of 78

Cyberoam Docs

Published on September 2017 | Categories: Documents | Downloads: 11 | Comments: 0
254 views

Comments

Content

Cyberoam Docs

1 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

1. Clients 1.1. Cyberoam Android Client Version 1.1.1. Release Notes 1.1.1.1. Cyberoam Android Client Version 1.4

Release Information Compatibility Versions: Cyberoam’s General Authentication Client Version 1.4 for Android is compatible with: 1. Cyberoam Version 10.01.0667 onwards. 2. Android Version 2.2 onwards Installation Procedure 1. Download the installer of Cyberoam’s Client for Android OS from: ·

www.cyberoam.com

·

Google Play

2. Double-click installer to download the Android Client and follow the on-screen steps to install. 3. For configuration details, follow the link http://kb.cyberoam.com

Introduction This document contains the release notes for Cyberoam’s General Authentication Client Version 1.4 for Android. The following sections describe the release in detail.

Enhancements Auto-login to Cyberoam on Hotspot Availability From this version onwards, General Authentication Client for Android, supports auto-login using authorized hotspot connected to Cyberoam. Prior to this version, manual intervention was required for Wi-Fi hotspot reconnection.

03-01-2015 12:26

Cyberoam Docs

2 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Bugs Solved The general authentication client fails to open when it is accessed in landscape mode. The general authentication client fails to respond if the pasted gateway IP Address contains alphanumeric characters.

1.1.1.2. Cyberoam Android Client Version 1.3

Release Information Compatibility Versions: Cyberoam’s General Authentication Client for Android OS (Cyberoam’s Android Client) Version 1.3 is compatible with following 1. Cyberoam Version 10.01.0667 onwards. 2. Android Version 2.2 onwards Installation Procedure 1.

Download the installer of Cyberoam’s Client for Android OS from: - Cyberoam Website - Google Play

2. Double-click installer to download the Android Client and follow the on-screen steps to install. 3. For configuration details, follow the link http://kb.cyberoam.com

Introduction This document contains the release notes for Android Client Version 1.3. The following sections describe the release in detail.

Features 1. General Authentication Client for Android OS

03-01-2015 12:26

Cyberoam Docs

3 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

From this version onwards, Cyberoam supports Authentication Client for Android based devices like mobile phones, PDAs and Tablets. Prior to this feature, an un-authenticated user within Cyberoam Network could not fetch/retrieve data using any application installed on Android device. To remain authenticated, the user was dependent on an active browser window. This would require a multi tab support browser for authenticating and browsing. Further, if the Cyberoam Captive Portal tab is closed, the user is marked unauthenticated and there is a possibility to lose the connection. To resolve the mentioned issues, Cyberoam introduced a client for Android devices, a standalone Application that authenticates users with Cyberoam and logs them in. Android Compatible Version: Android Version 2.2 onwards Note · If user enables “auto login”, the username and password used for authentication thereafter will be saved automatically. · On clicking the home button of main screen, Android Client application will run in background. · On clicking the back button of settings screen, Android Client application will return to main screen. · On clicking the close button, Android Client Application shuts down.

1.2. SSO - Single Sign On 1.2.1. Release Notes 1.2.1.1. V 1.0.1.0

Release Dates Version 1.0.1.0 – 6th September, 2013

Release Information Installation/Upgrade procedure 1. Download Cyberoam SSO installer. Installer Client 7.3.1.3 Client 1.0.1.0

Compatible Cyberoam Version Up to 10.01.0 Build 678 10.01.0 Build 739 onwards

2. Refer to the KB article titled Implement Single Sign On Authentication with Active Directory for English and Non-English Versions of Windows for configuration instructions. Revision History

03-01-2015 12:26

Cyberoam Docs

4 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Sr. No.

Old Revision Number

1

1.0 06/09/2013

New Revision Number

Reference Section

1.1 16/09/2013

-

Revision Details

Access information for the About tab added

Introduction This document contains the release notes for Cyberoam Single Sign On (SSO) Client Version 1.0.1.0. The following sections describe the release in detail.

Enhancements 1. SSO Client Information From this version onwards, the "About" tab is added to provide the information about the Client Suite, its version details and the legal information. The tab can be accessed from a client machine after successful user login. To access the tab, go to Start Menu > Cyberoam Single Sign on Client > SS Cyberoam GUI > About Tab.

Bugs Solved Bug ID – 31 Description – “Live Users” page displays either blank or incorrect MAC Address for the users logged in through Cyberoam SSO Client on a Windows 7 workstation. Bug ID – 51 Description – “Live Users” page displays either blank or incorrect MAC Address for the users logged in through Cyberoam SSO Client on a Windows Vista workstation. Bug ID – 62 Description – Cyberoam SSO Client ceases to function with Windows 8 workstation.

1.2.1.2. V 1.0.0.1

Release Information Compatibility Versions: Version 10.01.0.739 onwards 1. Download SSO (Client base Single Sign On) installer from http://www.cyberoam.com/cyberoamclients.html

03-01-2015 12:26

Cyberoam Docs

5 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

2. Remove SSO, if you have already installed the previous version. 3. Configure SSO from http://kb.cyberoam.com and follow the on-screen steps to install.

Introduction This document contains the release notes for Client based Single Sign On (SSO) version 1.0.0.1. The following sections describe the release in detail. Enhancement 1.

Internationalization Support Client base Single Sign On (SSO) now supports four languages viz., English, Hindi, Chinese – Simplified, Chinese - Traditional. Compatibility of OS version where SSO suite can be configured are as mentioned below: 1. Windows 2003 Server 32 bit 2. Windows 2003 R2 Server 64 bit 3. Windows 2008 Server 32 bit 4. Windows 2008 Server R2 Standard/Enterprise 64 bit Environment as domain Compatibility of OS version on Client where SSO suite can be installed and executed are as mentioned below: 1. Windows XP 2. Windows VISTA 3. Windows 7 32 bit 4. Windows 7 64 bit 5. Windows 2003 32 bit 6. Windows 2003 R2 64 bit 7. Windows 2008 32 bit 8. Windows 2008 R2 Standard/ Enterprise 64 bit

1.3. OS Compatibility Matrix

03-01-2015 12:26

Cyberoam Docs

6 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

1.4. CATC - Cyberoam Authentication for Thin Client 1.4.1. Release Notes 1.4.1.1. V 2.0.4.3

Release Dates Version 2.0.4.3 – 20th November, 2014

Release Information Upgrade procedure Administrative permission is required for installation. 1. Get the currently installed CATC version from: · Windows Registry or · Add Remove Programs for WindowsServer 2003 or · Programs and Features for Windows Server 2008 and onwards 2. Download CATC installer. Installer Client 1.0.1.5* Client 2.0.0.9 Client 2.0.3.7 Client 2.0.4.3

Compatible Cyberoam Version Up to 10.01.0 Build 678 10.01.0 Build 739 onwards 10.01.0 Build 739 onwards 10.01.0 Build 739 onwards

Upgrading from v 1.0.1.5 to v 2.0.4.3 requires reconfiguration of the Cyberoam IP Address, Exclusion List, Maximum Log Size and Logout Polling Time. 3. Double-click the downloaded CATC installer and follow the on-screen steps. Revision History

Sr. No.

Old Revision

New Revision

Reference

Revision Details

03-01-2015 12:26

Cyberoam Docs

7 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Number

-

Number

-

Section

-

-

-

Introduction This document contains the release notes for Cyberoam Authentication for Thin Client (CATC) Version 2.0.4.3. The following sections describe the release in detail.

Enhancements 1. Cyberoam Settings Tab Enhancements From this version, the Status group of “Cyberoam Settings” tab is enhanced to include the following fields: a. View Log This button displays a comprehensive set of all the logs that are generated at the event viewer in either Debug or Trace mode, (As defined in the General Settings tab.). b. View Logging Events This option allows the Administrator to filter out CATC specific logs from Event Viewer logs of the Microsoft TSE or Citrix Presentation Server, where CATC is installed.

2. General Settings Tab Enhancements From this version onwards, the Maximum Log Size field of the General Settings tab is renamed to “Logging”. The Logging field now contains the following options: • Enhanced Log Level Categorization

This option allows the Administrator to filter out CATC specific logs from Event Viewer logs of the Microsoft TSE or Citrix Presentation Server, where CATC is installed. The button next to the Log Level field consists of a drop down which when clicked shows two Log Level options: Debug – Select this option to generate a detailed log file for CATC and Logging Event logs. The set of logs can be viewed by clicking the Open buttons against View Log and View Logging Events from the Cyberoam Settings tab. Trace – Select this option to generate a filtered and more event specific log file for CATC and Logging Event logs. The set of logs can be viewed by clicking the Open buttons against View Log and View Logging Events from the Cyberoam Settings tab.

