Escolar Documentos
Profissional Documentos
Cultura Documentos
Version 10
Document version 1.0 – 10.6.3.260 - 29/05/2015
Cyberoam SSL VPN User Guide
Important Notice
Cyberoam Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but
is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any
products. Cyberoam Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document.
Cyberoam Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications.
Information is subject to change without notice.
USER’S LICENSE
Use of this product and document is subject to acceptance of the terms and conditions of Cyberoam End User License
Agreement (EULA) and Warranty Policy for Cyberoam UTM Appliances.
You will find the copy of the EULA at http://www.cyberoam.com/documents/EULA.html and the Warranty Policy for Cyberoam
UTM Appliances at http://kb.cyberoam.com.
RESTRICTED RIGHTS
Copyright 1999 - 2015 Cyberoam Technologies Pvt. Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of
Cyberoam Technologies Pvt. Ltd.
Corporate Headquarters
Cyberoam House,
Saigulshan Complex, Opp. Sanskruti,
Beside White House, Panchwati Cross Road,
Ahmedabad - 380006, GUJARAT, INDIA.
Tel: +91-79-66216666
Web site: www.cyberoam.com
Page 2 of 55
Cyberoam SSL VPN User Guide
Contents
Preface ................................................................................................................................. 4
Introduction ......................................................................................................................... 6
Concepts ........................................................................................................................... 22
SSL VPN Access Modes .............................................................................................................. 22
Portal ............................................................................................................................................ 24
Page 3 of 55
Cyberoam SSL VPN User Guide
Preface
Welcome to Cyberoam’s – SSL VPN User guide.
Cyberoam integrates features like stateful inspection firewall, VPN, Gateway Anti-Virus and Anti-
Spyware, Gateway Anti-Spam, Intrusion Prevention System, Content & Application Filtering, Data
Leakage Prevention, IM Management and Control, Layer 7 visibility, Bandwidth Management,
Multiple Link Management, Comprehensive Reporting over a single platform.
Cyberoam has enhanced security by adding an 8th layer (User Identity) to the protocol stack.
Advanced inspection provides L8 user-identity and L7 application detail in classifying traffic,
enabling Administrators to apply access and bandwidth policies far beyond the controls that
traditional UTMs support. It thus offers security to organizations across layer 2 - layer 8, without
compromising productivity and connectivity.
Cyberoam UTM appliances accelerate unified security by enabling single-point control of all its
security features through a Web 2.0-based GUI. An extensible architecture and an ‘IPv6 Ready’
Gold logo provide Cyberoam the readiness to deliver on future security requirements.
Cyberoam provides increased LAN security by providing separate port for connecting to the
publicly accessible servers like Web server, Mail server, FTP server etc. hosted in DMZ which are
visible the external world and still have firewall protection.
Note
Page 4 of 55
Cyberoam SSL VPN User Guide
Technical Support
You may direct all questions, comments, or requests concerning the software you purchased, your
registration status, or similar issues to Customer care/service department at the following address:
Corporate Office
Cyberoam House,
Saigulshan Complex, Opp. Sanskruti,
Beside White House, Panchwati Cross Road,
Ahmedabad - 380006, GUJARAT, INDIA.
Tel: +91-79-66216666
Fax: +91-79-26407640
Web site: www.cyberoam.com
Cyberoam contact:
Technical support (Corporate Office): +91-79-26400707
Email: support@cyberoam.com
Web site: www.cyberoam.com
Page 5 of 55
Cyberoam SSL VPN User Guide
Introduction
This Guide provides information on how to configure Cyberoam SSL VPN connections and helps
you to manage and customize Cyberoam to meet your organization’s various requirements for
remote users.
Note
All the screen shots in this Guide are taken from NG series appliances using (Internet Explorer) IE
browser. Hence using a different browser might render the appearance of the GUI in different ways.
The Usernames, IP and Mac Addresses used in this guide are fictional and their sole purpose is purely
to educate the user on the usability of the Appliance.
Page 6 of 55
Cyberoam SSL VPN User Guide
Appliance Administrative
Interfaces
Appliance can be accessed and administered through:
1. Web Admin Console
2. Command Line Interface Console
3. Cyberoam Central Console
Administrative Access An administrator can connect and access the Appliance through HTTP,
HTTPS, telnet, or SSH services. Depending on the Administrator login account profile used for
access, an administrator can access number of Administrative Interfaces and Web Admin Console
configuration pages.
