

local | mode | nopmtudisc | ocsum | oseq | pmtudisc | remote | seq |
tos | ttl]
iseq Flag enables sequencing of incoming packets

[<interface> | csum | dev | icsum | ikey | key | local | mode |
nopmtudisc | ocsum | okey | pmtudisc | remote | tos | ttl]
key (only GRE tunnels) use keyed GRE with key K

[<ipaddress> | <number> ] [<interface> | csum | dev | icsum | iseq |
tos | ttl]
local Set the fixed local address for tunneled packets

[<ipaddress>] [<interface> | csum | dev | icsum | ikey | iseq | key |
mode | nopmtudisc | ocsum | okey | oseq | pmtudisc | remote | seq |
tos | ttl]
mode Set the tunnel mode

[gre | ipip | sit] [<interface> | csum | dev | icsum | ikey | iseq | key |
local | nopmtudisc | ocsum | okey | oseq | pmtudisc | remote | seq |
tos | ttl]
nopmtudisc Disable Path MTU Discovery on this tunnel

[<interface> | csum | dev | icsum | ikey | iseq | key | local | mode |
ocsum | okey | oseq | remote | seq | tos | ttl]
ocsum Generate/require checksums for tunneled packets

okey Use keyed GRE with this output key

[<ipaddress> <number>] [<interface> | csum | dev | icsum | iseq |
tos | ttl]
oseq Flag enables sequencing of outgoing packets

pmtudisc Enable Path MTU Discovery on this tunnel

[<interface> | csum | dev | icsum | ikey | iseq | key | local | mode |
ocsum | okey | oseq | remote | seq | tos | ttl]
remote Set the remote endpoint of the tunnel

[<ipaddress>] [<interface> | csum | dev | icsum | ikey | iseq | key |
local | mode | nopmtudisc | ocsum | okey | oseq | pmtudisc | seq | tos
| ttl]
seq Flag is equivalent to the combination `iseq oseq'

7300-1.0-9/20/2005 62
tos Type of Service

[<number>] [<interface> | csum | dev | icsum | ikey | iseq | key | local
| mode | nopmtudisc | ocsum | okey | oseq | pmtudisc | remote | seq |
ttl]
ttl Time to Live

[<number>] [<interface> | csum | dev | icsum | ikey | iseq | key | local
| mode | nopmtudisc | ocsum | okey | oseq | pmtudisc | remote | seq |
tos | ttl]
message
Send Message to all the users
Syntax
Message all-users <text>
ping
Sends ICMP ECHO_REQUEST packets to network hosts
Syntax
ping [count | duplicate | interface | silent | source | timeout]

count Amount of times to send the ping request
[ <number> | duplicate | interface | silent | source | timeout]
duplicate duplicate address detection mode

[interface | silent | source | timeout]
interface outgoing interface address to use for multicast packets
[eth0 | lo <ipaddress>]
silent does not print any message(s)

[duplicate | interface | source | timeout]
source source address

[count | duplicate | interface | silent | timeout]
timeout stop after this time

[ <number> | count | duplicate | interface | silent | source]
7300-1.0-9/20/2005 63
route
Use to view / manipulate the IP routing table. Route manipulates the kernel’s IP routing tables. Its
primary use is to set up static routes to specific hosts or networks via an interface.
When the add or del options are used, route modifies the routing tables. Without these options,
route displays the current contents of the routing tables
Syntax
route [add | del | show]
add add a new route

[<ipaddress> | default | host | mss | net | window]
del delete route

[<ipaddress> | default | host | mss | net]
show displays the routing table in the following format
Output
Destination The destination network or destination host
Gateway The gateway address or '*' if none set
Genmask The netmask for the destination net; '255.255.255.255' for a host destination and
'0.0.0.0' for the default route
Flags
Possible flags include
U (route is up)
H (target is a host)
G (use gateway)
R (reinstate route for dynamic routing)
D (dynamically installed by daemon or redirect)
M (modified from routing daemon or redirect)
A (installed by addrconf)
C (cache entry)
! (reject route)
Metric The ‘distance’ to the target (usually counted in hops). It is not used by recent kernels,
but may be needed by routing daemons.
7300-1.0-9/20/2005 64
Ref Number of references to this route. (Not used in the Linux kernel.)
Use Count of lookups for the route. Depending on the use of -F and -C this will be either
route cache misses (-F) or hits (-C).
Iface Interface to which packets for this route will be sent
set
Set entities
Syntax
set [ bandwidth | cache | date | network | qmail ]

bandwidth Bandwidth Settings
[ graph ]
graph Opens the Bandwidth Graph Management menu and allows to flush
the generated graphs
cache Set Cache Properties
clean Removes all Cached files
date Set Timezone, Date and Time
network Network Settings

