Cyberoam Automatic Backups

It’s about that time again for a new firmware update on your Cyberoam devices and with firmware updates come configuration backups. I’m a big believer in automation, with backups.

One of the methods I implemented with my Cyberoam was the automatic e-mail backup. I am not a fan of the FTP backup as it sends a password to your FTP server in plain text over your LAN or the internet, which is no good. The e-mailed attachment backup is, in my opinion, much more secure.

Unlike Cisco backup files, Cyberoam encrypts the configuration file it sends out so even if someone breaks into you e-mail account, the passwords and other configuration data is secure. I have no idea what key they use, and when I opened the file up the first line looks like this:

Salted__tÐ ð8¸Y°×Ç­uùMúý1´ªeM@•ªøÙзRê8Ù%®Õ µd¾

That likely means that not only is the file encrypted but it’s got some extra random ‘salt’ data tacked on somewhere in the file, or in the key itself. This makes it harder to decrypt even if you know some text in the file because you have to know what the random data is too.

E-mailing the configuration file also lets you have a fairly secure off-site backup of your firewall. The file is relatively small so most e-mail systems will gladly accept the attachment. Mine for instance is about 430k in size.

How to Set Up Automated E-mailed Backups In Cyberoam 10

Step 1 – You should have already set up your SMTP server for notifications. If not, you’ll need to do so now. Click on the Configuration Menu, and then select the “Notifications” tab. Put the IP address of your SMTP server in the text box, as well as the port number (it’s usually 25, but check with your e-mail provider). If you need a username and password, check the authentication box and enter it. You’ll also need to provide the “From” email address, and the address you want the notifications to go to. Typically the From e-mail can be anything on your own server, but might need to be a valid e-mail address if you don’t host your own e-mail.

Here’s a sample configuration:

Cyberoam SMTP Settings

Click save, and you should be good to go. One way to test if this is working is to unplug one of your cables for a minute or two and plug them back in. You should get a Gateway down/up notification. I have looked for a ‘test’ button but have not found one anywhere.

Step 2 – Go to the Maintenance menu and select the “Backup and Restore Tab”.

You’ll see a few options here. If you click the “Download Now” button, you’ll immediately get a download of the backup. That’s how you do a manual backup.

For a scheduled backup decide how often you want the backup. Daily, Weekly, or Monthly. If you choose Weekly or Monthly you’ll get an email on the first day of that time period. So, Sunday or Monday for weekly, and the first day of the month for Monthly.

Select the E-Mail radio button, and enter the e-mail address you want it to go to. Please be aware that your SMTP server in the notifications menu has to be able to e-mail to the e-mail address you enter here, or it won’t work. Remember to hit the save button when you are done.

Here’s a sample configuration:

Cyberoam E-mail Backup Configuration

How to Factory Reset a ShoreTel Phone

This is again a hard piece of information to find as most of the time you only get walked through this when talking to TAC. I found this written down in my IT journal. No idea why I haven’t posted it.

Resetting a phone to factory defaults is a good way to troubleshoot a phone that isn’t connecting or is messing up in various unexplained ways. Corrupt files being transferred from the FTP servers, network hiccups during start-up, power outages, caches not clearing and other issues can be resolved this way. TAC will usually make you do this when you have a screwed up phone before they recommend you warranty the phone.

Reset a ShoreTel Phone To Factory Defaults

Step 1 –  Make sure the phone is not off hook, then press the mute button and release it. Nothing will happen.

Step 2 – Immediately dial the numbers “772667” and hit the pound key.
Note: If the keys make a noise and/or the numbers show up on the screen you’ve done it wrong and you’ll need to start over. Sometimes the phones don’t register the mute key press or if it’s really screwed up it might think it is off hook somehow.

Step 3 – Enter the phone password. This is usually 1234.
Some partners will change this in Director to keep their customers from messing up the phones. You can go change it back to whatever you want in Director and restart the phone. Unfortunately if the phone is screwed up  it may not get this setting when rebooted. So it’s a good idea to know what this password is ahead of time.

Step 4 – The phone will reset into “KPD Mode”. Hit the mute button and dial “25327” and hit pound. You may or may not get a message here, but it should say “Clearing”.

Step 5 – Power cycle the phone.

The phone has now been cleared out and should re-download its settings from scratch so it may take a while to come back up. Please note that if you use the static IP method of phone configuration you’ll need to put all that stuff back in the phone.