Appliance is shipped with two administrator accounts and four administrator profiles.
Note
We recommend that you change the password of both the users immediately on deployment.
Web Admin Console is a web-based application that an Administrator can use to configure,
monitor, and manage the Appliance.
You can connect to and access Web Admin Console of the Appliance using HTTP or a HTTPS
connection from any management computer using web browser:
1. HTTP login: http://<LAN IP Address of the Appliance>
2. HTTPS login: https://<LAN IP Address of the Appliance>
Page 7 of 55
Cyberoam SSL VPN User Guide
Appliance CLI console provides a collection of tools to administer, monitor and control certain
Appliance component. The Appliance can be accessed remotely using the following connections:
Note
Start SSH client and create new Connection with the following parameters:
Host – <LAN IP Address of the Appliance>
Username – admin
Password – admin
Use CLI console for troubleshooting and diagnose network problems in details. For more details,
refer version specific Console Guide available on http://docs.cyberoam.com/.
Distributed Cyberoam Appliances can be centrally managed using a single Cyberoam Central
Console (CCC) Appliance, enabling high levels of security for Managed Security Service Provider
(MSSPs) and large enterprises. To monitor and manage Cyberoam using CCC Appliance you
must:
1. Configure CCC Appliance in Cyberoam
2. Integrate Cyberoam Appliance with CCC using: Auto Discovery or Manually
Once you have added the Appliances and organized them into groups, you can configure single
Appliance or groups of Appliances.
Page 8 of 55
Cyberoam SSL VPN User Guide
CyberoamOS uses a Web 2.0 based easy-to-use graphical interface termed as Web Admin
Console to configure and manage the Appliance.
You can access the Appliance for HTTP and HTTPS web browser-based administration from any
of the interfaces. Appliance when connected and powered up for the first time, it will have a
following default Web Admin Console Access configuration for HTTP and HTTPS services.
The administrator can update the default ports for HTTP and HTTPS services from System >
Administration > Settings.
The Web Admin Console supports multiple languages, but by default appears in English. To cater
to its non-English customers, apart from English, Chinese-Simplified, Chinese-Traditional, Hindi,
Japanese and French languages are also supported. Administrator can choose the preferred GUI
language at the time of logging on.
Listed elements of Web Admin Console will be displayed in the configured language:
Dashboard Doclet contents
Navigation menu
Screen elements including field & button labels and tips
Error messages
Page 9 of 55
Cyberoam SSL VPN User Guide
Supported Browsers
You can connect to the Web Admin Console of the Appliance using HTTP or a secure HTTPS
connection from any management computer using one of the following web browsers:
The minimum screen resolution for the management computer is 1024 X 768 and 32-bit true xx-
color.
Mozilla Firefox
Version 3+
Google Chrome
All versions
Safari
5.1.2(7534.52.7)+
Opera
15.0.1147.141+
The Administrator can also specify the description for firewall rule, various policies, services and
various custom categories in any of the supported languages.
All the configuration done using Web Admin Console takes effect immediately. To assist you in
configuring the Appliance, the Appliance includes a detailed context-sensitive online help.
Page 10 of 55
Cyberoam SSL VPN User Guide
Login procedure
The log on procedure authenticates the user and creates a session with the Appliance until the
user logs-off.
To get to the login window, open the browser and type the LAN IP Address of Cyberoam in the
browser’s URL box. A dialog box appears prompting you to enter username and password.
Username
If you are logging on for the first time after installation,
use the default username.
Specify user account password.
Default – English
To administer Cyberoam, select ‘Web Admin Console’
The Dashboard appears as soon as you log on to the Web Admin Console. It provides a quick and
fast overview of all the important parameters of your Appliance.
Page 11 of 55
Cyberoam SSL VPN User Guide
To avoid un-authorized users from accessing Cyberoam, log off after you have finished working.
This will end the session and exit from Cyberoam.
To log off from the Appliance, click the button located at the top right of any of the Web
Admin Console pages.
Page 12 of 55
Cyberoam SSL VPN User Guide
The Navigation bar on the leftmost side provides access to various configuration pages. This menu
consists of sub-menus and tabs. On clicking the menu item in the navigation bar, related
management functions are displayed as submenu items in the navigation bar itself. On clicking
submenu item, all the associated tabs are displayed as the horizontal menu bar on the top of the
page. To view a page associated with the tab, click the required tab.
