Cyberoam Release Notes

Release Notes

Version: 10.04.0 Build 214

Date: 24th September, 2012

Release Dates
Version 10.04.0 Build 214 24th September, 2012

Release Information
Release Type: General Availability
Upgrade prerequisite: 24 x 7 OR 8 x 5 valid Support license
Applicable to Cyberoam Version:
V 10.01.0XXX or 10.01.X Build XXX

All the versions

V 10.02.0 Build XXX

047, 174, 176, 192, 206, 224, 227, 409, 473

Upgrade procedure
To upgrade the existing Cyberoam Appliance follow the procedure below:
Logon to https://customer.cyberoam.com
Click Upgrade link under Upgrade URL.
Choose option Select for Version 10.00.0xxx to current GA Version 10.00.0xxx Firmware.
For Cyberoam versions prior to 10.01.0472

For Cyberoam version 10.01.0472 or higher

Upgrade the Cyberoam to 10.01.0472 selecting

option Below 10.01.0472 and follow on-screen
instruction.
By doing this, the customer will not be able
to roll back.

Upgrade Cyberoam to latest version by selecting

option 10.01.0472 or higher and follow onscreen instruction.

Compatibility Annotations
Firmware is Appliance model-specific firmware. Hence, firmware of one model will not be applicable
on another model and upgrade will not be successful. You will receive an error if you are trying to
upgrade Appliance model CR100i with firmware for model CR500i.
This Cyberoam version release is not compatible with the Cyberoam Central Console.
Please always check http://docs.cyberoam.com for availability of latest CCC firmware to deal with this
compatibility issue.
Document Version 1.06-24/09/2012

Cyberoam Release Notes

Revision History
Sr. No.

Old Revision
Number

New Revision
Number

Document Version 1.06-24/09/2012

Reference
Section

Revision Details

Cyberoam Release Notes

Contents
Release Information ......................................................................................................................... 1
Introduction ...................................................................................................................................... 5
Features ............................................................................................................................................ 5
1.
Compatibility with CISCO VPN Client ........................................................................... 5
2.
L2TP Over IPSec VPN L2TP/IPSec support for Android Devices ..................................... 6
3.
Outbound Spam .............................................................................................................. 6
4.
YouTube Education Filter ................................................................................................ 7
5.
4G LTE Modem ............................................................................................................... 7
6.
DHCP Server optimization ............................................................................................... 8
Enhancements .................................................................................................................................. 9
1.
Multicast over IPSec VPN tunnel ..................................................................................... 9
2.
E-mail alert for IPSec Tunnel connection flapping .......................................................... 11
3.
Enhancement in AD Integration ..................................................................................... 12
4.
Support of SSL-VPN for MAC-OS Tunnelblick ............................................................... 12
5.
Version 9 Catchup Feature ............................................................................................ 12
6.
URL Import List ............................................................................................................. 12
7.
Optimization in Virtual Host Configuration ...................................................................... 13
8.
Optimized IPSec Failover Configuration......................................................................... 14
9.
DNS Status Check support in Diagnostic Tool ............................................................... 14
10. Dashboard .................................................................................................................... 14
11. Report View Enhancements .......................................................................................... 15
12. Top Users Widget.......................................................................................................... 16
13. Report Filter .................................................................................................................. 16
14. Country Map ................................................................................................................. 16
Bugs Solved.................................................................................................................................... 18
Anti Spam............................................................................................................................... 18
Anti Virus................................................................................................................................ 18
Certificate ............................................................................................................................... 18
CLI ..................................................................................................................................... 18
DHCP Server.......................................................................................................................... 19
Firewall................................................................................................................................... 19
GUI ..................................................................................................................................... 19
HA ..................................................................................................................................... 19
Identity ................................................................................................................................... 19
IM
..................................................................................................................................... 20
Intrusion Prevention System (IPS) .......................................................................................... 20
Log Viewer ............................................................................................................................. 20
Network Interface ................................................................................................................... 20
Proxy ..................................................................................................................................... 20
Reports .................................................................................................................................. 21
System ................................................................................................................................... 21
SSL VPN ................................................................................................................................ 21
User ..................................................................................................................................... 21
VPN ..................................................................................................................................... 21
Web Filter............................................................................................................................... 22
Wireless WAN ........................................................................................................................ 22
Document Version 1.06-24/09/2012

Cyberoam Release Notes

General Information........................................................................................................................ 23
Technical Assistance .............................................................................................................. 23
Technical Support Documents ................................................................................................ 23

Document Version 1.06-24/09/2012

Cyberoam Release Notes

Introduction
This document contains the release notes for Cyberoam Version 10.04.0 Build 214. The following
sections describe the release in detail.