03-01-2015 12:26

Cyberoam Docs

8 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

3. Exclusion Lists Tab Enhancements With this version, the Exclusion List section has been enhanced with support to add Destination IP Address, IP Address: Port and *:Port. With this enhancement, an Administrator can configure CATC to not send the connection details of sessions terminating at the mentioned Destination IP Address, IP Address: Port and *:Port, to Cyberoam. Prior to this version, an administrator could configure only users under the Exclusion List.

4. About Tab Enhancements With this version, the About tab information is available in three different languages apart from English, namely – Hindi, Chinese (Simplified) and Chinese (Traditional). To change the language of CATC GUI, click the Language button and select the desired language from the drop-down list.

Miscellaneous • Rename of CATC

From this version, "Cyberoam Authenticated for Thin Client" is renamed to "Cyberoam Authentication for Thin Client".

Bugs Solved Bug ID – 188 Description – A delay is observed while accessing an MS.NET application when it is installed along with CATC on Windows AD 2008 Server. Bug ID – 178 Description – Windows 2012 Data Center 64 bit operating system with French Language Pack fails to register to Layered Service Provider when CATC is installed. Bug ID – 269 Description – CATC users surfing the Internet through Internet Explorer version 11 do not appear in Live Users list of Cyberoam.

03-01-2015 12:26

Cyberoam Docs

9 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

1.4.1.2. V 2.0.3.7

Release Dates Version 2.0.3.7 – 23rd May, 2013

Release Information Upgrade procedure Administrative permission is required for installation. 1. Get the currently installed CATC version from: · Windows Registry or · Add Remove Programs for WindowsServer 2003 or · Programs and Features for Windows Server 2008 and onwards 2. Download CATC installer. Installer Client 1.0.1.5* Client 2.0.0.9 Client 2.0.3.7

Compatible Cyberoam Version Up to 10.01.0 Build 678 10.01.0 Build 739 onwards 10.01.0 Build 739 onwards

Upgrading from v 1.0.1.5 to v 2.0.3.7 requires reconfiguration of the Cyberoam IP Address, Exclusion List, Maximum Log Size and Logout Polling Time. 3. Double-click the downloaded CATC installer and follow the on-screen steps. Revision History

Sr. No.

-

Old Revision Number

New Revision Number

-

-

Reference Section

-

Revision Details

-

03-01-2015 12:26

Cyberoam Docs

10 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Introduction This document contains the release notes for Cyberoam Authentication for Thin Client (CATC) Version 2.0.3.7. The following sections describe the release in detail.

Enhancements 1. Support of long user name Cyberoam now extends support of 20 characters for the user name/login name for all domains for logging through CATC client. The domain name can also be a sub-domain, such as mail.example.com. With this enhancement, Active Directory users with long username suffixed by domain or sub-domain will now be able to login to Cyberoam through CATC client. Prior to this version, only 9 characters were supported for the user name with sub-domain. Following are the examples of valid usernames: ·

[email protected]

·

[email protected]

·

[email protected]

·

[email protected]

2. CATC Information From this version onwards, the "About" tab is added to provide the information about the Client Suite, its version details and the legal information.

Bugs Solved Bug ID – 7 Description – CATC user cannot login if the Domain name of terminal server is more than thirteen characters. Bug ID – 43 Description – Functionality of ERP application ceases to function, if it is installed along with CATC client on same Windows 2003 Server. Bug ID – 47 Description – User is not able to log in into Cyberoam through CATC client, if the username contains special characters “$”, “%” and “ñ”. Bug ID – 57 Description – CATC does not authenticate the user when UAC is ON in Windows 2008 Server and above. This is observed when user tries to login using Internet Explorer 8 or above.

03-01-2015 12:26

Cyberoam Docs

11 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

1.4.1.3. V 2.0.0.9

Release Information Compatibility Versions: Version 10.01.0.739 onwards 1. Download CATC installer from http://www.cyberoam.com/cyberoamclients.html 2. Uninstall CATC, if you have already installed the previous version. 3. Double-click installer download in step 1 and follow the on-screen steps to install. Administrative right is required to install CATC.

Introduction This document contains the release notes for Cyberoam Authentication for Thin Client (CATC) version 2.0.0.9. The following sections describe the release in detail. Enhancement 1. Internationalization Support CATC now supports four languages viz., English, Hindi, Chinese – Simplified, Chinese - Traditional. Option to select the preferred language is available during the installation of CATC. Also post installation, as per the requirement the preferred language can be modified. To modify the language go to Start menu à Programs à CATC à CATC à Click on Language à Select preferred language. This version of CATC will be compatible with following Windows version: 1.

Windows 2000 Server with Service pack 4

2. Windows 2003 Server 32bit 3. Windows 2003 R2 Server 64 bit 4. Windows 2008 Server 32 bit 5. Windows 2008 R2 Standard/Enterprise 64 bit 6. Windows SBS 2011 Server

03-01-2015 12:26

Cyberoam Docs

12 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

7. Windows 2003 server with Citrix configured. Limitation 1. On modifying the preferred language, the text on the tabs remains unchanged until CATC is restarted. However none of the functionality gets affected.

1.4.1.4. V 1.0.1.5

Release Information Release Date Version 1.0.1.5 – 2nd July, 2011 Compatibility Versions: All Versions 1. Download CATC installer from http://www.cyberoam.com/cyberoamclients.html 2. Uninstall CATC, if you have already installed the previous version. 3. Double-click installer download in step 1 and follow the on-screen steps to install. Administrative right is required to install CATC.

Introduction This document contains the release notes for Cyberoam Authentication for Thin Client (CATC) version 1.0.1.5. The following sections describe the release in detail.

Enhancement Now CATC supports exclusion users having domain name in their username. Prior to this version, a user with domain name like [email protected] could not be excluded.

Bugs Solved Bug ID – 5475 Description – On installing the CATC version 1.0.0.9, Oracle form 6i application stops responding. Bug ID – 5519 Description – User Exclusion List in CATC 1.0.0.9 can contain a duplicate usernames.

03-01-2015 12:26

Cyberoam Docs

13 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

1.4.1.5. V 1.0.0.9

Release Information Compatible versions: All versions Installation procedure 1. Download CATC installer from http://www.cyberoam.com/cyberoamclients.html 2. Uninstall CATC, if you have already installed the previous version. 3. Double-click installer downloaded in step 1 and follow the on-screen steps to install. Administrative right is required to install CTAS.

Introduction This document contains the release notes for Cyberoam Authentication For Thin client version 1.0.0.9. The following sections describe the release in detail.

Enhancement 1. Support of Win2K8 server Now CATC supports Win2K8 server also. Prior to this version, only Windows Server 2000, Windows Server 2003 (Microsoft TSE) and Citrix Presentation Server were supported. Currently CATC is not supported on Win2K8 server for Itanium based systems.

Bug Solved Bug ID – 4898 Description – When multiple Citrix servers are configured and single user exists in multiple servers, than user is not logging in the domain configured for her.

1.4.2. Guides 1.5. CTAS - Cyberoam Transparent Authentication Suite 1.5.1. Release Notes 1.5.1.1. V 2.1.2.5

Release Dates

03-01-2015 12:26

Cyberoam Docs

14 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Version 2.1.2.5 – 28th July, 2014

Release Information Upgrade procedure Administrative permission is required for installation.In case you are going to deploy CTAS as a Collector, please make sure that the machine on which you are installing CTAS is in the domain whose Domain Administrative credentials you want to use for installing. 1. Download CTAS installer from: http://www.cyberoam.com/cyberoamclients.html. For Cyberoam versions prior to 10.02.0 Build 473, please install CTAS Version 1.0.1.2. 2. Double-click the downloaded CTAS installer and follow the on-screen steps. Refer to the following KB articles for configuration instructions: Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment OR Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment Revision History

Sr. No.

Old Revision Number

New Revision Number

-

-

-

Reference Section

Revision Details

-

-

Introduction This document contains the release notes for Cyberoam Transparent Authentication Suite (CTAS) Version 2.1.2.5. The following sections describe the release in detail.

