Unified Threat Management

POWER
POWER

Console

CF/HDD

Future-ready

CR 50iNG

RESET

POWER
POWER

Console

CF/HDD

Future-ready

CR 100iNG

RESET

QUICK START GUIDE

CR50iNG Appliance
CR100iNG Appliance

Document Version: PL QSG 50iNG-100iNG/96000-10.04.5.0.007/250121014

DEFAULTS

Package Contents

Default IP addresses
Ethernet Port
A
B

IP Address
172.16.16.16/255.255.255.0
IP via DHCP

Checking the package contents - Check

that the package contents are complete.

Zone
LAN
WAN

!
!
!
!
!
!

Default Username & Password

Web Admin Console
*
Username
admin
*
Password
admin

One Cyberoam Appliance

One Serial Cable
One Power Cable
One Cyberoam Quick Start Guide
One Straight-through Ethernet Cable
Rack Mount Kit

Serial Cable

Power Cable

Quick Start Guide

Blue Straight-through
Ethernet Cable

CLI Console (SSH/Serial Connection)

*

Password

admin

If any items from the package are missing.

please contact Cyberoam Support at
[email protected]

* Username and Password are case sensitive

UNDERSTANDING THE APPLIANCE

FRONT PANEL

Console Port
Console cable connects here

POWER
POWER

Console

CF/HDD

Future-ready

CR 100iNG

Power
Button

RESET

USB
Provided for future use

Ports

! A,B,C,D,E,F,G,H - Use these ports to connect

the Appliance to the Ethernet network. If you
want to bypass Cyberoam incase of power or
Appliance failure when deployed as Bridge, use
A and B or C and D pairs of ports.

System Fans

Power
Power
Outlet Supply Fan

As Cyberoam does not pre-configure any ports for LAN, WAN, DMZ networks, it is not necessary to use any particular port for
them. Usage of ports depends on how the physical connection is required or planned.

PLANNING THE CONFIGURATION

Before configuring, you need to plan the deployment mode of Cyberoam. Cyberoam can be placed in
Bridge or Gateway/Route mode according to your requirement.
To control the Internet access through Cyberoam the entire Internet bound traffic from the LAN network
should pass through Cyberoam.

Gateway Mode
Configure as Gateway if you want to use Cyberoam as
1. A firewall or replace an existing Firewall
2. A gateway for routing traffic
3. Link load balancer and implement gateway failover functionality
Apart from configuring Gateway IP address (IP address through which all the traffic will be routed),
you must also configure LAN and WAN IP addresses.

Internet

LAN Network
10.10.10.1
10.10.10.2

Cyberoam in
Gateway mode

Gateway mode
policies controlling
traffic between
LAN & DMZ networks.

61.10.15.18
WAN
61.10.15.17

Gateway mode
policies controlling
traffic between
LAN and WAN
networks.

10.10.10.3

DMZ Network
Mail Server

Web Server

192.168.1.254
192.168.1.9

192.168.1.5

Bridge Mode
Configure as Bridge if
1.

You have a private network behind an existing firewall or behind a router and you do not want to replace the
firewall.

2.

You are already masquerading outgoing traffic.

Internet

Cyberoam
in Bridge mode

LAN Network

LAN
10.10.10.5

10.10.10.254

10.10.10.1
Management IP
Bridge mode policies
controlling traffic between
LAN and WAN networks

You will be able to manage and monitor the entire Internet traffic passing through Cyberoam, control web
access and apply bandwidth and application restrictions, apply antivirus and antispam policy and IPS policy in
either of the modes.

GETTING CONFIGURATION INFORMATION

Use the table given below to gather ISP (Internet Service Provider) information
If Internet
connection
is via

You are probably

using

Get information

Cyberoam
configuration from
Network Configuration
wizard

Cable modem,
DSL with a
Router

DHCP

-----------

Select Obtain an IP from

DHCP

Home
DSL/ADSL

PPPoE

Username
Password

Select Obtain an IP from

PPPoE

T1/E1,
Static
broadband,
Cable or DSL
with a static IP

Static

IP address
Subnet mask
Gateway IP address
Primary DNS
Secondary DNS

Select Use Static IP

How to get the information:

From the PC connected to the Internet:
open a command prompt window, type the
command ipconfig.

Use the tables given below to gather the information you need before proceeding to deploy the Appliance.

Gateway Mode
For all the required Ports

Port A

IP address
Subnet Mask
Zone Type

___.___.___.___
___.___.___.___
LAN/WAN/DMZ

Port B IP address
Subnet Mask
Zone Type

___.___.___.___
___.___.___.___
LAN/WAN/DMZ

Port C IP address
Subnet Mask
Zone Type

___.___.___.___
___.___.___.___
LAN/WAN/DMZ

Port D IP address
Subnet Mask
Zone Type

___.___.___.___
___.___.___.___
LAN/WAN/DMZ

Port E IP address
Subnet Mask
Zone Type

___.___.___.___
___.___.___.___
LAN/WAN/DMZ

Port F

___.___.___.___
___.___.___.___
LAN/WAN/DMZ

IP address
Subnet Mask
Zone Type

Port G IP address
Subnet Mask
Zone Type

___.___.___.___
___.___.___.___
LAN/WAN/DMZ

Port H IP address
Subnet Mask
Zone Type

___.___.___.___
___.___.___.___
LAN/WAN/DMZ

The LAN IP address and Subnet Mask must

be valid for the respective networks.

