Cyberoam Docs

1. Release Notes 10.04.
X Build XXX
1.1. V 10.04.5 Build 007

Release Date
Version 10.04.5 Build 007 25 November, 2013
Release Informati on
Release Type: Enhancement Release
Upgrade prerequisite: 24 x 7 OR 8 x 5 valid Support license
Applicable to Cyberoam Version:
V 10.01.0XXX or 10.01.X Build XXX All the versions
V 10.02.0 Build XXX 047, 174, 176, 192, 206, 224, 227, 409, 473
V 10.04.0 Build XXX 214, 304, 311, 338, 433
V 10.04.1 Build XXX 451
V 10.04.2 Build XXX 527
V 10.04.3 Build XXX 543
V 10.04.4 Build XXX 028
Upgrade procedure
To upgrade the existing CyberoamAppliance follow the procedure below:
Logon to https://customer.cyberoam.com
Click Upgrade link under Upgrade URL.
Choose option Select for Version 10.00.0xxx to current GA Version 10.00.0xxx Firmware.
For Cyberoam versions prior to 10.01.0472 For Cyberoam version 10.01.0472 or higher
Upgrade the Cyberoamto 10.01.0472 selecting
option Below 10.01.0472 and follow on-screen
instruction.
By doing this, the customer will not be able to
roll back.
Upgrade Cyberoam to the latest version by
selecting option 10.01.0472 or higher and follow
on-screen instruction.
Compatibility Annotations
Firmware is Appliance Model-specific. Hence, firmware of one model will not be applicable on another model and upgrade will not be
successful. You will receive an error if you are trying to upgrade Appliance model CR50iNG with firmware for model CR100iNG.
This release is compatible with Cyberoam Virtual Appliances.
This Cyberoamversion is compatible with the Cyberoam Central Console version 02.02.0 Build 203. Please check http://docs.cyberoam.comfor
availability of latest CCC firmware to deal with compatibility issues.
Revision History

Sr. No.
Old Revision
Number
New Revision
Number
Reference
Section
Revision Details
- - - - -

Introducti on
This document contains the release notes for CyberoamVersion 10.04.5 Build 007. The following sections describe the release in detail.
This release comes with several bug fixes to improve quality, reliability, and performance.

Bugs Sol ved
Access Server
Bug ID 14949
Description L2TPclient does not get authenticated to Cyberoamvia Local Authentication, if CHAP or MS-CHAP protocol is used for
authentication and CyberoamFirmware is upgraded to Version 10.04.4.028.

Anti Virus
CyberoamDocs http://docs.cyberoam.com/print.asp?id=508&Lang=1&SID
1 of 36 04-02-2014 3:34 PM
Bug ID 14766
Description FTP session needs to be disconnected manually once the file is successfully uploaded, if FTP scanning is enabled from
Firewall Rule page and the size of the file to be uploaded is greater than the value specified in the parameter "Files Greater Than Size Should
not be scanned" from FTP page of Anti Virus.

GUI
Bug ID 12337
Description Application names are not displayed while viewing Application Filter logs on the Log Viewer page.
Bug ID 14961
Description The word Login is mis-spelled as Logoin in an error message displayed on Notification page of SystemConfiguration.

Network
Bug ID 15006
Description 3G modemD-Link DWM-156 is not compatible with CyberoamAppliance.
Bug ID 15084
Description HUAWEI Mobile E3276 does not connect to Cyberoam, if IP Assignment mode is selected as DHCP from Wireless WAN Setting
page.
Bug ID 15181
Description Huawei HB4F1 3G modem is not compatible with CyberoamAppliance.

1.2. V 10.04.4 Build 028

Release Date
Version 10.04.4 Build 028 10 September, 2013
Release Type: Enhancement Release
V 10.02.0 Build XXX 047, 174, 176, 192, 206, 224, 227, 409, 473
V 10.04.0 Build XXX 214, 304, 311, 338, 433
V 10.04.1 Build XXX 451
V 10.04.2 Build XXX 527
V 10.04.3 Build XXX 543
Upgrade procedure
instruction.
roll back.
This Cyberoamversion is compatible with the Cyberoam Central Console version 02.02.0 Build 203. Please check http://docs.cyberoam.comfor
availability of latest CCC firmware to deal with compatibility issues.

Revision History

2 of 36 04-02-2014 3:34 PM
Sr. No.
Old Revision
Number
New Revision
Number
Reference
Section
Revision Details
1 1.00-10/09/2013 1.01-18/09/2013 Bug Solved Bug Detail Updated
3 of 36 04-02-2014 3:34 PM

Introducti on
This release comes with enhancements, and several bug fixes to improve quality, reliability, and performance.

Enhancements
1. Guest User Enhancements
Apart fromGuest Users registering themselves using Guest User Portal, Cyberoamnow allows the Administrator to configure Guest Users fromWeb Admin Console.
While creating Guest Users fromWeb Admin Console, Administrator has an option to configure a single user or multiple guest users. The auto-generated credentials
and the Internet access details so created can be printed. The following details can be printed:
Username
Password
Expiry Date
Validity (Time duration in days)
Disclaimer message (Once configured, it can be edited but cannot be removed)
The credentials and Internet access details of guest users registered via Guest User Portal can either be sent via SMS or can be printed. However, the guest users
created fromWeb Admin Console can only be printed.
An Administrator can also choose since when to consider the Guest User to be active i.e. either immediately after registration or after the first login.
Prior to this version, only the Guest User could register themself on Guest User Portal using the Internet access details received via SMS on their mobile phones.
To create Guest Users go to Identity > Guest Users > Guest Users and click Add Single or Add Multiple to add a single or multiple Guest Users respectively. On
the same page click Print to print the Guest User details.

Further, to add and manage guest users, permissions are to be set for two new entities Guest Users Management and Other Guest Settings from
Profile under Identity Administration.

2. Extended Two Factor Authentication Support
Fromthis version onwards, the two factor authentication support for CyberoamCaptive Portal is extended to SSL VPN Portal, SSL VPN Client, CyberoamWeb Admin
Console, My Account, Reports, 4-Eye Authentication and Open VPN Client for iPhone and Android. When two factor authentication is configured on the third-party
Authentication Server, the user needs to provide two means of identification on the clients that support two factor authentication. The user will either have to provide
One-Time Password (OTP), PIN or challenge-response token as well as the fixed password to log on into two factor authentication supported cyberoamclients as
configured in third party authentication servers like RSA or FreeRadius server.

For further details, refer to How to Login in a Two Factor Authentication Environment.

3. Secure Connection over SMTP Mail Notification
With more and more people using the Internet for socializing, personal and professional use, the information shared via Email may not always be secured. Information
within Email can be intercepted and/or altered if not encrypted. Privacy and security of confidential and sensitive information has therefore been a growing concern.
A security protocol, Transport Layer Security (TLS) secures the information sent via Email by encrypting Email communication and thereby providing privacy and
integrity between SMTP Client and a SMTP Server. Cyberoamsupports TLS protocol to provide security over SMTP Mail Notification. With TLS protocol for
connection security, Cyberoamautomatically encrypts all the Email communications, ensuring the confidentiality for SMTP Mail Notification and hampering the risk of
eaves-dropping, interception and alteration.
Security setting for mail servers can be done by configuring the attributes Connection Security and Certificates fromWeb Admin Console or using the Wizard. The
Connection Security attribute can be configured with one of the following options:
None Should be selected if TLS protocol is not supported by mail serves and a normal TCP connection must be established without any security.
STARTTLS If the server supports STARTTLS, the connection is upgraded to TLS else continues as a TCP connection without any
security.
SSL/TLS Should be selected to establish a secured TCP connection using TLS protocol.
By default, option None is configured for parameter Connection Security.
Cyberoamuses certificates to encrypt the data sent over a TLS supported TCP connection. An Administrator can choose to use a default certificate or select a custom
certificate.
By default, ApplianceCertificate is used for data encryption for secured TCP connection.
On Factory Reset, the Connection Security and Certificate parameters are set to its default values i.e. None and Select Certificate respectively.
Prior to this version, a normal TCP connection was used for communication between the SMTP Client and a SMTP Server for SMTP Mail Notification.
To configure security settings for mail server fromWeb Admin Console, go to System > Configuration > Notification and configure Connection Security and
Certificate.
Alternately Connection Security and Certificate can be configured fromWizard page of Configure Mail Settings.
4 of 36 04-02-2014 3:34 PM

Mi scel l aneous Changes
1. Spam Digest is renamed to Quarantine Digest
Fromthis version onwards, the word SpamDigest is renamed to Quarantine Digest in the Anti Spam, Identity and My Account modules. Quarantine Digest will
quarantine spamEmails. However, the legitimate Emails may be quarantined due to user-defined configurations.
2. Chinese Character Encoding support
CyberoamOS, henceforth supports Chinese character encoding method for Traditional Chinese characters used in Taiwan, Hong Kong and Macau.

Bugs Sol ved
Anti Spam
Bug ID 14293
Description Quarantine Mails cannot be released, if the number of connections in Web GUI daemon exceeds its limit of 10.

DNS
Bug ID 14043
Description Cyberoamis unable to resolve CNAMEquery, if Cyberoamis configured as a DNS server in client machine and root server is
used for resolving the CNAME query instead of the configured DNS server.

Firewall
Bug ID 14180
Description The value Load Balance of parameter Backup Gateway gets automatically changed to the first value that appears in the list, while editing an
existing Firewall Rule.

Bug ID 14638
Description The RTP communication gets disrupted during a SIP call in appliances above CR200iNG and CR200iNG-XP.

Bug ID 14828
Description Firewall Rule logs are not displayed in the Log Viewer, though Firewall Rules is enabled fromConfiguration Log Settings page of Logs &
Reports.

Network
Bug ID 11506
Description 4G-Huawei E3276s-150 LTE modemis not compatible with CyberoamAppliance.

Bug ID 13654
Description AirCard 340U modemis not compatible with CyberoamAppliance.

Online Help
Bug ID 13890
Description An error Error! Unknown document property name. is displayed on IPS page of Online Help.

System
Bug ID 11554
Description Cyberoamceases to function when deployed in Bridge Mode with STP enabled environment.

VPN
Bug ID 11261
Description NATing over VPN functions improperly, if a classless subnet is configured and first IP Address of host range does not map with the first valid IP
Address of the subnet.
Example:
Site A:

Real Network: 10.0.0.0/255.255.252.0
NATted Network: 172.16.20.0/22

Site B:
Real Network: 10.0.0.0/255.255.255.248
NATted Network: 192.168.19.216/255.255.255.248

If 10.0.0.2 is pinged fromSite A to Site B, CyberoamNATs with 192.168.19.2 instead of 192.168.19.218.