Enhancements 1. Advanced Tab Enhancements a. Configuration Synchronization and its Logging From this version, following new sub-section is added to the Advanced tab: – Configuration Sync: It lets administrator to replicate CTAS configuration from one CTAS installation to another and also generates logs for the same.

03-01-2015 12:26

Cyberoam Docs

15 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

CTAS configurations are pushed from CTAS Machine 1 to target Machine 2 only if both have CTAS version 2.1.2.5 or above installed. This sub-section has two buttons: 1.

Configuration Sync: Click this button and specify the IP Address of the target Machine on which CTAS Agent/Collector/Suite is installed. Depending upon the CTAS installation type (Agent, Collector or Suite), CTAS component configurations will be synchronized from CTAS Machine 1 to Machine 2 in the following manner: Machine 1 (CTAS Installation Type)

Machine 2 (CTAS Installation Type)

Agent

SSO Suite (Agent values will be Sync)

Collector

SSO Suite (Collector values will be Sync)

Agent

Agent

Collector

Collector

SSO Suite

SSO Suite

Note: Synchronization is disallowed for all other CTAS installation combinations on CTAS Machine 1 and 2. . 2. View Sync Logs: Use this button to View Configuration Sync logs.

b. Configuration Synchronization and its Logging From this version, the Logging sub-section is enhanced with the “Log Level” feature to neatly categorize CTAS logs and Logging event logs. The View Logging Events button is added which allows the Administrator to filter out CTAS specific logs from Event Viewer logs of the Machine where CTA Agent is installed. These logs are saved as a text file of the title “logging_events.log”. The button next to the Log Level field consists of a drop down which when clicked shows two Log Level options: Debug – Select this option to generate a detailed log file for CTAS and Logging Event logs. The set of logs can be viewed by clicking the View Log and View Logging Events button respectively. Trace – Select this option to generate a filtered and more event specific log file for CTAS and Logging Event logs. The set of logs can be viewed by clicking the View Log and View Logging Events button respectively.

Bugs Solved Bug ID - 412 Description – CTAS initiates WMI query for hosts/networks added in the Exclusion List.

03-01-2015 12:26

Cyberoam Docs

16 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Bug ID - 404 Description – CTAS “Advanced” tab and “Backup / Restore” sub title is incorrectly spelled as “Advance” and “Back Restore” respectively.

1.5.1.2. V 2.1.1.4

Release Dates Version 2.1.1.4 – 06th May, 2014

Release Information Upgrade procedure Administrative permission is required for installation.In case you are going to deploy CTAS as a Collector, please make sure that the machine on which you are installing CTAS is in the domain whose Domain Administrative credentials you want to use for installing. 1. Download CTAS installer from: http://www.cyberoam.com/cyberoamclients.html. For Cyberoam versions prior to 10.02.0 Build 473, please install CTAS Version 1.0.1.2. 2. Double-click the downloaded CTAS installer and follow the on-screen steps. Refer to the following KB articles for configuration instructions: Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment OR Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment Revision History

Sr. No.

Old Revision Number

New Revision Number

-

-

-

Reference Section

-

Revision Details

-

Introduction

03-01-2015 12:26

Cyberoam Docs

17 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

This document contains the release notes for Cyberoam Transparent Authentication Suite (CTAS) Version 2.1.1.4. The following sections describe the release in detail.

Enhancements 1. New Sub-sections added in Advance Tab From this version, following new sub-sections have been added to the Advance tab: – Backup Restore: It lets administrator take backup of current CTAS configurations, as well as restore a previously taken backup. Use the ‘Backup Now’ button against ‘Backup Configuration’ to take backup of current CTAS configurations. Use the ‘Browse’ button against ‘Restore Configuration’ to browse to the location containing previously taken CTAS configuration backup. Click ‘Upload and Restore’ button to restore the selected backup. – Test Connectivity: It lets administrator gather the connectivity status of a Cyberoam appliance, CTAS Agent and CTAS Collector with respect to the AD Server where CTA Agent /Collector /Suite is installed: - Cyberoam: Specify the IP Address of Cyberoam appliance, to test its connectivity status with respect to the AD Server where CTA Agent /Collector /Suite is installed. - CTA Agent: Specify the IP Address of CTA Agent, to test its connectivity status with respect to the AD Server where CTA Agent /Suite is installed. - CTA Collector: Specify the IP Address of CTA Collector, to test its connectivity status with respect to the AD Server where CTA Collector /Suite is installed. Note: Test Connectivity feature is supported from Firmware Versions 10.6.1 RC-3 onwards only. 2. Support for Dead entry timeout From this version, ‘Dead entry timeout’ parameter is added under Logoff Detection Settings sub-section of CTA Collector tab. With this enhancement, an administrator can configure time in hours after which a user is to be logged off from Cyberoam. Accordingly, a user will be logged off from Cyberoam after the specified time, even when the Logoff Detection for the user fails. Note that ‘Dead entry timeout’ is independent of whether the Logoff Detection is enabled or not. 3. Support for Subnet mask in Exclusion List Tab From this version, an administrator can specify a Network Subnet mask (For example, 172.16.16.0/24) under Exclusion List tab. With this enhancement, an administrator can configure an entire Network Subnet Mask to exclude from authentication. Accordingly, an IP Address falling under the specified Network Subnet mask is not authentication via CTAS. Prior to this version, an administrator could specify only IP Address of Host(s) in Exclusion List.

03-01-2015 12:26

Cyberoam Docs

18 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Bugs Solved Bug ID - 346 Description – WMI query fails for a user / Administrator user logging into ADS machine itself

1.5.1.3. V 2.1.0.3

Release Dates Version 2.1.0.3 – 11th February, 2014

Release Information Upgrade procedure Administrative permission is required for installation.In case you are going to deploy CTAS as a Collector, please make sure that the machine on which you are installing CTAS is in the domain whose Domain Administrative credentials you want to use for installing. 1. Download CTAS installer from: http://www.cyberoam.com/cyberoamclients.html. For Cyberoam versions prior to 10.02.0 Build 473, please install CTAS Version 1.0.1.2.

2. Double-click the downloaded CTAS installer and follow the on-screen steps. Refer to the following KB articles for configuration instructions: Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment OR Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment Revision History

Sr. No.

Old Revision Number

New Revision Number

Reference Section

Revision Details

03-01-2015 12:26

Cyberoam Docs

19 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

-

-

-

-

-

Introduction This document contains the release notes for Cyberoam Transparent Authentication Suite (CTAS) Version 2.1.0.3. The following sections describe the release in detail.

Enhancements 1. New Tab Added - Advance Tab From this version, the Advance tab is added to aid the administrator with logging and troubleshooting. The Advance tab contains following sub-sections: – Show Live Users: It displays detail of all the Domain users, which is registered to CTA Collector by all the CTA Agents in network. The Active Collector will use this database to communicate user information to Cyberoam. – Logging: It provides logs as per the configured settings. The administrator can also set the log size between 10 to 25 MB. – Trouble Shooting: The CTA Collector uses WMI and Registry Read polling methods to check user login on a remote machine. Administrator can use the following utilities to check if the CTA Collector is able to connect and get user information from a remote machine or not: 1. WMI Verification: Use to perform WMI Verification for the client with the specified IP Address. 2. Registry Read Verification: Use to perform Registry Read Verification for the client with the specified IP Address.

1.5.1.4. V 2.0.6.4

Release Dates Version 2.0.6.4 – 24th December, 2013

Release Information Upgrade procedure

03-01-2015 12:26

Cyberoam Docs

20 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Administrative permission is required for installation. 1. Download CTAS installer from: http://www.cyberoam.com/cyberoamclients.html. For Cyberoam versions prior to 10.02.0 Build 473, please install CTAS Version 1.0.1.2.

2. Double-click the downloaded CTAS installer and follow the on-screen steps. Refer to the following KB articles for configuration instructions: Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment OR Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment

Revision History

Sr. No.

Old Revision Number

New Revision Number

-

-

-

Reference Section

-

Revision Details

-

Introduction This document contains the release notes for Cyberoam Transparent Authentication Suite (CTAS) Version 2.0.6.4. The following sections describe the release in detail.

Enhancements 1. Migration Support Cyberoam now supports migration from following Versions of CTAS to the latest Version - 2.0.6.4: CTAS Version 2.0.4.0 and Version 2.0.5.2 2. CTAS Information

From this version onwards, the "About" tab is added to provide the information about the Client Suite, its version details and the legal information.

Behaviour Change 1. From this Version onwards, the parameter “Domain Name” under Monitored Domains in General Tab is renamed to “NetBIOS”.

