Cyberoam groups users into three distinct types, each with different logon requirements. Clients authenticating to an external directory server will be automatically logged in to the appliance whereas a Normal user logs on to the appliance via the locally installed Corporate Client.
We successfully tested the client on our Windows 7 systems and configured it to log in automatically in the background. Clientless users are not required to authenticate with the appliance but these can't have surfing and data transfer quotas or Internet access time restrictions applied to them.
Controls for users and groups are a cut above the rest as we could apply web filtering, Internet access and bandwidth usage policies. You can enforce data transfer limitations on uploads and downloads and have different limits for daily, weekly, monthly and yearly usage.
For security at the interface level, any of the appliance's ports can be grouped into zones and have general firewall rules applied to them. Rules define source and destination zones, selected services, blocking or allowing actions to specific traffic types and time schedules.
If you started with the appliance in the passive monitoring mode, remember to activate the various security services for each rule otherwise your policies won't do anything. You can enable virus scanning for selected protocols within each rule, turn on anti-spam and IM controls and add additional policies for IPS and bandwidth restrictions.
Web filtering policy rules support HTTP and HTTPS as standard and a useful feature is the ability to assign different actions to a category. You could, for example, block HTTP access to certain web sites but allow secure HTTPS connections.