Bug ID 12825
Description Modified IP Address of IP Hostconfigured against NATted IP Address does not come into effect and the Site to Site VPN traffic
5 of 36 04-02-2014 3:34 PM
passes with previously configured NATted IP Address, though the Web Admin Console displays the IP host updated with the modified
configuration.

Wireless LAN
Bug ID 8005
Description Wireless Clients get disconnected frequently fromWi-Fi in CRXXwi appliances.

Bug ID 11018
Description A client is unable to get authenticated via external RADIUS server, if the Wireless LAN Network Access Point parameter Security Mode is
configured either as WPA-Enterprise or as WPA2-Enterprise for CR25wi or CR35wi appliances.

Bug ID 12177
Description Wireless Clients get disconnected frequently fromWi-Fi in CRXXwiNG appliances.

Bug ID 12637
Description The tab Connected Client of Network Wireless LAN is inaccessible frequently in CRXXwiNG appliances.

1.3. V 10.04.3 Build 543
Release Dates
Version 10.04.3 Build 543 6th J une, 2013
Release Type: Maintenance Release

V 10.02.0 Build XXX 047, 174, 176, 192, 206, 224, 227, 409, 473
V 10.04.0 Build XXX 214, 304, 311, 338, 433
V 10.04.1 Build XXX 451
V 10.04.2 Build XXX 527
Upgrade procedure
instruction.
roll back.
This Cyberoamversion is compatible with the Cyberoam Central Console version 02.02.0 build 065. Please check
http://docs.cyberoam.com for availability of latest CCC firmware to deal with compatibility issues.
6 of 36 04-02-2014 3:34 PM
Revision History

Sr. No.
Old Revision
Number
New Revision
Number
Reference
Section
Revision Details
1 2.00-12/06/2013 2.01-19/06/2013 Enhancements
Data Accounting Exception fine
tuned
2 1.00-07/06/2013 2.00-12/06/2013 Enhancements Revamped the entire section
3 1.00-07/06/2013 2.00-12/06/2013
Miscellaneous
Changes
Revamped the entire section
4 1.00-07/06/2013 2.00-12/06/2013 Behavior Change Revamped the entire section
5 1.00-07/06/2013 2.00-12/06/2013 Known Behavior Revamped the entire section

7 of 36 04-02-2014 3:34 PM

Introducti on
This release comes with enhancements, and several bug fixes to improve quality, reliability, and performance.
Enhancements
1. Location-aware and Device-aware Identity-based Access Control Policy
With the growing use of wireless networks and mobile devices, companies with offices spread across geographic locations, and increasing
mobile workforce, the always-connected world is moving towards an era where location information becomes necessary for access control. To
cater to this need of the enterprises, Cyberoam, fromthis version onwards, supports configuring specific access policies to the users according
to location and network parameters like IP Address or MAC address of the device. Administrator even has an option to schedule the access
time per location.
The administrator can monitor and analyze the usage through Cyberoams user-based reports and re-align access and security policies to match
the business interests.
The feature is very useful for organizations where role-based access policy is required for employees and its guest users.
Steps to implement location-aware policy:
1. Create Application Filter policy for the applications, which you want to allow/deny if the user is accessing froma specific zone.
2. Create Web Filter policy for the Web categories which you want to allow/deny if the user is accessing froma specific zone.
3. Create Identity-based Firewall for the specific zones.
4. Attach an Application Filter and Web Filter policy created in step 1 and 2. By default, the Group's Application and Web Filter
policy is applied to the user. Until previous version it was not possible to override these policies.
Steps to implement device-aware policy:
1. Create Application Filter policy for the applications, which you want to allow/deny if the user is accessing fromthe specific IP
Address.
2. Create Web Filter policy for the web categories which you want to allow/deny if the user is accessing from the specific IP
Address.
3. Create Identity-based Firewall for the specific IP Address.
4. Attach an Application Filter and Web Filter policy created in step 1 and 2. By default, the Group's Application and Web Filter
policy is applied to the user. Until previous version it was not possible to override these policies.
Refer how to configure location-aware Identity-based access control policy for a head office employee who is visiting branch office. The
employees access control policy will change as per location.

To configure access policies to the users according to location, go to Firewall Rule Rule.
2. Password Strength Enforcement for Guest User
To use password as an effective authentication mechanism, it is necessary that password is strong enough to reduce the risk of a security
breach.
Cyberoamprovides a configurable password strength policy whereby Administrator can enforce password length and complexity making it
difficult for an attacker to guess Cyberoams auto-generated password. This helps protect the user account frombeing compromised.
The administrator can configure password length and complexity fromIdentity Guest Users General Settings.
The password can be of three (3) to sixty (60) characters in length. The password can be numeric, alphabetic or a combination of alpha-numeric
and special charaters. The default password is alpha-numeric and eight (8) characters long.
The password strength configuration is applicable only when a new password is generated.
3. Data Accounting Exceptions
By default users network traffic is considered in data accounting. From this version onwards, the Administrator has the flexibility of excluding
certain traffic fromthe user data accounting.
The option to exclude accounting is provided in the Firewall rule and is visible only when identity is selected. When an administrator creates a
user-based firewall rule and excludes the traffic from accounting, the traffic allowed through this firewall rule will not be accounted towards data
transfer for the user. Traffic allowed through the non-identity based firewall rule will not be accounted.
This traffic will not be included in the user accounting reports - Internet Usage report and My Account reports, but will be included in the firewall
activity reports.
This feature is useful in enterprises that have application servers hosted at the head office or in the Cloud and, the CyberoamAdministrator
wants to exclude this traffic from data accounting.

To exclude traffic fromdata accounting, go to Firewall Rule Rule and enable Bypass User Data Transfer Accounting.
4. Visibility and Protection Within Trusted Zones
8 of 36 04-02-2014 3:34 PM
From this version onwards, an Administrator can monitor and block traffic within trusted zones (LAN and DMZ) and outbound traffic using the
Application Filter and Web Filter policies configured in Firewall Rule. For example, it is possible to block the use of the J abber instant messaging
(IM) within the organization.
With this enhancement, an Administrator can apply Application Filter and Web Filter policies on the following Firewall Rules:
Destination Zone
Source Zone
LAN DMZ Local VPN WAN
LAN P P O P P
DMZ P P O P P
VPN P P O P P
WAN O O O O O
Prior to this version, Application Filter and the Web Filter policy could be configured only on web traffic (LAN to WAN) in a Firewall Rule.
To configure Application Filter Policy and Web Filter Policy for internal traffic, go to Firewall Rule Rule.
5. Optimized Virtual Machine Image Size
Cyberoams Virtual UTM image size is now approximately 350MB - reduced by approx 600MB to save bandwidth and download time.
Customers can download Virtual UTM distribution package fromthe customer portal.
6. Granular Outbound Spam Configuration from Web Admin Console
Now Administrator can configure Outbound SpamFilter policies from Web Admin Console. The administrator can configure granular control in
terms of blocking, allowing or quarantining mails from specific email addresses, IP Address or Domain. The administrator also has a flexibility to
reject, drop, or change the mail receiver if the email is identified as spam. These configurations are available through Anti Spammenu.
Subscription details
Prior to this version, it was not possible to configure Inbound and Outbound spam filtering simultaneously. From this version onwards, Cyberoam
can scan both inbound and outbound SMTP emails for spamto stop wasting employees time and mail servers resource and stop your mail
server from getting blacklisted.
Changes on the Web Admin Console
Once the Outbound Spam module is subscribed, to differentiate between inbound and outbound configuration word Inbound will be prefixed to
all the UI labels, for example, label Anti Spam Module Has Identified Mail As will be displayed as Inbound Anti Spam Module Has Identified
Mail As.
Changes in Reports
Following reports will be renamed to represent the Inbound spam activity:
Report Name
(when only Anti Spam module is
subscribed)
Report Name
(when both Anti Spam and Outbound Spam
modules are subscribed)
Top Spam Recipients Top Inbound SpamRecipients
Top Spam Senders Top Inbound SpamSenders
Spam Reports
Cyberoam-iView provides reports for Outbound spamactivities taking place in organization network. The report includes senders, recipients,
and countries. It helps the administrator to identify compromised accounts and zombie computers in the network and take a corrective action.
View following outbound spamreports from Reports Spam:
1) Top Outbound Spam Recipients
2) Top Outbound Spam Senders
3) Top SpamReceiving Countries
To configure Outbound Spam Filter policies, go to Anti Spam Spam Rules Spam Rules.
7. Protection against Abuse of Administrative Privileges
Fromthis version Cyberoam supports a new entity named Administrator User - added in Profile under Identity Configuration. The administrator
with Read-Write permission for this new entity will be able to create new administrator accounts, change password of other administrator
accounts and control their permission levels. The administrator with Read-Only permission will only be able to change their own password and
Email Address.
Go to the System Administration Profile and under Identity Configuration, configure access rights of the entity Administrator Users.
After migrating or upgrading to this version, original permissions will be retained for all the profiles except Security Admin profile. Read-Only
permission is set for Administrator User entity in Security Admin profile.
8. ConnectWise Third-Party Integration
ConnectWise enables the organizations to connect and communicate through one unified and integrated operational platform. It provides
9 of 36 04-02-2014 3:34 PM
organizations with integration and management of Help Desk, Services, Sales, Marketing, Finance, Project etc. through a single operational
platform.
With this version, Cyberoam-iView allows the administrator to send a set of data to the ConnectWise server. The administrator can now view
this data as reports on the ConnectWise server without logging into CyberoamUTM.
To integrate ConnectWise with Cyberoam-iView, log on to Cyberoam-iView and go to System Configuration ConnectWise. To know more,
refer to CyberoamIntegration with ConnectWise.
Once integrated, the following Cyberoam reports will be displayed on the ConnectWise server:
Cyberoam Reports ConnectWise Reports
Web Usage Top Domains Top Sites
Blocked Web Attempts Top Denied
Domains
Filtered Sites
Internet Usage Top Users Bandwidth
Attacks Top Attacks Intrusion
9. Two Factor Authentication Support for Captive Portal
Fromthis version Cyberoam supports two factor authentication for the Captive Portal users. When two factor authentication is configured on the
third-party Authentication Server, the user has to provide two means of identification. The user will either have to provide One-Time Password
(OTP), PIN or challenge-response token as well as the fixed password to log on into Cyberoam Captive Portal as configured in third party
authentication servers like RSA or FreeRadius server.
10. Controlled Access to a Specific Page on a Web Site
Fromthis version onwards, Cyberoam allows the Administrator to provide the complete URI of specific domain to be allowed or blocked. This
will facilitate the Administrator to control a specific page on a website, without using a blanket-blocking rule to block the full Website.
A URI is a combination of a Uniform Resource Locator (URL) and a Uniform Resource Name (URN).
Example:
URI http://www.testofuri.com/url/name-of-domain.html
URL http://www.testofuri.com/url/
URN name-of-domain.html
Prior to this version, only URLs were supported in the Domain field of parameter Domain/Keyword.
To add a URL in the Web Category, go to Web Filter Category Category and add URI in the Domainfield of the parameter
Domain/Keyword.

