User Tools

Site Tools


public:cyberoam_configuration_parsed

System

Administration

Configuration

  • Notification: Mailserver settings
  • Mail server should be: smtp.gmail.com..

Maintenance

  • Firmware- updated to 10.6.6 MR-3
  • HA
  • SNMP
  • Certificates
  • Diagnostics

Objects

  • Hosts
  • IP HOSTS
  • * Add offship_network
  • * Add data_network

IP HOST Group

  • Create a local-to-ship-traffic group containing offship_network and data_network

Services

Schedule

File Type

Network Interface Using static IP 192.168.2.2 as Bridge Pair betweek PeplinkMediaFast and science/offship network.. Both these screen shots have the wrong IP number for the cyberoam.

Gateway

Static Route Dynamic Route DNS

Router Advertisement DHCP ARP - NDP Dynamic DNS

Wireless Protection N/A

Identity Authentication Firewall Is there a RADIUS server on the ship??– this may need to be removed, but it did not seem to affect logons.

Captive Portal Settings

Keep alive request for captive portal- need to check w/ atlantis this might be the trick to keep VPNs up by having this disabled. Groups Users Endeavor_UserGroup for crew SCIENCE users for science (this is just a suggestion, they can be grouped and removed easily, if the group is different) Can import the science users from a text document, (science_users.template)

Clientless Users Setup w/ the same Application Filter and Web Filter as EndeavorUsers only no limit on surfing. This policy is for Clientless Users/ KIOSK computers for general use. Ship Clientless computers: Science Clientless Users This tends to be on a cruise by cruise basis. There are two static IPs set aside for science clientless users

Endeavor_UserGroup

Guest Users Policy

Live Users

Firewall Rule Allow all DNS through cyberoam These could be updated, had to allow DHCP through firewall

TO START CAPTIVE PORTAL

Virtual Host Nat Policy Spoof Prevention Do

VPN IPS

WEB FILTER To download WebFilter settings as an xml System→Maintenance→ImportExport choose: Export Selective configuration and search on Web Click Include Dependent entity

Settings Categories Added AppleDeny applednld.apple.com bblobstore.apple.com itunes.apple.com swcdn.apple.com icloud-content.com DropboxDeny clientupdates.dropboxstatic.com www.dropbox.com dropboxapi.com dropbox.com GoogleCloud storage.googleapis.com NoSpotifyForYou spotify.com NoSteamForYou steamcontent.com steampowered.com Removed EndeavorBlocked utube.com facebook.com Homedepot.com Policy Created ShipBlock The rules can be turned off and on by clicking on the wrench and choosing allow or deny. If someone needs an microsoft update can change to allow for and then back to deny

APPLICATION FILTER Application List Category Policy IMPORT Armstrong’s satNAG application filter SYSTEM→MAINTENANCE→Import Export Choose Import, browse for configuration you want to import; Preserve existing configuration then click Import. EXPORT application filter to edit by hand: SYSTEM→MAINTENANCE→ Import Export Choose Export selective configuration; ApplicationFilterPolicy; include dependent entity Rename it on download something like: endeavor_cyberoam_applicationFilter_[YYYYMMDD].tar When recreating the tar, need to only include the Entities file; on a MAC need to exclude the ._Entities file : COPYFILE_DISABLE=1 tar cf nameoftarfile.tar files_put_in_tar

SETUP SYSLOG SERVER: LOGS & REPORTS→ Configuration→ Syslog Server

public/cyberoam_configuration_parsed.txt · Last modified: 2019/11/01 21:14 (external edit)