The left navigation bar expands and contracts dynamically when clicked on without navigating to a
submenu. When you click on a top-level heading in the left navigation bar, it automatically expands
that heading and contracts the heading for the page you are currently on, but it does not navigate
away from the current page. To navigate to a new page, first click on the heading, and then click
on the submenu you want navigate to. On hovering the cursor upon the up-scroll icon or the
down-scroll icon , automatically scrolls the navigation bar up or down respectively.
Page 13 of 55
Cyberoam SSL VPN User Guide
Networks – Network specific configuration viz., Interface speed, MTU and MSS settings,
Gateway, DDNS
Identity – Configuration and management of User and user groups
Firewall – Firewall Rule Management
VPN – VPN and SSL VPN access configuration
IPS – IPS policies and signature
Web Filter – Web filtering categories and policies configuration
Application Filter – Application filtering categories and policies configuration
WAF – Web Application Filtering policies configuration. Available in all the models except
CR15iNG and CR15wiNG.
IM – IM controls
QoS – Policy management viz., surfing quota, QoS, access time, data transfer
Anti Virus – Antivirus filtering policies configuration
Anti Spam – Anti Spam filtering policies configuration
Traffic Discovery – Traffic monitoring
Logs & Reports – Logs and reports configuration
Note
Each section in this guide shows the menu path to the configuration page. For example, to reach
the Zone page, choose the Network menu, then choose Interface sub-menu from the navigation
bar, and then choose Zone tab. Guide mentions this path as Network > Interface > Zone.
Page 14 of 55
Cyberoam SSL VPN User Guide
Page
Screen – Page
Page 15 of 55
Cyberoam SSL VPN User Guide
Icon bar
The Icon bar on the upper rightmost corner of every page provides access to several commonly
used functions like:
1. Dashboard – Click to view the Dashboard
2. Wizard – Opens a Network Configuration Wizard for a step-by-step configuration of the
network parameters like IP Address, subnet mask and default gateway for your Appliance.
3. Report – Opens a Reports page for viewing various usage reports. Integrated Logging and
Reporting solution - iView, to offer wide spectrum of 1000+ unique user identity-based
reporting across applications and protocols and provide in-depth network visibility to help
organizations take corrective and preventive measures.
4. Console – Provides immediate access to CLI by initiating a telnet connection with CLI without
closing Web Admin console.
5. Logout – Click to log off from the Web Admin Console.
6. More Options – Provides options for further assistance. The available options are as
follows:
Support – Opens the customer login page for creating a Technical Support Ticket. It is
fast, easy and puts your case right into the Technical Support queue.
About Product – Opens the Appliance registration information page.
Help – Opens the context – sensitive help page.
Reset Dashboard – Resets the Dashboard to factory default settings.
Lock – Locks the Web Admin Console. Web Admin Console is automatically locked if the
Appliance is in inactive state for more than 3 minutes. To unlock the Web Admin Console
you need to re-login. By default, Lock functionality is disabled. Enable Admin Session Lock
from System > Administration > Settings.
Reboot Appliance – Reboots the Appliance.
Shutdown Appliance – Shut downs the Appliance .
Page 16 of 55
Cyberoam SSL VPN User Guide
The Web Admin Console pages display information in the form of lists that are spread across the
multiple pages. Page Navigation Control Bar on the upper right top corner of the list provides
navigation buttons for moving through the list of pages with a large number of entries. It also
includes an option to specify the number entries/records displayed per page.
Tool Tips
To view the additional configuration information use tool tip. Tool tip is provided for many
configurable fields. Move the pointer over the icon to view the brief configuration summary.
Status Bar
The Status bar at the bottom of the page displays the action status.
Page 17 of 55
Cyberoam SSL VPN User Guide
Common Operations
Adding an Entity
You can add a new entity like policy, group, user, rule, ir host by clicking the Add button available
on most of the configuration pages. Clicking this button either opens a new page or a pop-up
window.
Editing an Entity
All the editable entities are hyperlinked. You can edit any entity by clicking either the hyperlink or
the Edit icon under the Manage column.
Deleting an Entity
You can delete an entity by selecting the checkbox and clicking the Delete button or Delete icon.
