Cyberoam Knowledge Base


Advanced Search

Table of Contents

. . . . . . . . . . . . .

What's New

Knowledge Base Information

Cyberoam UTM

Product Literature

Best Practices & Policies

Protect Your Cyberoam Appliances from Power Fluctuations

Can I use User-Mac binding feature for ‘administrator’ user?

How To- Import Users from CSV File

How To- Register User

How To - Create Clientless Users

VPN

Intimation Regarding US New Daylight Saving Time Support

Verify the integrity check of Cyberoam Upgrade file using MD5 checksum

Product Technical Support

Compatibility

Cyberoam Virtual UTM

Endpoint Data Protection

Cyberoam SSL VPN

Cyberoam iView

Cyberoam Central Console

Cyberoam's On-Cloud Management Service

How To - Create Clientless Users

This document describes how to add clientless users. Cyberoam allows to add single user or multiple users in single step.

Cyberoam supports two types of users:

Normal – User is required to logon to Cyberoam through Cyberoam client or HTTP Client component and hence is an authenticated user. Various policy restrictions can also be applied to such users. Single Sign on users are part of Normal users.
Clientless – User is not required to logon and hence an unauthenticated user. Create clientless user when it is required to map IP address with the username. Bandwidth and Internet access restriction can be applied to such users, hence useful in School and Universities. The unauthenticated access can also be provided through Firewall but in that case reports will have only the IP address and not the username.

Feature	Normal User	Clientless User
User required to log on to Cyberoam before accessing network resources	Yes	No
Group membership Normal Clientless	Yes No	No Yes
Apply Login restriction	Yes	Yes
Apply Surfing Quota policy	Yes	No
Apply Access Time policy	Yes	No
Apply Bandwidth policy	Yes	Yes
Apply Internet Access policy	Yes	Yes
Apply Data Transfer policy	Yes	No

Clientless users are the users who do not require to log on to Cyberoam for accessing network resources. On the Manage Live Users page, they are symbolically represented as User name (C)

Create Custom Clientless Group

Create Clientless Group from Group > Add Group with the following parameters:

Prerequisite

Internet Access policy and Bandwidth policy which are to be added to the Group are created

Parameter	Value
Group Name	Testgrp_clientless
Group Type	Clientless
Internet Access policy	As per your requirement
Bandwidth policy	As per your requirement

Configuration

One can add:

· Multiple Clientless users

· Single Clientless user

Add multiple Clientless users

Create multiple clientless users in a single step from User > Clientless Users > Add multiple with the following parameters:

Screen Elements	Description
Host Group Details
Host Group name	Specify name of Logon Pool as Clientless_user_1
Is Host Group public	Public IP address is routable over the Internet and do not need Network Address Translation (NAT) Click to Select, if IP addresses assigned to the Users are public IP addresses
Bandwidth policy	By default, group bandwidth policy is applied to the user but you can override this policy. Specify Bandwidth Policy to be applied. Click Bandwidth Policy list to select Click View details link to view details of the policy
Description	Specify full description
Machine details
From – To	Specify range of IP Address that will be used by Users to login
Machine name	Specify Machine name
Select Group
Group	Specify Group in which User is to be added Click Group list to select
Create button	Adds multiple Clientless Users

Instead of username, IP address is displayed if multiple clientless users are created.

Create single Clientless users

Step 1. Create Logon pool from Group>Logon Pool>Add Logon Pool

Parameter	Value
Logon Pool Name	Clientless_user_group
Is Logon Pool Public?	Enable if IP addresses to be included in pool are public/routable IP addresses
Bandwidth policy	Login Restriction Pool Based (default policy) You can also assign custom bandwidth policy. If you want to assign custom bandwidth policy, you have to first create bandwidth policy and then create clientless users.
Description	As per your requirement
From – To	IP address range as per your requirement
Machine Name	As per your requirement

Step 2. Please make sure to added logon pool IP addresses under Auth Network in Local ACL. Manage Live Users page will not display Clientless users, if IP address in not added in Local ACL.

Go to Firewall, Local ACL and add the IP address assigned to the Clientless user under Auth Network. After adding IP address, restart management services from the Telnet console.

Step 3. Create user from User > Clientless Users > Add Single with the following parameters:

Screen Elements	Description
User Information
Name	Specify name of the User as cl_usr
Username	Specify a unique name used for logging All the reports will be generated with this name.
Activate on Creation	Specifies whether user should be logged in automatically after registration Options: Yes – Automatically logs in as soon as registered successfully i.e. becomes a live user No – User is registered but is in De-active mode. Activate user before first log in. Refer to Activate Clientless User for more details
User type	Displays User type
User Group Information
Group	Specify Group in which User is to be added Click Group list to select
View details link	Open a new window and displays details of the selected group Click to view details
Login Restriction
Allowed Login from IP Address	Specifies IP address from where User can login Click Select Node, opens a new window and allows to select IP Address
Personal details link	Allows to enter the personal details of the user
Personal information Only if Personal details link is clicked
Birth date	Specify date of birth of User Use Popup Calendar to enter date
Email	Specify Email Id of User
Register	Registers a clientless user
Cancel button	Cancels current operation

Version 9.5.8 build 38 and above

Create user from User > Clientless Users > Add Users with the following parameters:

Screen Elements	Description
Username	Specify a unique name used for logging
IP Address	Specify IP address. Cyberoam will suggest IP address in the drop down the moment you type the initial digits of IP address. For example, when you type 192.168, Cyberoam will display list of IP addresses starting with 192.168 that can be allowed to the user for logging.
Group	Specify Group in which User is to be added. User will inherit all the group policies. Click Group list to select
Name	Specify actual name of the user
Email	Specify Email Id of User
Add User button	Click to add more than one user. Use to remove user details from the list.
Create button	Click to register user

Document Version: 2.1-16/04/2009

Document Version: 2.0-25/08/2007

Attachments
	How To - Create Clientless users.pdf

Related Articles
	How do I bypass authentication for an IP address when Cyberoam is configured as Proxy server?
	When do I create Clientless user?

Article ID: 69