Professional Documents
Culture Documents
Cyberoam Eva Guide PDF
Cyberoam Eva Guide PDF
Page 1 of 37
10-959-100204
Evaluation Guide
Contents
Preface............................................................................................................................................. 4
10-959-100204
Evaluation Guide
Configure Source based routing .............................................................................................. 25
Configure Outbound Load balancing ....................................................................................... 25
Configure Gateway Failover .................................................................................................... 25
Gateway Failback..................................................................................................................... 26
High Availability................................................................................................................. 32
Configure Active-Active HA cluster ..........................................................................................33
Trouble Shooting............................................................................................................... 34
General Administration...................................................................................................... 35
Points to remember.................................................................................................................. 36
Page 3 of 37
10-959-100204
Evaluation Guide
Preface
Thank you for purchasing the award-winning Identity-based Cyberoam UTM.
Welcome to Cyberoam Evaluation Guide! This document is designed to ensure that you are able
to use the basic features of your Cyberoam. It contains configuration guidelines on what is to be
done after Cyberoam appliance is up and running in your network and addresses the most
common use-case scenarios.
In addition to this guide, you can access online help by clicking Online Help icon located on the
right most corner of every page of GUI. Entire Cyberoam documentation set can be referred from
http://docs.cyberoam.com.
The configuration given in the document is to be performed from Web Admin console (GUI) of
Cyberoam unless specified. Solutions provided in the document are applicable up to version
9.5.9.
10-959-100204
Evaluation Guide
network, and take instant corrective actions.
Unified Security: Cyberoam's identity-based security offers a single window entry to dynamically
apply policies for all its UTM features - to the user directly, from within the firewall rule. This
delivers truly unified controls in addition to ease of use and for troubleshooting.
Full Flexibility and High Customization: Cyberoam offers Identity-based policy detailing across
all its features, enabling higher granularity and greater flexibility in comparison to blanket policies.
Cyberoams allows custom IPS signatures and custom web categories, allowing high levels of
customization. Cyberoam GUI offers a clear screen-view of usage and threat patterns. Enterprises
can use Cyberoams flexibility and customization to define and apply user, group and applicationbased policies.
Customer Support and Documentation: CR200i appliance carries Free 1 year subscription for
8x5 support and includes Web, Telephone, Email and Chat Support along with software upgrades.
It also includes access to the knowledge base, Customer Support Portal
and
the
Cyberoam
Security
Center
(http://customer.cyberoam.com)
(www.cyberoamsecuritycenter.com). Cyberoam appliances offer three levels of customer support,
as shown in this link http://www.cyberoam.com/mcontracts.html. Basic, Advanced and Premium.
Premium Support is a highly-personalized service offering that includes 24x7 Helpdesk, a
dedicated account manager, and the option for on-site assistance.
The Cyberoam product Documentation website http://docs.cyberoam.com provides the latest
documentation for all Cyberoam products. Also, Cyberoams knowledge database,
http://kb.cyberoam.com contains an exhaustive array of information related to upgrades and
troubleshooting guidelines.
Deploying Cyberoam
If Cyberoam is not already deployed in your network, refer to Appliance model specific Quick Start
Guide to get step-by-step deployment help.
Accessing Cyberoam
Web Admin Console
If you are accessing Cyberoam appliance, first time after deployment and have not changed the
default IP scheme, browse to http://172.16.16.16 else http://<LAN IP address of Cyberoam> and
log on with default username cyberoam and password cyber.
LAN IP address of Cyberoam is the IP address configured through the Network Configuration
Wizard at the time of deployment.
CLI Console can be accessed via remote login utility TELNET or SSH client.
Page 5 of 37
10-959-100204
Evaluation Guide
Verify Configuration
Verify configuration done through Network Configuration Wizard from Dashboard. Dashboard
provides a quick and fast overview of all the important parameters of Cyberoam appliance
including the current operating status of the Cyberoam appliance.
Press F10 key to go to view Dashboard from any of the pages.