03-01-2015 12:26

Cyberoam Docs

21 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

2. From Version 2.0.5.2 onwards, Cyberoam IP Address under parameter “Cyberoam Appliances” in General Tab is displayed only when: a. The Cyberoam Appliance is active and b. The Active Collector is added to the Cyberoam Appliance via CLI

Bugs Solved Bug ID – 115 Description – Letter “i” automatically follows the specified FQDN against Fully Qualified Domain Name parameter under Monitored Domains in the General Tab. Bug ID – 111 Description – CTAS Service does not start if the number of Monitored Networks under CTA Agent Tab is more than 115. Bug ID – 152 Description – “DETECTION-RETRY” parameter in ‘CTAS.ini’ file is missing in CTAS Version 2.0.5.7. Bug ID – 231 Description – CTAS Collector fails to execute WMI query if the CTAS administrator password contains non-English character(s).

1.5.1.5. V 2.0.5.2

Release Information Compatibility Versions: Version 10.02.0.473 onwards 1. Download CTAS installer from http://www.cyberoam.com/cyberoamclients.html 2. Uninstall CTAS, if you have already installed the previous version. 3. Double-click installer download in step 1 and follow the on-screen steps to install. Administrative right is required to install CTAS.

Introduction This document contains the release notes for Cyberoam Transparent Authentication Suite (CTAS) version 2.0.5.2. The following sections describe the release in detail. Enhancement 1. CTAS: More Resilient Transparent Authentication From this version onwards, CTAS Fault Tolerance capability is optimized by: ·

Providing a high availability of collectors and agents.

03-01-2015 12:26

Cyberoam Docs

22 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

·

Minimizing authentication delay due to AD Server failure.

·

Automatic recovery mode support, thus when CTAS service crashes or fails, it will restart automatically.

Modus operandi The CTAS Agent can be: · ·

Installed on every domain controller. Configured to support group of collectors. One of these collectors act as a primary collector, while remaining shall be backup collectors. A maximum 5 collectors can be added to a group

·

If the primary collector goes down, one of the backup collectors shall become primary collector.

·

Unlike prior, list of collectors will now be available, if CTAS Agent and CTAS Collector are on same machine.

·

It is now possible to add multiple collectors, if only CTAS Agent is available on the machine. Prior, in absence of CTAS Collector, only one collector could be configured.

·

While using NETAPI mode, if CTAS HA mode is enabled, IP Address of primary collector and port number on which the backup collector listens to the primary collector must be configured.

Note

·

A Group Number along with IP Address and Port number is required to add a Collector.

CLI Commands 1.

Command: cyberoam auth cta collector add collector-ip <ip-address> collector-port <port> create-new-collector-group

To add a collector in new group. 2.

Command: cyberoam auth cta collector add collector-ip <ip-address> collector-port <port> collector-group <group-number>

To add a collector in an existing collector group. Prior to this enhancement, to support multiple domain controllers, CTAS Agent was installed on every domain controller and a single collector on any one of the CTAS Controller.

1.5.1.6. V 2.0.4.0

Release Information Compatibility Versions: Version 10.01.0 Build 739 onwards 1. Download CTAS installer from http://www.cyberoam.com/cyberoamclients.html 2. Uninstall CTAS, if you have already installed the previous version. 3. Double-click installer download in step 1 and follow the on-screen steps to install. Administrative right is required to install CTAS.

03-01-2015 12:26

Cyberoam Docs

23 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

For further information on installation of the CTAS client, please click here.

Introduction This document contains the release notes for Cyberoam Transparent Authentication Suite (CTAS) version 2.0.4.0. The following sections describe the release in detail.

New Feature 1. Novell eDirectory Support

Cyberoam now supports Single Sign-on authentication for Novell’s eDirectory through Cyberoam Transparent Authentication Suite (CTAS). Novell eDirectory is an authentication server used to provide centralized identity management, infrastructure, Net-wide security and scalability to all types of applications running behind a security solution like Cyberoam UTM. Henceforth, Cyberoam’s Client-less SSO will grant access of resources to the users’ that are successfully authenticated by eDirectory Compatible Novell Server versions are: 1. eDirectory_88_SP5_Windows_x32 2. SLES10_SP4(OES2SP3) 3. Netware 6.5_SP8 Compatible Novell Client versions are: 1. Novell client 4.91_SP5 for Windows XP and Windows 2003 2. Novell client 2 SP1 for Windows 7 (32 bits and 64 bits), Windows Vista Known Behaviour 1. Ping method of CTAS-Novell eDirectory does not work for Windows XP (SP2 and SP3) 2. User's simultaneous login/logout activity does not get logged on Cyberoam with CTAS-Novell edirectory 3. Under i18n compliance, Cyberoam Transparent Authentication Suite (CTAS) with Novell’s eDirectory support English and French languages only. With Active Directory, CTAS also supports Hindi and Chinese – Simplified and Traditional.

1.5.1.7. V 2.0.1.2

Release Information Compatibility Versions: Version 10.01.0.739 onwards 1. Download CTAS installer from http://www.cyberoam.com/cyberoamclients.html 2. Uninstall CTAS, if you have already installed the previous version. 3. Double-click installer download in step 1 and follow the on-screen steps to install. Administrative right is required to install CTAS.

03-01-2015 12:26

Cyberoam Docs

24 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Introduction This document contains the release notes for Cyberoam Transparent Authentication Suite (CTAS) version 2.0.1.2. The following sections describe the release in detail. Enhancement 1. Internationalization Support CTAS now supports four languages viz., English, Hindi, Chinese – Simplified, Chinese - Traditional. Option to select the preferred language is available during the installation of CTAS. Also post installation, as per the requirement the preferred language can be modified. To modify the language go to Start menu à Programs à CTAS à Cyberoam Transfer Authentication Suite à Click on Language à Select preferred language. Compatible OS versions are as mentioned below: 1. 2. 3.

Windows 2003 Server 32 bit Windows 2003 R2 Server 64 bit Windows 2008 Server 32 bit

4. Windows 2008 Server R2 Standard/Enterprise 64 bit Environment as domain Known Behaviour 1. For any selected language (Hindi, Chinese), the tab titles are displayed in English.

1.5.1.8. V 1.0.1.2

Release Information Release Date Version 1.0.1.2 – 2nd July, 2011 Compatibility Versions: All Versions 1. Download CTAS installer from http://www.cyberoam.com/cyberoamclients.html 2.

Uninstall CTAS, if you have already installed the previous version.

03-01-2015 12:26

Cyberoam Docs

25 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

3. Double-click installer download in step 1 and follow the on-screen steps to install. Administrative right is required to install CTAS.

Introduction This document contains the release notes for Cyberoam Transparent Authentication Suite (CTAS) version 1.0.1.2. The following sections describe the release in detail. This release introduces enhancements that improve quality, reliability and performance.

Enhancement CTAS now supports Login IP Exclusion List. Users with their IP addresses added in the IP Exclusion List are not logged in Cyberoam via CTAS. This is particularly helpful if both CTAS and CATC authentication clients are present in the network. In this scenario, Terminal Server IP address can be added in Login IP Exclusion List, so the remote terminal users do not log in through CTAS with the Terminal Server IP address.

Bugs Solved Bug ID – 4961 Description – If the Active Directory server Domain name is different than that of the NetBios name then the user cannot login. It is required that the “Domain Name” option should be renamed to “Domain NetBios Name” in Monitoring Domain’s tab

1.5.1.9. V 1.0.0.8

Release Information Compatible versions: All versions Installation procedure 1. Download CTAS installer from http://www.cyberoam.com/cyberoamclients.html 2. Uninstall CTAS, if you have already installed the previous version. 3. Double-click installer downloaded in step 1 and follow the on-screen steps to install. Administrative right is required to install CTAS.

Introduction This document contains the release notes for Cyberoam Transparent Authentication Suite (CTAS) version 1.0.0.8. The following sections describe the release in detail. This release introduces enhancements that improve quality, reliability, and performance. Enhancements 1.

Single Installer for English and Non-English versions of OS

03-01-2015 12:26

Cyberoam Docs

26 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Cyberoam is introducing new CTAS installer which supports both English and non-English versions of Operating Systems. Hence, now there is no need to download and install CTAS multiple times. Download path: http://www.cyberoam.com/cyberoamclients.html 2.