This release comes with new features, few enhancements and several bug fixes to improve
quality, reliability and performance.

Features
1. Compatibility with CISCO VPN Client
From this version onwards, Cyberoam is compatible with Cisco IPSEC VPN client.

This feature enables Cisco IPSec VPN clients to establish an IPSec connection with Cyberoam.
To support this feature, a new page CISCO VPN Client is added on Web Admin Console. An
IPSec connection that would serve Cisco IPSec VPN Clients must be created using this page.

Compatibility
1. At present only the native Cisco IPSEC client, present in Apple iOS (iPhone and iPad)
Windows are supported. The details of the versions supported are as provided below:
Windows

Apple iOS
4.3

Windows OS

Cisco Desktop Client

Win XP- all service packs

V 4.1 and 4.8

5.0.1

Win 7

V 5.0 Beta Version

5.1.1

Windows Vista

V 5.0 Beta Version

Known Behavior
1. Apple iOS versions 5.0 onwards do not send any notification to Cyberoam when IPSec
connection serving Cisco IPSec VPN Clients gets disconnected. The connection and route
will be cleared from Cyberoam using Dead Peer Detection (DPD) after approximately 20
seconds and then same client will be able to reconnect.
2. When there is no data transfer, Apple iPhone disconnects the IPSec connection serving
Cisco IPSec VPN Clients.

Document Version 1.06-24/09/2012

Cyberoam Release Notes

3. When any clients are already connected and the CISCO VPN Client page is submitted,
they will be disconnected and IP address pool will be reinitialized

IPSec connection serving Cisco IPSec VPN Clients can be configured from VPN Cisco VPN
Client CISCO VPN Client for Apple iOS.

2. L2TP Over IPSec VPN L2TP/IPSec support for Android Devices

From this version onwards, Android device as a L2TP/IPSec Client will be supported by
Cyberoam.

User will be able to connect and access Cyberoam L2TP/IPSec via an Android device using PreShared Key authentication.

No special configuration is required in Cyberoam Web Admin Console or CLI.

Android Compatible Version: 2.1 clair, 2.2.x Froyo, 2.3.x Gingerbread, 3.x Honeycomb, 4.0.x
Ice Cream Sandwich, 4.1.x Jelly Bean (Below 4.1.4)
Enable Add L2TP/IPSec PSK VPN option of Android device to configure VPN tunnel.

3. Outbound Spam
From this version onwards, Cyberoam will provide Outbound Spam to identify internal spam. This
feature will serve ISPs to identify and block any user trying to send spam mails by utilizing their
network.
Outbound Spam filtering is a subscription module.

Inbound Spam filtering and Outbound Spam filtering are mutually exclusive. On
subscribing to Outbound Spam, Inbound Spam filtering will stop. Inbound Spam filtering
will resume when the subscription of Outbound Spam expires.

This feature is not available in Cyberoam Models CR15i, CR15wi, CR25i, CR25wi, CR35wi,
CR50i, CR100i, CR250i, CR500i, CR500i-8P, CR1000, CR1500i.
To view logs, go to Logs & Reports Logs Viewer and select option Anti Spam for
parameter View logs for.

Document Version 1.06-24/09/2012

Cyberoam Release Notes

4. YouTube Education Filter

From this version onwards, Cyberoam will allow access to YouTube videos deemed as
educational via a special portal YouTube EDU while being within a school network.
YouTube EDU consist of two sections, YouTube.com/Teachers and YouTube for Schools.
YouTube.com/Teachers educates teachers how to make optimum use of YouTube within the
classroom. On the other hand, YouTube for Schools is a network setting, which redirects the
video traffic, making it possible for schools that block YouTube to unblock and allow access to
YouTube EDU (Youtube.com/education). The teachers and Administrators decide what videos
must be made available to the students, making a safe and a controlled environment for students.

To allow educational videos via Cyberoam, school authority is required to get the school registered
for YouTube for School. On registration, a custom HTTP Header with a unique ID will be displayed
on browser page.