Confirm:
Page 6 of 37
10-959-100204
Evaluation Guide
WAN to LAN firewall rule for the respective virtual host to allow the inbound traffic (when
servers are hosted in LAN)
WAN to DMZ firewall rule for respective virtual host to allow the inbound traffic (when servers
are hosted in DMZ)
Refer Configure one-to-one IP address mapping to access devices on Internal network for step-bystep configuration.
User Authentication
Configure user authentication from User Authentication settings.
Available options:
Active
Directory
(AD)
Authentication
Refer
to
(http://kb.cyberoam.com/default.asp?id=525&Lang=1&SID=) for more details.
article
LDAP
Authentication
Refer
to
(http://kb.cyberoam.com/default.asp?id=707&Lang=1&SID=) for more details.
article
RADIUS
Authentication
Refer
to
(http://kb.cyberoam.com/default.asp?id=339&Lang=1&SID=) for more details.
article
Windows
NT
Domain
controller
Authentication
Refer
http://kb.cyberoam.com/default.asp?id=534&Lang=1&SID= for more details.
Cyberoam/Local Authentication - If you want Cyberoam to authenticate users, add users and
configure group membership for users. Cyberoam supports various user types, refer to User
types for details on user types and how to add users.
to
article
Firewall
Zones
Cyberoam provides zone-based security. Zone is a logical grouping of ports that have similar
functions. Cyberoam provides 5 default zones types: LAN, DMZ, WAN, LOCAL, VPN
Entire set of physical ports available on the Cyberoam appliance including their configured aliases
are grouped in LOCAL zone. In other words, IP addresses assigned to all the ports fall under the
LOCAL zone.
To create additional LAN, DMZ and VPN zone types, refer User Guide.
Page 7 of 37
10-959-100204
Evaluation Guide
Firewall rule
Firewall rule provides centralized management of entire set of security policies. From a single
firewall rule, you can define and manage entire set of Cyberoam security policies. Zone based
firewall rules are created to control (allow or block) the network traffic. If you wish to have more
granular control, include user and/or service in the zone based firewall rule.
From the firewall rule, you can:
Define inbound and outbound access based on source and destination hosts/Network and
MAC address.
Enable scanning for HTTP, FTP, SMTP, POP3 or IMAP traffic - for email spam filtering,
virus security, spyware, malware and phishing protection
Define IPS policy - for protection against threats and attacks originating from external world
and internal network
Attach Gateway routing policy - for loading balancing and gateway failover protection
incase of multiple gateways
Specify Internet Access policy - for web access to control access of inappropriate web
sites, IM and P2P traffic
Schedule access
Attach bandwidth policy - to control and schedule bandwidth usage for individual user or
group and prioritize bandwidth usage for particular application
Click Check
Identity and
specify user
name to
configure userbased firewall
rule
Multiple
Configurable
policies
Page 8 of 37
10-959-100204
Evaluation Guide
Schedule Deactive
Enable/Disable Rule
Edit
Insert
Delete
Move
Page 9 of 37
10-959-100204
Evaluation Guide
Fine-tuning policies will help in reducing false positive, alerts and network choking.
Apart from the fine-tuning default policies, Administrator can also create custom policies for
individual applications and users.
Page 10 of 37
10-959-100204
Evaluation Guide
10-959-100204
Evaluation Guide
requirements for blocking, detecting traffic on a network e.g. define a custom signature for blocking
a particular Yahoo! id
To use custom signature for scanning and allowing/blocking specific traffic:
Custom signature is the advanced feature and to create signatures requires previous experience in
IPS and signatures. Refer to Create Custom IDP Signature for syntax and other details.
Page 12 of 37
10-959-100204
Evaluation Guide
Create Connection Group from VPN Connection Failover Create Connection Group.
Connection Group is the grouping of all the connections that are to be used for failover. The
order of connections in the Group defines fail over priority of the connection.
Your primary VPN connection will failover to the very next active Connection in the Group if
Connection group is created including the primary connection. For example, if the connection
established using 4th Connection in the Group is lost then 5th Connections will take over provided
the 5th connection is active.