To delete multiple entities, select individual entity and click the Delete button.
Page 18 of 55
Cyberoam SSL VPN User Guide
To delete all the entities, select in the heading column and click the Delete button.
Sorting Lists
To organize a list spread over multiple pages, sort the list in ascending or descending order of a
column attribute. You can sort a list by clicking a column heading.
Ascending Order icon in a column heading indicates that the list is sorted in ascending
order of the column attribute.
Descending Order icon in a column heading indicates that the list is sorted descending
order of the column attribute.
Filtering Lists
To search specific information within the long list spread over multiple pages, filter the lists.
Filtering criteria vary depending on a column data and can be a number or an IP address or part of
an address, or any text string combination.
To create filter, click the Filter icon in a column heading. When a filter is applied to a column,
By default on every page all columnar information is displayed but on certain pages where a large
number of columnar information is available, all the columns cannot be displayed. It is also
Page 19 of 55
Cyberoam SSL VPN User Guide
possible that some content may not be of use to everyone. Using column settings, you can
configure to display only those numbers of columns which are important to you.
To configure column settings, click Select Column Settings and select the checkbox against the
columns you want to display and clear the checkbox against the columns which you do not want to
display. All the default columns are greyed and not selectable.
Page 20 of 55
Cyberoam SSL VPN User Guide
SSL VPN
A Virtual Private Network (VPN) is a network that uses public telecommunication infrastructure,
such as the Internet, to provide remote offices or traveling users with access to a central
organizational network. A secure tunnel is formed across the public network which carries private
network traffic between distant offices. This traffic is usually encrypted and compressed for
enhanced performance and security. VPN technology has replaced the need to acquire and
maintain expensive dedicated leased-line telecommunication circuits once typical in wide-area
network installations.
A VPN user can access the central network in a manner that is identical to being connected
directly to the central network. Hence, it is ideal for business telecommuters or employees working
from home. It is essential that the connection between the central network and remote location
meets certain requirements like:
Flexible Access: The remote users must be able to access the organization’s network from
various locations, like Internet cafes, hotels, airports etc. The range of applications available must
include web applications, mail, file shares, and other more specialized applications required to
meet corporate needs.
Secure connectivity: Guaranteed by the combination of authentication, confidentiality and data
integrity for every connection.
Usability: Installation must be easy. No configuration should be required as a result of network
modification at the remote user end. The given solution should be seamless for the connecting
user.
A SSL (Secure Socket Layer) VPN fulfills the above requirements by providing easy-to-use and
secure access to remote users. It allows access to the corporate network and provides the ability
to create point-to-point encrypted tunnels between remote user and the company’s internal
network. It requires a combination of SSL certificates and username/password for authentication to
enable access to the internal resources.
The Appliance extends its VPN feature to include SSL VPN functionality to provide secure access
to a company’s central network to remote users. It delivers a set of features and benefits which are
easy to use and control and which allow access to the corporate network from anywhere, anytime.
Depending upon requirement, remote users can access the central network through SSL VPN
Client or End user Web Portal (clientless access). It offers a secure web portal which can be
accessed by each authorized user to download a free SSL VPN Client, SSL certificates and a
client configuration. In addition, it offers granular access policies, bookmarks to designated
network resources and portal customization.
Note
Page 21 of 55
Cyberoam SSL VPN User Guide
Concepts
SSL VPN Access Modes
The Appliance authenticates any remote user based on user name and password. A successful
login determines the access rights of remote users according to user, group and the SSL VPN
policy. The SSL VPN policy specifies whether the connection will operate in Tunnel Access Mode,
Web Access Mode or Application Access Mode.
Split Tunnel: This ensures that only traffic for the private network is encrypted and tunneled
while Internet traffic is sent through the usual unencrypted route. This is configured by default
and is used to avoid bandwidth choking.
Full Tunnel: This ensures that not only the private network traffic but other Internet traffic is
also tunneled and encrypted.
In this mode, the Appliance acts as a secure gateway and authenticates the remote users. On
successful authentication, the Appliance redirects the web browser to the web portal from where
the remote users can access the applications behind the Appliance. Configuring Application
Access mode is a two-step process:
1. Select the Application Access mode in SSL VPN policy
2. Assign the policy to the User or Group
For Administrators, the Web Admin Console provides SSL VPN management. Administrator can
configure SSL VPN users, access methods and policies, user bookmarks for network resources,
and system and portal settings.