Bridge Mode
Bridge
IP address

IP address
Subnet Mask

___.___.___.___
___.___.___.___

GENERAL SETTINGS
IP address of the Default Gateway
A default gateway is required for
Cyberoam to route connections to the Internet.

___.___.___.___

DNS IP Address

___.___.___.___

System Time Zone

______________

System Date and Time

______________

Email ID of the administrator where Cyberoam

will send System Alerts

______________

CONNECTING CYBEROAM

Ethernet connection
1.

Connect one end of the straight-through cable into Port A on the Back panel of the Appliance and
the other end into the Ethernet Adapter port of Management computer. Change the IP address of the
management computer to 172.16.16.2 and the subnet mask to 255.255.255.0.

2.

Connect one end of an Ethernet cable into Port B on the Back panel of the Appliance and the other
end to your Internet connection e.g. DSL modem or cable modem. It is possible that cable might
already be connected between your computer and your modem. If so, disconnect it from your
computer and connect into Port B.

Internet

Switch
(Optional)

Management
Computer

3.

Connect the AC Power connector into the Back panel of the Appliance and the other end into a
standard AC receptacle and turn the power switch ON.

4.

Start your management computer. Following Appliance LEDs light up:

Power - Green indicating that Appliance is ON
CF/HDD - Green indicating that hard disk is Active
Port A, Port B (Front panel) - Amber indicating an active connection

From the management computer:

1. Browse to https://172.16.16.16
2. Log on to the Cyberoam Web Admin Console using default username admin and password admin.
3. Click Wizard icon to launch the Network Configuration wizard.
Prerequisite
1. Ethernet connection between management computer and Cyberoam.
2. Internet Explorer 7+ or Mozilla Firefox 1.5+ is required to access Cyberoam Web Admin Console.

Wizard

Appliance LED Behavior

LED

State

Description

Power

Green

Cyberoam appliance is ON

Off

Cyberoam appliance is OFF

Flashing Green

Activity going on

Off

No activity

Amber (L)

Port is connected at 10Mbps

Amber (L), Flashing

Green (R)

Port is connected at 100Mbps

Green (L), Flashing

Amber (R)

Port is connected at 1000Mbps

Off

No link

CF/HDD

Ports A,B,C,D,E,F,G,H
(Front Panel)

CONFIGURING THE CYBEROAM APPLIANCE

Network Configuration Wizard guides you step-by-step through the configuration of the network parameters
like IP address, subnet mask, and default gateway for Cyberoam. Use the configuration settings you have
noted in section 4.
Click 'Start' to start the configuration.

Screen 1 - Network Configuration Wizard

CONFIGURE MODE
Gateway mode

Bridge mode

To configure Cyberoam in Gateway mode, select

the option Gateway Mode and click
button.

To configure Cyberoam in Bridge mode, select the

option Bridge Mode and click
button.

Follow the on-screen steps to:

1. Select the LAN and WAN ports to be bridged.

By default, Port A is a member of LAN and
Port B is of WAN.

1. Configure Interface: Configure IP Address,

Subnet Mask and Zone for each port, where
Zone is a logical grouping of Interfaces.
By default, Cyberoam binds ports A, B and C to
LAN, WAN and DMZ Zones respectively. To
enable interface for PPPoE, provide PPPoE
details: Username and Password (only for
WAN Zone).
Click Next to repeat the steps given above for
each port.

2. To manage the Cyberoam in your network,

configure the IP Address and Subnet Mask.
Provide the Gateway and DNS details to
connect Cyberoam to the Internet. Refer to
General Settings in Section 4.

2. Configure DNS server address: Click Obtain

an IP from DHCP to override appliance
DNS and use DNS received from the
external DHCP server
Refer to the screen titled Screen 2 - Gateway
Mode: Zone and Network Configuration.

Proceed to Configure Internet Access section

on the next page.

Interface Configuration

DNS Configuration
Screen 2 - Gateway Mode: Zone and Network Configuration

CONFIGURE INTERNET ACCESS

By default, Cyberoam applies 'General Internet Policy' as Internet access policy for LAN to WAN traffic.
Do not change the default setting.
Cyberoam provides 3 types of policies:
'Monitor Only' policy allows all LAN to WAN traffic
1

'General Internet' policy enables IPS and Virus scanning and allows LAN to WAN traffic except Unhealthy
Web and Internet traffic as defined by Cyberoam. This will include sites related to Adult contents, Drugs, Crime
and Suicide, Gambling, Militancy and Extremist, Violence, Weapons, Phishing and Fraud and URL Translation
sites.
'Strict Internet' policy enables IPS1 and Virus2 scanning and allows only authenticated LAN to WAN traffic.
Click

button to configure the mail settings

Screen 3 - Access Configuration

1
2

Until Intrusion Prevention System module is subscribed, IPS scanning will not be effective.
Until Gateway Anti Virus module is subscribed, virus scanning will not be effective.