Support of Exclusion List for User Login Now, administrator can bypass the authentication check on users such as system accounts that are not required to authenticate by simply adding them in Login User Exclusion List. Option to configure exclusion list from Agent is removed and now added on Controller as well as Suite. This is useful when multiple Agents exist as in previous version one had to configure list on each Agent, while this version, one has to configure list only on Collector or Suite Suite/Controller Configuration Go to Exclusion List tab and under Login User Exclusion List add all the users who are required to bypass the login check.

3.

Support of IP based Exclusion List for User Logoff Now, administrator can bypass IP address log off detection check by creating Logoff IP Exclusion list. This is useful when Logoff detection is enabled to monitor user log off and still you want to bypass monitoring. Suite/Controller Configuration Go to Exclusion List tab and under Logoff IP Exclusion List add all the IP addresses, which should not be subjected to logoff detection.

4.

Login request redirection based on Subnet mask In case, multiple Cyberoams are used to monitor, now it is possible to re-direct the login request to a particular Cyberoam based on the subnet. For example, if setup has 3 Cyberoams with IP address 192.168.1.1, 192.168.2.2 and 192.168.3.3 and Agent is monitoring 10.10.20.0/24 and sending update to Collector. Then on Collector, we can assign a Cyberoam to a particular subnet that is being monitored.We can configure Cyberoam 192.168.1.1 to monitor 10.10.20.0/25, Cyberoam 192.168.2.2 to monitor 10.10.20.128/25 and Cyberoam 192.168.3.3 to monitor all the networks. Collector Configuration Go to CTA Collector tab and under Cyberoam Appliances, click Add to 1. 2. 3.

5.

Add Cyberoam appliance IP address Enable subnet based filtering Specify subnet and subnet mask

Option to update Administrator credentials To run the CTAS services, administrative rights are required. One had to uninstall CTAS and re-install if it was required to change the user credentials or user itself. Now, with this version, there is no need to uninstall CTAS to change the user credentials. This feature will be useful, if by mistake CTAS is installed for the user who does not have administrative rights.

03-01-2015 12:26

Cyberoam Docs

27 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Configuration 1. 2. 3. 4.

Go to General tab Under Status option, stop the CTAS services Under Administrative Credentials, click Update to change username and password Under Status option, start CTAS services

1.5.2. Guides 1.5.2.1. V 2.1.2.5 1.5.2.2. V 2.1.1.4 1.5.2.3. V 2.1.0.3 1.5.2.4. V 2.0.6.4 1.5.2.5. V 1.0.0.8 1.6. CGAC - Cyberoam General Authentication Client 1.6.1. Release Notes 1.6.1.1. V 2.1.1.12, V 2.1.1.15

Release Dates Version 2.1.1.12 – 6 September, 2013 Version 2.1.1.15 – 24 June, 2014

Release Information Installation/Upgrade procedure Administrative permission is required for installation. 1. Download CGAC installer Version 2.1.1.12 / 2.1.1.15 from http://www.cyberoam.com/cyberoamclients.html. 2. Double-click the downloaded CGAC installer and follow the on-screen steps. Refer to the KB article titled Install and Configure Cyberoam General Authentication Client for Windows OS for configuration instructions. Revision History Sr. No.

Old Revision Number

New Revision Number

Reference Section

Revision Details

03-01-2015 12:26

Cyberoam Docs

28 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

1

1.0 -06/09/2013

1.1 -16/09/2013

-

Access information for the About tab added

2

1.1 -16/09/2013

1.2 -24/06/2014

-

Translations update

Introduction This document contains the release notes for Cyberoam General Authentication Client (CGAC) Version 2.1.1.12 and Version 2.1.1.15. The following sections describe the release in detail.

Enhancements 1. Rename of Corporate Client From this version, the Cyberoam Corporate Client is renamed to Cyberoam General Authentication Client (CGAC). 2. CGAC Information From this version onwards, the "About" tab provides information about the Client Suite, its version details and the legal information. The tab can be accessed only after the client installation is completed. Click on the top-left corner of the client’s login window to access the About tab. 3. Log File Support From this version, the Log File support for the Cyberoam General Authentication Client (CGAC) is added.To access the Log File, go to Start > Run and enter the following command: %appdata%\Cyberoam\Cyberoam General Authentication Client

Known Behaviour 1. Restoration of saved user credentials after CGAC upgrade Cyberoam General Authentication Client (CGAC) does not restore the saved user credentials and IP Address of Cyberoam Server, after upgrading to Cyberoam General Authentication Client (CGAC) Version 2.1.1.12.

1.6.1.2. V 2.1.0.0

03-01-2015 12:26

Cyberoam Docs

29 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Release Information Compatibility Versions: Version 10.01.0.739 onwards 1. Download Corporate Client installer from http://www.cyberoam.com/cyberoamclients.html 2. Uninstall Corporate Client, if you have already installed the previous version. 3. Double-click installer download in step 1 and follow the on-screen steps to install. Administrative right is required to install Corporate Client.

Introduction This document contains the release notes for Corporate Client version 2.1.0.0. The following sections describe the release in detail. Enhancement 1. Internationalization Support Corporate Client now supports four languages viz., English, Hindi, Chinese – Simplified, Chinese - Traditional. Option to select the preferred language is available during the installation of Corporate Client. Also post installation, as per the requirement the preferred language can be modified. To modify the language go to Start menu à Programs à Cyberoam client for corporate à Tray icon (located on task bar) à Right click on Corporate Client icon à Preference à Select preferred language à Ok. Compatible OS versions are as mentioned below: 1.

Windows XP with all the Service packages

2. Windows Vista 3. Windows 7 32 bit 4. Windows 7 64 bit 5. Windows 2003 Server 32 bit 6. Windows 2003 R2 Server 64 bit 7. Windows 2008 Server 32 bit 8. Windows 2008 R2 Standard and Enterprise 64 bit 9. Windows SBS 2011 Server Note

03-01-2015 12:26

Cyberoam Docs

30 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

1. This Version is not compatible with Linux Flavors like Linux, Fedora, Unix, MAC, etc

1.6.1.3. V 2.0.0.3

Release Information Release Date Version 2.0.0.3 – 2nd July, 2011 Compatibility Versions: All Versions 1. Download Corporate Client installer from http://www.cyberoam.com/cyberoamclients.html 2.

Uninstall Corporate Client, if you have already installed the previous version.

3. Double-click installer download in step 1 and follow the on-screen steps to install. Administrative right is required to install Corporate Client.

Introduction This document contains the release notes for Cyberoam Corporate Client version 2.0.0.3. The following sections describe the release in detail.

Bugs Solved Bug ID – 4580 Description – Auto Login of Corporate Client does not work from version 10.00.0309. Bug ID – 5458 Description – A wrong MAC address is displayed when the user logs in from a workstation having SSL VPN client installed.

1.6.2. Guides 1.7. IPSec VPN Client 1.7.1. Release Notes 1.7.1.1. V 4.71 Build 001, V 5.XX Build XXX

Introduction

03-01-2015 12:26

Cyberoam Docs

31 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

This document contains the release notes for Cyberoam that includes all the features, enhancements, bug fixes and known issues for the following: ·

Version 5.51 Build 001

·

Version 5.02 Build 001

·

Version 5.01 Build 001

·

Version 5.00 Build 023

·

Version 4.71 Build 001

Download Client ·

http://www.cyberoam.com

OperatingSystem supported Windows 2000 (Workstation), WinXP 32-bit (all service pack including SP2), Windows Server 2003 32–bit, Windows Server 2008 32/64-bit, Windows Vista 32/64 bit, Windows 7 32/64–bit, · Windows 8 32/64-bit. Revision History

Sr. No.

Old Revision Number

New Revision Number

Reference Section

Revision Details

1

5.02.001-11052011

5.51. 001-26042013

Operating System Supported

Added support for Windows 8 32/64-bits

03-01-2015 12:26

Cyberoam Docs

32 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

IPSec VPN Client Release Notes This Release Note details the features, enhancements and fixes of the release 5.51 build 001.

IPSec VPN Client 5.51 Build 001 This release note includes features, enhancements and bug fixes since release 5.01.001. Compatibility

·

Support for Windows 8 32/64-bit added.

IPSec VPN Client 5.02 Build 001 This release note includes features, enhancements and bug fixes since release 5.01.001. Bugs Solved ·

Version tgbgina.dllnot foundon the 'about' window.

IPSec VPN Client 5.01 Build 001 This release note includes features, enhancements and bug fixes since release 5.00.023. Bugs Solved ·

Mainly in Windows XP, due to various naming of the “Application Data” folder, “Activation error 70. Can’t activate software” message gets displayed.