[ access | card | ipaddress ]
access Advanced Natwork setting
card Advanced NIC setting
ipaddress Change IP address
qmail Q-Mail Settings

[ server ]
7300-1.0-9/20/2005 65
show
Shows various system modules information
Syntax
show [ access-log | cache | date | login | mail | network | reboot | system ]

access-log View IP addresses of machines from where Cyberoam was (attempt-)accessed
cache Show cache Information

[ log [access | all | error] | space ]
date System Time & Date
login Show who is/was logged on
mail Information about mail subsystem

[ livelog | log | queue]
network Show network connections from system

[ bandwidth | connections | interfaces [all] ]
reboot Show system reboot history
system Information about system hardware, resources, and softwares

[ cpu | devices | disk | dma | filesystems | interrupts | iomem | ioports | memory | messages |
modules | partitions | pci | processes | statistics | uptime ]
cpu Displays cpu information like processor, vendor, model, model name,
speed, cache size
devices Displays list of System Devices
disk Displays the records of disk space used. Also displays distribution of
disk space, used and unused disk space by the various file systems
on a volume.
dma Displays DMA information
filesystems Displasy dilesystems supported by System
interrupts Displays System Interrupts information
iomem Displays I/O and Memory information
ioports Displays I/O Ports information
memory Display system memory status
7300-1.0-9/20/2005 66
messages Use to examine or control the kernel ring buffer. Helps to print
bootup messages used for debug
modules Displays list of loaded modules
partitions Displays Partition information
pci Displays Peripherals information
processes Displays Process Tree
statistics Displays reports about processes, memory, paging, block IO, traps,
and cpu activity
uptime Tell how long the system has been running
tcpdump
tcpdump prints out the headers of packets on a network interface that match the boolean
expression. Only packets that match expression will be processed by tcpdump.
Syntax
tcpdump [<text> | count | hex | interface | llh | no_time | dump line | quite | verbose ]

<text> Packet filter expression
[ count | hex | interface | llh | no_time | dump line | quite | verbose ]
selects which packets will be dumped. If no expression is given, all packets on the
net will be dumped. Otherwise, only packets for which expression is `true' will be
dumped.
The expression consists of one or more primitives. Primitives usually consist of an id

(name or number) proceeded by one or more qualifiers.
count Exit after receiving count packets

[<count> | <text> | hex | interface | llh | no_time | dump line | quite | verbose ]
hex Print each packet (minus its link level header) in hex
[<text> | count | interface | len <number>| llh | no_time | dump line | quite | verbose ]
interface Listen on <interface>

[[eth0 | lo] | <text> | <count> | hex | llh | no_time | promisc | quite | verbose ]
promisc Do not put the interface into promiscuous mode

[<count> | hex | interface | llh | no_time | quite | verbose ]
7300-1.0-9/20/2005 67
llh Print the link-level header on each dump line

[<text> | count | hex | interface | no_time | quite | verbose ]
no_time Do not print a timestamp on each dump line

[<text> | count | hex | interface | llh | quite | verbose ]
quite Print less protocol information so output lines are shorter.

[<text> | count | hex | interface | llh | no_time | verbose ]
verbose Verbose output. For example, the time to live, identification, total
length and options in an IP packet are printed. Also enables
additional packet integrity checks such as verifying the IP and ICMP
header checksum.
[<text> | count | hex | interface | llh | no_time | quite ]
telnet
Uses the telnet protocol to connect to another remote computer.
Syntax
telnet [<ipaddress> <port> | source | tos]
ipaddress official name, an alias, or the Internet address of a remote host
port Indicates a port number (address of an application). If a number is not specified, the
default telnet port is used.
source Use given IP address as source address

