2. By default, Cyberoam sends periodic Ping requests to its default gateway to check connectivity to Internet. It is recommended to change this setting so that Cyberoam sends Ping requests to a host on the Internet that is permanently running or most reliable, like 22.214.171.124 or 126.96.36.199.
3. If users have browser based proxy settings, make sure configured HTTP proxy port is same in both Cyberoam and desktop browser. By default, Cyberoam is configured for port 3128.
4. For security purposes, Gateway mode is preferred because it uses NAT Policies to secure private addresses of internal or DMZ networks.
5. If Cyberoam is deployed in Bridge Mode:
6. It is recommended to use the High Availability feature of Cyberoam for maximum network uptime.
This feature is not available in models CR15i, CR15wi, CR25wi, CR35wi, CR15iNG, CR15wiNG, CR25wiNG/6P and CR35wiNG.
7. In case of wireless networks, ensure maximum security by using WPA or WPA2 protocols rather than WEP.
4. Check regularly for firmware releases and upgrade Cyberoam to the latest firmware available.
6. Test your firewall rules and policies regularly.
7. Conduct internal audits to check the health of the appliance.
1. Create Firewall rule for DNS IP Address if desktops are configured with a public DNS IP address.
3. Create Firewall rule to allow access to and from applications running on DMZ as, by default, entire traffic from LAN to DMZ is dropped.
5. If MX IP is bound to the WAN port of Cyberoam, create NAT and Virtual Host rules to map the private IP address of mail server with the MX IP.
8. It is recommended to bypass DoS screening for traffic-intensive servers like VOIP and FTP to avoid dropping of legitimate traffic.
1. Create custom IPS policies with relevant signatures to decrease packet latency and improve performance.
3. IPS policy is not recommended for LAN to WAN traffic, unless it is used to control applications using custom signatures.
2. For additional security, use CHAP and MSCHAP Handshaking Protocols for PPTP remote access VPN.
2. Configure Cyberoam to disallow access to HTTPS websites with invalid certificates.
1. Configure Cyberoam to “Accept” oversized emails to avoid dropping of emails that might be useful.
2. Enable Spam Digest to allow end users to manage quarantined mails by themselves.
1. Create appropriate QoS policies for mission critical applications.
Document Version: 1.3 - 20 January, 2014
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.