Cyberoam Automatic Backups

It’s about that time again for a new firmware update on your Cyberoam devices and with firmware updates come configuration backups. I’m a big believer in automation, with backups.

One of the methods I implemented with my Cyberoam was the automatic e-mail backup. I am not a fan of the FTP backup as it sends a password to your FTP server in plain text over your LAN or the internet, which is no good. The e-mailed attachment backup is, in my opinion, much more secure.

Unlike Cisco backup files, Cyberoam encrypts the configuration file it sends out so even if someone breaks into you e-mail account, the passwords and other configuration data is secure. I have no idea what key they use, and when I opened the file up the first line looks like this:

Salted__tÐ ð8¸Y°×Ç­uùMúý1´ªeM@•ªøÙзRê8Ù%®Õ µd¾

That likely means that not only is the file encrypted but it’s got some extra random ‘salt’ data tacked on somewhere in the file, or in the key itself. This makes it harder to decrypt even if you know some text in the file because you have to know what the random data is too.

E-mailing the configuration file also lets you have a fairly secure off-site backup of your firewall. The file is relatively small so most e-mail systems will gladly accept the attachment. Mine for instance is about 430k in size.

How to Set Up Automated E-mailed Backups In Cyberoam 10

Step 1 – You should have already set up your SMTP server for notifications. If not, you’ll need to do so now. Click on the Configuration Menu, and then select the “Notifications” tab. Put the IP address of your SMTP server in the text box, as well as the port number (it’s usually 25, but check with your e-mail provider). If you need a username and password, check the authentication box and enter it. You’ll also need to provide the “From” email address, and the address you want the notifications to go to. Typically the From e-mail can be anything on your own server, but might need to be a valid e-mail address if you don’t host your own e-mail.

Here’s a sample configuration:

Cyberoam SMTP Settings

Click save, and you should be good to go. One way to test if this is working is to unplug one of your cables for a minute or two and plug them back in. You should get a Gateway down/up notification. I have looked for a ‘test’ button but have not found one anywhere.

Step 2 – Go to the Maintenance menu and select the “Backup and Restore Tab”.

You’ll see a few options here. If you click the “Download Now” button, you’ll immediately get a download of the backup. That’s how you do a manual backup.

For a scheduled backup decide how often you want the backup. Daily, Weekly, or Monthly. If you choose Weekly or Monthly you’ll get an email on the first day of that time period. So, Sunday or Monday for weekly, and the first day of the month for Monthly.

Select the E-Mail radio button, and enter the e-mail address you want it to go to. Please be aware that your SMTP server in the notifications menu has to be able to e-mail to the e-mail address you enter here, or it won’t work. Remember to hit the save button when you are done.

Here’s a sample configuration:

Cyberoam E-mail Backup Configuration

ShoreTel Fax Server Troubleshooting

I showed you how to install a Multi-Tech Fax server for your ShoreTel system in a previous article. Now I’m going to show you how to figure out where a problem is with incoming faxes on your system. This is some pretty basic troubleshooting and you can typically figure out where the problem is inside half an hour, if not in about five minutes.

I have a user now who isn’t receiving faxes from the outside, so I thought I’d take the opportunity to show the process.

 

Assume the User is Mistaken

The first thing you should assume when you have incoming fax issues is that the user is wrong about what’s going on. This is especially true if the problem just started cropping up.

The simplest explanation for faxes not coming in is simply the party on the other end is dialing the wrong number. The other simple thing to check is the user’s Junk E-mail. In my user’s case this was the problem.  In fact, this is the second most common problem. The third most common is the user has made a rule in their Outlook and forgot about it, or you’ve changed something on the fax server and those e-mails no longer match the rule and go somewhere else.

If none of those are the problem, here’s how to troubleshoot the problem and see exactly what’s going on.

Step 1 – Check your fax settings. If you’ve got a newer FaxFinder check your incoming routes under “Fax Configuration”. Make sure their fax extension is correct according to the information the user has been given out. They may have just given out a wrong number, or their business cards got misprinted, or something similar. Make sure your own ducks are in a row in other words.

Step 2 – Send them a fax from an external number. You’ll want to test from outside your system, sending the user a fax from your own fax line, which might go through the ShoreTel system anyway, doesn’t prove much. Personally I like to use GotFreeFax.com. They give you a status page you can watch, as well as a report on whether it was successful or not.

Watch your fax status under “Status and Logs”. Eventually you’ll see the GotFreeFax fax coming in. This is a good way to make sure it’s going to the right person. You’ll get this:

Note how it shows the user it’s going to, so everything here is going to the right place. If it showed anyone else in that second table, you’ll know your route is wrong or that ShoreTel may not be passing the correct digits. The latter is HIGHLY unlikely. If the wrong digits are being passed, it’s probably your phone company sending the wrong set of numbers. Just call them, they can fix it pretty fast usually.

One reason this user might not have received faxes is that in this case she has a separate fax number from her direct voice line. This might show that I had not entered her fax number into the DNIS Map for the trunk group these calls come in on. In that case it would not show her as the intended user and would dump it into the default e-mail address in the fax server.

Step 3 – Assuming all the above happened correctly and the fax still didn’t go through to the user, you can check the inbound fax log for what happened. This will usually tell you pretty quick what the problem is. It might simply be it can’t find the e-mail server, or failed due to line noise or whatever.

If you look in the details of the fax you’ll see what happened to the fax after it was received. In this case the fax passed just fine with no errors.

So now check the Mail log and make sure the e-mails went through correctly. Here’s what mine looked like.

So if your mail queue is empty it’s a pretty safe bet that the e-mail is going out. one thing to check is get with one of those other users and make sure they’re getting their faxes at this point because you might just need to check your SMTP settings.

In my case, this part was working fine. E-mails are being sent out. So if you get to this point, it’s safe to assume your ducks are in a row, so it is probably an issue with the user’s account.

Fax Server is Working Correctly Now What?

No problem with the fax server at this point. Faxes are coming in, it is passing e-mails off to the mail server just fine, but the user still isn’t getting them. This is where you need to go through their e-mail to make sure that they aren’t just overlooking it.

The other, more common reason is that Outlook is dumping them into their Junk E-mail so check that as mentioned above. Also check any other spam quarantines you might have, though typically most firewalls don’t scan internal e-mail. Check their Outlook/Gmail rules as well and make sure it isn’t getting deleted that way.

Check your e-mail queues on your e-mail server as the fax server relays through that, and it might be stuck there too.

If they got your GotFreeFax fax just fine then the last possible explanation is that the sender is dialing the wrong number, so you can safely tell them that is the problem. You might even be proactive and call the sender and make sure they have the right phone number in their contact list.