Cyberoam is an Internet-management solution to control and manage Internet usage. It lets you manage bandwidth, ensuring faster downloads within the existing bandwidth, control employee-surfing habits, guard network from security breaches, create secure virtual private networks, reduce load on WAN links as well as control printing costs in the organization.
Cyberoam offers several features to manage Internet access. For efficient use of bandwidth, the server can be configured as a Web cache server. Bandwidth polices can be applied to users, machines, groups or applications, for assured bandwidth, to say, senior management, VOIP and ERP. Scheduling of time-based bandwidth helps spreading Internet use across the day.
Bandwidth-intensive applications such as audio-video download, streaming media, graphic files and ads can be blocked to save bandwidth. The software has a transport and network-layer firewall that is easy to configure. For prevention against malicious HTTP traffic, it comes with filters to stop attacks such as MyDoom, Nimda and Code Red. It also lets you create your own HTTP filters to stop newer viruses. Cyberoam comes with predefined policies to stop AOL, MSN, ICQ, Yahoo chat, porn sites and abusive content. The blocking of Yahoo chat worked very well but we also wanted it to have a Kazaa blocking policy.
Cyberoam lets you connect multiple WAN links to the server and then it can load balance traffic between them, or you can have a fault tolerant setup, in which traffic on a failed gateway can automatically be redirected to a working WAN link, preventing loss of information. The 128-bit, IP-sec based VPN can be used to build intranets across your WAN, linking your various offices. Though the software is meant for Internet-access management, it has a printing- management feature to implement policy of daily, weekly, monthly and yearly quotas of prints for different users. The reporting and traffic analysis is very detailed and comprehensive, which generates graphs for the most-visited sites and bandwidth consumed and user wise usage.
There are three types of users that one can create using Cyberoam: normal users, clientless users and single sign-on users. Normal clients have to log on to the Cyberoam server before accessing the Internet. Login client for Windows and Linux come with the software. For other OSs, the HTTP client component can be used. Clientless users don't need to login and are identified by their IP addresses. However, surfing quota policies and access-time policies cannot be applied to them. Single sign-on users use Windows NTLM security to access the Internet.
Cyberoam can be installed in two different configurations: network transparent and route mode. In the first mode, Cyberoam acts as a bridge, that is transparent to the network and is placed just before the edge router or the firewall, allowing all outgoing traffic to pass through Cyberoam. This configuration requires minimum configuration change in the existing network. Route mode is useful if you want Cyberoam to also act as a router and/or to use the multiple gateway features. Multiple gateway features enable load balancing and/or failover capabilities to multiple WAN links.
Cyberoam works on its own Linux-based OS, so it requires a dedicated machine for itself. The installation is simple, just boot your machine through the Cyberoam CD and press enter at the boot menu. After this the OS and software installs automatically without requiring any user input. One word of caution though, that the installation repartitions and formats your entire disk. Therefore, if you have important data on it, you should back it up before the installation. After installation, a wizard lets you configure the software in one of the two above mentioned modes and set up the network interfaces. After the interfaces and the mode are set, the software can be managed, locally, via either the Telnet or Web interface. The software also requires registration, which is required before using its features.
The bottom line: Overall, the product offers comprehensive features to manage and control your Internet connection.
Anoop Mangla and Sushil Oswal