Professional Documents
Culture Documents
CR SSL VPN Installation and Configuration Guide
CR SSL VPN Installation and Configuration Guide
Important Notice
Cyberoam Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but
is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any
products. Cyberoam Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document.
Cyberoam Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications.
Information is subject to change without notice.
USERS LICENSE
Use of this product and document is subject to acceptance of the terms and conditions of Cyberoam End User License
Agreement (EULA) and Warranty Policy for Cyberoam UTM Appliances.
You will find the copy of the EULA at http://www.cyberoam.com/documents/EULA.html and the Warranty Policy for Cyberoam
UTM Appliances at http://kb.cyberoam.com.
RESTRICTED RIGHTS
Copyright 1999 - 2016 Cyberoam Technologies Pvt. Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of
Cyberoam Technologies Pvt. Ltd.
Corporate Headquarters
Sophos Technologies Pvt. Ltd.,
(Formerly Cyberoam Technologies Pvt. Ltd.),
Sophos House, Saigulshan Complex,
Beside White House, Panchwati Cross Road,
Ahmedabad - 380006
GUJARAT, INDIA.
Tel: +91-79-66216666
Fax: +91-79-26407640
Web site: http://www.cyberoam.com/
Page 2 of 18
Cyberoam SSL VPN Installation and Configuration Guide
Technical Support
You may direct all questions, comments, or requests concerning the software you purchased, your
registration status, or similar issues to Customer care/service department at the following address:
Corporate Office
Sophos Technologies Pvt. Ltd.,
(Formerly Cyberoam Technologies Pvt. Ltd.),
Sophos House, Saigulshan Complex,
Beside White House, Panchwati Cross Road,
Ahmedabad - 380006
GUJARAT, INDIA.
Tel: +91-79-66216666
Fax: +91-79-26407640
Web site: www.cyberoam.com
Cyberoam contact:
Technical support (Corporate Office): +91-79-66065777
Email: support@cyberoam.com
Web site: www.cyberoam.com
Page 3 of 18
Cyberoam SSL VPN Installation and Configuration Guide
Contents
Introduction to SSL VPN ................................................................................................... 6
Page 4 of 18
Cyberoam SSL VPN Installation and Configuration Guide
Typographic Conventions
Navigation link Bold typeface Group Management > Groups > Create
it means, to open the required page click on Group
management then on Groups and finally click Create tab
Name of a Lowercase Enter policy name, replace policy name with the specific name
particular italic type of a policy
parameter / field Or
/ command Click Name to select where Name denotes command button
button text text which is to be clicked
Cross Hyperlink in refer to Customizing User database Clicking on the link will
references different color open the particular topic
Page 5 of 18
Cyberoam SSL VPN Installation and Configuration Guide
VPN is cost-effective because users can connect to the Internet locally and tunnel back to connect
to corporate resources. This not only reduces overhead costs associated with traditional remote
access methods, but also improves flexibility and scalability.
For business telecommuters or employees working from home, connecting securely to the corporate
intranets or extranets to access files or application is essential.
Hence, whenever users access the organization resources from remote locations, it is essential that
not only the common requirements of secure connectivity be met but also the special demands of
remote clients. These requirements include:
Flexible Access: The remote users must be able to access the organization from various
locations, like Internet cafes, hotels, airport etc. The range of applications available must
include web applications, mail, file shares, and other more specialized applications required to
meet corporate needs.
Secure connectivity: Guaranteed by the combination of authentication, confidentiality and
data integrity for every connection.
Usability: Installation must be easy. No configuration should be required as a result of network
modification at the remote user end. The given solution should be seamless for the connecting
user.
To satisfy the above basic requirements, a secure connectivity framework is needed to ensure that
remote access to the corporate network is securely enabled.