Page 22 of 55
Cyberoam SSL VPN User Guide
For remote users, the customizable End user Web Portal enables access to resources as per the
configured SSL VPN policy.
Prerequisite
The following requirements should be fulfilled for the remote user to access SSL VPN in Application
Access Mode:
OS should be Windows 2000, Windows XP, Windows 7, Windows Vista or Windows Server 2003.
Remote user should have the Administrator privileges.
Java Runtime Environment V 1.6 or above should be installed.
The Appliance scans the VPN Tunnel Traffic (incoming and outgoing) for malware, spam,
inappropriate content and intrusion attempts, ensuring Threat-free Tunneling. Furthermore, VPN
traffic is subjected to DoS inspection, although the Appliance does provide the option of bypassing
DoS inspection for specific traffic.
The Appliance does not have an exclusive port assigned for the VPN Zone like the LAN, WAN and
DMZ ports. As soon as a VPN connection is established, the port/interface used by the connection
is automatically added to the VPN zone, and on disconnection, the port is removed by itself. The
VPN zone is used by both IPSec and SSL VPN traffic.
Note
Threat Free Tunneling is applicable only when the SSL VPN tunnel is established through Tunnel
Access Mode.
Network Resources
Network Resources are the components that can be accessed using SSL VPN. It provides access
to HTTP or HTTPS servers in the internal network, Internet, or any other network segment that can
be reached by the Appliance. The Administrator can configure Web (HTTP), Secure Web
(HTTPS), RDP, Telnet, SSH or FTP bookmarks and internal network resources to allow access to
web-based resources and applications. If required, custom URL access can also be provided.
Page 23 of 55
Cyberoam SSL VPN User Guide
Network resources:
Portal
The Appliance’s SSL VPN Portal is the entry point for any remote user to the corporate network. It
provides easy access to network resources through a secure tunnel. It is possible to customize the
portal interface by including the company logo and a customized message to be displayed to users
when they log into the portal. The Portal displays only those network resources that are assigned
to the logged in user through the SSL VPN Policy and Access Mode.
Page 24 of 55
Cyberoam SSL VPN User Guide
This menu covers configuring global settings for Tunnel Access and Web Access, defining
Policies, creating Bookmarks and Bookmark Groups and customizing the SSL VPN Portal.
Detailed explanations for each of these tasks are given below.
Tunnel Access
Configure Tunnel Access Mode for the remote users who are to be provided with the corporate
network access from laptops, Internet cafes, hotels etc. It requires an SSL VPN Client at the
remote end. Remote users can download and install SSL VPN Client from the End-user Web
Portal.
To configure and update certain parameters globally for Tunnel Access Mode, go to VPN > SSL
> Tunnel Access.
Page 25 of 55
Cyberoam SSL VPN User Guide
Note
Do not assign the private IP Address space that is already
configured for any ports via Network Configuration.
Secondary DNS Specify the IP Addresses of Secondary DNS servers to be
provided for the use of Clients.
Primary WINS Specify the IP Addresses of Primary WINS servers to be
provided for the use of Clients.
Secondary WINS Specify the IP Addresses of Secondary WINS servers to be
provided for the use of Clients.
Page 26 of 55
Cyberoam SSL VPN User Guide
Default – 60 seconds
Disconnect After Specify the time after which the connection must be
disconnected if the peer is not live.
Default – 15 minutes
Data Transfer Threshold Specify the data transfer threshold.
The Administrator can check the data transfer for the live
connections from the VPN > Live Connections > SSL
VPN Users page.
Page 27 of 55
Cyberoam SSL VPN User Guide
Web Access
Configure Web Access Mode for the remote users who are equipped with the web browser only
and when access is to be provided to the certain Enterprise Web applications/servers through web
browser only. In other words, it is a clientless access.
To configure Web Access Mode, go to VPN > SSL > Web Access.
Default – 10 minutes
Table - Web Access screen elements
Page 28 of 55
Cyberoam SSL VPN User Guide
Policy
SSL VPN Policies determine the Access Mode and the network resources available to the remote
users and also controls the access to the private network (corporate network) in the form of
bookmarks.
The SSL VPN Policy page displays list of all the policies. You can sort the list based on the policy
name. The page provides option to add a new policy, update the policy, or delete the policy.