SSL VPN
SSL ((Secure Socket Layer)) VPN allows access to the Enterprise network from anywhere,
anytime and provides the ability to create point-to-point encrypted tunnels between remote
employees and companys internal network, requiring combination of SSL certificates and a
username/password for authentication to enable access to the internal resources.
To provide access, it operates in two modes: Full Access and Web Access mode.
Full access for the remote users who are to be provided with the Enterprise network access from
laptops, Internet cafes, hotels etc. It requires an SSL VPN Client at the remote end. Remote users
can download and install SSL VPN Client from the End user Web Portal.
Web access for the remote users who are equipped with the web browser only and when access
is to be provided to the certain Enterprise Web applications/servers through web browser only. In
other words, it is a clientless access.
The basic and common administrative configuration for both the modes of operation can be
configured from the Global settings and portal settings.
Page 13 of 37
10-959-100204
Evaluation Guide
Step 2. Create SSL VPN policy from SSL VPN SSL VPN Policy Add SSL VPN Policy with
the following parameters:
Parameters
Name
Access Mode
Full Access Setting
Tunnel Type
Value
networkaccesspolicy
Full Access Mode
Split Tunnel (default)
Tunnel type determines how the remote users traffic will be routed.
Accessible Resources
Page 14 of 37
Split tunneling ensures that only the traffic for the private network is
tunneled and encrypted while in full tunneling private network traffic
as well as other Internet traffic is also tunneled and encrypted.
172.50.50.211 (created in step 1)
10-959-100204
Evaluation Guide
Step 3. Edit SSL VPN policy (created in step 2) from SSL VPN SSL VPN Policy Manage SSL
VPN Policy to assign policy to the required user. Click Add Policy Member(s) and select the user.
Once the above configuration is done, remote user can access hosts specified in the SSL VPN
policy through End user Web Portal.
Cyberoam Administrator needs to provide End user Web portal URL - https://<WAN IP address of
Cyberoam:port> to the remote users. Use default port: 8443 unless customized. Confirm port
number from System Configure Customize Client Preferences before forwarding URL to the
remote user.
End-user Configuration
Step 1. To logon to the End user Web portal, browse to the Web portal URL provided by the
Cyberoam Administration. Default URL: https://<WAN IP address of Cyberoam:8443>.
Step 2. Download and install Cyberoam SSL VPN client
Step 3. Download Cyberoam SSL VPN client configuration. Right Click the client to import
downloaded configuration.
Step 4. Once the tunnel is establish, user can access all the hosts specified in his SSL VPN policy.
Step 2. Create SSL VPN policy from SSL VPN SSL VPN Policy Add SSL VPN Policy with
the following parameters:
Parameters
Name
Page 15 of 37
Value
webaccesspolicy
10-959-100204
Evaluation Guide
Access Mode
Web Access setting
Accessible Resources
Step 3. Edit SSL VPN policy (created in step 2) from SSL VPN SSL VPN Policy Manage SSL
VPN Policy to assign policy to the required user. Click Add Policy Member(s) and select the user.
Once the above configuration is done, remote user can access resources (bookmarks) specified in
the SSL VPN policy from the End user Web Portal.
Cyberoam Administrator needs to provide End user Web portal URL - https://<WAN IP address of
Cyberoam:port> to the remote users. Use default port: 8443 unless customized. Confirm port
number from System Configure Customize Client Preferences before forwarding URL to the
remote user.
Portal Access
Step 1. To logon to the End user Web portal, browse to the Web portal URL provided by the
Cyberoam Administration. Default URL: https://<WAN IP address of Cyberoam:8443>.
.
Step 2. Click the Bookmark link to access
Page 16 of 37
10-959-100204
Evaluation Guide
What
From
Managing Spam
Actions for Spam mails
Cyberoam tags suspected spam mail as a Probable Spam while mail tagged as Spam is
actually a spam mail.
You can reject, drop, accept, change the mail recipient or add a prefix to the mail subject and
forward the spam mails. Spam actions can be specified from Spam policy.