E.g. X-YouTube-Edu-Filter:HMtp1sI9lxt0KAVpcg88kQ
1. Field Name: X-YouTube-Edu-Filter
2. Field Value Format: Alphanumeric [a-z][A-Z][0-9]
3. Field Value Length: up to 44 characters
To allow YouTube EDU via Cyberoam, go to Web Filter Policy Policy and specify the
unique ID in the textbox against parameter YouTube Education Filter
As per recommendations of YouTube, it is mandatory to ensure the videos and following
top-level domains are not blocked
1. youtube.com
2. ytimg.com

5. 4G LTE Modem
Cyberoam will now support DHCP enabled 4G LTE services on Wi-Fi modems. With this feature,
Cyberoam provides support for the following:
1.
2.
3.
4.

Connection to 3G/4G networks

DHCP Modems
Modem plug-in and plug-out auto detection
Auto Connect type of behavior if the same modem re-plugged in

Further, Cyberoam provides recommended values (auto detected) for modem configuration.
To configure a 4G modem, go to Network Wireless WAN Settings.
CLI Commands
Document Version 1.06-24/09/2012

Cyberoam Release Notes

1. Command: cyberoam wwan query serialport <serialport> ATcommand <AT command>

To view information of the Wi-Fi modem information (if plugged - in)
E.G. cyberoam wwan query serialport 0 ATcommand ati
2. Command: cyberoam wwan show
To view information of the Wi-Fi modem information and the recommended configuration (if
plugged - in)

6. DHCP Server optimization

Cyberoam now supports DHCP server configuration for Alias IP networks, VLANs, downstream
networks and networks that are not directly connected to Cyberoam, i.e Branch Office networks
connected over VPNs.

Prior to this version, Cyberoam support DHCP configuration only for a single subnet

Further, Cyberoam now allows leasing static IP Address over DHCP, granting a specific device to
receive same IP Address each time it logs into Cyberoam.

Document Version 1.06-24/09/2012

Cyberoam Release Notes

Enhancements
1. Multicast over IPSec VPN tunnel
From this version onwards, Cyberoam will support secure transport of multicast traffic over untrusted network using IPSec/VPN connection.

With this enhancement, now it is possible to send/receive both unicast and multicast traffic
between two or more VPN sites connected through public Internet. This removes the dependency
of multicast aware routers between the sites connecting via IPSec/VPN.
Prior to this version, this was possible using GRE tunneling however packets could not be
encrypted.

Any unicast host wanting to access a multicast host shall require to be configured as a explicit host
(with netmask /32) in VPN configuration.
Known Behavior
CLI shows only static interfaces as input and output interface whereas Web Admin Console shows
both, static as well as dynamic interfaces (PPPoE, DHCP).
To configure Multicast over IPSec/VPN connection go to Network Static-routes Multicast.
CLI Commands
1. Command: mroute add input-interface Port<port number> source-ip <ipaddress> dest-ip
<ipaddress> output-interface Port<port number>
To forward multicast traffic coming from a given interface to another interface
E.G. mroute add input-interface PortA source-ip 192.168.1.2 dest-ip 239.0.0.55 outputinterface PortB
2. Command: mroute add input-interface Port<port number> source-ip <ipaddress> dest-ip
<ipaddress> output-tunnel gre name <gre tunnel name>
To forward multicast traffic coming from a given interface to GRE tunnel.
E.G. mroute add input-interface PortA source-ip 192.168.1.2 dest-ip 239.0.0.55 output-tunnel
gre name Elitecore
3. Command: mroute add input-interface Port<port number> source-ip <ipaddress> dest-ip
<ipaddress> output-tunnel ipsec
To forward multicast traffic coming from a given interface to IPSec tunnels. Cyberoam
automatically selects the appropriate tunnel to be used depending upon the Local Network
and Remote Network configuration.
E.G. mroute add input-interface PortA source-ip 192.168.1.2 dest-ip 239.0.0.55 output-tunnel
ipsec

