In this post I would like to talk about the integration between AD and Cyberoam.
What is the need for the integration?
First of all, Cyberoam can have as many users as you want configured on it. Lets say that you would like to have (LAN - WAN) traffic to be configured per user instead of Machines' MACs.
Another case could be VPN policies. Lets say that you want a group of employees to have a certain VPN-SSL policy and another group of employees to have another policy, the easiest and most efficient way to achieve this is by importing users from AD, and assigning the desired policy from AD instead of manually logging into Cyberoam and change it by yourself.
There are many cases that I can talk about, but for now lets get to the point.
Steps for integrating Active Directory Domain Service Server with Cyberoam are simple, as follows:
1. Configure AD server on Cyberoam and create a successful connection.
2. Make the configured AD server as the primary authentication server on Cyberoam instead of the local database (users configured manually on Cyberoam)
3. Change the local policy on the AD so that it records users' logins through the event viewer.
4. Install the CTA agent (Cyberoam Transparent Authentication agent), a small exe file that captures the users logins via events generated on the AD itself. This agent in turn communicates with Cyberoam, so Cyberoam can tell that a user has logged in from a specific machine, and records this user on the live users list.
5. Create Security groups on AD that represnt internet-access policy.
6. Add users to the desired security group from AD.
7. Import these security groups into Cyberoam through the import-groups wizard.
8. Give each imported group the desired web, application filters...etc on Cyberoam.
9. Create a LAN-WAN rule that is attached to the user identity.
Thats it!!
Now each time a user opens a browser, cyberoam will note the user's username, then Cyberoam will check which group that user is a member of, then, it will the appropriate policy - the user's group policy.
I know that this post needs more details and screen shots, I just wrote this post in my way home. I will talk later about it in future posts.
Best regards
Abed Jaber
What is the need for the integration?
First of all, Cyberoam can have as many users as you want configured on it. Lets say that you would like to have (LAN - WAN) traffic to be configured per user instead of Machines' MACs.
Another case could be VPN policies. Lets say that you want a group of employees to have a certain VPN-SSL policy and another group of employees to have another policy, the easiest and most efficient way to achieve this is by importing users from AD, and assigning the desired policy from AD instead of manually logging into Cyberoam and change it by yourself.
There are many cases that I can talk about, but for now lets get to the point.
Steps for integrating Active Directory Domain Service Server with Cyberoam are simple, as follows:
1. Configure AD server on Cyberoam and create a successful connection.
2. Make the configured AD server as the primary authentication server on Cyberoam instead of the local database (users configured manually on Cyberoam)
3. Change the local policy on the AD so that it records users' logins through the event viewer.
4. Install the CTA agent (Cyberoam Transparent Authentication agent), a small exe file that captures the users logins via events generated on the AD itself. This agent in turn communicates with Cyberoam, so Cyberoam can tell that a user has logged in from a specific machine, and records this user on the live users list.
5. Create Security groups on AD that represnt internet-access policy.
6. Add users to the desired security group from AD.
7. Import these security groups into Cyberoam through the import-groups wizard.
8. Give each imported group the desired web, application filters...etc on Cyberoam.
9. Create a LAN-WAN rule that is attached to the user identity.
Thats it!!
Now each time a user opens a browser, cyberoam will note the user's username, then Cyberoam will check which group that user is a member of, then, it will the appropriate policy - the user's group policy.
I know that this post needs more details and screen shots, I just wrote this post in my way home. I will talk later about it in future posts.
Best regards
Abed Jaber