You can define different actions for:
Page 17 of 37
10-959-100204
Evaluation Guide
Page 18 of 37
Value
Whitelist
Email Address
Type all the email address from which
mails are to be allowed
10-959-100204
Evaluation Guide
Step 2. Create Black list from Anti Spam Configuration Address Groups with the following
parameters:
Parameters
Name
Group Type
Email Address
Value
Blacklist
IP Address
Type all the email address from which
mails are to be blocked
Update Global Policy (Anti Spam Spam Policy Global Policy) and use white list and black list
to allow and block spam mails.
Quarantine management
Cyberoam quarantines virus infected and SMTP spam mails.
If you are Network Administrator, you can view quarantined mails from:
Anti Virus Mail General Configuration
Anti Spam Configuration General Configuration
As a Network Administrator, you can also educate your network users to view and manage their
own quarantine space.
Page 19 of 37
10-959-100204
Evaluation Guide
Individual network user can log on to User My Account and go to Quarantine Mails option and view
the list of their quarantined mails.
Spam Digest
Spam digest is an email containing a list of quarantined spam messages filtered by Cyberoam and
held in the user quarantine area. If configured, Cyberoam mails the spam digest every day to the
user. Digest provides a link to User My Account from where user can access his quarantined
messages and take the required action.
Digest service can be configured globally for all the users or for individual user. Configure digest
service for all the users from Anti Spam Spam Quarantine Spam Digest Setting.
Administrator can even customize the Digest service setting for individual user.
Archive mails
The email communications that pertain to the organizations business activity are subject to
regulatory requirements. This act necessitates retaining email correspondence. Cyberoams
Copy-to provides an in-house email archiving solution for building your email repository.
By specifying email address in Send copy to email address(s) field, you can transparently codeliver and archive all the mails to the pre-defined mail address.
Archive all incoming mails
If you want to archive all the mails, update Anti Spam Global policy from Anti Spam Spam
Policy Global Policy and configure email id in Send copy to email address(s) field.
Page 20 of 37
10-959-100204
Evaluation Guide
Create Anti Spam Custom policy from Anti Spam Spam Policy Create Custom Policy
and configure email id in Send copy to email address(s) field
Create spam rule for specific recipient or group of recipients whose mails you want to archive
from Anti Spam Spam Rules and attach above policy
Content filtering
Content filtering is used to limit the access of the contents available to the user based on
combination of categories, keywords, URLs, domain names and file types.
Fine-tune the default Internet Access Policy (IAP) for controlling access as per your requirement.
Access
control
Block Category
Page 21 of 37
For
All
the
users
(Blanket block)
10-959-100204
Evaluation Guide
Group/User
With the above policy, all the users will be denied the
access to the music category during the working
hours.
1. Create policy from Policies Internet Access
Policy Create Policy
Policy Type Allow
Category - specify category to be blocked
Strategy - Deny
2. Attach IAP created in step 1 to the user Group
Block
Uncategorized
URL/sites
All
the
users
(Blanket block)
Group/User
Page 22 of 37
10-959-100204
Evaluation Guide
In Select Category, under Application Protocol Category column, select P2P Applications
Select the appropriate schedule. User will not be able to access any of the P2P Applications
during the time specified in the schedule.
Step 2. Include IAP created in step 1 in the user Group from Group Manage Group
Step 3. Create User based Firewall rule from Firewall Create Rule
Click Check Identity to enable User based Firewall rule and select the user whose access
P2P Applications category (created in step 1) is to be blocked
10-959-100204
Evaluation Guide
Access policy. Select DatingAndMatrimonials in Web Category field and Deny in Strategy field.
Above solution will work only if you have not changed LAN to WAN, Allow All default firewall rule.
2. Create LAN to WAN firewall rule and apply Allow All IAP (updated in step 1)
Manage Bandwidth
Control bandwidth for group of users
Create User based Bandwidth policy from Policies Bandwidth Policy Create Policy
Create user group from Group Add group and attach the bandwidth policy created for the
group
Create Identity based firewall rule from Firewall Create Rule and select the user group.