Document Version 1.06-24/09/2012

Cyberoam Release Notes

4. Command: mroute add input-tunnel ipsec name <ipsec connection name> source-ip
<ipaddress> dest-ip <ipaddress> output-interface Port<port number>
To forward multicast traffic coming from IPSec tunnel to an interface.
E.G. mroute add input-tunnel ipsec name Net2Net source-ip 192.168.1.2 dest-ip 239.0.0.55
output-interface PortB
5. Command: mroute add input-tunnel ipsec name <ipsec connection name> source-ip
<ipaddress> dest-ip <ipaddress> output-tunnel ipsec
To forward multicast traffic coming from a given IPSec tunnel to other IPSec tunnels.
Cyberoam automatically selects the appropriate tunnel to be used depending upon the Local
Network and Remote Network configuration
E.G. mroute add input-tunnel ipsec name Net2Net source-ip 192.168.1.2 dest-ip 239.0.0.55
output-tunnel ipsec
6. Command: mroute add input-tunnel ipsec name <ipsec connection name> source-ip
<ipaddress> dest-ip <ipaddress> output-tunnel gre name <gre tunnel name>
To forward multicast traffic coming from a given IPSec tunnel to GRE tunnel.
E.G. mroute add input-tunnel ipsec name Net2Net source-ip 192.168.1.2 dest-ip 239.0.0.55
output-tunnel gre name Elitecore
7. Command: mroute add input-tunnel gre name <gre tunnel name> source-ip <ipaddress>
dest-ip <ipaddress> output-interface Port<port number>
To forward multicast traffic coming from a GRE tunnel to an interface.
E.G. mroute add input-tunnel gre name Elitecore source-ip 192.168.1.2 dest-ip 239.0.0.55
output-interface PortB
8. Command: mroute add input-tunnel gre name <gre tunnel name> source-ip <ipaddress>
dest-ip <ipaddress> output-tunnel gre name <gre tunnel name>
To forward multicast traffic coming from a GRE tunnel to another GRE tunnel.
E.G. mroute add input-tunnel gre name Elitecore source-ip 192.168.1.2 dest-ip 239.0.0.55
output-tunnel gre name Terminal1
9. Command: mroute add input-tunnel gre name <gre tunnel name> source-ip <ipaddress>
dest-ip <ipaddress> output-tunnel ipsec
To forward multicast traffic coming from a given GRE tunnel to IPSec tunnels. Cyberoam
automatically selects the appropriate tunnel to be used depending upon the Local Network
and Remote Network configuration.
E.G. mroute add input-tunnel gre name Elitecore source-ip 192.168.1.2 dest-ip 239.0.0.55
output-tunnel ipsec
10. Command: mroute del source-ip <ipaddress> dest-ip <ipaddress>
To delete multicast route
E.G. mroute del source-ip 192.168.1.2 dest-ip 239.0.0.

Document Version 1.06-24/09/2012

10

Cyberoam Release Notes

2. E-mail alert for IPSec Tunnel connection flapping

From this version onwards, if the IPSec VPN tunnel connectivity is lost, Cyberoam will notify the
Administrator via an E-mail alert, specifying the reason for the connection loss. E-mail alert will be
sent on the configured E-mail Address.

Upon configuring E-mail alerts via the available single central configurable option, it will
automatically be applicable on all the IPSec tunnels.

An E-mail will be sent only for Host to Host and Site to Site tunnel connections; if it flaps due to
one of the following reasons:
1.
2.
3.
4.

A peer is found to be dead during Dead Peer Detection (DPD) phase.

Failed to re-establish connection after Dead Peer Detection (DPD)
IPSec Security Association (SA) is expired and is required to be re-established.
IPSec Tunnel comes up without administrator intervention after losing the connectivity

E-mail sent to administrator shall contain following basic information:

1.
2.
3.
4.
5.
6.
7.
8.
9.
10.

IPSec Connection name

IP Addresses of both participating hosts/network
Current state of the IPSec Tunnel connection, viz., Up or Down
Exact Time when the IPSec Tunnel connection was lost
Reason for lost of IPSec Tunnel connection
Appliance Model Number
Firmware version and build number
Appliance Key (if registered)
Appliance LAN IP Address
HA configuration Primary/Auxiliary (if configured)

An E-mail will be sent for each subnet pair in case of Site to Site connections, having
multiple local/remote networks.

An E-mail sent with respect to IPSec Tunnel coming up shall not have any reason
mentioned within.

Description of IPSec Tunnel connection shall be included in the E-mail, only if information
for same is provided by the administrator.

To enable E-mail alerts for IPSec tunnels, go to System Configuration Notification

Email Notification and check option IPSec Tunnel UP/Down.

