User Tools

Site Tools


public:cyberoam_configuration_parsed

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

public:cyberoam_configuration_parsed [2019/11/01 21:14] (current)
Line 1: Line 1:
 +===== System =====
 +
 +=== Administration ===
 +
 +=== Configuration ===
 +  * Notification: Mailserver settings 
 +  * Mail server should be: smtp.gmail.com..
 +
 +
 +=== Maintenance ===
 +
 +  * Firmware- updated to 10.6.6 MR-3
 +  * HA
 +  * SNMP
 +  * Certificates
 +  * Diagnostics
 +
 +===== Objects =====
 +
 +  * Hosts
 +  * IP HOSTS
 +  * * Add offship_network 
 +  * * Add data_network   
 +
 +
 +=== IP HOST Group ===
 +
 +  * Create a local-to-ship-traffic  group containing offship_network and data_network
 +
 +
 +
 +=== Services ===
 +
 +=== Schedule ===
 +
 +=== File Type ===
 +
 +
 +Network
 +Interface
 +Using static IP 192.168.2.2 as Bridge Pair betweek PeplinkMediaFast and science/offship network.. Both these screen shots have the wrong IP number for the cyberoam.
 +
 +
 +
 +
 +Gateway
 +
 +
 +Static Route
 +Dynamic Route
 +DNS
 +
 +
 +Router Advertisement
 +DHCP
 +ARP - NDP
 +Dynamic DNS
 +
 +Wireless Protection  N/A
 +
 +Identity
 +Authentication
 +Firewall
 +Is there a RADIUS server on the ship??-- this may need to be removed, but it did not seem to affect logons. 
 +
 +Captive Portal Settings
 +
 +Keep alive request for captive portal- need to check w/ atlantis this might be the trick to keep VPNs up by having this disabled.
 +Groups
 +Users 
 +Endeavor_UserGroup  for crew
 +SCIENCE  users for science (this is just a suggestion, they can be grouped and removed easily, if the group is different)
 +Can import the science users from a text document, (science_users.template)
 +
 +Clientless Users
 +Setup w/ the same Application Filter and Web Filter as EndeavorUsers only no limit on surfing. This policy is for Clientless Users/ KIOSK computers for general use.
 +Ship Clientless computers:
 +Science Clientless Users
 +This tends to be on a cruise by cruise basis. There are two static IPs set aside for science clientless users
 +
 +Endeavor_UserGroup
 +
 +
 +
 +
 +
 +
 +Guest Users
 +Policy
 +
 +
 +Live Users
 +
 +
 +
 +Firewall
 +Rule
 +Allow all DNS through cyberoam
 +These could be updated, had to allow DHCP through firewall
 +
 +
 +
 +
 +
 +
 +
 +TO START CAPTIVE PORTAL
 +
 +
 +
 +Virtual Host
 +Nat Policy
 +Spoof Prevention
 +Do
 +
 +VPN
 +IPS
 +
 +WEB FILTER
 +To download WebFilter settings as an xml
 +System->Maintenance->ImportExport  choose: Export Selective configuration and search on Web
 +Click Include Dependent entity
 +
 +
 +Settings
 +Categories
 +Added
 +AppleDeny 
 +applednld.apple.com
 +bblobstore.apple.com
 +itunes.apple.com
 +swcdn.apple.com
 +icloud-content.com
 +DropboxDeny
 +clientupdates.dropboxstatic.com
 +www.dropbox.com
 +dropboxapi.com
 +dropbox.com
 +GoogleCloud
 +storage.googleapis.com
 +NoSpotifyForYou
 +spotify.com
 +NoSteamForYou
 +steamcontent.com
 +steampowered.com
 +Removed 
 +EndeavorBlocked
 +utube.com
 +facebook.com
 +Homedepot.com
 +Policy
 +Created ShipBlock 
 +The rules can be turned off and on by clicking on the wrench and choosing allow or deny. If someone needs an microsoft update can change to allow for and then back to deny
 +
 +
 +
 +APPLICATION FILTER
 +Application List
 +Category
 +Policy
 +IMPORT Armstrong’s satNAG application filter
 +SYSTEM->MAINTENANCE->Import Export
 +Choose Import, browse for configuration you want to import; Preserve existing configuration then click Import.
 +EXPORT application filter to edit by hand:
 +SYSTEM->MAINTENANCE-> Import Export
 +Choose Export selective configuration; ApplicationFilterPolicy; include dependent entity
 +Rename it on download something like:   endeavor_cyberoam_applicationFilter_[YYYYMMDD].tar
 +When recreating the tar, need to only include the Entities file; on a MAC need to exclude the ._Entities file : 
 +COPYFILE_DISABLE=1 tar cf nameoftarfile.tar  files_put_in_tar
 +
 +
 +
 +
 +
 +
 +
 +SETUP SYSLOG SERVER:
 +LOGS & REPORTS-> Configuration-> Syslog Server
  
public/cyberoam_configuration_parsed.txt · Last modified: 2019/11/01 21:14 (external edit)