Mi scel l aneous Changes
1. Configure Mail Server Address as a FQDN or an IP Address
Fromthis version onwards, configure Mail Server Address as a FQDN or an IP Address.
This flexibility will help the Administrator to change the IP Address of a host without affecting name-based queries to the machine.
To configure go to the System Configuration Notification.
2. Validate Mail Server Configuration
Use Test Mail option to send a test mail to validate the mail server configuration and connectivity. Administrator can check the System Logs from
Log Viewer to ascertain the reason of failure if Cyberoam is not able to send the test mail.
To configure go to the System Configuration Notification.
3. Usability Improvement - Labeled Buttons
For ease of use following icons on the top left panel on the Cyberoam screen are labeled:
Dashboard
Wizard
Report
Console

Behaviour Change
VPN Services
Minimum one policy is required to access VPN services like SSL / IPSec / L2TP / PPTP. On deleting all the policies, the respective service will
not be available.
10 of 36 04-02-2014 3:34 PM
To use GRE tunnel, service should be enabled.
Guest User Registration Portal
Guest User Registration portal now uses on port 8090 instead of port 80.

Known Behaviour
SSL VPN Client Version 1.2.7
The user automatically is logged into Cyberoam even when Autologin and Save Username and Passwordoptions are disabled.
Bugs Sol ved
Anti Spam
Bug ID 13461
Description User does not receive Spam Digest Emails fromCyberoamas per the Quarantine Email Frequency configured from Anti
SpamDigest Settings page.
CLI
Bug ID 8755
Description DHCP name value gets truncated after space or special characters, on configuring it from Cyberoam Console.
GUI
Bug ID 12823
Description CPU utilization is high in CR35XXXX and lower appliances, if the parameter Update Mode is selected as Appliance will
fetch updates fromCentral Management and Connection protocol as HTTPS on the Central Management page of System
Administration.
Bug ID 12958
Description The default country code selected at Guest Users General Settings page is not reflected on the Guest User Registration
page, if there exists more than one country having same country code.
Bug ID 13459
Description IPSec VPN Tunnel Connection "Status" button for indicating partial connection is blue in color instead of yellow in iNG
appliances.
IPS
Bug ID 11754
Description Categories cannot be edited while adding a new IPS Policy.
Network
Bug ID 12440
Description PPPoE interface do not receive an IP Address, if Cyberoam sends a connection request to the PPPoE server before the
interface turns on.
Proxy
Bug ID 11433
Description Windows updates are getting failed, if Cyberoam is configured as a direct proxy or HTTPS scanning is enabled from
Firewall Rule.
Report
Bug ID 12647
Description An error message Internal server error is displayed for Version 9 reports, on upgrading the Cyberoam Firmware to
Version 10.04.1 Build 451.
SSL VPN
Bug ID 112
Description A warning message Glob.mdb file not found. Localization will not be available. is displayed on rebooting the Windows
machine, though the SSL VPN Client is successfully installed on it.

Bug ID 151
Description SSL VPN tunnel gets disconnected after 60 minutes in Windows XP, 7 and 8 with SSL VPN Client Version 1.1.7.

Bug ID 160
Description SSL VPN Client cannot add more than 54 routes.

Bug ID 13377
Description SSL VPN Application Access Mode does not get initiated, on upgrading J ava to Version 7 update 21.
11 of 36 04-02-2014 3:34 PM
User
Bug ID 12898
Description User accounting does not reset on clicking Reset User Accounting from Users Identity page, if multiple users log into
Cyberoam using Web Portal, Corporate Client and iOS Web Client.
Virtual CR
Bug ID VCR-51
Description At the time of shut down, HyperV halted.
VPN
Bug ID 10469
Description Avaya phone fails to reconnect to VPN, when the phone restarts while the VPN connection is live.
Bug ID 11066
Description Multiple IPSec VPN tunnels could not be created for different local subnets having same remote network using different IPS
links.
Bug ID 13152
Description Administrator does not receive an Email Alert when IPSec Tunnel connection flaps and fails to re-establish connection after
detecting a dead peer, even if the parameter Action When Peer Unreachable is selected as Re-initiate on VPN Policy page.
WAF
Bug ID 11024
Description A website opens partially, if the websites HTML data includes incomplete end tags and WAF is enabled from the Firewall
Rule.
Bug ID 12162
Description The website http://gozaresh.shaparak.com does not open, if WAF is enabled fromFirewall Rule.

1.4. V 10.04.2 Build 527
Release Dates
Version 10.04.2 Build 527 25th March, 2013



V 10.02.0 Build XXX 047, 174, 176, 192, 206, 224, 227, 409, 473
V 10.04.0 Build XXX 214, 304, 311, 338, 433
V 10.04.1 Build XXX 451

Upgrade procedure
To upgrade the existing CyberoamAppliance follow the below given steps:
Upgrade the Cyberoam to 10.01.0472 selecting
instruction.
By doing this, the customer will not be able
to roll back.
Upgrade Cyberoam to latest version by selecting
option 10.01.0472 or higher and follow
Firmware is Appliance model-specific firmware. Hence, firmware of one model will not be applicable on another model and upgrade will not be
12 of 36 04-02-2014 3:34 PM
This Cyberoamversion release is compatible with the Cyberoam Central Console V 02.02.0 Build 051.
Please always check http://docs.cyberoam.comfor availability of latest CCC firmware to deal with this compatibility issue.
13 of 36 04-02-2014 3:34 PM
Revision History

Sr. No.
Old Revision
Number
New Revision
Number
Reference
Section
Revision Details
- - - - -

14 of 36 04-02-2014 3:34 PM

Introducti on
This release comes with a few enhancements and a bug fix to improve quality, reliability and performance.

Enhancements

1. USB Support for Dial-In (CR15iNG & CR15wiNG models only)
Fromthis version onwards, Cyberoam supports DB9 modemwith USB port. Further, USB modem can also be connected directly to the USB port of
the Appliance.
Cyberoamsupports following ports across CR15XXX Appliances:
Type of Port Cyberoam Appliance Behavior
Serial Port
CR15i
The appliance will reboot
automatically on serial dial-in
enable/disable.
CR15wi
USB Port
CR15iNG
The appliance will not reboot
automatically on serial dial-in
enable/disable.
CR15wiNG
DB9 and USB modem both can be physically connected to the USB ports simultaneously. But, request will be served only through the modem which is
detected first by Cyberoam.

2. Power Management Support for Virtual Cyberoam
Fromthis version onwards, graceful shut down is supported for VMware Workstation and ESX. One can shut down using options Shut Down Guest
or Restart Guest.
Prior to this version, using these options fromthe VMware brought the system to an abrupt halt.

3. Static IP Address Assignment Support for L2TP and PPTP VPN Users
Fromthis version onwards, static IP Addresses can be assigned to L2TP and PPTP users.
Prior to this version, IP Address was leased from the configured IP Address range.
To configure Static IP Address for L2TP and PPTP users, go to Identity Users Users.

4. Lease IP Address Through RADIUS Server to L2TP And PPTP VPN Users
Fromthis version onwards, apart fromauthenticating users, Radius Server can now also be used to lease IP Address to L2TP and PPTP users.
If the option Allow leasing IP Address from Radius server is enabled, the configured IP Address is overridden with the IP Address provided by the
Radius Server.
Prior to this version, Radius Server was used only for authentication.
To allow Radius Server to lease IP Address to L2TP user, go to VPN L2TP Configuration and enable Allow leasing IP Address from Radius
server. By default, it is in disable mode.
To allow Radius Server to lease IP Address to PPTP user, go to VPN PPTP Configuration and enable Allow leasing IP Address from Radius
server. By default, it is in disable mode.

In no IP Addresses are configured on the Radius Server, the Static IP Address configured for the user will be assigned, else IP Address will be leased
from configured IP Address Range.

5. Guest User Registration Enhancements
Configure default country code
Fromthis version onwards, Cyberoam allows the Administrator to configure a default country code on the Guest User Registration page.
To configure default Country Code, go to Identity Guest Users General Settings and select Default Country Code.

Option to Disable CAPTCHA Verification For Guest User Registration
Cyberoam now allows the Administrator to Enable or Disable CAPTCHA (Completely Automated Public Turing Test To Tell Computers and
Humans Apart) verification on Guest User Registration page. By enabling CAPTCHA Verification the administrator can protect Cyberoamagainst
15 of 36 04-02-2014 3:34 PM
attacks generated by automated programs.
By default, CAPTCHA Verification is enabled.
To disable CAPTCHA Verification on Guest User Registration page, go to Identity Guest Users General Settings and enable/disable
CAPTCHA Verification.

6. Captive Portal Enhancements
Fromthis version onwards, the tab-title on the Captive Portal login screen of HTTP/HTTPS Web Client User Portal is renamed as Captive Portal.
In previous versions, the tab-title was Cyberoam.

7. SMS Gateway Enhancement
Cyberoamnow supports using both HTTP and HTTPS URL to send an SMS request to external SMS Gateway. The service provider defines the
URL protocol.
Prior to this version, Cyberoamsupported only HTTP URLs.
To configure URL for SMS Gateway, go to Identity Guest Users SMS Gateway.

8. OpenVPN Connect Support for Apple iOS
Fromthis version onwards, Cyberoam supports OpenVPN Connect application in iOS. Using this application the user can connect to Cyberoamusing
SSL VPN.
For further details, refer to How To Configure SSL VPN for iPhone/iPad using OpenVPN Connect.

Bugs Sol ved
SSL VPN
Bug ID 12429
Description Active Directory User cannot log in through the SSL VPN Portal and SSL VPN Client, if the user has a domain name with i18n
characters.