Page 29 of 55
Cyberoam SSL VPN User Guide
To add or edit SSL VPN Policies, go to VPN > SSL > Policy. Click the Add Button to add a
new policy or the Edit Icon to modify the details of the policy.
Page 30 of 55
Cyberoam SSL VPN User Guide
Available Options:
Tunnel Access Mode – For the remote users who are to be
provided with the corporate network access from laptops,
Internet cafes, hotels etc. It requires an SSL VPN Client at the
remote end. Remote users can download and install the SSL
VPN Client from the SSL VPN Portal.
Available Options:
Split Tunnel - ensures that only the traffic for the private
network is tunneled and encrypted.
Full Tunnel - ensures not only private network traffic but other
Internet traffic is tunneled and encrypted.
Page 31 of 55
Cyberoam SSL VPN User Guide
DPD Settings One can customize and override the global Dead Peer
Detection setting.
Specify time after which the peer must be checked for its
status.
Page 32 of 55
Cyberoam SSL VPN User Guide
Idle Timeout The connection will be dropped after the configured inactivity
time and user will be forced to re-login.
One can use the global settings or customize the idle timeout.
Note
Idle Timeout Connection will be dropped after the configured inactivity time
and user will be forced to re-login. One can use the global
settings or customize the idle timeout.
Default – 10 minutes
Page 33 of 55
Cyberoam SSL VPN User Guide
1. Edit the policy in which you want to add the members by clicking the Manage icon under
the Manage column.
2. Click Add Policy Member(s) button. A window displays list of users. You can add single or
multiple users. Selected users are allowed access through SSL VPN connection.
3. Click Apply button to add these users and user groups to the SSL VPN Policy members list.
1. Edit the policy in the form which you want to remove user membership.
2. Click the Manage Policy Member(s) button. A window displays the list of SSL VPN Policy
members who are allowed access through the SSL connection. You can select single or
multiple users.
Page 34 of 55
Cyberoam SSL VPN User Guide
Page 35 of 55
Cyberoam SSL VPN User Guide
Bookmark
Bookmarks are resources whose access will be available through the End-user Web portal.
Bookmarks are applied through the SSL VPN policy and are available to users having Web or
Application Access.
The page displays a list of all the bookmarks and you can filter or sort the list based on the
bookmark name. The page also provides options to add a new bookmark, update, or delete
bookmarks. You cannot delete Bookmarks included in any SSL VPN policy.
Manage Bookmarks
To manage Bookmarks, go to VPN > SSL > Bookmark.
Bookmark Parameters
To add or edit Bookmarks, go to VPN > SSL > Bookmark. Click the Add Button to add a new
bookmark or the Edit Icon to modify the details of the bookmark.
Page 36 of 55
Cyberoam SSL VPN User Guide
Available Options:
HTTP
HTTPS
RDP
TELNET
SSH
FTP
IBM Server Terminal
FTPS
SFTP
SMB
VNC – Virtual Network Computing (VNC) a graphical
desktop sharing system that uses RFB protocol gain
remote access.
Description Provide Bookmark Description.
Table - Add Bookmark screen elements
Bookmark Type
Page 37 of 55
Cyberoam SSL VPN User Guide
Default - 3389
Telnet URL - Specify the URL of the website for which the
bookmark is to be created.
SSH URL - Specify the URL of the website for which the
bookmark is to be created.
IBM Server Terminal URL - Specify the URL of the website for which the
bookmark is to be created.
FTP/FTPS URL - Specify the URL of the website for which the
bookmark is to be created.
SFTP URL - Specify the URL of the website for which the
bookmark is to be created.
Default - 22
SMB URL - Specify the URL of the website for which the
Page 38 of 55
Cyberoam SSL VPN User Guide
bookmark is to be created.
Default - 445
VNC URL - Specify the URL of the website for which the
bookmark is to be created.
Page 39 of 55
Cyberoam SSL VPN User Guide
Bookmark Group
The Bookmark Group page displays list of all the groups and you can sort the list based on the
group name. The page provides options to add, update, or delete the group. You can update the
group to include bookmark(s) as group members. Single bookmark can be a member of multiple
groups. You cannot delete a group if it includes a bookmark which is s part of any of the SSL VPN
policies.