CONFIGURE MAIL SETTINGS

1.
2.
3.
4.

Specify Administrator Email ID

Specify Mail server IP address
Specify email address that should be used to send the System Alerts
Click Authentication Required to enable SMTP authentication, if required and specify username and
password.

Click

button for Date and Time zone configuration

Screen 4 - Mail Settings

CONFIGURE DATE AND TIME ZONE

Set time zone and current date
Enable clock synchronization with NTP server to tune Cyberoam's clock using global
time servers.

Screen 5 - Date and Time Configuration

Click

button to view the configured details. Copy the configured details for future use.

Click 'Finish'. It will take a few minutes to save the configuration details.

Configuring Gatewat Mode

Please wait...

Screen 6 - Network Configuration Wizard

On successful configuration the following page is displayed.

https://10.10.10.1 Click to Access Web Admin Console

Screen 7 - Network Configuration Wizard

After a few seconds, click the URL to access the Web Admin Console. Click Close button to close the
Network Configuration Wizard window.
Note:
If you change the LAN IP address (Gateway mode) or Bridge IP address (Bridge mode), you must use this address
to reconnect to the Web Admin Console. You might also have to change the IP address of the management
computer to be on the same subnet as the new IP address.

Refer to the Guides section on http://docs.cyberoam.com for information on how to Control Traffic, and
how to configure Anti-Virus Protection, Content Filtering, Spam Filtering, Intrusion Prevention System
(IPS), and Virtual Private Networking (VPN).

Congratulations!!!
This finishes the basic configuration of Cyberoam.
Your network is now protected from Internet-based threats and access to Adult contents, Drugs, Crime and
Suicide, Gambling, Militancy and Extremist, Violence, Weapons, Phishing and Fraud and URLTranslation
sites are blocked.

7
1.

WHAT NEXT?

Create Customer Account and register Appliance

Browse to http://customer.cyberoam.com and click Register and follow the on-screen steps.
It creates your customer account as well as register your appliance.
To subscribe for free 15-days trial subscription of Web and Application Filtering, IPS, Anti Virus and
Anti Spam, browse to http://customer.cyberoam.com and login with the credentials provided at the
time of account creation.

2.

Access Cyberoam Web Admin Console

Browse to https://<IP address of cyberoam> and log on using the default username (admin) and
password (admin).
Note: Internet Explorer 7+ or Mozilla Firefox 1.5+ is required to access the Cyberoam Web Admin
Console.

3.

Go to menu System
Maintenance
Licensing page and synchronize the registration details.
Registration and subscription details are displayed only after synchronization.

4.

Configure the correct firewall rule for your Domain Name Server (DNS). You may not be able to
access Internet if not configured properly.

5.

Go to Firewall

6.

Set authentication parameters

Go to Identity
Authentication

7.

Rule

Rule and edit default firewall rules to enable virus scanning.

Authentication Server to define the authentication parameters.

Access Help
For accessing online help, click the Help button or F1 key on any of the screens to access the
corresponding topic's help. Use the Contents and Index options to navigate through the entire online
help.

Additional Resources
Visit following links for more information to configure Cyberoam
Technical Documentation - http://docs.cyberoam.com
Cyberoam Knowledge Base - http://kb.cyberoam.com
Cyberoam Security Center - http://csc.cyberoam.com
Cyberoam Upgrades - http://download.cyberoam.com

Important Notes:

Important Notice
Cyberoam Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented
without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Cyberoam
Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document. Cyberoam Technologies Pvt. Ltd. reserves
the right, without notice to make changes in product design or specifications. Information is subject to change without notice.

USERS LICENSE
Use of this product is subject to acceptance of the terms and conditions of Cyberoam End User License Agreement (EULA) and Warranty
Policy for Cyberoam Security Appliances. You will find the copy of the EULA at http://www.cyberoam.com/documents/EULA.html and the
Warranty Policy for Cyberoam Security Appliances at http://kb.cyberoam.com

RESTRICTED RIGHTS
Copyright 1999 - 2014 Cyberoam Technologies Private Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of Cyberoam
Technologies Pvt. Ltd.

Corporate Headquarters
Cyberoam Technologies Pvt. Ltd.
901, Silicon Tower, Off. C.G. Road,
Ahmedabad 380006, INDIA.
Phone: +91-79-66065606
Fax: +91-79-26407640

Unified Threat Management

Toll Free Numbers

USA : +1-800-686-2360
India : 1-800-301-00013
APAC/MEA : +1-877-777-0368
Europe : +44-808-120-3958

Visit: www.cyberoam.com
Contact: [email protected]