·

Any automated scripts that are supposed to be executed at opening and closing of a tunnel might not run and DNS/WINS may not get restored properly if alternate DNS/WINS are configured and the user is using another VPN Configuration via a USB.

·

Activation Wizard in help menu cannot be disabled after software activation.

·

The VPN Configuration does not load from an USB Drive if it is already plugged in before initialization of IPSec VPN Client software.

·

Phase 2 Advanced option "Automatically open this tunnel when USB stick is inserted" might not work in some Windows configuration if USB drive not detected.

·

Importing VPN Configurations with Certificates in IPSec VPN Client 5.0 from a VPN Client 4.7 prevents from opening a tunnel. The field “Name” is not properly parsed.

03-01-2015 12:26

Cyberoam Docs

33 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

·

Windows IP stack may crash when forcing high fragmentation of IP packets beyond 10 fragments.

Known Issues ·

Some setup command line options may not work correctly during a silent install.

·

After locking/unlocking Window session, the tunnel cannot be opened and the configurations cannot be applied or saved. The user requires restarting the VPN Client software.

·

Gina connection panel (before Windows logon) may appear with 5-8sec delay on Windows XP. The Gina connection panel does not display when computer is “locked” on Windows 2007.

·

In USB Mode, exporting a protected VPN Configuration creates a wrong configuration file.

Note Debug mode (Ctrl+Alt+D) creates large trace logs. Disable the debug mode or regularly delete the log files.

IPSec VPN Client 5.00 Build 023 This release note includes features, enhancements and bug fixes since release 4.70.001.

Features ·

New graphical user interface provides easier user experience. Among major changes are a simpler top menu, smaller and clearer Connection Panel, less buttons and more tabs in Configuration Panel.

·

Language can be changed on the fly, and all the strings can be modified from the software. This allows localizing any strings.

·

Support of 2 new languages Hungarian and Norwegian which makes it a total of 23 languages.

·

Automatically sort VPN tunnels by name.

·

Displays virtual IP Address sent by gateway when "Mode-Config" feature is set.

·

Add "Purchase licenses online" link under helpmenu.

·

Command line option /pwd (password) must be specified when using command line option /export.

·

New setup option --reboot=1 to reboot automatically after silent installation.

·

DNS/WINS server addresses received from remote gateway are now displayed in “Phase2”>“Advanced”. In case Mode-Config feature is enabled, both fields are disabled to prevent

03-01-2015 12:26

Cyberoam Docs

34 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

manual settings but the DNS/WINS server addresses are still displayed. ·

Displays the amount of data encrypted per VPN tunnel in Connection Panel.

·

DPD can now be disabled with a checkbox added in “Global Parameters” > “DPD”.

Enhancements ·

“Phase1” > “Certificate” tab now shows all Tokens/SmartCard Readers configured, except those plugged in. A warning message is displayed when the certificate cannot be read on the configured Token/SmartCard Reader.

·

No administrative previledge dependency to activate IPSec VPN Client software.

·

Single field to enter the license number up to 24 digits long.

·

VPN Client virtual IP Address and DNS/WINS fields are disabled when “Mode-Config” is selected.

·

Script fields are now disabled when “Enable before Windows login” is selected.

·

If a VPN tunnel closes because the computer has changed its IP address, the VPN tunnel does not re-open automatically once the network is available again.

·

·

X-Auth Authentication Type "OTP" is now supported. If VPN gateway supports it and requests it, the IPSec VPN Client will ask the user for X-Auth authentication for each key renegotiation. X-Auth Authentication Type “CHAP" is now supported. It can be used by the VPN Gateway, if supported, to pass through the X-Auth login/password to AAA Authentication server.

Bugs Solved ·

CHAP Radius X-Auth does not work when login and password are embedded in the configuration file.

·

X509 Certificate parser assumes that serial number in Certificate is mandatory and rejects certificates without serial number (e.g. coming from USB Tokens). X509 standard ETSI TS 102 280 doesnot specify that the serial number field is mandatory in the Certificates.

·

IPSec VPN Client Mode-Config feature does not take into account the mask value provided by the VPN gateway but instead uses a default mask (i.e. RFC2408 A.4 ISAKMP Identification Type Values).

· · ·

The reply to an X-Auth Authentication type server from the VPN gateway and the request received thereof, are not identical. DNS Windows network setting is set back to static when VPN tunnel closes, although it was set to dynamic before opening the VPN tunnel. This may occurs on some Windows versions as the inet_addr system function used does not have the same behavior on all Windows versions. Software un-installation might not remove NDIS filter drivers properly which disable network adapters.

03-01-2015 12:26

Cyberoam Docs

35 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

·

“Phase2” > IP Addresses are mandatory fields even when “Mode-Config” is selected.

·

Windows XP doesn not accept a 20 digit license number.

·

DNS address not restored properly after closing a VPN tunnel as a consequence of un-plugging the USB drive with VPN configuration on it while that VPN tunnel was opened.

·

VPN Client stops working after entering smartcard PIN code beyond 10 digits.

·

Opening a tunnel, triggers some systray popup messages about another VPN tunnel when using multiple VPN tunnels configuration.

·

Receiving a message with unknown System Administaor may trigger a systray popup message repeatedly.

·

VPN Configuration file cannot be imported from a network drive on some Windows network configuration.

·

Command line option "/export" does not work if the VPN Client software is already running.

·

VPN tunnel status in Configuration Panel does not get updated to “Tunnel opened" but the Connection Panel tunnel status is updated properly.

·

The feature “Launch this script after the tunnel is closed" executes the script too early in case the user quits the software, which in turn forces all opened tunnels to close.

·

The feature that prohibits users to access the Configuration Panel (menu “Options" > “Configuration‟ Ø enter a password) should also prohibit the ability to import via command line using “vpnconf.exe /import", or "/replace".

·

Selecting the “Desktop” folder in the Windows "browse" panel (e.g. when trying to import a configuration file) results an error, on Windows Vista.

·

Execution of command line options vpnconf.exe /close:tunnel1 and /open:tunnel1 opens the Configuration Panel. Configuration will remain closed, only systray popup messages will appear.

·

IPSec VPN retries to authenticate the user serveral times if ther gateway responds with a authentication failure response

·

·

The Gina library in the client (i.e. Connection Panel windows before logon) does not find all necessary system resources which might prevent user from login, which may force the user to login in safe mode. Problem occurs, on all Windows XP in some VMware (without VMware "Tools"), and some strip down versions of Windows XP (not up to date with all service packs) and only if a tunnel feature “Windows before logon" have been selected. Connection problem on the NetgearLite version with the Windows 7, 64-Bit installation.

Known Issues ·

Save the configuration before you quit the software, failing which, the IKE modules fail to connect when the software starts the next time.

·

User cannot update the DNS/WINS server address when the tunnels are open.

·

Gina connection panel may appear with 5-8sec delay on Windows XP. The Gina connection panel does not display when computer is "locked" on Windows Seven only. Gina Connection Panel displays only 1 tunnel (if multiple configured in Configuration Panel).

03-01-2015 12:26

Cyberoam Docs

36 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

·

Importing VPN Configurations with Certificates in IPSec VPN Client 5.0 from a VPN Client 4.7 might prevent from opening a tunnel.

·

Changing from a "left to right" language to a "right to left" language (or vice-versa) might not take effect. A work around would be to quit the software and restart.

·

The Phase 2 Advanced option "Automatically open this tunnel when USB stick is inserted" does not work in some Windows configuration if USB drive not detected.

·

VPN configuration cannot be exported to a mapped drive and there is no error message displayed for same.

·

The new language translator editor does not support delete “Del” key.

IPSec VPN Client 4.71 Build 001 This release note includes features,enhancementsand bug fixessince release 4.70.001. Enhancements ·

Displays more information from Mode-Config feature (DNS, WINS) in the Console.

Bugs Solved · ·

Initial DNS, WINS server addresses cannot be restored in some circumstances like unplugging LAN cable with an opened VPN tunnel using Mode-Config. Secondary DNS, WINS server addresses provided by the gateway Mode-Config feature disables IPSec VPN Client Mode-Config feature, especially if those DNS, WINS server addresses are empty.