1.5. V 10.04.1 Build 451
Release Dates
Version 10.04.1 Build 451 7th March, 2013



V 10.02.0 Build XXX 047, 174, 176, 192, 206, 224, 227, 409, 473
V 10.04.0 Build XXX 214, 304, 311, 338, 433
Upgrade procedure
instruction.
Upgrade Cyberoamto latest version by selecting
16 of 36 04-02-2014 3:34 PM
roll back.
Firmware is Appliance model-specific firmware. Hence, firmware of one model will not be applicable on another model and upgrade will
not be successful. You will receive an error if you are trying to upgrade Appliance model CR50iNG with firmware for model CR100iNG.

This Cyberoamversion release is not compatible with the Cyberoam Central Console.

Revision History

Sr. No.
Old Revision
Number
New Revision
Number
Reference
Section
Revision Details
1.
1.04
-06/03/2013
1.05
-14/03/2013
Compatibility
Annotations
No CyberoamCentral Console
Support for this Cyberoam
Firmware.
2.
1.04
-06/03/2013
1.05
-14/03/2013
Enhancement:
Backup Restore
Compatibility for
CyberoamWi-Fi
Appliances
Removed the mention of wiand
wiNGseries of appliances in
Note.
Introducti on
This release comes with new features, few enhancements and several bug fixes to improve quality, reliability and performance.

Enhancements
1. Backup Restore Compatibility for Cyberoam Wi-Fi Appliances
Fromthis version onwards, the backup of CR (i or ia or iNG) series can be restored on CR (wi or wiNG) series, but vice-versa is not true.
Also, the backup of CyberoamVirtual Appliance can be restored on CR wi series and CR wiNG series, but vice-versa is not true.
The facility to restore backup of CR i series on CR wi series is applicable fromVersion 10.01.0.667 and above.
To restore backup of physical appliance (i series, ia series, iNG series) to Virtual Appliance, equal or more number of ports must be
created in Virtual Cyberoam Appliance.
For further information, refer Backup Restore Compatibility Matrix.

2. Time and Data Transfer Threshold based iOS User Logout
Fromthis version onwards, Cyberoam supports data transfer and inactivity timeout thresholds to logout iOS Web Client user.
With this enhancement, once the user logins in Cyberoam using Captive Portal, a periodic check for the total data transferred is done at every
three (3) minutes of the configured time period. If the total data transferred in the given time period is equal or more than the configured data
transfer value, the user continues to remain logged in and the timer is reset. However, if the total data transferred is less than the configured
value, the user will be logged out.
Prior to this version, the user had to login every time from iOS device for accessing Internet, if the device was kept idle.
Example:
Inactivity Timeout =13 minutes
Data Transferred Threshold =2500 Bytes
In this case, the user is logged out if the data transferred is less than 2500 Bytes for 5 consecutive cycles of 3 minutes each. Here the number
of consecutive cycles is derived:
Number of consecutive cycles =(Inactivity Timeout value / 3 minutes)
=13 minutes/3 minutes
=4.33
~5 (Ceiling Value)
Logout on Browser close and Keep Alive Request for Captive Portal is not supported with iOS device.
17 of 36 04-02-2014 3:34 PM
Client type iOS Web Client , is displayed on Web Admin Console of Cyberoam Live Users page.

Known Behavior
A user cannot logout once authenticated with Cyberoam using Captive Portal, if the device uses following iOS and MAC OS platforms:
iOS MAC OS X
6, 6.0.1, 6.1 and onwards 10.7 Lion
10.8 Mountain Lion
This behavior is due to the Apple OS feature Captive Network Assistant. The user will be logged out in case of following events:
Inactivity time-out
Administrator disconnects the User from Live User Page
To configure logout based on data transfer and inactivity on iOS device, go to Identity Authentication Firewall and specify Inactivity
Time and Data Transfer Threshold in the section iOS Web Client Settings.

3. SMS Gateway Enhancements
Fromthis version onwards, Cyberoam supports sending SMS request to SMS Gateways that uses one of the following HTTP methods:
Get
Post
By default, Cyberoam supports SMS Gateways with HTTP method Post .
The service provider defines the method to be used for sending SMS request.
Prior to this version, only HTTP Method Post was supported for sending SMS request to SMS Gateway.
To configure HTTP Method for SMS Gateway, go to Identity Guest Users SMS Gateway.
Also, from this version onwards, Administrator is allowed to configure the prefix value to be used with the cell number.
Number Prefix precedes the Country Code and the cell number, in case service provider defines to use both, the Number prefix and the Country
Code.
Example:
Number Prefix Country Code Cell Number Cell Number Format

99XXXXXXXX 99XXXXXXXX

(Country: India=91)
99XXXXXXXX 9199XXXXXXXX
(Number Prefix: +)
99XXXXXXXX +99XXXXXXXX
(Number Prefix: +)
(Country: India)
99XXXXXXXX +9199XXXXXXXX
Number Prefix can include alpha-numeric and ASCII special characters. It can be up to 4 characters long.
The service provider defines the prefix value to be used.
To configure Number Prefix for SMS Gateway, go to Identity Guest Users SMS Gateway.

Fromthis version onwards, Administrator can use up to 6000 characters to configure the Captive Portal Login Page Header or Footer.
Prior to this version, upper threshold limit was 3000 characters.
To configure the Header or Footer of Captive Portal Login Page, go to System Configuration Captive Portal.
Further, from this version onwards, Cyberoam allows the Administrator to customize the availability of the User My Accountlink on Captive
Portal page.
18 of 36 04-02-2014 3:34 PM
To customize User My Account Linkon Captive Portal page, go to Identity Authentication Firewall and enable/disable My Account Link.
By default, it is in enable mode.
Prior to this version, My Account Linkwas not configurable and the User My Account link was available on the Captive Portal page.

5. i18n Support for SSL VPN Client
Fromthis version onwards, Cyberoam provides i18n support for SSL VPN Client.

Bugs Sol ved
Anti Spam
Bug ID 11223
Description Emails rejected by CyberoamIP Reputation are not filtered with Action selected as Rejectin Log Viewer Anti Spam, due
to mismatch in the case of word REJ ECT.

Bug ID 11414
Description Emails scanned by Cyberoamare converted into unreadable text, on upgrading the CyberoamFirmware from Version
10.02.0.224 to Version 10.04.0.304, if SMTP protocol is integrated with DKIM.

Anti Virus
Bug ID 10940
Description A file eicar.com.txt attached in an Email over SMTP protocol is not detected by Anti Virus module.

Backup-Restore
Bug ID 11814
Description Backup fromCR15iNG and CR15wiNG cannot be restored on CR15i and CR15wi, if backup is configured with SSL VPN
Bookmark.

NTLM
Bug ID 9436
Description User do not get authenticated via NTLM, if Active Directory is installed on VMware workstation.

Proxy
Bug ID 3943
Description YouTube videos integrated on any website cease to function, if the parameter Enforce Safe Search is enabled fromWeb
Filter Settings page.
Bug ID 7073
Description The website http://www.treasury.gov/ofac/downloads/t11sdn.pdf cannot be opened in direct proxy deployment mode.

Bug ID 10867
Description NTLM authentication fails and HTTP/S based Web Access often drops, if NTLM reinitializes due to flapping of Active
Directory connection.

Reports
Bug ID 10309
Description Administrator receives a blank Email, if a parameter "Send email at" of Email Frequency is configured between 1amto 3am
in On-Appliance iView.

Bug ID 10931
Description On-Appliance iView Report Notification ceases to function, if a CustomView report having a bookmark is configured for
parameter "Report Group" from Add Report Notification page.

Bug ID 10958
Description Report Notification cannot be edited on migrating to Cyberoam Firmware Version 10.02.0.0473 or higher, if description was
not provided while adding an On-Appliance iView Report Notification in the Firmware Version older than 10.01.0.0667.

Bug ID 11262
Description Administrator receives blank Report Notification Emails for Web Usage, Top Attack and Block Attempts, if multiple report
notifications are configured with the same time from the Report Notification of System in On-Appliance iView.

Bug ID 11360
Description The Virus Report Notification Mail do not display logs for Top Users-Web Virus Reportson upgrading the Cyberoam
Appliance Firmware to Version 10.02.0473 or above.
19 of 36 04-02-2014 3:34 PM

SSL VPN Client
Bug ID 11698
Description Resources cannot be accessed, if the username does not have proper case while logging into SSL VPN Client.

VPN
Bug ID 11977
Description Site to Site VPN ceases to function, on upgrading the Cyberoam Firmware from Version 10.02.0.473 to Version
10.04.0.311, if a Local Subnet is NATted with a single IP Host fromIPSec VPN Connection page.

Web Filter
Bug ID 3553
Description An improper message is displayed on Web Admin Console while adding a domain if the keyword for it is already existing.

1.6. V 10.04.0 Build 433
Release Dates
Version 10.04.0 Build 433 11th J anuary, 2013



V 10.02.0 Build XXX 047, 174, 176, 192, 206, 224, 227, 409, 473
V 10.04.0 Build XXX 214, 304, 311, 338
Upgrade procedure

instruction.
roll back.

Firmware is Appliance model-specific firmware. Hence, firmware of one model will not be applicable on another model and
upgrade will not be successful. You will receive an error if you are trying to upgrade Appliance model CR100ia with firmware for
model CR500ia.
This Cyberoamversion release is compatible with the Cyberoam Central Console.

Revision History
Sr. No.
Old Revision
Number
New Revision
Number
Reference
Section
Revision Details
20 of 36 04-02-2014 3:34 PM
1.
1.00
-10/01/2013
1.01
-25/01/2013
Enhancements
Modes for SSL VPN Passphrase
Reception

Introducti on

Enhancements

1. Modes for SSL VPN Passphrase Reception
Fromthis version onwards, Cyberoam provides option to select a mode using which the Administrator receives SSL VPN Certificate
Passphrase. The Administrator can select fromone of the following modes to receive the SSL VPN Passphrase:

Client Bundle 1.
On-screen Link 2.
Email 3.
SSL VPN tunnel is established once the user is authenticated with SSL VPN Client and the Certificate is authenticated using the Passphrase.
If SSL VPN Passphrase is chose to be received via Email, it is mandatory to configure Email Address from Identity Users Users and SMTP
Mail Server from System Configuration Notification in the section Mail Server Settings.
To configure the mode for receiving the Passphrase, go to System Administration Settings and select fromthe options available against
parameter "Receive Passphrase via" of section SSL VPN Settings.
By default, the Administrator receives the Passphrase in the SSL VPN Client Bundle.
Prior to this version, passphrase for certificate authentication was delivered in SSL VPN client bundle.
1. Manage Cyberoam Appliance(s) behind any NATed Device Through CCC
Fromthis version onwards, the administrator can configure and manage Cyberoam appliance(s) which are deployed behind any NATed device. This
feature was not available in prior versions.

