How to Configure Cyberoam Firewall for Initial Configuration and bandwidth managment .

Hey Guys ,

In this tutorial I am gonna show you how to configure initially CYBEROAM CR35iNG .


System Performance*
Copper GbE Ports 6
Console Ports (RJ45) 1
USB Ports 2
Hardware Bypass Segments#
System Performance*
 Firewall Throughput (UDP) (Mbps) 3,700
Firewall Throughput (TCP) (Mbps) 2,400
New sessions/second 21,000
Concurrent sessions 750,000
IPSec VPN Throughput (Mbps) 280
No. of IPSec Tunnels 850
SSL VPN Throughput (Mbps) 100
WAF Protected Throughput (Mbps) 150
Anti-Virus Throughput (Mbps) 600
IPS Throughput (Mbps) 650
UTM Throughput (Mbps) 300

Here is the video Of The configuration Step By Step

Please follow –

Stateful Inspection Firewall
– Layer 8 (User – Identity) Firewall
– Multiple Security Zones
– Location-aware and Device-aware Identity-based Access
Control Policy
– Access Control Criteria (ACC): User-Identity, Source and
Destination Zone, MAC and IP address, Service
– Security policies – IPS, Web Filtering, Application
Filtering, Anti-virus, Anti-spam and QoS
– Country-based Traffic Control
– Access Scheduling
– Policy based Source and Destination NAT, Gateway
Specific NAT Policy
– H.323, SIP NAT Traversal
– DoS and DDoS attack prevention
– MAC and IP-MAC filtering
– Spoof Prevention