Page 40 of 55
Cyberoam SSL VPN User Guide
-
Screen - Add Bookmark Group
Page 41 of 55
Cyberoam SSL VPN User Guide
Portal
As End-user Web Portal is an entry point to your Corporate network, the Appliance provides
flexibility to customize the Portal page as per your business. You can customize log on/log off
page by including your business name and logo.
The Administrator needs to provide the End-user Web portal URL – https://<WAN IP Address of
appliance:8443> to the remote users. 8443 is the default port unless customized. Confirm the port
number from System > Administration > Settings before forwarding URL to the remote user.
For users having Tunnel Access, SSL VPN Client and Configuration file can be downloaded from
the portal. For users having Web and Application Access, a list of all the bookmarks are displayed.
URL Address bar will also be displayed to the user, if allowed in the User SSL VPN policy. User
can type the URL in the address bar to access other URLs than bookmarks. All the downloadable
components will be displayed only if the remote user is allowed the “Full” access.
To customize the SSL VPN user portal, go to VPN > SSL > Portal.
Page 42 of 55
Cyberoam SSL VPN User Guide
Specify the color code or click the square box to pick the
color.
Preview Button Click to preview the customized settings before saving the
changes.
Reset to Default Button Click to revert to the default settings.
Table - SSL VPN Portal screen elements
Page 43 of 55
Cyberoam SSL VPN User Guide
To view the list of all the currently logged on SSL VPN users, go to VPN > Live Connections
> SSL VPN Users.
This page displays important parameters like Username, Source and leased IP Address, Access
mode, date and time when connection was established, tunnel type and data transferred. If the
connection is established through Web Access mode, only the username, access mode and date
and time when connection was established will be displayed. This page allows disconnection of
any live user.
Page 44 of 55
Cyberoam SSL VPN User Guide
Page 45 of 55
Cyberoam SSL VPN User Guide
Available Options:
Chinese-Simplified
Chinese-Traditional
English
French
Hindi
Japanese
Default - English
Login Button Click to log on to the Cyberoam SSL VPN Portal.
Table - Login Page
Page 46 of 55
Cyberoam SSL VPN User Guide
Download Client
For downloading the client for the first time, click the “Download Client” and follow the on-screen
instructions:
Page 47 of 55
Cyberoam SSL VPN User Guide
Note
Click “Save” to save a copy of CrSSL.exe on your local machine, else click “Run” to run the setup.
The following warning message appears.
Page 48 of 55
Cyberoam SSL VPN User Guide
Click “Browse” to change the location of the Destination Folder where the client is to be installed.
Click “Install”. The following screen appears while installation is in progress.
Page 49 of 55
Cyberoam SSL VPN User Guide
Once the installation is complete, the CrSSL Client icon appears in the system tray.
Note
If you are installing SSL VPN Client for the first time, skip this section.
You need to download the configuration file if you have already installed Client or if the server
configuration has changed. Click the “Download SSL VPN Client Configuration - Windows” and
follow the on- screen instructions.
On clicking “Download SSL VPN Client Configuration - Windows”, the following message appears.
Page 50 of 55
Cyberoam SSL VPN User Guide
Click the ellipses (…) to browse to the location at which the file clientbundle.tgz is saved. Click
“Import” to import the SSL VPN Configuration from clientbudle.tgz.
Page 51 of 55
Cyberoam SSL VPN User Guide
Establish connection
Double click t h e CrSSL Client icon and specify username and password and click “Login”
button.
Page 52 of 55
Cyberoam SSL VPN User Guide
The icon turns yellow indicating that connection is in progress and turns green the moment
connection is established and the IP Address is leased. You will be prompted for the same through
a pop up that will appear in the system tray which will also show the assigned IP Address of the
established tunnel.
To disconnect the connection, right click the CrSSL Client icon and click “Logout”.
Page 53 of 55
Cyberoam SSL VPN User Guide
Accessing Applications
The User can access any of the Bookmarks listed on the Main Page which include certain
Enterprise Web Applications/Servers. Based on the client requirement, the Administrator can also
allow the SSL VPN client, to access certain public URL(s) as seen in the screen.
Page 54 of 55
Cyberoam SSL VPN User Guide
Accessing Applications
The User can access any of the Bookmarks listed on the Main Page which include certain
Enterprise Applications/Servers.
Page 55 of 55