To manage configuration updates, go to System Administration Central Management.

CCC Firmware Version Supported: 02.01.4 Build 072

2. Report Export Customization
With this version, CyberoamiView allows the administrator to customize maximumlimit of records to be exported to MS-Excel.
Prior to this version, the administrator was allowed to export a maximumof 1000 records at a time. Now this limit can be set as follows:
Model Number Maximum Records per Widget
CR 25ia/25wi
CR 25iNG/6P
CR 25wiNG/6P
CR 35ia/35wi
CR 35iNG/35wiNG
CR 50ia
CR 100ia
10000
CR 50iNG
CR 100iNG
CR 200i
CR 300i
25000
CR 500ia/RP/F/10F
CR 750ia/1F/10F
50000
21 of 36 04-02-2014 3:34 PM
CR1000ia/10F
CR 1500ia/10F
CR 2500iNG

The administrator can also configure Start Record number and End Record number to be exported if all the records are not needed.
To enable Export Customization option, go to System Configuration Data Management and enable Export to Excel Parameters
Customization.
By default this option is disabled and the record export limit is 1000 records, per report type.
It is recommended to export the records during the time interval when the network traffic is minimal as this process will increase system resource
utilization and it might adversely affect the appliance performance.
22 of 36 04-02-2014 3:34 PM
Bugs Sol ved
Anti Spam
Bug ID 11388
Description Commtouch (CTCH) headers are displayed in the auto generated Emails, if SMTP or POP3 or IMAP scanning is enabled from the
Firewall Rule.

DHCP Relay
Bug ID 10645
Description DHCP Relay service do not start when IPSec VPN is configured on dynamic interface and DHCP Relay is configured on it.

Firewall
Bug ID 11328
Description Virtual Host for VPN zone cannot be created on migration fromVersion 9 to Version X, if there exist customized zones before the
migration, leading to a mismatch in zone type and zone ID.

Bug ID 11564
Description Virtual Host ceases to function on migrating Cyberoamappliance to 10.04.0.304, if it is configured on multiple WAN PPPoE
interfaces to single mapped IP Address.

GUI
Bug ID 9010
Description Web Admin Console is accessible if user navigates to it using "Back" and "Forward" button in succession, even though option
"Lock Admin Session" is selected.

Bug ID 9494
Description The parameter QoSon the Firewall Rule page displays None, on editing a Firewall Rule having QoS policy already applied to
it.

Bug ID 10443
Description Test connection result for Guest User SMS Gateway displays the country code of Afghanistan, if it is tested without providing a
country code.

Bug ID 10499
Description An error message Web Server not exists to Add Exceptionis displayed while configuring an exception from the WAF Alert page,
if the Web Server name contains a special character underscore ( _ ).

Bug ID 11145
Description A keyword configured with space in CustomWeb Filter Category of Web Filter prior to firmware version 10.04.0.214 cannot be
deleted, if Cyberoamfirmware is upgraded to firmware version 10.04.0.214.

Bug ID 11533
Description Background colors are not reflected on Captive Portal header and footer while viewing the preview of its configuration.

Bug ID 11555
Description The Category parameter Action do not get updated to Allow Packet on editing, if the Recommended Action against the
signature is Drop Packet in the IPS Policy.

Bug ID 11586
Description The words Anti Virus and Definition are mis-spelled as Antivurs and Defination on the Log Viewer page of Logs & Reports.

Bug ID 11602
Description The Web Admin Console becomes inaccessible and an error message Internal server Error is displayed, if the backup file of
CR25ia is restored on CR25iNG and both of the appliances have different themes configured.

High Availability
Bug ID 11345
Description IP Address based Virtual Host ceases to function when the WAN interface is configured as a monitoring port in Active-Active mode
of HA and both the appliances are rebooted simultaneously.

Network
Bug ID 11383
Description 3G Gateway status is displayed as Active although, the 3G modem is unplugged.

Bug ID 11545
23 of 36 04-02-2014 3:34 PM
Description DHCP Server do not lease IP Address to WLAN Clients, if the LAN and WLAN are in same subnet.

SSL VPN
Bug ID 11486
Description Application Access Mode fails to initiate, if the parameter Select Client Certificate is blank while configuring Tunnel Access from
SSL VPN.

System
Bug ID 11448
Description Picture fails to appear during a video conference, if the number of channels exceeds the protocol h323s default unidirectional
channel limit of 4.

User
Bug ID 10286
Description Guest users do not get purged automatically on expiry of user validity though the option "auto purge" is enabled.

Bug ID 11403
Description An error message is displayed while testing the Authentication Server connection on the French language Web Admin Console, if
the parameter Display Name Attribute is left blank while adding it.

VPN
Bug ID 5438
Description Branch office does not re-initiate the connection automatically once disconnected even when Action on VPN Restart is set to
Initiate. One has to manually re-connect or set re-key margin as zero.

Bug ID 9935
Description Cyberoamdo not allow opening the configuration management of L2 switch while deploying Cyberoam in Bridge Mode, if L2
switch is configured in LAN Network of the Head Office and is accessed via the Branch Office.

Bug ID 11444
Description VPN to Static link failover occurs 10 minutes after the tunnel goes down, if IPSec routes do not get flushed fromCyberoamon
Dead Peer Detection (DPD).

Bug ID 11557
Description Connection list of IPSec-VPN traffic do not get flushed on disabling an IPSec-VPN connection from any peer end.

Bug ID 11640
Description Dead Gateway Detection (DGD) service ceases to function, if VPN Connection is configured with name as VPN and added in VPN
Failover Group.
1.7. V 10.04.0 Build 214, 304, 311, 338
Release Dates
Version 10.04.0 Build 214 24th September, 2012
Version 10.04.0 Build 304 19th November, 2012
Version 10.04.0 Build 311 04th December, 2012
Version 10.04.0 Build 338 12th December, 2012
Release Type: General Availability



V 10.02.0 Build XXX 047, 174, 176, 192, 206, 224, 227, 409, 473
V 10.04.0 Build XXX
Upgrade procedure
24 of 36 04-02-2014 3:34 PM
instruction.
roll back.

Firmware is Appliance model-specific firmware. Hence, firmware of one model will not be applicable on another model and upgrade will not be
successful. You will receive an error if you are trying to upgrade Appliance model CR100ia with firmware for model CR500ia.

This Cyberoamversion release is compatible with the Cyberoam Central Console.


Revision History

Sr. No.
Old Revision
Number
New Revision
Number
Reference
Section
Revision Details
1.
1.00
-24/09/2012
1.00
-19/11/2012
Enhancement
Added enhancement Access
Denied Page Optimization
2.
1.00
-24/09/2012
1.00
-19/11/2012
Bugs Solved
A bug (Bug ID 11463) is added to
Certificate.
3.
1.00
-19/11/2012
1.00
-04/12/2012
-
Added LAN Bypass support for
CyberoamAppliances CR50iNG
and CR100iNG.
4.
1.00
-04/12/2012
1.00
-12/12/2012
Features
Appliances not supporting
Outbound Spam list now includes:
CR15iNG, CR15wiNG, CR25ia,
CR35ia and CR1000i

Introducti on
This document contains the release notes for CyberoamVersion 10.04.0 Build 214, Version 10.04.0 Build 304, Version 10.04.0 Build 311 and Version
10.04.0 Build 338. The following sections describe the release in detail.


Features
1. Compatibility with CISCO VPN Client
Fromthis version onwards, Cyberoam is compatible with Cisco IPSEC VPN client.
This feature enables Cisco IPSec VPN clients to establish an IPSec connection with Cyberoam.
To support this feature, a new page CISCO VPN Clientis added on Web Admin Console. An IPSec connection that would serve Cisco IPSec VPN
Clients must be created using this page.

Compatibility
1. At present only the native Cisco IPSEC client, present in Apple iOS (iPhone and iPad) and Windows are supported. The details of the
versions supported are as provided below:
Apple iOS
Windows
Windows OS Cisco Desktop Client
4.3 Win XP- all service packs V 4.1 and 4.8
5.0.1 Win 7 V 5.0 Beta Version
5.1.1 Windows Vista V 5.0 Beta Version
Known Behavior
25 of 36 04-02-2014 3:34 PM
1. Apple iOS versions 5.0 onwards do not send any notification to Cyberoam when IPSec connection serving Cisco IPSec VPN Clients gets
disconnected. The connection and route will be cleared from Cyberoam using Dead Peer Detection (DPD) after approximately 20 seconds and
then the same client will be able to reconnect.
2. When there is no data transfer, Apple iPhone disconnects the IPSec connection serving Cisco IPSec VPN Clients.
3. When any clients are already connected and the CISCO VPN Client page is submitted, they will be disconnected and IP Address pool will
be reinitialized.
CISCO VPN Client is available for download only to users that are authorized by the Administrator.
IPSec connection serving Cisco IPSec VPN Clients can be configured from VPN Cisco VPN Client CISCO VPN Client.
2. L2TP Over IPSec VPN Support for Android Devices
Fromthis version onwards, Android device as a L2TP/IPSec Client will be supported by Cyberoam.
User will be able to connect and access CyberoamL2TP/IPSec via an Android device using Pre-Shared Key authentication.
No special configuration is required in CyberoamWeb Admin Console or CLI.
Androi d Compati bl e Versi on: 2.1 clair, 2.2.x Froyo, 2.3.x Gingerbread, 3.x Honeycomb
Enable Add L2TP/IPSec PSK VPN option of Android device to configure VPN tunnel.

This feature has a backward compatibility support from version 10.01.0 Build 667 onwards.

3. Outbound Spam
Fromthis version onwards, Cyberoam will provide Outbound Spam to identify internal Spam. This feature will help the Internet Service Providers (ISPs)
to identify and block any user trying to send spam mails by utilizing their network.
Outbound Spam filtering is a subscription module.
Inbound Spam filtering and Outbound Spam filtering are mutually exclusive. On subscribing to Outbound Spam, Inbound Spam filtering will
stop. Inbound Spam filtering will resume when the subscription of Outbound Spam expires.
This feature is not available in Cyberoam Models CR15i, CR15wi, CR15iNG, CR15wiNG, CR25i, CR25ia, CR25wi, CR35ia, CR35wi, CR50i,
CR100i, CR250i, CR500i, CR500i-8P, CR1000i, CR1500i.
To view logs, go to Logs & Reports Logs Viewer and select option Anti Spam for parameter View logs for .

