public:cyberoam_configuration_parsed
Differences
This shows you the differences between two versions of the page.
— | public:cyberoam_configuration_parsed [2024/01/25 03:31] (current) – created - external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ===== System ===== | ||
+ | |||
+ | === Administration === | ||
+ | |||
+ | === Configuration === | ||
+ | * Notification: | ||
+ | * Mail server should be: smtp.gmail.com.. | ||
+ | |||
+ | |||
+ | === Maintenance === | ||
+ | |||
+ | * Firmware- updated to 10.6.6 MR-3 | ||
+ | * HA | ||
+ | * SNMP | ||
+ | * Certificates | ||
+ | * Diagnostics | ||
+ | |||
+ | ===== Objects ===== | ||
+ | |||
+ | * Hosts | ||
+ | * IP HOSTS | ||
+ | * * Add offship_network | ||
+ | * * Add data_network | ||
+ | |||
+ | |||
+ | === IP HOST Group === | ||
+ | |||
+ | * Create a local-to-ship-traffic | ||
+ | |||
+ | |||
+ | |||
+ | === Services === | ||
+ | |||
+ | === Schedule === | ||
+ | |||
+ | === File Type === | ||
+ | |||
+ | |||
+ | Network | ||
+ | Interface | ||
+ | Using static IP 192.168.2.2 as Bridge Pair betweek PeplinkMediaFast and science/ | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | Gateway | ||
+ | |||
+ | |||
+ | Static Route | ||
+ | Dynamic Route | ||
+ | DNS | ||
+ | |||
+ | |||
+ | Router Advertisement | ||
+ | DHCP | ||
+ | ARP - NDP | ||
+ | Dynamic DNS | ||
+ | |||
+ | Wireless Protection | ||
+ | |||
+ | Identity | ||
+ | Authentication | ||
+ | Firewall | ||
+ | Is there a RADIUS server on the ship??-- this may need to be removed, but it did not seem to affect logons. | ||
+ | |||
+ | Captive Portal Settings | ||
+ | |||
+ | Keep alive request for captive portal- need to check w/ atlantis this might be the trick to keep VPNs up by having this disabled. | ||
+ | Groups | ||
+ | Users | ||
+ | Endeavor_UserGroup | ||
+ | SCIENCE | ||
+ | Can import the science users from a text document, (science_users.template) | ||
+ | |||
+ | Clientless Users | ||
+ | Setup w/ the same Application Filter and Web Filter as EndeavorUsers only no limit on surfing. This policy is for Clientless Users/ KIOSK computers for general use. | ||
+ | Ship Clientless computers: | ||
+ | Science Clientless Users | ||
+ | This tends to be on a cruise by cruise basis. There are two static IPs set aside for science clientless users | ||
+ | |||
+ | Endeavor_UserGroup | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | Guest Users | ||
+ | Policy | ||
+ | |||
+ | |||
+ | Live Users | ||
+ | |||
+ | |||
+ | |||
+ | Firewall | ||
+ | Rule | ||
+ | Allow all DNS through cyberoam | ||
+ | These could be updated, had to allow DHCP through firewall | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | TO START CAPTIVE PORTAL | ||
+ | |||
+ | |||
+ | |||
+ | Virtual Host | ||
+ | Nat Policy | ||
+ | Spoof Prevention | ||
+ | Do | ||
+ | |||
+ | VPN | ||
+ | IPS | ||
+ | |||
+ | WEB FILTER | ||
+ | To download WebFilter settings as an xml | ||
+ | System-> | ||
+ | Click Include Dependent entity | ||
+ | |||
+ | |||
+ | Settings | ||
+ | Categories | ||
+ | Added | ||
+ | AppleDeny | ||
+ | applednld.apple.com | ||
+ | bblobstore.apple.com | ||
+ | itunes.apple.com | ||
+ | swcdn.apple.com | ||
+ | icloud-content.com | ||
+ | DropboxDeny | ||
+ | clientupdates.dropboxstatic.com | ||
+ | www.dropbox.com | ||
+ | dropboxapi.com | ||
+ | dropbox.com | ||
+ | GoogleCloud | ||
+ | storage.googleapis.com | ||
+ | NoSpotifyForYou | ||
+ | spotify.com | ||
+ | NoSteamForYou | ||
+ | steamcontent.com | ||
+ | steampowered.com | ||
+ | Removed | ||
+ | EndeavorBlocked | ||
+ | utube.com | ||
+ | facebook.com | ||
+ | Homedepot.com | ||
+ | Policy | ||
+ | Created ShipBlock | ||
+ | The rules can be turned off and on by clicking on the wrench and choosing allow or deny. If someone needs an microsoft update can change to allow for and then back to deny | ||
+ | |||
+ | |||
+ | |||
+ | APPLICATION FILTER | ||
+ | Application List | ||
+ | Category | ||
+ | Policy | ||
+ | IMPORT Armstrong’s satNAG application filter | ||
+ | SYSTEM-> | ||
+ | Choose Import, browse for configuration you want to import; Preserve existing configuration then click Import. | ||
+ | EXPORT application filter to edit by hand: | ||
+ | SYSTEM-> | ||
+ | Choose Export selective configuration; | ||
+ | Rename it on download something like: | ||
+ | When recreating the tar, need to only include the Entities file; on a MAC need to exclude the ._Entities file : | ||
+ | COPYFILE_DISABLE=1 tar cf nameoftarfile.tar | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | SETUP SYSLOG SERVER: | ||
+ | LOGS & REPORTS-> | ||
public/cyberoam_configuration_parsed.1572642854.txt.gz · Last modified: 2024/01/25 03:32 (external edit)