SSL (Secure Socket Layer) VPN provides simple-to-use and implement secure access for the
remote users. It allows access to the Corporate network from anywhere, anytime and provides the
ability to create point-to-point encrypted tunnels between remote user and companys internal
network, requiring combination of SSL certificates and a username/password for authentication to
enable access to the internal resources.
Depending on the access requirement, remote users can access through SSL VPN Client or End
user Web Portal (clientless access).
Note
SSL VPN is not supported when Appliance is deployed in Bridge mode.
SSL VPN feature is not available for CR15i.
Page 6 of 18
Cyberoam SSL VPN Installation and Configuration Guide
the user based on user name and password. A successful login determines the access rights of
remote users according to user group SSL VPN policy. The user group SSL VPN policy specifies
whether the connection will operate in Web Access mode or Tunnel Access mode.
SSL VPN client establishes a SSL VPN tunnel over the HTTPS link between the web browser and
the Cyberoam appliance to encrypt and send the traffic to the Cyberoam appliance.
Split Tunnel: To avoid the bandwidth choking, split tunnel can be configured which ensures
that only the traffic for the private network is encrypted and tunneled while the Internet traffic is
send through the usual unencrypted route .This is configured by default and is used to avoid
bandwidth choking.
In this mode, Cyberoam acts as a secure HTTP/HTTPS gateway and authenticates the remote
users. On successful authentication, Cyberoam redirects the web browser to the Web portal.
Remote users can download SSL VPN client and configuration file for installation. Configuring
Tunnel Access mode is a two-step process:
1. Select Tunnel Access mode in VPN SSL policy
2. Assign policy to the user group
Full Tunnel: This ensures that not only private network traffic but other Internet traffic is also
tunneled and encrypted.
For administrators, Cyberoam Web Admin console provides SSL VPN management. Administrator
can configure SSL VPN users, access method and policies, network resources, and system and
portal settings.
In this mode, Cyberoam acts as a secure HTTP/HTTPS gateway and authenticates the remote
users. On successful authentication, Cyberoam redirects the web browser to the Web portal from
where remote users can access the applications behind the Cyberoam appliance. Configuring Web
Access mode is a two-step process:
1. Select Web Access mode in VPN SSL policy
2. Assign policy to the User or Group
Page 7 of 18
Cyberoam SSL VPN Installation and Configuration Guide
For administrators, Cyberoam Web Admin console provides SSL VPN management. Administrator
can configure SSL VPN users, access method and policies, user bookmarks for network resources,
and system and portal settings.
For remote users, customizable End user Web Portal enables access to resources as per the
configured SSL VPN policy.
Application access allows remote access to different TCP based applications like HTTP, HTTPS,
RDP, TELNET, SSH and FTP without installing client.
In this mode, Cyberoam acts as a secure gateway and authenticates the remote users. On
successful authentication, Cyberoam redirects the web browser to the Web portal from where
remote users can access the applications behind the Cyberoam appliance. Configuring Application
Access mode is a two-step process:
1. Select Application Access mode in VPN SSL policy
2. Assign policy to the User or Group
For administrators, Cyberoam Web Admin console provides SSL VPN management. Administrator
can configure SSL VPN users, access method and policies, user bookmarks for network resources,
and system and portal settings.
For remote users, customizable End user Web Portal enables access to resources as per the
configured SSL VPN policy.
Microsoft Windows Supported Windows 2000, Windows XP, Windows Vista, Windows 7,
Windows 8.1, Windows 10 and Windows Server 2003.
Admin Rights Required Remote user must be logged on as Admin User or must have Admin
privilege
JRE Installation Java Runtime Environment Version 1.8 or above must be installed
Supported Browsers The latest version of Mozilla Firefox, Google Chrome or Internet
Explorer
Page 8 of 18
Cyberoam SSL VPN Installation and Configuration Guide
Cyberoam does not have an exclusive port assigned for the VPN Zone like the LAN, WAN and DMZ
ports. As soon as a VPN connection is established, the port/interface used by the connection is
automatically added to the VPN zone, and on disconnection, the port is removed by itself. VPN zone
is used by both IPSec and SSL VPN traffic.
