V 10.

01 build 0472

Release Dates

Version 10.01 Build 0472 – 25th January, 2011

Version 10.01 Build 0461 – 3rd January, 2011
Version 10.01 Build 0448 – 8th December, 2010

Release Information
Release Type: General Availability
Upgrade prerequisite: 24 x 7 OR 8 x 5 valid Support l
Applicable to: All the Cyberoam Appliance models

Upgrade procedure

1. Logon to https://customer.cyberoam.com
2. Click Upgrade URL link, select the appropriate op
3. High Availability feature included in this upgrade is
feature, to enable feature, you need to register your A
and current firmware version at support@cyberoam.c
firmware.

Note: It is mandatory to upgrade to verion 10.01 b

Compatibility issues

Firmware is Appliance model-specific firmware. Hence, firmw

another model and upgrade will not be successful. You will r
Appliance model CR100i with firmware for model CR500i.
Introduction
This document contains the release notes for Cyberoam ver
describe the release in detail.

This release comes with new features, few enhancements a

reliability, and performance.

Features & Enhancements

Build 461
1. Removed limitation of 6 WAN Interfaces

From this version onwards, limitation of 6 WA

where in N=Available physical interfaces on t
interfaces can be created on each physical i
physical interfaces), if Port-A is configured
configured as a WAN and if required additiona
be created on each physical interfaces.

2. DHCP Relay support in HA Cluster

On failover Auxiliary appliance of HA Cluster w

primary appliance is configured as DHCP Rela

3. Support of Authorization Policies for Clientless

With this support now, Administrator can restri

and control data transfer for the users who are

4. Logs and Reports Enhancements

 Cyberoam has extended its logging functionalit

Application Denied log - Log that recor

application denied through Application
Reports > Log Viewer > Application Fi

IPSec VPN log - Events like connection

be logged and can be viewed from Log

5. File System Integrity check support

Option is provided in the form of a CLI comma

partitions. By default, check is OFF but whene
following reasons, this check is automatically t

Unable to start Config/Report/Signatur

Unable to Apply migration
Unable to find the deployment mode

Once the check is turned ON, on the next boot

addition, check will be turned OFF again on the

If the option is ON and the appliance boots up

check will not be enforced and option will be d

Factory reset
Flush Appliance Report

6. Partition Reset support

File System Integrity check verifies all the part

automatically when the appliance goes in failsa

It is required to flush the partitions if appliance

integrity check.
 RESET command is extended to include comm
commands, administrator can reset the config,
will be lost, as the partition will be flushed.

Integrity check repairs the partition while reset

partition.

Command Usage
When you type RESET at the Serial Console P
provided:
1. Reset configuration
2. Reset configuration and signatures
3. Reset configuration, signatures and reports

Miscellaneous changes

1. Default timeout for switching from storage m

10 sec. It can be changed from CLI with comma
timeout <number>

2. IPS policy id and Application Filter policy id i

3. Now Multicast forwarding can be configured

configured. Earlier it was limited up to 32 Interfa

Version- 9 Catchup Feature

1. Dashboard Alert if password of Super Admin

2. RESET, Backup/Restore, Auto Upgrade, Ma

and can be viewed from iView (Reports > Event

3. IPSec, L2TP, PPTP logs can be viewed from

 show vpn IPSec-logs
show vpn L2TP-logs
show vpn PPTP-logs

Build 448

1. Four-Eye Authentication support

For legally compliant logging, reporting and arc

follows all obligations for keeping relevant infor
On one hand to maintain security, for organizat
to employee activities while on other hand they

However, monitoring user-specific activities wit

employee or their delegate is illegal.

To safeguard the integrity and security of pers

added 4-Eye authentication method in addition
an added level of control and protection where
other employees and have decision-making po

It prevents single administrator from having co

organization’s privacy regulations by having ins
misuse tracked user activities. It enhances the
mechanisms by adding an additional administra
cannot be granted.

With 4-Eye authentication, two users – Admini

the employee activity reports. Unless Authorize
reports.