– Signatures: Default (4500+), Custom
– IPS Policies: Pre-configured Zone-based multiple
policies, Custom
– Filter based selection: Category, Severity, Platform and
Target (Client/Server)
– IPS actions: Recommended, Allow Packet, Drop Packet,
Disable, Drop Session, Reset, Bypass Session
– User-based policy creation
– Automatic signature updates via Cyberoam Threat
Research Labs
– Protocol Anomaly Detection
– SCADA-aware IPS with pre-defined category for ICS and
SCADA signatures
Gateway Anti-Virus & Anti-Spyware
– Virus, Worm, Trojan Detection and Removal
– Spyware, Malware, Phishing protection
– Automatic virus signature database update
VPN Tunnels
– Customize individual user scanning
– Self Service Quarantine area
– Scan and deliver by file size
– Block by file types
Gateway Anti-Spam
– Inbound and Outbound Scanning
– Real-time Blacklist (RBL), MIME header check
– Filter based on message header, size, sender, recipient
– Subject line tagging
– Language and Content-agnostic spam protection using
RPD Technology
– Zero Hour Virus Outbreak Protection
– Self Service Quarantine area
– IP address Black list/White list
– Spam Notification through Digest
– IP Reputation based Spam filtering
Web Filtering
– On-Cloud Web Categorization
– Controls based on URL, Keyword and File type
– Web Categories: Default (89+), External URL Database,
– Protocols supported: HTTP, HTTPS
– Block Malware, Phishing, Pharming URLs
– Block Java Applets, Cookies, Active X, Google Cache
– CIPA Compliant
– Data leakage control by blocking HTTP and HTTPS
– Schedule-based access control
– Custom Denied Message per Web Category
– Safe Search enforcement, YouTube for Schools
Application Filtering
– Layer 7 (Applications) & Layer 8 (User – Identity) Control
and Visibility
– Inbuilt Application Category Database
– Control over 2,000+ Applications classified in 21
– Filter based selection: Category, Risk Level, Characteristics
and Technology
– Schedule-based access control
– Visibility and Controls for HTTPS based Micro-Apps like
Facebook chat, Youtube video upload
– Securing SCADA Networks
– SCADA/ICS Signature-based Filtering for Protocols
Modbus, DNP3, IEC, Bacnet, Omron FINS, Secure
DNP3, Longtalk
– Control various Commands and Functions
Web Application Firewall
– Positive Protection model
– Unique “Intuitive Website Flow Detector” technology
– Protection against SQL Injections, Cross-site Scripting
(XSS), Session Hijacking, URL Tampering, Cookie
Poisoning etc.
– Support for HTTP 0.9/1.0/1.1
– Back-end servers supported: 5 to 300 servers
Virtual Private Network
– Encryption – 3DES, DES, AES, Twofish, Blowfish,
– Hash Algorithms – MD5, SHA-1
– Authentication: Preshared key, Digital certificates
– IPSec NAT Traversal
– Dead peer detection and PFS support
– Diffie Hellman Groups – 1, 2, 5, 14, 15, 16
– External Certificate Authority support
– Export Road Warrior connection configuration
– Domain name support for tunnel end points
– VPN connection redundancy
– Overlapping Network support
– Hub & Spoke VPN support
– Threat Free Tunnelling (TFT) Technology
– TCP & UDP Tunnelling
– Authentication – Active Directory, LDAP, RADIUS,
Cyberoam (Local)
– Multi-layered Client Authentication – Certificate,
– User & Group policy enforcement
– Network access – Split and Full tunnelling
– Browser-based (Portal) Access – Clientless access
– Lightweight SSL VPN Tunnelling Client
– Granular access control to all the enterprise network
– Administrative controls – Session timeout, Dead Peer
Detection, Portal customization
– TCP based Application Access – HTTP, HTTPS, RDP,
Wireless WAN
– USB port 3G/4G and WiMAX Support
– Primary WAN link
– WAN Backup link
Bandwidth Management
– Application, Web Category and Identity based Bandwidth
– Guaranteed & Burstable bandwidth policy
– Application & User Identity based Traffic Discovery
– Data Transfer Report for multiple Gateways
– WRR based Multilink Load Balancing
– Automated Failover/Failback
– Interface types: Alias, Multiport Bridge, LAG (port
trunking), VLAN, WWAN, TAP
– DNS-based inbound load balancing
– IP Address Assignment – Static, PPPoE (with Schedule
Management), L2TP, PPTP & DDNS, Client, Proxy ARP,
Multiple DHCP Servers support, DHCP relay
– Supports HTTP Proxy, Parent Proxy with FQDN
– Dynamic Routing: RIP v1& v2, OSPF, BGP, PIM-SIM,
Multicast Forwarding
– Discover mode for PoC Deployments
– IPv6 Support:
– Dual Stack Architecture: Support for IPv4 and IPv6
– Management over IPv6
– IPv6 Route: Static and Source
– IPv6 tunneling (6in4, 6to4, 6rd, 4in6)
– Alias and VLAN
– DNSv6 and DHCPv6 Services
– Firewall security over IPv6 traffic
– High Availability for IPv6 networks
High Availability
– Active-Active
– Active-Passive with state synchronization
– Stateful Failover with LAG Support
Administration & System Management
– Web-based configuration wizard
– Role-based Access control
– Support of API
– Firmware Upgrades via Web UI
– Web 2.0 compliant UI (HTTPS)
– UI Color Styler
– Command Line Interface (Serial, SSH, Telnet)
– SNMP (v1, v2c)
– Multi-lingual : English, Chinese, Hindi, French, Japanese
– Cyberoam Central Console (Optional)
User Authentication
– Internal database
– AD Integration and OU-based Security Policies
– Automatic Windows/RADIUS Single Sign On
– External LDAP/LDAPS/RADIUS database Integration
– Thin Client support
– 2-factor authentication: 3rd party support**
– SMS (Text-based) Authentication
– Layer 8 Identity over IPv6
– Secure Authentication – AD, LDAP, Radius
– Clientless Users
– Authentication using Captive Portal
– Real-time and historical Monitoring
– Log Viewer – IPS, Web filter, WAF, Anti-Virus, Anti-Spam,
Authentication, System and Admin Events
– Forensic Analysis with quick identification of network
attacks and other traffic anomalies
– Syslog support
– 4-eye Authentication
On-Appliance Cyberoam-iView Reporting
– Integrated Web-based Reporting tool
– 1,200+ drilldown reports
– Compliance reports – HIPAA, GLBA, SOX, PCI, FISMA
– Zone based application reports
– Historical and Real-time reports
– Default Dashboards: Traffic and Security
– Username, Host, Email ID specific Monitoring Dashboard
– Reports – Application, Internet & Web Usage, Mail Usage,
Attacks, Spam, Virus, Search Engine, User Threat
Quotient (UTQ) for high risk users and more
– Client Types Report including BYOD Client Types
– Multi-format reports – tabular, graphical
– Export reports in – PDF, Excel, HTML
– Email notification of reports
– Report customization – (Custom view and custom logo)
– Supports 3rd party PSA Solution – ConnectWise
IPSec VPN Client***
– Inter-operability with major IPSec VPN Gateways
– Import Connection configuration
– Common Criteria – EAL4+
– ICSA Firewall – Corporate
– Checkmark Certification
– VPNC – Basic and AES interoperability
– IPv6 Ready Gold Logo
– Global Support Excellence – ITIL compliance (ISO 20000)
Hardware Specifications
Memory 2GB
Compact Flash 2GB
HDD 250GB or higher
H x W x D (inches)
H x W x D (cms)
Input Voltage
Total Heat Dissipation (BTU)
Operating Temperature
Storage Temperature
Relative Humidity (Non condens


(adsbygoogle = window.adsbygoogle || []).push({});



(adsbygoogle = window.adsbygoogle || []).push({});


How to Configure Cyberoam Firewall for Initial Configuration and bandwidth managment

Hi All, 

In this video i have configured Cyberoam Firewall for initial configuration   & Bandwidth Management .

So i have used Cyberoam CR25ing. U need to connect the rollover cable to the device gigabit interface .Set your default gateway in pc  as .

Remember Cyberoam device Port A IP address (LAN zone): Port B IPaddress (WAN zone):

A Website.

Up ↑

%d bloggers like this: