Enabling Cyberoam Reporting

Here are a few tips on how to enable and tune reporting for a Cyberoam UTM.

Enabling AD SSO authentication:

By integrating with Active Directory and other directory structures you can bring life to reports and present to your customers reports that are meaningful to them.
Every module in the Cyberoam integrates with Identity/Users. 

  • Here is the guide on how to Enable AD SSO for single domain environment. Don’t forget on the AD Server to open port 6677 UDP for the Cyberoam to talk to the software.
  • Attached is a guide on how to ensure the WMI user checking is enabled and working.

 

Enabling Reports (not usually required):

By default the reporting module should be enabled, if its disabled or you want to check that the status then:

  1. Login to the CLI
  2. Console> show on-appliance-reports
    Console> set on-appliance-reports on
  3. Console> cyberoam application-classification show
    Console> cyberoam application-classification on

 

Traffic Discovery (Live real-time traffic):

The Traffic discovery will help solve live bandwidth or other types of issues. 

Setup: none

1. Go to menu “Traffic Discovery” and you are there.

Next click on one of the counters for connections (on the left).

Now sort by the bandwidth column

2. TIP: By browsing this URL you can get a list of every connection available

http://<cyberoamip>/corporate/webpages/trafficdiscovery/LiveConnectionDe...?
It just removes the filter. Allowing you to sort by Download bandwidth and solve the issue

 traffic discovery.png

 traffic discovery detail.png

 Web reporting (details about domains, categories, IPs and more):

The Firewall rule in the Cyberoam is main point where control is turned on & off, whether its reporting, security controls or filtering.

Setup: 

  1. Requires “web filter” setting in the Firewall Rule to be set to anything other than ‘none’. ‘none’ means the traffic bypasses the transparent proxy and web reporting.
  2. Repeat this for other outbound rules LAN-WAN you want to report HTTP/HTTPS traffic on.

 Firewall_web_filter.png

 

Application Reports (use these reports to match your ISP bill to detail traffic):

Setup:

  1. Enable Log Traffic – in each firewall rule you would like to report on. Enable “Log Traffic”
  2. Go to on the menu “Logs & Reports”->Configuration->Log Settings
    Tick under the Local column “Firewall Rules”
  3. Now wait 3-15 minutes and you will start to see the reporting fill up the logs.

 cyberoam_logs.png

 cyberoam_report.png