1.7.1.2. V 4.70 build 001

Introduction This document contains the release notes for Cyberoam IPSec VPN Client version 4.70 build 00. Document includes all the features, improvement, and bug fixes from the release 4.70 build 001. Operating Systems supported Windows 2000 (Workstation), WinXP 32-bit (all service packs including SP2), Windows Server 2003 32-bit, Windows Server 2008 32/64-bit, Windows Vista 32/64-bit, Windows 7 32/64-bit Features ·

Support 2 new languages - Czech and Danish for total of 21 languages. Czech and Danish now embedded in the software setup.

·

Support of new WWAN driver model for 3G/4G devices on Windows 7 (Windows Seven 32/64bit). All 3G/4G wireless modem/adapter manufactures must support “Mobile Broadband Driver Model

03-01-2015 12:26

Cyberoam Docs

37 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Specification” for Windows 7 based on NDIS6.20 miniport driver model. Among those adapters, we now support Atheros Wireless Adapter, Dell Wireless 5530 HSDPA Mini-Card, Dell Wireless 5600 EVDO-HSPA Mini-Card, Huawei 3G modem, Qualcomm Gobi 2000, Sierra wireless MC8781 HSPDA. See our list of 3G modem/adapters. ·

Latest NetGear VPN Routers Mode-Config support.

·

Windows firewall rules auto setup extended to 'public' and 'domain' profiles.

·

Ability to upgrade a group of license numbers at a specific date (with different expiration dates). This is useful to large customers/resellers to simplify their accounting/reporting of maintenance option.

·

Configuration file now encrypted during software upgrade. Password set for GUI access or command line can be used.

Enhancements ·

Ability to copy&paste the license number from the 'About..' windows.

·

Change in user interface of the Phase2 panel around the “Certificates Management..” button.

·

Temporary installation folder for drivers in Windows 7 64-bit shall not have restricted access rights.

·

RFC defines port 4500 UDP for key renegotiation. Port 500 is allowed now.

·

Mode-Config in IKE Engine has been adapted for compatibility with NetGear gateways.

·

Added Push mode in Mode-Config for compatibility with NetGear gateway.

·

Command line /pwd switch is mandatory for /export and /exportonce requires (e.g. vpnconf.exe /export:c:"test.tgb /pwd:test).

Bugs Solved ·

Command line to replace a configuration file protected with password (e.g. /replace:c:"test.tgb /pwd:test) might erase current configuration if wrong password. Command lines to /add or /importonce are not affected.

·

Command lines ("vpnconf.exe /import:[filename]") might not be executed properly.

·

Events not logged in ‘Console’ when opening/closing tunnel before Windows logon (for Gina mode go to ‘Phase2 Advanced’ > ‘Enable before Windows logon’)

·

Software activation may not work properly in case Windows default temporary folder is restricted to the user.

·

Leaving sleep mode in Windows 7 64-bit might lead to Bluescreen.

·

Special characters in Phase1 or Phase2 names could crash when software starts.

·

Popup shows continuously "Remaining tunnel" after tunnel closed, due to erroneous cookie in ‘INVALID COOKIE’ notification message (i.e. RFC2522)

·

Limitation in length of all parameters to avoid buffer overflow.

03-01-2015 12:26

Cyberoam Docs

38 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

·

‘Open Tunnel’ button disabled while network interfaces become available or unavailable to avoid crash. Especially wireless network interfaces (e.g. 3G, WiFi,..).

·

IKE service might crash if user open and close the tunnel multiple times rapidly while a redundant gateway as been set.

·

Support for numerical OID in certificate subject may lead to inability to open tunnel.

·

Sound (‘Ding’) when using ‘Tab’ keyboard key in X-Auth Authentication popup.

·

Password limiting access to some features (‘View’ > ‘Configuration’) might be asked even when not set.

·

"Don't start VPN Client when I start Windows" is not working on Windows 7 64-bit. The IPSec VPN Client always starts.

·

Bluescreen on Sony VAIO VGN-FW51MF with 3G option, Windows Seven 64-bit (Win 7) and a VPN Configuration using Certificates.

·

When local and remote network are on the same subnet, access to remote network would not work properly if the ‘Auto open tunnel on traffic detection’ feature has not been selected.

·

Bad version IKE daemon.

1.7.1.3. V 4.65 build 003

Introduction This document contains the release notes for Cyberoam IPSec VPN Client version 4.65 build 003. Document includes all the features, improvement, and bug fixes from the release 4.65 build 003 to 4.52 build 001. Operating Systems supported Windows 2000 (Workstation), WinXP 32-bit (all service packs including SP2), Windows Server 2003 32-bit, Windows Server 2008 32/64-bit, Windows Vista 32/64-bit, Windows 7 RC1 32/64-bit

Release 4.65 build 003 Features, enhancements and bug fixes since release 4.65.002 Bugs Solved IKE (tgbike.exe) crashes in certain circumstances like renegotiating user authentication using X-Auth twice and getting a “not ok” response from X-Auth remote server although initial negotiation was authorized with same login/password. In Peer2Peer mode, SHA-2 algorithm for phase2 Authentication is not working properly. Import VPN Configuration window takes several seconds to appear. This situation occurs only for Windows 7 Operating System. When multiple tunnels are configured, Configuration Panel displays mismatched tunnel names.

03-01-2015 12:26

Cyberoam Docs

39 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

When multiple tunnels are configured, Configuration Panel might display the wrong tunnel status. Release 4.61 build 002 Features, enhancements and bug fixes since release 4.61.007 Feature ·

Windows Seven (7) RTM 32/64-bit full compatibility. IPSec VPN Client now supports Windows 2000 (Workstation), Windows XP 32-bit, Windows Server 2003 32-bit, Windows Server 2008 32/64-bit, Windows Vista 32/64-bit, Windows 7 32/64-bit.

Enhancements Easier activation wizard to accept 20 or 24 digit license number. Appropriate and self explanatory message instead of Error 056 will be displayed when trying to activate an expired temporary license. Limit of temporary license extended. Management of temporary license improved Connection Panel redesigned for better display of multiple tunnels. Ability to maintain trial period while installing multiple OEM customization releases Bugs Solved At the time of importing VPN Configuration, IKE crashes in some Windows environments. FTP transfer in ESP tunnel creates a BSOD when active mode is set. When the user re-inserts smartcard after closing tunnel, PIN Windows does not pop up for checking PIN code. DoS vulnerability is fixed. Software might not run properly when USB Drive mode is active (i.e. VPN Config moved onto USB Drive) and one of the network drives is inaccessible. Use of Certificate from Windows Certificate Store does not working properly on Windows XP 32/64-bit. Corrected Warning message in English language when global parameters set outside limits. VPN Peer 2 peer not working in aggressive mode. VMWare Server and IPSec VPN Client, installed on Windows Vista may cause BSOD. Problem fixed also for Virtual PC, Virtual Box from Sun. System crashed at the time of importing Certificate .P12 generated by Checkpoint firewall. System crashed during extremely large data load with NVIDIA Ethernet chipset integrated to mother board or network board based on Realtek chipset. USB Drive wizard is not running on forefront. "Alternate WINS Server" address might not be updated when opening a tunnel. This issue is only found in Windows 7. Evaluation period might expire at first installation in some rare circumstances with very aggressive desktop firewall settings. Network drivers might not be installed properly on Vista 64bits when installation path contains spaces. Spelling mistakes in deployment guide in – noactiv and /D switches in command line section. Systray icon might disappear when Windows Explorer crash. Release 4.61 build 007 Features, enhancements and bug fixes since release 4.61.005 Bugs solved

03-01-2015 12:26

Cyberoam Docs

40 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Incorrect Software Activation request is sent during software un-installation. Release 4.61 build 005 Features, enhancements and bug fixes since release 4.61.004 Bugs Solved The DN value in Certificates OID (Object ID) not correctly parsed leading to an ‘unknown OID’ error message when using comma inside either of the RDNs (i.e. Relative Distinguished Name). System crashes while using Certificate whose private key cannot be read properly A Phase2 Advanced ‘ID Type’ change in Configuration Panel is not saved in VPN Configuration file. Windows function ‘CryptUIDlgViewContext’ from ‘cryptui.dll’ not available in Windows 2000, however used to view Certificate details in IPSec VPN Client 4.6 and further. Not supporting Certificate ‘subjectaltname’ extension properly which generates a ‘subjectaltname invalid length’ error message. Release 4.61 build 004 Features, enhancements and bug fixes since release 4.61.003 Enhancements ·

Removed the registry key DnSeparator. The Certificate subject is now RFC compliant - RFC 4514.