Create Firewall rule based Bandwidth policy from Policies Bandwidth Policy Create
Policy. Set the priority as required. Priority can be set from 0 (highest) to 7 (lowest)
Create firewall rule from Firewall Create Rule and select service and bandwidth policy
created in above step.
Page 24 of 37
10-959-100204
Evaluation Guide
Add Gateway
One unused WAN port is required for each new Gateway to be added.
Go to System Gateway Manage Gateway(s) and click Add button to configure Gateway IP
address and port.
Set weight as 0 (zero) to disable load balancing and pass the traffic through the default
gateway
Set same weight to all the gateways to distribute traffic equally among all the links
Set different weights to various gateways to distribute traffic in the ratio of the proportions of
the weight set
10-959-100204
Evaluation Guide
In the event of link failure, traffic will automatically be routed through the Backup gateway without
administrator intervention. If more than one backup gateway is configured, traffic is distributed
among the gateways in the ratio of the weights assigned to them. On fail over, Backup gateway
can inherit the parent gateways (Active gateway) weight or the configured weight.
Gateway Failback
During a link failure, Cyberoam regularly checks the health of a given connection, assuring fast
reconnection when Internet service is restored. When the connection is restored and gateway is up
again, without administrators intervention, traffic is again routed through the Active gateway. In
other words, backup gateway fails back on Active gateway.
of
VLAN,
refer
to
Dynamic Routing
Cyberoam supports following dynamic routing protocols:
Routing
Information
Protocol
(RIP)
For
http://kb.cyberoam.com/default.asp?id=1000&SID=&Lang=1
configuration,
refer
Open
Shortest
Path
First
(OSPF)
http://kb.cyberoam.com/default.asp?id=999&SID=&Lang=1
configuration,
refer
Border
Gateway
Protocol
(BGP)
For
http://kb.cyberoam.com/default.asp?id=1001&SID=&Lang=1
For
configuration,
refer
Additionally, a firewall rule is to be configured for the zone for which the BGP & OSPF traffic is to
be allowed i.e. LAN to LOCAL or WAN to LOCAL.
On-Appliance Reports
Dashboard
Dashboard serves the purpose of a ready-reference providing the instant visibility into the network
resource usability as well as alerts providing attack vs. user information without in-depth search.
Drag-and-Drop Dashboard doclets can be minimized or repositioned to place doclets that requires
special attention for managing Cyberoam. Press F10 key to go to view Dashboard from any of the
pages.
Page 26 of 37
10-959-100204
Evaluation Guide
Threats detected
Dashboard - Recent IPS Alerts doclet
Administrator can get the information of threat origin even in DHCP environment as username is
included in the IPS alerts. In DHCP environment, where IP address is allocated dynamically,
without username it is practically impossible to track the threat origin.
Page 27 of 37
10-959-100204
Evaluation Guide
Access Reports
Browse to http://<LAN IP Address of Cyberoam> and logon to Reports with default username
and password to view various reports. Most of the reports can be drilled down to the last level
which provides User wise full URL details.
Analytical Reports
Analytical reports provide details on each and every activity for your network including users
receiving virus and spam mails, spam and virus mail senders, users becoming victims of IPS
attacks as well as details on IPS attackers.
Page 28 of 37
10-959-100204
Evaluation Guide
Additionally, extensive reports that can help to analyze all the User activities like sites surfed,
amount of data transferred and surfing time, carried out by user, group and so on are also
provided to take the corrective actions by tuning the policies based on the user behavior.
Want to know
Does Joe receive SMTP Spam mails?
From
Anti SpamSMPT Spam ReportsTop 10
Spam Receivers
Click Show All
IPSTop 10 Victims
Web SurfingSearch
Search by Chat category and <xyz> user
Web SurfingBlocked
Blocked-User
attemptsTop
10
Web SurfingOrganization
Categories (By Hits)
wideTop
10
accessed
Web Trends
Web Trends track and reports surfing activity i.e. hits and displays the usage pattern over a period
of time (hourly/weekly/monthly) in the form of graph. View from Trends Web Trends
Page 29 of 37
10-959-100204
Evaluation Guide
Page 30 of 37
10-959-100204
Evaluation Guide
Compliance reports
Many business and organizations require protecting their critical applications as well as customer
(patient) data, controlling access to that date and proving how they have done. For this, they need
to meet regulatory requirements such as HIPAA, GLBA, SOX, FISMA and PCI. Cyberoam
provides 45+ compliance reports and can be accessed from Reports > Compliance Reports.