Note
Threat Free Tunneling is applicable only when SSL VPN tunnel is established through Tunnel Access
Mode.
Network Resources
Network Resources are the components that can be accessed using SSL VPN. SSL VPN provides
access to an HTTP or HTTPS server on the internal network, Internet, or any other network segment
that can be reached by the Cyberoam. The Administrator can configure Web (HTTP) or Secure Web
(HTTPS) bookmarks and internal network resources to allow access to Web-based resources and
applications.
Network resources:
Page 9 of 18
Cyberoam SSL VPN Installation and Configuration Guide
Step 1
Download SSL VPN Client installer Version 1.3.1.10 from Download Cyberoam Clients page on
Cyberoam website.
Note: There are two variants of the installer for SSL VPN Client Version 1.3.1.10.
For Windows 10 operating systems, users must download the installer file titled
CrSSL_v1.3.1.10_Windows10.zip.
For all earlier versions of the Windows operating systems, download the installer file titled
CrSSL_v1.3.1.10.zip.
Step 2
Double click on the downloaded file to install and select the language for displaying the installation
steps. Follow the onscreen instructions given by the installation wizard.
Step 3
The Installer Language dialog box appears. Select the preferred language. The default language
is English.
Step 4
Click Browse to change the location of the Destination Folder where the client is to be installed.
Click Next.
Page 10 of 18
Cyberoam SSL VPN Installation and Configuration Guide
Step 6
The Client is now ready to be installed. Click Install.
Page 11 of 18
Cyberoam SSL VPN Installation and Configuration Guide
Page 12 of 18
Cyberoam SSL VPN Installation and Configuration Guide
Step 7
A screen is displayed prompting you to install a Network Adapter device driver software from Sophos
Limited titled TAP-Windows Provider V9 Network adapters.
Note:
This step is not applicable for users running Windows 10 operating system as the Network
Adapter device driver software will automatically be installed.
For earlier versions of Windows, it is mandatory to install the device driver software.
However, if you have chosen to always trust software from Sophos Limited, this step is not
required and similar to Windows 10, the Network Adapter device driver software will
automatically be installed.
Once the installation is complete, you will find CrSSL Client icon in the system tray.
Page 13 of 18
Cyberoam SSL VPN Installation and Configuration Guide
Page 14 of 18
Cyberoam SSL VPN Installation and Configuration Guide
Step 3
Previous Configuration can also be imported by selecting the Import Configuration option as shown
below:
Enable Save username and password checkbox, if you dont want to type username and password
every time you login. Enable Auto Start SSLVPN checkbox to automatically initiate the SSL VPN
Client when the system starts. For enabling Auto Start SSLVPN checkbox, Save username and
password checkbox needs to be enabled.
Page 15 of 18
Cyberoam SSL VPN Installation and Configuration Guide
If the Per User Certificate option is enabled from VPN > SSL > Tunnel Access > Tunnel Access
Settings in Cyberoam, the user will be prompted to specify the configured Passphrase in the Enter
Password option as shown in the screen below:
Page 16 of 18
Cyberoam SSL VPN Installation and Configuration Guide
The icon turns green the moment connection is established and IP is leased.
Once disconnected, the SSLVPN Client icon turns red. Right click the red icon and click Exit to
the SSL VPN Client.
This finishes the configuration of Cyberoam SSL VPN client on the remote users machine.
Page 17 of 18
Cyberoam SSL VPN Installation and Configuration Guide
Configure proxy if Client is not able to connect to the Internet directly i.e. outbound access is
restricted via HTTP or SOCKS proxy.
Note
If you are configuring proxy, make sure, you have not selected UDP protocol in the Server Settings
(Step 2).
This completes the Installation and Configuration for Cyberoam SSL VPN Client.
Page 18 of 18