4. YouTube Education Filter
Fromthis version onwards, Cyberoam will allow access to YouTube videos deemed as educational via a special portal YouTube EDUwhile being
within a school network.
YouTube EDU consists of two sections, YouTube.com/Teachersand YouTube for Schools.
YouTube.com/Teacherseducates teachers how to make optimum use of YouTube within the classroom. On the other hand, YouTube for Schools is
a network setting, which redirects the video traffic, making it possible for schools that block YouTube to unblock and allow access to YouTube EDU
(Youtube.com/education). The teachers and Administrators decide what videos must be made available to the students, making a safe and a controlled
environment for students.
To allow educational videos via Cyberoam, school authority is required to get the school registered for "YouTube for School". On registration, a custom
HTTP Header with a unique ID will be displayed on the browser page.
E.g. X-YouTube-Edu-Filter:HMtp1sI9lxt0KAVpcg88kQ
1. Field Name: X-YouTube-Edu-Filter
2. Field Value Format: Alphanumeric [a-z][A-Z][0-9]
3. Field Value Length: up to 44 characters
To allow YouTube EDU via Cyberoam, go to Web Filter Policy Policy and specify the unique ID in the textbox against parameter YouTube
Education Filter .
As per recommendations of YouTube, it is mandatory to ensure the videos and following top-level domains are not blocked:
1. youtube.com
2. ytimg.com

To access https://www.youtube.com, HTTPS scanning must be enabled.

5. 4G LTE Modem
Cyberoamwill now support DHCP enabled 4G LTE services on Wi-Fi modems. With this feature, Cyberoam provides support for the following:
1. Connection to 3G/4G networks
2. DHCP Modems
26 of 36 04-02-2014 3:34 PM
3. Modem plug-in and plug-out auto detection
4. Auto Connect type of behavior if the same modemis re-plugged in
Further, Cyberoam provides recommended values (auto detected) for modemconfiguration.
To configure a 4G modem, go to Network Wireless WAN Settings.

CLI Commands
1. Command: cyberoam wwan query serialport <serialport> ATcommand <AT command>
To view the Wi-Fi modeminformation (if plugged - in)
E.G. cyberoam wwan query serialport 0 ATcommand ati

2. Command: cyberoam wwan show
To view the Wi-Fi modeminformation and the recommended configuration (if plugged - in)

Enhancements
1. DHCP Server Optimization
Support for Diverse Topologies
Cyberoamnow adds the capability of configuring DHCP for downstreamnetworks that are connected to Cyberoam through relay, or through
IPSec VPN. With this enhancement, Cyberoamwill be able to assign IP Addresses to:
Directly connected primary or alias networks
Connected through relay
Connected over IPSec VPN
Prior to this version, Cyberoamsupport DHCP configuration only for a primary network only.
Lease Report Enhancement
Cyberoams Lease report now displays the type of lease, i.e. Static or Dynamic, for a given IP Address.
To view these reports, go to Network DHCP Lease.
CLI Commands
1. Command: cyberoam dhcp lease-over-IPSec enable
To enable IP Lease over IPSec for all the DHCP servers.

2. Command: cyberoam dhcp lease-over-IPSec disable
To disable IP Lease over IPSec for all the DHCP servers (Default Value).

3. Command: cyberoam dhcp lease-over-IPSec show
To display all the IP Lease over IPSec configuration.

2. Multicast over IPSec VPN tunnel
Fromthis version onwards, Cyberoam will support secure transport of multicast traffic over un-trusted network using IPSec/VPN connection.
With this enhancement, now it is possible to send/receive both unicast and multicast traffic between two or more VPN sites connected through public
Internet. This removes the dependency of multicast aware routers between the sites connecting via IPSec/VPN.
Prior to this version, this was possible using GRE tunneling however, the packets could not be encrypted.
Any unicast host wanting to access a multicast host shall require to be configured as an explicit host (with netmask /32) in VPN configuration.
Known Behavior
CLI shows only static interfaces as input and output interface whereas Web Admin Console shows both, static as well as dynamic interfaces
(PPPoE, DHCP).
To configure Multicast over IPSec/VPN connection go to Network Static Route Multicast.

CLI Commands
1. Command: mroute add input-interface Port<port number> source-ip <ipaddress> dest-ip <ipaddress> output-interface Port<port
number>
To forward multicast traffic coming froma given interface to another interface.
E.G. mroute add input-interface PortA source-ip 192.168.1.2 dest-ip 239.0.0.55 output-interface PortB

2. Command: mroute add input-interface Port<port number>source-ip <ipaddress>dest-ip <ipaddress>output-tunnel gre name <gre tunnel
name>
To forward multicast traffic coming froma given interface to GRE tunnel.
E.G. mroute add input-interface PortA source-ip 192.168.1.2 dest-ip 239.0.0.55 output-tunnel gre name Elitecore
27 of 36 04-02-2014 3:34 PM

3. Command: mroute add input-interface Port<port number>source-ip <ipaddress>dest-ip <ipaddress>output-tunnel ipsec
To forward multicast traffic coming froma given interface to IPSec tunnels. Cyberoam automatically selects an appropriate tunnel to be used
depending upon the Local Network and Remote Network configuration.
E.G. mroute add input-interface PortA source-ip 192.168.1.2 dest-ip 239.0.0.55 output-tunnel ipsec

4. Command: mroute add input-tunnel ipsec name <ipsec connection name>source-ip <ipaddress>dest-ip <ipaddress>output-interface
Port<port number>
To forward multicast traffic coming fromIPSec tunnel to an interface.
E.G. mroute add input-tunnel ipsec name Net2Net source-ip 192.168.1.2 dest-ip 239.0.0.55 output-interface PortB

5. Command: mroute add input-tunnel ipsec name <ipsec connection name>source-ip <ipaddress>dest-ip <ipaddress>output-tunnel ipsec
To forward multicast traffic coming froma given IPSec tunnel to other IPSec tunnels. Cyberoamautomatically selects an appropriate tunnel to
be used depending upon the Local Network and Remote Network configuration
E.G. mroute add input-tunnel ipsec name Net2Net source-ip 192.168.1.2 dest-ip 239.0.0.55 output-tunnel ipsec

6. Command: mroute add input-tunnel ipsec name <ipsec connection name>source-ip <ipaddress>dest-ip <ipaddress>output-tunnel gre
name <gre tunnel name>
To forward multicast traffic coming froma given IPSec tunnel to GRE tunnel.
E.G. mroute add input-tunnel ipsec name Net2Net source-ip 192.168.1.2 dest-ip 239.0.0.55 output-tunnel gre name Elitecore

7. Command: mroute add input-tunnel gre name <gre tunnel name>source-ip <ipaddress>dest-ip <ipaddress>output-interface Port<port
number>
To forward multicast traffic coming froma GRE tunnel to an interface.
E.G. mroute add input-tunnel gre name Elitecore source-ip 192.168.1.2 dest-ip 239.0.0.55 output-interface PortB

8. Command: mroute add input-tunnel gre name <gre tunnel name>source-ip <ipaddress>dest-ip <ipaddress>output-tunnel gre name <gre
tunnel name>
To forward multicast traffic coming froma GRE tunnel to another GRE tunnel.
E.G. mroute add input-tunnel gre name Elitecore source-ip 192.168.1.2 dest-ip 239.0.0.55 output-tunnel gre name Terminal1

9. Command: mroute add input-tunnel gre name <gre tunnel name>source-ip <ipaddress>dest-ip <ipaddress>output-tunnel ipsec
To forward multicast traffic coming froma given GRE tunnel to IPSec tunnels. Cyberoam automatically selects an appropriate tunnel to be used
depending upon the Local Network and Remote Network configuration.
E.G. mroute add input-tunnel gre name Elitecore source-ip 192.168.1.2 dest-ip 239.0.0.55 output-tunnel ipsec

10. Command: mroute del source-ip <ipaddress> dest-ip <ipaddress>
To delete multicast route.
E.G. mroute del source-ip 192.168.1.2 dest-ip 239.0.0.

3. E-mail Alert for IPSec Tunnel Connection Flapping
Fromthis version onwards, if the IPSec VPN tunnel connectivity is lost, Cyberoamwill notify the Administrator via an E-mail alert, specifying the reason
for the connection loss. E-mail alert will be sent on the configured E-mail Address.
Upon configuring E-mail alerts via the available single central configurable option, it will automatically be applicable on all the IPSec tunnels.
An E-mail will be sent only for Host to Host and Site to Site tunnel connections; if it flaps due to one of the following reasons:
1. A peer is found to be dead during Dead Peer Detection (DPD) phase.
2. Failed to re-establish connection after Dead Peer Detection (DPD)
3. IPSec Security Association (SA) is expired and is required to be re-established.
4. IPSec Tunnel comes up without administrator intervention after losing the connectivity
E-mail sent to the administrator shall contain following basic information:
1. IPSec Connection name
2. IP Addresses of both participating hosts/network
3. Current state of the IPSec Tunnel connection, viz., Up or Down
4. Exact Time when the IPSec Tunnel connection was lost
5. Reason for lost of IPSec Tunnel connection
6. Appliance Model Number
7. Firmware version and build number
8. Appliance Key (if registered)
9. Appliance LAN IP Address
10. HA configuration Primary/Auxiliary (if configured)
An E-mail will be sent for each subnet pair in case of Site to Site connections, having multiple local/remote networks.
An E-mail sent with respect to IPSec Tunnel coming up shall not have any reason mentioned within.
28 of 36 04-02-2014 3:34 PM
Description of IPSec Tunnel connection shall be included in the E-mail, only if information for same is provided by the administrator.
To enable E-mail alerts for IPSec tunnels, go to System Configuration Notification E-mail Notification and check option IPSec Tunnel
UP/Down .

4. Enhancement in AD Integration
Fromthis version onwards, Administrator is given an option to delete users fromCyberoamif they do not exist in any of the configured External Active
Directory servers at a push of Purge AD Users button. Prior to purging, connectivity and authentication of all the configured External Active Directory
servers is verified. If a users entry is not found in any of the external server(s), it is purged fromCyberoamtoo.
The purge operation will not interrupt user login/logout and accounting events.
While the purge activity is in progress and if the server connectivity is lost, the activity will be aborted.
If a user entry is purged, it will be deleted from both, Primary and Auxiliary Cyberoam Appliance.

To purge the users, go to Identity Users Users and click Purge Users button.
Further, when the User logs in to the Cyberoam, and if the E-mail Address of that User is configured on the external Active Directory server/LDAP
server then the Users E-mail Address within the Cyberoamgets sync with the E-mail Address on the external Active Directory server/LDAP server.
Every time a user logs in, the corresponding E-mail ID will be updated. If the E-mail ID is null on the External Active Directory Server/LDAP, there will
be no updates.

