Applicable to – versions 9.5.3 build 14 or above
This article describes a detailed configuration example that demonstrates how to configure Cyberoam to provide the access of internal resources.
Article covers how to
Virtual host implementation is based on the Destination NAT concept of older versions of Cyberoam.
Virtual Host maps services of a public IP address to services of a host in a private network. In other words it is a mapping of public IP address to an internal IP address. This virtual host is used as the Destination address to access internal or DMZ server.
A Virtual host can be a single IP address or an IP address range or Cyberoam interface itself. Cyberoam will automatically respond to the ARP request received on the WAN zone for the external IP address of Virtual host.
Throughout the article we will use the network parameters displayed in the below given network diagram. Outbound traffic from LAN and DMZ is allowed while inbound traffic is restricted. The public servers - mail and web server are hosted in DMZ.
External IP address (Public)
IP address (Internal)
Entire configuration is to be done from Web Admin Console unless specified.
In our example, Internet users will access internal web server using public IP 126.96.36.199 which is mapped to local IP 192.168.1.4. In other words, all the inbound requests from 188.8.131.52 will be forwarded to 192.168.1.4.
· If servers are hosted on LAN, change the Physical Zone to LAN.
· In case you have custom zones, change the Physical Zones accordingly.
Once the virtual host is created successfully, Cyberoam automatically creates a loopback firewall rule for the zone of the mapped IP address. Loopback firewall rule is created for the service specified in virtual host.
For our example, DMZ to DMZ firewall rule is created as virtual host (mapped IP address) belongs to DMZ interface subnet.
DO NOT “Apply NAT” for inbound SMTP rules. This will setup the MailServer as an OPEN RELAY.
Document version - 3.0-12/05/2011
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.