Document Version 1.06-24/09/2012

11

Cyberoam Release Notes

3. Enhancement in AD Integration
From this version onwards, Administrator can sync with Active Directory users with external Active
Directory server. To do so, after checking the connectivity and authenticating all configured
external servers, all the active directory users in Cyberoam are searched in all external Active
Directory servers. If a user is not found within any of the external server(s), it is deleted from
Cyberoam with manual intervention.

Purge operation will not interrupt user login/logout and accounting events.

While the purge activity is in progress and if server connectivity is lost, the activity will be
aborted.

If a user is purged it will be deleted from both, Primary and Auxiliary Cyberoam Appliance.
To purge users go to Identity Users and click Purge Users button.
Further, when the User logs in to the Cyberoam, and if the E-mail Address of that User is
configured on the external Active Directory server/LDAP server then the Users E-mail Address
within the Cyberoam gets sync with the E-mail Address on the external Active Directory
server/LDAP server. Every time the user logs in the user Email ID will be updated. If the Email ID
is null on the External Active Directory Server/LDAP, there will be no updation.

4. Support of SSL-VPN for MAC-OS Tunnelblick

From this version, SSL VPN will be functional with Tunnelblicks; a free, open source graphic user
interface for OpenVPN on Mac OS X.

The user can download the SSL VPN Client Configuration - MAC Tunnelblick from Cyberoam SSL
VPN User Portal.

5. Version 9 Catchup Feature

From this version onwards, Cyberoam will be able to categorize actual URL contents that are
accessed via cache option available in search engines Google, Yahoo, Bing based on the existing
Web Filter Policy.

6. URL Import List

From this version onwards, while adding or updating a Web Category, Cyberoam facilitates to
import a file consisting all the configured URL/Keyword from the white list domain of an existing
web categorization solution to Cyberoam instead of copying and pasting the same into Cyberoam.

Document Version 1.06-24/09/2012

12

Cyberoam Release Notes

To add white listed URL file, go to Web Filter Category add domain.

7. Optimization in Virtual Host Configuration

From this version onwards, while a virtual host is created and port forwarding is enabled,
Cyberoam allows configuring a Port list. The ports within the list can be comma separated. It can
be mapped against a Port List or a Port. Further a Port Range can now also be mapped against a
single port. This creates one to one mapping or many to one mapping between the external port
and the mapped port.

Example:
Port Forwarding Type
(External Port Type to Mapped Port Type)

External Ports

Mapped Ports

Port List to Port List

22, 24, 26, 28, 30

42, 44, 46, 48, 50

Port List to a Port

22, 24, 26, 28, 30

20

21 - 26

28

Port Range to a Port

In case of Port List to Port List mapping, number of ports must be same for both, External Ports
and Mapped Ports. Request received on first external port will be redirected to first mapped port;
second request on external port will be redirected to second mapped port and so on. From the
example above, for Port List to Port List type of configuration, any request received for external
ports 22, 24, 26, 28, 30 will be forwarded respectively to mapped ports 42, 44, 46, 48, 50.

For a single virtual host, a maximum of 16 ports can be configured in a Port List.

All the ports within a Port List support single protocol viz., either a TCP or a UDP protocol
as per the configuration. A combination of both of these protocols within a Port List is not
allowed.

Prior to this version, only Single Port to Single Port and Port Range to Port Range Type for port
forwarding were allowed.
Also, from this version onwards, for Firewall, when any virtual host is created without port
forwarding, one can select multiple services instead of a single service.

Prior to this version, selecting multiple services was not allowed within a Firewall Rule configured
with a virtual host having port forwarding disabled.
To configure multiple ports separated by comma, go to Firewall Virtual Host.

Document Version 1.06-24/09/2012

13

Cyberoam Release Notes

8. Optimized IPSec Failover Configuration

From this version onwards, Cyberoam IPSec connection configuration for failover can be done
while configuring the IPSec connection itself. This optimization will facilitate configuring failover
connection with minimum inputs for commonly used failover conditions. Also the previously
available method of configuration remains intact.
Failover connection configurations can be done only Connection Type for Site to Site
and Host to Host type of IPSec connections.
To configure an IPSec failover connection for Site to Site and Host to Host type of IPSec
connections, go to VPN IPSec Connection. Click add icon under Endpoints Details,
only after which IPSec failover connection can be configured.