5. Multicast Route Failover
From this version onwards, Cyberoam supports Link Failover for Multicast Traffic using IPSec/VPN connection or GRE Tunnel.
If a user has multicast routes configured on a port then a Link Failover can be configured for same using IPSec/VPN or GRE configuration. Now if the
port goes down, all multicast routes configured on it will automatically fail over to given IPSec/VPN connection or GRE Tunnel.
Prior to this version, link failover was supported only for static unicast routes.
CLI Commands
1. Command: cyberoam link_failover add primarylink Port<Port number> backuplink gre tunnel <gre tunnel name> monitor PING
host <ip address>
To configure a GRE Tunnel as a Backup link. With this, whenever primary link fails, traffic will be tunneled through given GRE Tunnel.
E.G. cyberoamlink_failover add primarylink PortB backuplink gre tunnel Elitecore monitor PING host 192.168.1.2

2. Command: cyberoam link_failover add primarylink Port<Port number> backuplink gre tunnel <gre tunnel name> monitor UDP host
<ip address> Port <Port Number>
E.G. cyberoamlink_failover add primarylink PortB backuplink gre tunnel Elitecore monitor UDP host 192.168.1.2 Port 100

3. Command: cyberoam link_failover add primarylink Port<Port number> backuplink gre tunnel <gre tunnel name> monitor TCP host
<ip address> Port <Port Number>
E.G. cyberoamlink_failover add primarylink PortB backuplink gre tunnel Elitecore monitor TCP host 192.168.1.2 Port 100

4. Command: cyberoam link_failover add primarylink Port<Port number> backuplink vpn tunnel <ipsec connection name> monitor
PING host <ip address>
To configure an IPSec/VPN connection as a Backup link. With this, whenever primary link fails, traffic will be tunneled through given IPSec/VPN
connection.
E.G. cyberoamlink_failover add primarylink PortB backuplink vpn tunnel Net2Net monitor PING host 192.168.1.2

UDP host <ip address> Port <Port Number>
connection.
E.G. cyberoamlink_failover add primarylink PortB backuplink vpn tunnel Net2Net monitor UDP host 192.168.1.2 Port 100

TCP host <ip address> Port <Port Number>
connection.
E.G. cyberoamlink_failover add primarylink PortB backuplink vpn tunnel Net2Net monitor TCP host 192.168.1.2 Port 100

7. Command: cyberoam link_failover del primarylink <Port name>
To delete link failover configuration.
E.G. cyberoamlink_failover del primarylink PortC

8. Command: cyberoam link_failover show
To see all the link failover configurations.
6. Support of SSL-VPN for MAC-OS Tunnelblick
29 of 36 04-02-2014 3:34 PM
Fromthis version, SSL VPN will be functional with Tunnelblicks; a free, open source graphic user interface for OpenVPN on Mac OS X.
The user can download the SSL VPN Client Configuration - MAC Tunnelblick from Cyberoam SSL VPN User Portal.

7. Version 9 Catch-up Feature Search Engine Cache Control
Fromthis version onwards, Cyberoam will be able to categorize actual URL contents that are accessed via cache option available in search engines
Google, Yahoo, Bing based on the existing Web Filter Policy.

8. Version 9 Catch-up Feature Internet Watch Foundation Support
Fromthis version onwards, Cyberoams General Internet Policy by default, supports filtering of URL based on Internet Watch Foundation (IWF)
categorization.
The filtering logs are displayed in the Log Viewer and iView Reports
The Internet Watch Foundation provides the list of accurate and current URLs to minimize the availability of potentially criminal Internet content as
mentioned below:
1. Child sexual abuse content hosted anywhere in the world.
2. Criminally obscene adult content hosted in the UK.
3. Non-photographic child sexual abuse images hosted in the UK.

Fromthis version onwards, Cyberoam Captive Portal is esthetically optimized.
Further it supports the following functionalities:
1. Hyperlinked logo
2. Obtaining username and password for unauthenticated users (Only when Guest Users functionality is enabled).
To configure them, go to System Configuration Captive Portal.
Also, Administrator can choose redirect unauthorized user either to Captive Portal or display a customized message. To customize the Captive Portal
response, go to Identity Authentication Firewall.

10. URL Import List
Fromthis version onwards, while adding or updating a Web Category, Cyberoam facilitates to import a file (.txt or csv) consisting of all the configured
URL/Keyword from the white list domain of an existing web categorization solution to Cyberoam instead of copying and pasting the same into
Cyberoam.

To add white listed URL file, go to Web Filter Category Category and click Add button.

11. Optimization in Virtual Host Configuration
Fromthis version onwards, while a virtual host is created and port forwarding is enabled, Cyberoamallows configuring a Port list. The ports within the
list can be comma separated. It can be mapped against a Port List or a Port. Further a Port Range can now also be mapped against a single port.
This creates one to one mapping or many to one mapping between the external port and the mapped port.
Example:

Port Forwarding Type
(External Port Type to Mapped Port Type)
External Ports Mapped Ports
Port List to Port List 22, 24, 26, 28, 30 42, 44, 46, 48, 50
Port List to a Port 22, 24, 26, 28, 30 20
Port Range to a Port 21 - 26 28
In case of Port List to Port List mapping, number of ports must be same for both, External Ports and Mapped Ports. Request received on first external
port will be redirected to first mapped port; second request on external port will be redirected to second mapped port and so on. Fromthe example
above, for Port List to Port List type of configuration, any request received for external ports 22, 24, 26, 28, 30 will be forwarded respectively to
mapped ports 42, 44, 46, 48, 50.
For a single virtual host, a maximum of 16 ports can be configured in a Port List.
All the ports within a Port List support single protocol viz., either a TCP or a UDP protocol as per the configuration. A combination of both
of these protocols within a Port List is not allowed.
30 of 36 04-02-2014 3:34 PM
Prior to this version, only Single Port to Single Port and Port Range to Port Range Type for port forwarding were allowed.
Also, from this version onwards, for Firewall, when any virtual host is created without port forwarding, one can select multiple services instead of a
single service.
Prior to this version, selecting multiple services was not allowed within a Firewall Rule configured with a virtual host having port forwarding disabled.
To configure multiple ports separated by comma, go to Firewall Virtual Host Virtual Host.

12. Optimized IPSec Failover Configuration
Fromthis version onwards, Cyberoam IPSec connection configuration for failover can be done while configuring the IPSec connection itself. This
optimization will facilitate configuring failover connection with minimuminputs for commonly used failover conditions. Also the previously available
method of configuration remains intact.

Failover connection configurations can be done only Connection Type - Site to Site and Host to Host type of IPSec connections.

Maximum of four (4) failover connections can be added while configuring a new failover group. More connections can be configured later
by editing the failover group configuration.

To configure an IPSec failover connection for Site to Site and Host to Host type of IPSec connections, go to VPN IPSec Connection.
Click add icon under Endpoints Details , only after which IPSec failover connection can be configured.

13. Access Denied Page Optimization
Fromthis version onwards, to optimize the loading time of Access Denied Page, the maximumsize for the image allowed is as follows:
1. Top Image 125 x 70 pixels (.jpg, .jpeg)
2. Bottom Image 70 x 60 pixels (.jpg, .jpeg)
If the Appliance is running on an older version, and if the image size is greater than the above specified dimensions, it is mandatory to
reduce the size of images for appropriate display.
To upload an image, go to Web Filter Settings Settings.

14. DNS Status Check support in Diagnostic Tool
Fromthis version onwards, Cyberoam will provide an option to view the list of all the available DNS servers configured in Cyberoam. It also provides
information about the time taken to connect to each of the DNS server. Based on the least response time, one can prioritize the DNS server.

To view the list of DNS server available for an IP Address/host name, go to System Diagnostics Tools Name Lookup, provide the IP
Address/Host Name, select option Lookup Using All Configured Server from the dropdown box and click Name Lookup .

15. Certificate with FQDN/IP Address as a Common Name
Fromthis version onwards, Cyberoam will allow using FQDN or IP Address as a common name while generating a Self Signed Certificate.
Prior to this version certificate name was used as a common name.
To configure common name for a certificate, go to System Certificate Certificate and click Add to generate a certificate.

16. User Defined Certificate
Fromthis version onwards, Cyberoam supports generation of Self-Signed Certificates with Identification Attribute details to meet the needs of
compliance criteria.
To generate a Self-Signed Certificate, go to System Certificate Certificate.

17. Quick Access to On-Appliance Reports
Fromthis version onwards, Cyberoam supports quick access to On-Appliance Reports fromlogin page of the Appliance.
To access the On-Appliance Reports directly, select Reports for parameter Log on to on Appliance login page at the time of authentication.

18. iView Enhancement Dual Dashboard Support
From this version onwards, Cyberoam iView main dashboard has been bifurcated into two.

1. Traffic Dashboard
31 of 36 04-02-2014 3:34 PM
Traffic dashboard is a collection of widgets displaying information regarding total network traffic.
This dashboard gives complete visibility of network traffic in terms of applications, web categories, users, hosts, source and destination
countries, mail traffic and FTP activities.

Traffic dashboard consists of following widgets:
Top Applications List of top applications along with percentage wise data transfer
Top Categories List of top accessed web categories with number of hits and amount of data transfer
Top Users List of top users along with percentage wise data transfer
Top Hosts List of top hosts along with percentage wise data transfer
Top Source Countries List of top source countries along with percentage wise data transfer
Top Destination Countries List of top destination countries along with percentage wise data transfer
Top Rule ID List of top firewall rules along with percentage wise data transfer
Top Domains List of top domains along with percentage wise data transfer
Top File Upload List of top uploaded files along with date, user, source IP, domain name , file name and file size
Top Files Uploaded via FTP List of top uploaded files via FTP along with percentage wise amount of data transfer
Top Files Downloaded via FTP List of top downloaded files via FTP along with percentage wise amount of data transfer
Top FTP Servers List of top FTP servers
Mail Traffic Summary Email traffic with type of traffic and amount of data transfer
Top Mail Senders List of top email senders along with percentage wise data transfer
Top Mail Recipients List of top email recipients along with percentage wise data transfer
2. Security Dashboard
Security dashboard is a collection of widgets displaying information regarding denied network activities and traffic. It also gives an overview of
malwares and spam along with source and destination countries.