Configuration
 1. Enable 4-Eye authentication from Log & R
Once enabled, user identities - Username, IP a
IM Contact ID will be encrypted i.e. anonymize
2. Configure Authorizer

De-anonymize to view the actual data

1. Click Reports
2. Access the report in which you want to de
decrypted for the existing session or permanen
3. Specify Authorizer Password

2. Filter HTTP traffic based on MIME header

Cyberoam has significantly enhanced its Conte

function of filtering HTTP traffic based on MIM
header list can be used to block traffic with ce
in otherwise allowed file type category. Cybero
match is found, the corresponding action is ta

For simplicity, MIME headers are included in th

Extensions. In addition to default Categories, C
custom category with the required MIME head
– Default File Type Categories.

Configuration

1. Go to Objects > File type > File type to ad

2. Configure file extension and/or MIME head
are configured, file extension will be checked f
3. Implement and configure action from Web
3. VPN Connection Wizard

To speed up the VPN configuration, Cyberoam

creating VPN Connection.

The VPN Connection Wizard walks you step-b

Connection. After the configuration is complete
the selected VPN policy. Once the connection
IPSec > Connection page of Web Admin Cons
from the same page.

Wizard can be accessed from VPN > IPSec >

4. Domain Name support for NTP server

For ease of use, Cyberoam now provides an o

apart from IP address.

Domain name can be configured from System

Console.

5. Multiple NTP server support

To ensure that Cyberoam appliance always ma

use of multiple NTP servers. Cyberoam applia
can configure up to 10 NTP servers. At the tim
configured NTP server sequentially. When the
Cyberoam queries second server and so on un
servers configured.

Configuration

1. Go to System > Configuration > Time and

 2. Select “Use Custom” and add IP address

6. Multiple TSE/ Citrix Server Support in Cyberoa

Cyberoam provides support for transparent au

Services or Citrix and apply all the identity-bas
the access. Now, one can configure up to 64 t
to configure only one server.

This feature will be useful in the organization w

department.

Configuration

Configure Cyberoam to communicate with Term

cyberoam auth thin-client add citrix-ip <

Remove Terminal Server from CLI using the co

cyberoam auth thin-client delete citrix-i

View list of configured Terminal Servers from C

cyberoam auth thin-client show

7. Web and FTP Detail Report with Time Stamp

With this version, one more drill down report in

Usage and FTP Usage.

Web Usage Detail report added as a leaf (last

 provides URL access date and time as well as

FTP Usage Detail report added, as a leaf repo

upload and download date and time along with

8. Time Stamp for Anti Virus, Anti Spam, IPS and

Leaf report of Anti Virus, Anti Spam, Mail Usag

stamp in the YYYY: MM: DD HH:MM:SS form
and usage.

9. Firmware Upgrade without disabling HA

To improve the ease of maintenance, HA in v 1

without disabling HA

10. Support of DHCP Custom options

Cyberoam has extended its DHCP Options fea

as per RFC 2132. DHCP options allow users t
form of pre-defined, vendor-specific informatio
DHCP message. When the DHCP message is
vendor-specific configuration and service inform
options could be configured.

Supported Scalar data types:

array-of - Array of Data Type
one-byte - One Byte Numeric Value
two-byte - Two Byte Numeric Value
four-byte - Four Byte Numeric Value
ipaddress – IP address
string - String
boolean - Boolean
Supported Array data types:
one-byte - Array of One Byte Numeric Values
two-byte - Array of Two Byte Numeric Values
four-byte - Array of Four Byte Numeric Values
ipaddress - Array of IP address

Configuration

1. Define DHCP Option from CLI console

2. Attach to DHCP server from CLI console

Example:

1. Define custom dhcp option 176 of the ty

console> cyberoam dhcp dhcp-options

optiontype string

console> cyberoam dhcp dhcp-options

optionname aphone(176) value
MCIPADD=192.168.42.1,MCPORT=17

2. View all DHCP options that are configur

console> cyberoam dhcp dhcp-options

3. View all DHCP options that can be attac

console> cyberoam dhcp dhcp-options

4. Removing definition of custom dhcp opt

console> cyberoam dhcp dhcp-options

 5. Delete DHCP options from DHCP Server

console> cyberoam dhcp dhcp-options

optionname aphone(176)

11. Increased Bandwidth Maximum Limit of QoS

In QoS Policy, maximum bandwidth limit has be

12. UTF-8 Support in iView

iView reports will now be displayed in UTF-8 c

language other than English.

13. External Authentication support using RADIU

PPTP Connections

Now PPTP and L2TP connections established

authenticated through RADIUS.