9. DNS Status Check support in Diagnostic Tool

From this version onwards, Cyberoam will provide an option to view the list of all the available
DNS servers configured in Cyberoam. It also provides information about the time taken to connect
to each of the DNS server. Based on the least response time, one can prioritize the DNS server.
To view the list of DNS server available for an IP Address/host name, go to System
Diagnostics Tools Name Lookup, provide the IP Address/Host Name, select option
Lookup Using All Configured Server from the dropdown box and click Name Lookup.

10. Dashboard
From this version onwards, Cyberoam iView main dashboard has been bifurgated into two.
1. Traffic Dashboard
Traffic dashboard is a collection of widgets displaying information regarding total network traffic.
This dashboard gives complete visibility of network traffic in terms of applications, web
categories, users, hosts, source and destination countries, mail traffic and FTP activities.

Traffic dashboard consists of following widgets:

Top Applications List of top applications along with percentage wise data transfer
Top Categories List of top accessed web categories with number of hits and amount of data
transfer
Top Users List of top users along with percentage wise data transfer

Top Hosts List of top hosts along with percentage wise data transfer
Top Source Countries List of top source countries along with percentage wise data transfer
Top Destination Countries List of top destination countries along with percentage wise data
transfer

Top Rule ID List of top firewall rules along with percentage wise data transfer

Document Version 1.06-24/09/2012

14

Cyberoam Release Notes

Top Domains List of top domains along with percentage wise data transfer
Top File Upload List of top uploaded files along with date, user, source IP, domain name ,
file name and file size
Top Files Uploaded via FTP List of top uploaded files via FTP along with percentage wise
amount of data transfer
Top Files Downloaded via FTP List of top downloaded files via FTP along with percentage
wise amount of data transfer

Top FTP Servers List of top FTP servers

Mail Traffic Summary Email traffic with type of traffic and amount of data transfer

Top Mail Senders List of top email senders along with percentage wise data transfer

Top Mail Recipients List of top email recipients along with percentage wise data transfer

2. Security Dashboard
Security dashboard is a collection of widgets displaying information regarding denied network
activities and traffic. It also gives an overview of malwares and spam along with source and
destination countries.
Security dashboard consists of following widgets:

Top Denied Hosts List of top denied hosts along with number of hits
Top Denied Users List of top denied users along with number of hits

Top Denied Applications List of top denied applications along with number of hits
Top Denied Destination Countries List of top denied destination countries along with number
of hits

Top Denied Source Countries List of top denied source countries along with number of hits
Top Denied Rule ID List of top denied firewall rules along with number of hits
Top Denied Categories List of top denied web categories along with number of hits
Top Denied Domains List of top denied domains along with number of hits

Top Attacks List of top attacks launched at network

Top Viruses List of top viruses blocked by Cyberoam

Top Spam Senders List of top spam senders

Top Spam Recipients List of top spam recipients

All these widgets can be drilled down for next level reports.

11. Report View Enhancements

From this version onwards, Cyberoam iView has introduced few enhancements to increase
visibility and improve presentation of the reports.
1. Chart Preferences
Now the administrator can select the type of charts to show reports. The administrator can
choose between Bar charts and Pie-Doughnut charts.
Document Version 1.06-24/09/2012

15

Cyberoam Release Notes

To choose the chart type and palette go to System Configuration Chart Preferences.
2. Records per Page Control
Now the user has option to set number of records to be displayed for report groups also.
Previously this control was available for individual reports only.
3. Inline Charts
If the number of records to be displayed is more than 10, then Cyberoam iView shows them in
the form of inline charts i.e. a bar diagram for number of bytes and percentage respectively will
be displayed in the same column.
4. Animated Charts
With this version, Cyberoam iView has introduced animated bar charts and pie charts to improve
user experience and data presentation.
5. Report Group Dashboard
With this version, all the report group dashboards show collection of reports available under the
selected report group.

12. Top Users Widget

From this version onwards, a new widget Top Users has been added under risk reports. This
widget displays list of users who imposed risk on organization network. This report can further be
drilled down to view list of applications, hosts, source countries, destination countries and firewall
rules associated with the selected user and risk level.
To view reports, go to Reports Applications Top Risks Risk.

13. Report Filter

From this version onwards, Cyberoam iView provides option to filter dashboard reports. When the
user selects any record from dashboard report widgets, the selection is displayed on the next level
of reports i.e. on the resultant reports page. The user can apply multiple filters one by one to get
appropriate report.

All the filters are displayed on the top of the resultant report in the form of rowed text box(es) with
the option to remove filter.