[<ipaddress> <port> | tos]
tos IP type-of-service option for the connection

[<number> | <ipaddress> <port>| tos]
traceroute
Use to print the route packets take to network host
The Internet is a large and complex aggregation of network hardware, connected together by
gateways. Tracking the route one's packets follow (or finding the miscreant gateway that is
discarding your packets) can be difficult. Traceroute utilizes the IP protocol `time to live' field and
7300-1.0-9/20/2005 68
attempts to elicit an ICMP TIME_EXCEEDED response from each gateway along the path to some
host.
Syntax
traceroute [[<ipaddress> | <string> | size ] [base-port <port> | first-ttl | icmp | max-ttl | no-frag |
probes | source | timeout | tos]

base Set the base UDP port number used in probes -default 33434
[ <port> | <ipaddress> | first-ttl | icmp | no-frag | probes | source | timeout | tos]
first-ttl Set the initial time-to-live used in the first outgoing probe packet
[<number>|<ipaddress> <string>|base-port|icmp | max-ttl | no-frag | probes | source | timeout | tos]
icmp Use ICMP ECHO instead of UDP datagrams

[<ipaddress> <string> | base-port | first-ttl | max-ttl | no-frag | probes | source | timeout | tos]
max-ttl Set the max time-to-live

[<number> | <ipaddress> <string>| base-port|first-ttl| icmp | no-frag | probes | source | timeout | tos]
no-frag Set the 'don't fragment' bit

[<ipaddress> <string> | base-port | first-ttl | icmp | max-ttl | probes | source | timeout | tos]
probes Probes are sent at each ttl -default 3

[<count> | <ipaddress> <string> | base-port| first-ttl | icmp | max-ttl | no-frag | source | timeout | tos]
source Use given IP address as source address

[<ipaddress> <string> | base-port | first-ttl | icmp | max-ttl | no-frag | probes | timeout | tos]
timeout Set the timeout -in seconds for a response to a probe -default 5
[<count> | <ipaddress> <string> | base-port | first-ttl | icmp | max-ttl | no-frag | probes | source | tos]
tos Set the type-of-service

[<number> | <ipaddress> <string> | base-port | first-ttl | icmp | max-ttl | no-frag | probes | source |
timeout]
7300-1.0-9/20/2005 69

Cyberoam Console Guide

Uploaded by

Copyright:

Available Formats

Cyberoam Console Guide

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cyberoam Console Guide

Uploaded by

Copyright:

Available Formats

CYYBBEERRO

Elitecore Technologies Ltd.

Guide Audience ______________________________________________________________________ 1

These documents are available at the site: www.cyberoam.com/cyberoam/product.htm

Visit www.cyberoam.com for the regional and latest contact information.

Item Convention Example

Notes & Bold

Accessing Cyberoam Console

Accessing Console via TELNET

To start the TELNET utility:

Default password for Cyberoam console is “admin”.

On successful login, following Main menu screen will be shown.

00. Post Installation wizard

Change Deployment mode

Installation of Cyberoam as Bridge

Press <Enter> to continue. Configuration details screen will be displayed.

Installation of Cyberoam as Gateway

Change IP address and Net mask, if required.

By default, eth1 is termed as the External Interface

Change IP address and subnet mask, if required.

Step 6: Displays time zone and current date, modify if required

Press <Enter> to continue. Configuration details screen will be displayed.

Press <Enter> to return to the Console Main menu.

R. Restart Management Services

Message ‘Restarting Authentication service ...... Done’ displayed

In ‘’Net type’ type

Press <Enter> to return to the Main menu.

2.1 Set Console Password

Displays message on successful completion of the operation.

Press <Enter> to return to the System Setting Menu.

2.2 Set System Date

Type ‘y’ to set new time and press <Enter>

Type ‘y’ to reset Date and press <Enter>

Press <Enter> to return to the System Menu

2.3 View Access logs

2.4 Set Cyberoam Administrator Email ID

Press <Enter> to return to the System Setting Menu

2.5 Traceroute Utility

Press <Enter> to return to the System Setting Menu

2.6 Set Module Info

2.7 Bandwidth Graph Setting

2.7.1 Flush Host group Graphs

2.7.2 Flush Gateway Graphs

2.7.3 Flush All Bandwidth Graphs

2.7.4 Flush Cache Graphs

2.8 Advanced NIC Setting

2.9 Manage Internal Network

Type ‘a’ to add Ethernet configuration of Internal network

Type ‘d’ to delete the defined Internal network

2.10 Enable/Disable LAN Bypass

Option available only if Cyberoam is in Bridge mode

Cyberoam supports two types of Routes:

3.1 Add Route

3.1.1 Add Network Route

3.1.2 Add Host route

3.2 Delete Route

3.2.1 Delete Network Route

3.2.2 Delete Host Route

3.3 Show Route

There are four basic items of information in such a routing table