Known Behavior

Build 472

While performing Upload & Reboot operation, if you r

Please Try After Some Seconds”, access Web Admin
Maintenance > Firmware and click “Boot firmware im

Bugs Solved

Build 471
High Availability

Bug ID - 5211
Description - HA could not be enabled for the applian

Interface

Bug ID – 5314
Description – On removing alias, non-interface based

Logs & Report

Bug ID – 5214
Description – Incorrect value is displayed for Allotted,
in Internet Usage report on View Usage page of User
Account.

Bug ID – 5377
Description – When application is denied, Application

SSL VPN

Bug ID – 5365
Description – When User Email ID is not configured a
configured for tunnel access, files - Installer bundled w
downloaded are of size zero.

User

Bug ID – 5236
Description – CTAS traffic over VPN zone is not allow
 Bug ID – 5312
Description – Hypen (-) is not supported in Username

Web Admin Console

Bug ID – 5237
Description – For email address, more than 4 charac
myname@companyname.domainname

Bug ID – 5287
Description – When question mark was included in sp

Build 461

Group

Bug ID – 1140
Description – Add and Remove buttons are not displa

Bug ID – 4727
Description – Mismatch in Dashboard - Live Connecte
on Live Users page.

Bug ID – 5087
Description – At the time of importing groups from Ac
given if groups are not existing in AD. Ideally, messag
Please verify Base DN or Create groups in AD" shoul

Bug ID – 5077
Description – When the user group membership is ch
Cyberoam, tightly integration between Active Director
user still belongs to the old group. Ideally, if group do
belong to the “Open Group”.
Logs and Reports

Bug ID – 3021
Description – Reports do not include time stamp.

Bug ID – 3565
Description – It is not possible to export Custom View

Bug ID – 4574
Description – Web Usage Trend report is not displaye

Bug ID – 4670
Description – Even when there are 5 records, “View A
Widgets.

Bug ID – 5147
Description – French Label "Atteindre" is not displaye

Migration

Bug ID – 5010
Description – After migrating to Version 10.x from Ve
6 Interfaces.

Proxy

Bug ID – 5200
Description – Google’s Image Safe Search does not

Bug ID – 5217
Description – After applying Web filter policy, Remote
inaccessible.
System

Bug ID – 2647
Description – It is not possible to add more than 6 Int

Bug ID - 4588
Description - Even when appliance is deployed in "Bri
mode as "Route" mode.

Bug ID – 4649
Description – If wrong password is specified at the tim
portal, it redirects to “Web Admin Console" login page

Bug ID – 4651
Description - After logging out from the Captive Porta
showing the option for "Web Admin Console" also. In
option should be available.

Bug ID – 4668
Description – When the DHCP lease time is configure
not able to renew IP addresses. Due to this, LAN to W

Bug ID – 5070
Description – Enabling packet capture without configu
CPU utilization.

Bug ID – 5161
Description – It is not possible to include word “Corpo
or Footer.

Bug ID – 5222
Description – “My Account” link from Captive Portal o
page instead of My Account login page.
Users

Bug ID – 4607
Description – Live User page randomly displays zero
logged in.

VPN

Bug ID – 3556
Description – PPTP and L2TP VPN logs are not avail

Bug ID – 5077
Description – Search functionality does not work on A
page of Web Admin Console.

Bug ID – 5259
Description – It was not possible to establish PPTP c
users are authenticated through RADIUS.

Build 448

Categorization

Bug ID - 3425
Description - It is possible to download denied file typ
Web-based Mails like Yahoo, Gmail and Hotmail.

Bug ID – 4479
Description – When keywords exceed 4096 characte
the websites get categorized under this web category

Clients
 Bug ID – 4580
Description – Auto Login of Corporate Client does no

Bug ID – 4672
Description – Captive portal authentication does not w
10.00.0310.

Firewall

Bug ID – 5100
Description – At the time of creating firewall rule, Inte
when not a single user except ‘admin’ user exists in C

High Availability

Bug ID – 4604
Description – HA Communication log displayed “root”

Instant Messaging

Bug ID – 4296
Description - After enabling IM scanning, it is not pos
with third party applications like Trillian or Pidgin.

Bug ID – 4999
Description – When IM logging is enabled, it is not po
2011.