14. Country Map

From this version onwards, Cyberoam iView introduces a new report Country Map under
Application report menu. This report gives geographical overview of network traffic along with
Document Version 1.06-24/09/2012

16

Cyberoam Release Notes

amount of data transfer and risk.

To view reports, go to Reports Applications Country Map.

Document Version 1.06-24/09/2012

17

Cyberoam Release Notes

Bugs Solved
Anti Spam
Bug ID 9597
Description Mail of size greater than 3Mb do not get released from Anti Spam Quarantine Area if the
send mail client do not release them within the configured time.
Bug ID 9599
Description An error message Data Error is displayed for a log on Anti Spam Quarantine Area, if
the subject of the mail contains special characters like double quotes ( ) or a backslash (\).
Bug ID 9989
Description Quarantine mails having a space in subject line do not get released.

Anti Virus
Bug ID 8029
Description Adobe flash player exe cannot be downloaded from http://get.adobe.com/flashplayer
with HTTP scanning enabled.

Certificate
Bug ID 8054
Description Certificate Sending Request (CSR) generated from version 10 Cyberoam Appliance
cannot be uploaded at third party Certificate Authority (CA) end.
Bug ID 8191
Description Certificate having encrypted private key cannot be upload from Web Admin Console.
Bug ID 10001
Description Value of parameter Valid From do not change on regenerating a new
Cyberoam_SSL_CA certificate from Certificate page of the System.
Bug ID 10045
Description A certificate error message secure connection failed is displayed on the Mozilla
browser page if Cyberoam is accessed via HTTPS and a default Cyberoam Appliance Certificate is
stored in the browser.

CLI
Bug ID 10122
Description Default routing precedence do not get displayed on Cyberoam console when command
cyberoam route_precedence show is executed.
Document Version 1.06-24/09/2012

18

Cyberoam Release Notes

DHCP Server
Bug ID 10245
Description An error message is displayed when a host name of parameter IP MAC Mapping List
contains a space while configuring a static DHCP.

Firewall
Bug ID 9658
Description A false error message user.err kernel: outdev_target: ERRORRRRR skb> rtable is already initialized <192.168.141.255>... is displayed in System - Log Viewer.

GUI
Bug ID 9810
Description A Web Filter policy do not function in a non-english version of Cyberoam on configuring
an URL Group within the Web Filter Policy.
Bug ID 9985
Description In captive portal settings and CTAS settings, the parameter User Inactivity Timeout do
not accept number beyond 99 on Web Admin Console from Authentication page of Identity.
Bug ID 10109
Description Heart Beat port in System configured to sync with CCC, do not change if the Heart Beat
Protocol is HTTP for Central Management.
Bug ID 10165
Description Dashboard and System Graph continues to remain in processing due to internal error for
Cyberoam Version 10.02.0 Build 227.
Bug ID 10307
Description VPN IPSec connection list tales a long time while loading, if the number of IPSec
connections is more than 2000.

HA
Bug ID 10573
Description IPS service stops functioning in the HA deployment, when two Appliances are
configured with different versions of IPS are enabled in HA.

Identity
Bug ID 9756
Description Special characters _ and . are not allowed to be used consecutively while adding an
Email Address on the User page for Identity.

Document Version 1.06-24/09/2012

19

Cyberoam Release Notes

IM
Bug ID 9866
Description IM Policy do not displayed in Log Viewer with Yahoo ! Messenger (Version 11.5.0.228in).

Intrusion Prevention System (IPS)

Bug ID 9327
Description Search option is available only while editing IPS Policy.

Log Viewer
Bug ID 9880
Description No records are displayed when the language selected for Web Admin Console is French
in Cyberoam and multiple filters are used while viewing logs of Application Filter in Log Viewer.

Network Interface
Bug ID 8002
Description STC 3G modem is not compatible with Cyberoam Appliance.
Bug ID 8457
Description ZTE MF688a 3G modem is not compatible with Cyberoam Appliance.

Proxy
Bug ID 9115
Description Proxy services do not function, if a HTTP Upload Web Category is added in HTTPS
scanning exceptions.
Bug ID 9848
Description An error is received while accessing hotmail.com, http://google.com.au when HTTPS
scanning is enabled in Firewall Rule.
Bug ID 10046
Description Web Proxy service do not restart when Administrator restarts it from Maintenance page
of System.
Bug ID 10135
Description Some of the components with the YouTube website do not get displayed with HTTPS
scanning applied.
Bug ID 10244
Description Browsing becomes slow when external proxy is implemented in the network while
Document Version 1.06-24/09/2012

20

Cyberoam Release Notes

Cyberoam is deployed in Bridge mode.