HIPAA - Health Insurance Portability & Accountability Act for Health care Industry regulations i.e.
healthcare providers and insurance companies.
GLBA - The Gramm-Leach-Bliley Act regulations for on financial institutions including banks,
mortgage brokers, lenders, credit unions, insurance and real-estate companies.
SOX - Sarbanes-Oxley for publicly held companies.
PCI - Payment Card Industry regulations for organization that processes credit or debit card
information, including merchants and third-party service providers that store, process or transmit
credit card/debit card data.
FISMA The Federal Information Security Management Act regulations for all information systems
used or operated by a US Government federal agency or by a contractor or other organization on
behalf of a US Government agency.
Page 31 of 37
10-959-100204
Evaluation Guide
High Availability
Using High availability for hardware failover and load balancing, involves installing two Cyberoam
appliances Primary and Auxiliary appliance, with the same number of interfaces and same
version installed on both the appliances.
Cyberoam offers high availability by using Virtual MAC address shared between a primary and
auxiliary appliance linked together as a cluster. Appliances - primary and auxiliary appliance,
must be physically connected over a dedicated HA link port. Cluster appliances use this link to
communicate cluster information and to synchronize with each other.
Continuous
connectivity - Failover
Load balance traffic
Traffic processing
Active-Active
Yes
Yes
Both Primary
appliance.
Active-Passive
Yes
and
Auxiliary
Page 32 of 37
No
Primary appliance
Auxiliary appliance process only
when primary appliance or any
of the monitored links fails.
10-959-100204
Evaluation Guide
Service: HA Service
Action: Accept
Service: HA Service
Action: Accept
2. Add HA administrator from User User Add User to log HA events under this name in
Audit log. Make sure, User Type of this user is Administrator
3. Configure HA cluster from System HA Configure HA and select Active-Active from HA
Configuration Mode dropdown list.
Page 33 of 37
10-959-100204
Evaluation Guide
Trouble Shooting
Cyberoam provides Analytical Tool to check the health of the System in a single shot. It is used for
troubleshooting and diagnosing problems found in the System.
Analytical Tool is like a periodic health check up that helps to identify the impending System
related problems. After identifying the problem, appropriate actions can be taken to solve the
problems and keep the System running smoothly and efficiently.
It can be accessed by browsing to http://<Cyberoam IP address>/dg.html
Page 34 of 37
10-959-100204
Evaluation Guide
You can use default Cyberoam IP address - 172.16.16.16 or IP address configured for LAN
interface from Network Configuration Wizard at the time of deployment.
Username cyberoam
Password cyber
Analytical tool also provides a Dropped Packet log which can be to monitor the dropped packet.
Refer to http://kb.cyberoam.com/default.asp?id=975&Lang=1&SID= on how to view and interpret
the dropped packet log.
General Administration
Restart Cyberoam management services
Cyberoam management services can be restarted from CLI Console.
Add Alias
Alias refers to assigning multiple IP addresses to an Interface. You can add alias from System
Configure Network Manage Interface.
General Administration using Web Admin Console
Apart from Network management, following configurations can be performed only from Web Admin
Console:
firewall rules
multiple gateways
In addition, Dashboard, reports including traffic discovery and bandwidth usage graphs can be
viewed only from Web Admin Console.
General Administration using CLI Console
Use CLI console for troubleshooting and diagnose network problems in details. Additionally you
can also:
Page 35 of 37
10-959-100204
Evaluation Guide
For more details, refer version specific Console Guide available on http://docs.cyberoam.com/
Reboot or shutdown Cyberoam
You can reboot or shutdown Cyberoam from CLI Console
Points to remember
If you are integrating Cyberoam with Active Directory for authentication, use Active Directory
as your DNS. You are required to define Active Directory as DNS both in Cyberoam as well
as all the desktops.