Security dashboard consists of following widgets:
Top Denied Hosts List of top denied hosts along with number of hits
Top Denied Users List of top denied users along with number of hits
Top Denied Applications List of top denied applications along with number of hits
Top Denied Destination Countries List of top denied destination countries along with number of hits
Top Denied Source Countries List of top denied source countries along with number of hits
Top Denied Rule ID List of top denied firewall rules along with number of hits

Top Denied Categories List of top denied web categories along with number of hits
Top Denied Domains List of top denied domains along with number of hits
Top Attacks List of top attacks launched at network
Top Viruses List of top viruses blocked by Cyberoam
Top SpamSenders List of top spamsenders
Top SpamRecipients List of top spam recipients
All these widgets can be drilled down for next level reports.

19. iView Enhancement Better Visibility and Presentation
Fromthis version onwards, Cyberoam iView has introduced few enhancements to increase visibility and improve presentation of the reports.
1. Chart Preferences
Now the administrator can select the type of charts to show reports. The administrator can choose between Bar charts and Pie-Doughnut
charts.
32 of 36 04-02-2014 3:34 PM
To choose the chart type and palette, go to System Configuration Chart Preferences.
2. Records per Page Control
Now the user has option to set number of records to be displayed for report groups also. Previously this control was available for
individual reports only.
3. Inline Charts
If the number of records to be displayed is more than 10, then Cyberoam iView shows themin the formof inline charts i.e. a bar diagram
for number of bytes and percentage respectively will be displayed in the same column.
4. Animated Charts
With this version, Cyberoam iView has introduced animated bar charts and pie charts to improve user experience and data presentation.
5. Report Group Dashboard
With this version, all the report group dashboards show collection of reports available under the selected report group.

20. iView Enhancement - Top Users Widget
Fromthis version onwards, a new widget Top Users has been added under risk reports. This widget displays list of users who imposed risk on
organization network. This report can further be drilled down to view list of applications, hosts, source countries, destination countries and firewall rules
associated with the selected user and risk level.
To view reports, go to Reports Applications Top Risks Risk.

21. iView Enhancement - Report Filter
Fromthis version onwards, Cyberoam iView provides option to filter dashboard reports. When the user selects any record from dashboard report
widgets, the selection is displayed on the next level of reports i.e. on the resultant reports page. The user can apply multiple filters one by one to get
appropriate report.
All the filters are displayed on the top of the resultant report in the formof rowed text box(es) with the option to remove filter.

22. iView Enhancement - Country Map
Fromthis version onwards, Cyberoam iView introduces a new report Country Map under Application report menu. This report gives geographical
overview of network traffic along with amount of data transfer and risk.
To view reports, go to Reports Applications Country Map.

Known Behaviour
1. SSL VPN support with passcode
Fromthis version onwards, Cyberoam supports key encryption with password in certificates. If certificates are being generated with encryption
enabled then user will be prompted to provide a password in the form of a passcode.
If the parameter Per User Certificate is configured then new certificates will get generated with key encryption and password.
2. Gateway specific routing for Reflexive Rule
To allow the traffic to route through a specific gateway with a reflexive rule selected while configuring a virtual host, parameter Route Through
Gatewayin Firewall Rule must have Source NAT selected as a Routing Policy.

Bugs Sol ved
Anti Spam
Bug ID 6533
Description Irrespective of the date range selected, the spam mails of last seven days are displayed.
Bug ID 9597
Description Mail of size greater than 3Mb do not get released from Anti SpamQuarantine Area if the send mail client do not release them
within the configured time.
Bug ID 9599
Description An error message Data Error is displayed for a log on Anti SpamQuarantine Area, if the subject of the mail contains special
characters like double quotes ( ) or a backslash (\).
33 of 36 04-02-2014 3:34 PM
Bug ID 9989
Description Quarantine mails having a space in subject line do not get released.

Anti Virus
Bug ID 8029
Description Adobe flash player exe cannot be downloaded fromhttp://get.adobe.com/flashplayer with HTTP scanning enabled.

Certificate
Bug ID 5300
Description Cyberoamallows uploading a certificate with a different password or private key than that of the original password or private key
of Generated Certificate Signing Request (CSR).

Bug ID 8054
Description Certificate Sending Request (CSR) generated fromversion 10 CyberoamAppliance cannot be uploaded at third party Certificate
Authority (CA) end.
Bug ID 8191
Description Certificate having encrypted private key cannot be upload fromWeb Admin Console.
Bug ID 10001
Description Value of parameter Valid From do not change on regenerating a new Cyberoam_SSL_CA certificate from Certificate page of the
System.
Bug ID 10045
Description A certificate error message secure connection failed is displayed on the Mozilla browser page if Cyberoam is accessed via
HTTPS and a default Cyberoam Appliance Certificate is stored in the browser.

Bug ID 11463
Description CyberoamWeb Admin Console is not accessible over HTTPS after upgrading to firmware version 10.04.0.build 304, if the
Appliance Time Zone is earlier than GMT and Firmware Upgrade Time is between (00:00:00 X) and 00:00:00. X here represents the
difference between the Appliance Time Zone and the GMT.

CLI
Bug ID 10122
Description Default routing precedence do not get displayed on Cyberoam console when command "cyberoamroute_precedence show" is
executed.

DHCP Server
Bug ID 10245
Description An error message is displayed when a host name of parameter IP MAC Mapping List contains a space while configuring a static
DHCP.

Firewall
Bug ID 9658
Description A false error message user.err kernel: outdev_target: ERRORRRRR skb->rtable is already initialized <192.168.141.255>... is
displayed in System - Log Viewer.

Bug ID 10870
Description A reflexive rule is created for a virtual host with NAT Policy as Masquerade instead of IP Host.

GUI
Bug ID 9810
Description A Web Filter policy do not function in a non-english version of Cyberoam on configuring an URL Group within the Web Filter Policy.
Bug ID 9985
Description In captive portal settings and CTAS settings, the parameter User Inactivity Timeout do not accept number beyond 99 on Web
Admin Console from Authentication page of Identity.
Bug ID 10109
Description Heart Beat port in System configured to sync with CCC, do not change if the Heart Beat Protocol is HTTP for Central
Management.
Bug ID 10165
Description Dashboard and System Graph continues to remain in processing due to internal error for Cyberoam Version 10.02.0 Build 227.
Bug ID 10307
34 of 36 04-02-2014 3:34 PM
Description VPN IPSec connection list takes a long time while loading, if the number of IPSec connections is more than 2000.

HA
Bug ID 10573
Description IPS service stops functioning in the HA deployment, when two Appliances are configured with different versions of IPS are
enabled in HA.

Identity
Bug ID 9756
Description Special characters _ and . are not allowed to be used consecutively while adding an Email Address on the User page for
Identity.

IM
Bug ID 9866
Description IM Policy do not displayed in Log Viewer with Yahoo ! Messenger (Version 11.5.0.228-in).

Intrusion Prevention System (IPS)
Bug ID 9327
Description Search option is available only while editing IPS Policy.

Log Viewer
Bug ID 9880
Description No records are displayed when the language selected for Web Admin Console is French in Cyberoam and multiple filters are used
while viewing logs of Application Filter in Log Viewer.

Network Interface
Bug ID 8002
Description STC 3G modemis not compatible with Cyberoam Appliance.
Bug ID 8457
Description ZTE MF688a 3G modem is not compatible with Cyberoam Appliance.
Bug ID 10921
Description Modem Sierra 320U is not supported by Cyberoam Appliance.

Bug ID 10939
Description Modem IG Huawai E177 is not supported by Cyberoam Appliance.

Proxy
Bug ID 9115
Description Proxy services do not function, if a HTTP Upload Web Category is added in HTTPS scanning exceptions.
Bug ID 9848
Description An error is received while accessing hotmail.com, http://google.com.au when HTTPS scanning is enabled in Firewall Rule.
Bug ID 10046
Description Web Proxy service do not restart when Administrator restarts it from Maintenance page of System.
Bug ID 10135
Description Some of the components with the YouTube website do not get displayed with HTTPS scanning applied.
Bug ID 10244
Description Browsing becomes slow when external proxy is implemented in the network while Cyberoam is deployed in Bridge mode.

Bug ID 10936
Description In Cyberoamfirmware version 10.04.0.0214, mails are dropped for mail servers that are configured to support BDAT as an
optional parameter.

Reports
Bug ID 7818
Description The data transfer reports of top web host and traffic discovery displayed in On-Appliance iView are not identical.
Bug ID 9993
Description All the logs of the selected period are displayed in Web Surfing reports for IP Address based filtering, if Search Type is IP
Address and Report Type as Detail.
Bug ID 10427
35 of 36 04-02-2014 3:34 PM
Description Only current days report details are displayed in the Application Reports of On-Appliance iView on migrating to Cyberoam Version
10.02.0 Build 473.

System
Bug ID 9927
Description Error messages are displayed on executing command tcpdump port80filedump on CyberoamConsole.

SSL VPN
Bug ID 6523
Description Once the User certificates are updated manually, they do not get updated automatically.
Bug ID 10171
Description SSL VPN RDP Bookmark cannot be accessed in Version 10.02.0 Build 473 if RDP bookmark has a / at the end (e.g.
rdp://10.102.1.152).

Bug ID 11198
Description SSL VPN bookmark URL with RDP, TELNET, SSH & FTP protocol having backslash ('/') as last character cannot be accessed
after migrating Appliance firmware from 10.02.0 Build 224 to 10.04.0 Build 214.

User
Bug ID 6141
Description When special characters are included in the login message, the user receives a continuous process icon on the Captive Portal
page in spite of logging in successfully.
Bug ID 9920
Description Cyberoamsupports only SMS Gateways that uses Post method.

VPN
Bug ID 9812
Description An error message We cannot identify ourselves with either end of this connectionis received when VPN connection with VLAN
over WAN is configured with PPPoE link and VLAN ID is more than 2 digits.
Bug ID 10191
Description VPN service do not restart when head office and branch office are using default head office and default branch office policy
respectively and an if an intermediate device between themis switched off.

Bug ID 11202
Description Manual intervention is required to activate the tunnel, if the default value of parameter "Rekey Margin" is configured below 100
seconds from VPN Policy page and the Appliance is rebooted.

Web Filter
Bug ID 9840
Description Denied Messageis updated to default message, if an existing Web Filter Category having configured for customized message is
edited without opening Advance Settings of it.
Bug ID 10092
Description Webcat do not get upgraded to latest version while performing manual sync after auto Webcat upgrade has failed.

Wireless WAN
Bug ID 5315
Description 3G Modem LW272 is not compatible with Cyberoam Appliance.

36 of 36 04-02-2014 3:34 PM

Cyberoam Docs

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Cyberoam Docs

Caricato da

Copyright:

Formati disponibili

1. Release Notes 10.04.

Potrebbero piacerti anche