Reports
Bug ID 7818
Description The data transfer reports of top web host and traffic discovery displayed in On-Appliance
iView are not identical.
Bug ID 9993
Description All the logs of the selected period are displayed in Web Surfing reports for IP Address
based filtering, if Search Type is IP Address and Report Type as Detail.
Bug ID 10427
Description Only current days report details are displayed in the Application Reports of OnAppliance iView on migrating to Cyberoam Version 10.02.0 Build 473.

System
Bug ID 9927
Description Error messages are displayed on executing command tcpdump port80filedump on
Cyberoam Console.

SSL VPN
Bug ID 6523
Description Once the User certificates are updated manually, they do not get updated automatically.
Bug ID 10171
Description SSL VPN RDP Bookmark cannot be accessed in Version 10.02.0 Build 473 if RDP
bookmark has a / at the end (e.g. rdp://10.102.1.152).

User
Bug ID - 6141
Description - When special characters are included in the login message, the user receives a
continuous process icon on the Captive Portal page in spite of logging in successfully.
Bug ID 9920
Description Cyberoam supports only SMS Gateways that uses Post method.

VPN
Bug ID 9477
Description IPSec VPN tunnels takes time of 1 hour to get activated, if the number of IPSec VPN
tunnels configured is more than 4000.
Document Version 1.06-24/09/2012

21

Cyberoam Release Notes

The same holds true in case of HA failure. (As per Ajay this bug must not be a part of this release).
Bug ID 9812
Description An error message We cannot identify ourselves with either end of this connection is
received when VPN connection with VLAN over WAN is configured with PPPoE link and VLAN ID is
more than 2 digits.
Bug ID 10191
Description VPN service do not restart when head office and branch office are using default head
office and default branch office policy respectively and an if an intermediate device between them is
switched off.

Web Filter
Bug ID 9840
Description Denied Message is updated to default message, if an existing Web Filter Category
having configured for customized message is edited without opening Advance Settings of it.
Bug ID 10092
Description Webcat do not get upgraded to latest version while performing manual sync after auto
Webcat upgrade has failed.

Wireless WAN
Bug ID 5315
Description 3G Modem LW272 is not compatible with Cyberoam Appliance.

Document Version 1.06-24/09/2012

22

Cyberoam Release Notes

General Information
Technical Assistance
If you have problems with your system, contact customer support using one of the following methods:
E-mail ID: [email protected]
Telephonic support (Toll free)

APAC/EMEA: +1-877-777- 0368

Europe: +44-808-120-3958
India: 1-800-301-00013

USA: +1-877-777- 0368

Please have the following information available prior to contacting support. This helps to ensure that
our support staff can best assist you in resolving problems:
Description of the problem, including the situation where the problem occurs and its impact on
your operation
Product version, including any patches and other software that might be affecting the problem

Detailed steps on the methods you have used to reproduce the problem
Any error logs or dumps

Technical Support Documents

Knowledgebase: http://kb.cyberoam.com
Documentation set: http://docs.cyberoam.com

Document Version 1.06-24/09/2012

23

Cyberoam Release Notes

Important Notice
Elitecore has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented wi thout
warranty of any kind, expressed or implied. Users must take full responsibili ty for their application of any products. Elitecore
assumes no responsibility for any errors that may appear in this document. Elitecore reserves the right, without notice to ma ke
changes in product design or specifications. Information is subject to change without notice.

USERS LICENSE
Use of this Version 10.04.0 Build 214 is subject to acceptance of the terms and condition of Cyberoam End User License
Agreement (EULA). You will find the copy of the EULA at http://kb.cyberoam.com.

RESTRICTED RIGHTS
Copyright 1999 - 2012 Elitecore Technologies Private Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of Elitecore
Technologies Ltd.

Corporate Headquarters
Elitecore Technologies Private Ltd.
904, Silicon Tower, Off. C.G. Road,
Ahmedabad 380015, INDIA
Phone: +91-79-66065606
Fax: +91-79-26407640
Web site: www.elitecore.com , www.cyberoam.com

Document Version 1.06-24/09/2012

24