If you have configured Cyberoam as DHCP server for leasing IP addresses, make sure
DHCP server is enabled for autostart. If not, then IP address will be leased only after
rebooting Cyberoam.
Page 36 of 37
10-959-100204
Evaluation Guide
IMPORTANT NOTICE
Elitecore has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented
without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products.
Elitecore assumes no responsibility for any errors that may appear in this document. Elitecore reserves the right, without
notice to make changes in product design or specifications. Information is subject to change without notice.
USERS LICENSE
The Appliance described in this document is furnished under the terms of Elitecores End User license agreement. Please
read these terms and conditions carefully before using the Appliance. By using this Appliance, you agree to be bound by
the terms and conditions of this license. If you do not agree with the terms of this license, promptly return the unused
Appliance and manual (with proof of payment) to the place of purchase for a full refund.
LIMITED WARRANTY
Software: Elitecore warrants for a period of ninety (90) days from the date of shipment from Elitecore: (1) the media on
which the Software is furnished will be free of defects in materials and workmanship under normal use; and (2) the
Software substantially conforms to its published specifications except for the foregoing, the software is provided AS IS. This
limited warranty extends only to the customer as the original licenses. Customers exclusive remedy and the entire liability
of Elitecore and its suppliers under this warranty will be, at Elitecore or its service centers option, repair, replacement, or
refund of the software if reported (or, upon, request, returned) to the party supplying the software to the customer. In no
event does Elitecore warrant that the Software is error free, or that the customer will be able to operate the software without
problems or interruptions. Elitecore hereby declares that the anti virus and anti spam modules are powered by Kaspersky
Labs and Commtouch respectively and the performance thereof is under warranty provided by Kaspersky Labs and by
Commtouch. It is specified that Kaspersky Lab does not warrant that the Software identifies all known viruses, nor that the
Software will not occasionally erroneously report a virus in a title not infected by that virus.
Hardware: Elitecore warrants that the Hardware portion of the Elitecore Products excluding power supplies, fans and
electrical components will be free from material defects in workmanship and materials for a period of One (1) year.
Elitecore's sole obligation shall be to repair or replace the defective Hardware at no charge to the original owner. The
replacement Hardware need not be new or of an identical make, model or part; Elitecore may, in its discretion, replace the
defective Hardware (or any part thereof) with any reconditioned product that Elitecore reasonably determines is
substantially equivalent (or superior) in all material respects to the defective Hardware.
DISCLAIMER OF WARRANTY
Except as specified in this warranty, all expressed or implied conditions, representations, and warranties including, without
limitation, any implied warranty or merchantability, fitness for a particular purpose, non-infringement or arising from a
course of dealing, usage, or trade practice, and hereby excluded to the extent allowed by applicable law.
In no event will Elitecore or its supplier be liable for any lost revenue, profit, or data, or for special, indirect, consequential,
incidental, or punitive damages however caused and regardless of the theory of liability arising out of the use of or inability
to use the product even if Elitecore or its suppliers have been advised of the possibility of such damages. In the event shall
Elitecores or its suppliers liability to the customer, whether in contract, tort (including negligence) or otherwise, exceed the
price paid by the customer. The foregoing limitations shall apply even if the above stated warranty fails of its essential
purpose.
In no event shall Elitecore or its supplier be liable for any indirect, special, consequential, or incidental damages, including,
without limitation, lost profits or loss or damage to data arising out of the use or inability to use this manual, even if Elitecore
or its suppliers have been advised of the possibility of such damages.
RESTRICTED RIGHTS
Copyright 1999-2009 Elitecore Technologies Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of Elitecore
Technologies Ltd.
CORPORATE HEADQUARTERS
Elitecore Technologies Ltd.
904 Silicon Tower, Off. C.G. Road,
Ahmedabad 380015, INDIA
Phone: +91-79-66065606
Fax: +91-79-26407640
Web site: www.elitecore.com , www.cyberoam.com
Page 37 of 37
10-959-100204