Bug ID – 5072
Description – When IM logging is enabled, it is not po
Windows Live Messenger 2009 and get new mail ale

Logs and Reports

 Bug ID - 3206
Description - Top L2TP Users and Top PPTP Users re
and down time.

Bug ID – 4660
Description – Files are not archived after upgrading to

Bug ID – 4683
Description – When Super-administrator password is
and iView Web Admin Console does not work. Due to
automatically. This happens only when users are auth

Migration

Bug ID – 5010
Description – After migrating from V 9.x.x to V 10.xx.
At the time adding, error “Only six interfaces are supp

Proxy

Bug ID – 4782
Description – When Cyberoam is configured as Direc
application like TeamViewer, does not work.

Bug ID – 4880
Description – After enabling SMTP Scanning, it will no

Bug ID – 5012
Description – Cyberoam is not compatible with Netsw
threat management solution, when Cyberoam is deplo
not able to access the Internet.

Registration
 Bug ID – 3745
Description – Warning message about subscribing or
on the Spam Digest Settings page.

Translation

Bug ID – 3000
Description - Backup & Restore page of Chinese GUI

Bug ID – 5037
Description – In the navigation menu – Identity, word

System

Bug ID – 4583
Description – It was possible to bind same IP Addres
Interface.

Bug ID – 4704
Description – On gateway failover, VOIP connections

Bug ID – 4931
Description – Signature Database is not flushed on fa

Bug ID – 4947
Description – When External Authentication is configu
from Identity > Authentication > Firewall page does n

User

Bug ID – 650
Description – Data Transfer Policy is not applied to C
 Bug ID – 653
Description – Surfing Quota Policy is not applied to C

Bug ID – 4719
Description – Test Connection to Active Directory fails
mark i.e. “ is included in the password.

Bug ID – 4735
Description – Access Time, Surfing quota and Data tr
users.

Bug ID – 4812
Description – Test Connection to LDAP fails when spe
domain name.

For example
,dc=cyberoam,dc=com ---- incorrect
dc=cyberoam,dc=com ---- correct

Bug ID – 4887
Description – It is not possible to place login restrictio

Web Admin Console

Bug ID – 4605
Description – Identity based WAN-VPN zone firewall
Rule of Web Admin Console.

Bug ID – 4718
Description – Dashboard sticks due to long domain na
Recent Web Viruses Detected Doclets.

Bug ID – 4733
 Description – At the time of creating bookmark, if bac
URL then the URL is truncated up to last “/”.

E.g. URL: http://www.google.com/cisco is truncated t

created for the URL - http://www.google.com/ and no

Bug ID – 4967
Description – No alert message is displayed when Po
Trusted Port list from page System > Administration >

Wireless LAN

Bug ID – 4891
Description – It is not possible to update “Geography
Wireless LAN > Settings page of Web Admin Console

Wireless WAN

Bug ID – 4904
Description – At the time of re-connection to 3G devic
Appendix A – Default File Type Categories

File Type Category

File Extensions M
Name
Video Files dat, mov, avi, qt, smi, sml, ap
smil, flc, fli, vfw, mpeg, mpg, ms
m15, m1u, m1a, m75, mls, ms
mp2, mpm, mp, rm, wmv, flv, ap
swf vid
ap
ap
Audio Files gsm, sd2, qcp, kar, smf, au
midi, mid, ulw, snd, aifc, aif, ap
aiff, m3url, m3u, wav, rm, x-m
au, ram, mp3, wmv au
au
re
au
Executable Files exe, cmd, bat, com ap
ms
ap
Dynamic Files pl, jsp, asp, php, cgi, shtml te
pa
Image Files bmp, gif, jpeg, jpg, pcx, png im
im

Document Files doc, docx, wbk, xls, xlsx, ap

ppt, pptx, oft, pub, msg, ap
(Document file format could one, xsf, xsn, grv, mpp, mpt, of
be described as a text, or acl, pip, thmx, aw, bld, blg, ap
binary data file type, used bvp, cdd, cdf, contact, csv, ap
to store formatted dat, dif, dmsp, efx, epub, ap
documents (texts, pictures, epw, exif, exp, fdb, fxp, gbr, of
cliparts, tables, charts, gpi, hdf, id2, lib, mat, mcd, ap
multiple pages, multiple menc, mw, ndx, not, ap
documents etc.).) notebook, out, ovf, pdx, pfc, ms
pps, ppsx, pptm, prj, qbw, of
sdf, svf, tar, tsv, vcf, vdb, ap
vxml, windowslivecontact, ap
wlmp, xfd, xml, xsl, xslt, lit, pr
log, lst, odt, opml, pages, rtf, of
sig, tex, txt, wpd, wps ap
va
ap
ma
of
ap
po
im
te
ap
te
te
ap
ap

Compressed Files 7z, alz, deb, gz, pkg, pup, ap

rar, rpm, sea, sfx, sit, sitx, ap
(Compressed files use file tar.gz, tgz, war, zip, zipx ap
compression in order to ap
save disk space. ap
Compressed archive stu
co
formats can also be used to ap
compress multiple files into
a single archive.)

Web Files (The Web Files alx, asax, asmx, aspx, atom, ap
category includes files att, axd, cer, chm, crt, csr, ap
related to websites and css, dwt, htm, html, js, jspx, ap
Web servers. These pac, qbo, rss, spc, ucf, po
include static and dynamic webarchive, wgt, wml, xfdl, jav
webpages, Web xhtm, xhtml ap
applications, and files te
referenced by webpages.) te
Database Files accdb, db, dsn, mdb, mdf, ap
pdb, sql, sqlite ap
(Database files store data ac
in a structured format, ch
organized into tables and
fields. Individual entries
within a database are
called records. Databases
are commonly used for
storing data referenced by
dynamic websites.)
System Files bashrc, cab, cpl, cur, dll, ap
dmp, drv, hlp, ico, key, lnk, ap
(The System Files category msp, prf, profile, scf, scr, ms
includes files related to sys he
Mac, Windows, and Linux
operating systems. Some
examples include system
libraries, icons, themes,
and device drivers. Files
output by the system are
also included in this
category.)

Configuration Files cfg, clg, dbb, ini, keychain, ap

prf, prx, psf, rdf, reg, thmx, ap
(Settings files store vmx, wfc
settings for the operating
system and applications.
These files are not meant
to be opened by the user,
but are modified by the
corresponding application
when the program
preferences are changed.
Settings files may also be
called preference files or
configuration files.)
Developer Files as, asc, c, cbl, cc, class, cp, te
cpp, cs, csproj, dev, dtd, f, ap
(The Developer Files fs, fsproj, fsx, ftl, gem, h, jav
category contains files hpp, ise, ism, java, m, ocx, jav
related to software pas, pod, pro, py, r, rb, sh, te
development. These src, tcl, trx, v, vbproj, vcproj, ap
include programming vtm, xcodeproj sc
project files, source code ap
files, code libraries, header
files, and class files.
Compiled objects and
components are also
included in this category.)
Backup Files asd, bak, bkp, bup, dba, ap
dbk, fbw, gho, nba, old, ori,
(The Backup Files sqb, tlg, tmp
category includes
individual file backups and
files related to backup
software. Individual backup
files are often generated
automatically by software
programs. Backup software
files include incremental
backups and full system
backups.)
Encoded Files bin, enc, hex, hqx, mim, ap
mime, uue ap
(Encoded files are files that ap
store data in an encoded ap
format. These include ap
encrypted files, ap
uncompressed archives, ww
and binary-encoded text
files. Files are often
encoded for security
purposes and to keep them
from being corrupted
during data transfers.)
Plugin Files 8bi, arx, crx, plugin, vst, xll ap

(Plugin files provide extra ap

features and functionality
to existing programs. They
are commonly used by
image, video, and audio
editing applications, as well
as Web browsers. Plugins
are also referred to as
add-ons and extensions.)

Disk Image Files dmg, iso, mdf, nrg, nri, pvm, ap

toast, vcd, vmdk
(Disk image files contain an
exact copy of a hard disk or
other type of media. They
include all the files, as well
as the file system
information. This allows
disk images to be used for
duplicating disks, CDs, and
DVDs. They are often used
for backup purposes as
well.)
Page Layout Files idml, indd, inx, isd, mdi, pct, im
pdf, pmd, ptx, pub, qxb, qxd, ms
(Page layout files are qxp, rels, xps ap
documents that may
contain both text and image
data. They also include
formatting information,
which defines the page
size, margins, and how
content is organized on the
page. Page layout
documents are often used
for creating printable
publications, such as
newspapers, magazines,
and brochures.)