Release 4.61 build 003 Features, enhancements and bug fixes since release 4.61.003 Enhancements Remove the application focus from the Vista Credential Providers window (aka GINA on W2K/WXP). User had to click on the Windows Logon password field to be able to enter it. Bugs Solved Credential Providers (aka GINA) not disabled after software un-installation under Windows XP in case one VPN tunnel has been enabled with the ‘Enable before Windows Logon’ feature Known issue After exiting the Windows session without closing that session by “Switch user” or “Lock this computer”, IPSec VPN Client software does not display the opened tunnel even though they are still open. Work around – Quit and restart the software. After restart all the opened tunnel will be showed as UP Release 4.61 build 002

03-01-2015 12:26

Cyberoam Docs

41 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Features, enhancements and bug fixes since release 4.60.007 Feature Windows 7 RC 32-bit and 64-bit support. Cyberoam IPSec VPN Client now supports Windows 2000, Windows XP 32 bit, Windows Server 2003 32 bit, Windows Server 2008 32/64 bit, Windows Vista 32/64 bit and Windows 7 32/64 bit. Enhancements Remove the application focus onto the Vista Credential Providers window (aka GINA on W2K/WXP) Following command line switches can now be used with the /pwd:xxx option: /export, /import, /exportonce, /importonce, /add, /replace. Bugs Solved Background color of few links in ‘Software Activation Wizard’ and ‘Connection Panel’. VPN tunnel might not open automatically when connecting using IP ‘Range address’. Some OID (Object ID) in Certificates not supported (i.e. RFC 4519). Transport mode access behind NAT may fail in some VPN configurations Conflict with some other vendor Credential Providers (aka GINA) if already installed Conflict with some other vendor Credential Providers (aka GINA) if already installed Lost of network interface due to new 64-bit network drivers Known Bugs Vista Credential Providers (aka GINA) not working on Windows 64-bit. Release 4.60 build 007 Bug fixes since release 4.52.001 Feature Ability to use Certificates from the Windows Certificate Store which enables smooth integration with any PKI software supporting Windows Certificate Store. When using USB Tokens or Windows Certificate Store, a single Certificate can be selected in case multiple ones have been pre-stored. Vista Credential Providers (aka GINA on W2K/WXP) support to enable Windows logon via VPN tunnel or choose to logon on local machine. Windows 7 (32-bit) Support. Cyberoam IPSec VPN Client now supports Windows 2000, Windows XP 32-bit, Windows Server 2003 32-bit, Windows Server 2008 32/64-bit, Windows Vista 32/64-bit, Windows 7 32-bit. Arabic, Hindi & Thai language support. Cyberoam IPSec VPN Client is now available in 19 languages: Arabic, Chinese (simplified), Dutch, English, Finnish, French, German, Greek, Hindi, Italian, Japanese, Polish, Portuguese, Russian, Serbian, Slovenian, Spanish, Thai & Turkish. SHA-2 algorithm support Ability to prevent software upgrade or un-installation if software usage has been protected by password. Ability to view all the certificate details like expiration date, issued by, subject and so on.

03-01-2015 12:26

Cyberoam Docs

42 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Shortcut added to enable debug mode. New Oberthur AuthentIC Card v220 USB Token support. Enhancements Significant usability improvement of the USB Mode with ability to attach a VPN configuration to a specific computer or to a specific USB drive. Appropriate warning message when the user is entering a wrong password for a USB Token/Smartcard or when the USB Token/Smartcard is locked. Appropriate warning message when software activation error like quota exceeded. More detailed information on some Software Activation errors especially those due to internal activation server errors. Software localization in German language. Changed string in Certificate Import Wizard. Merged menu ‘Help’ and ‘Online support’. Impossible to open a tunnel in case an IP address has been defined as the local IP address (i.e. ‘Phase1’ > ’Interface’) but this address does not exist in the computer. Bugs Solved VPN Configuration file might not be restored properly after software upgrade on some Windows configuration. No access to a NAS shared folders depending on the NAS device. This is due to TCP checksum when IP packet is fragmented. Phase1 LocalID value malformed when certificate uses UTF8 string syntax. Oberthur Smartcard not recognized [ATR 3B:7B:18:00:00:00:31:C0:64:77:E9:10:00:01:90:00]. See easy way to add new USB Tokens or Smartcards by importing new ATR codes. Unable to read certificates on some smartcards. Incoming UDP packets larger than 1672 bytes are not handled properly and may cause blue screen. Software startup time and VPN Configuration import time might be longer than usual when debug mode enabled on some Windows Vista configuration. Wrong default remote address point when using VPN Configuration Wizard in peer-to-peer mode and VPN Configuration Wizard has been used before to connect to a VPN Gateway. Losing the Pre-Shared Key as soon as user tries to import a Certificate. Phase1 & Phase2 names could be changed only after names were cached by software. Changing ‘Remote LAN address’ multiple times might not be saved properly into the VPN Configuration file. Command lines /Open and /Close maximize the IPSec VPN Client window even it was minimize by user. Also, command lines /Open, /Close and /stop are not working if the Connection Panel has been opened prior to using them. Command lines /Open and /Close not working if tunnel name contains letters in capital case. Scripts before or after tunnel open or close might not be launched in some circumstances. Systray popup to show tunnel progress bar taking focus over other application. Latest zip compression format of the setup was not supported within some computer environments. Software could not be uninstalled successfully in some cases where software is running and a tunnel is open. A click on the systray icon would not maximize the IPSec VPN Client Connection Panel, Configuration Panel or Console windows in case they were minimized. A tunnel is shown as open in Connection Panel when an USB Drive is plugged-in, but the tunnel is still shown as open when USB drive is un-plugged although it has been closed. Phase 2 Remote LAN address might not be saved properly in some circumstances with multiple VPN tunnels. Token PIN code might be asked when tunnel start opening even though no Token is plugged-in, in case ‘Phase 1 Certificate on Token’ and ‘Auto Open on Traffic’ have been configured. Software crashed if the ‘Remote Gateway’ field is not available in the VPN Configuration file. Padding and IP frame total length when using some FTP commands with a web server preventing access through a WindRiver VPN Server. Initial DNS not restored when the user closes all tunnels, quit software or reset IKE service, in case two tunnels have been configured to use alternate DNS addresses. Release 4.52 build 001

03-01-2015 12:26

Cyberoam Docs

43 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Enhancements and bug fixes since release 4.51.001 Enhancements PinCode management in X-Auth login/password user interface Bugs Solved Compatibility with ePass 2000 reading certificates

1.7.1.4. V 4.61 build 003

Introduction This document contains the release notes for Cyberoam IPSec VPN Client version 4.61 build 003. Document includes all the features, improvement, and bug fixes from the release 4.61 build 003 to 4.52 build 001 Download Client http://www.cyberoam.com/downloads/vpnclient/CyberoamVPNClient_Setup.exe Operating Systems supported Windows 2000 (Workstation), WinXP 32-bit (all service packs including SP2), Windows Server 2003 32-bit, Windows Server 2008 32/64-bit, Windows Vista 32/64-bit, Windows 7 RC1 32/64-bit Release 4.61 build 003 Features, enhancements and bug fixes since release 4.61.003 Enhancements Remove the application focus from the Vista Credential Providers window (aka GINA on W2K/WXP). User had to click on the Windows Logon password field to be able to enter it. Bugs Solved Credential Providers (aka GINA) not disabled after software un-installation under Windows XP in case one VPN tunnel has been enabled with the ‘Enable before Windows Logon’ feature Known issue After exiting the Windows session without closing that session by “Switch user” or “Lock this computer”, IPSec VPN Client software does not display the opened tunnel even though they are still open.

03-01-2015 12:26

Cyberoam Docs

44 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Work around – Quit and restart the software. After restart all the opened tunnel will be showed as UP Release 4.61 build 002 Features, enhancements and bug fixes since release 4.60.007 Feature Windows 7 RC 32-bit and 64-bit support. Cyberoam IPSec VPN Client now supports Windows 2000, Windows XP 32 bit, Windows Server 2003 32 bit, Windows Server 2008 32/64 bit, Windows Vista 32/64 bit and Windows 7 32/64 bit. Enhancements Remove the application focus onto the Vista Credential Providers window (aka GINA on W2K/WXP) Following command line switches can now be used with the /pwd:xxx option: /export, /import, /exportonce, /importonce, /add, /replace. Bugs Solved Background color of few links in ‘Software Activation Wizard’ and ‘Connection Panel’. VPN tunnel might not open automatically when connecting using IP ‘Range address’. Some OID (Object ID) in Certificates not supported (i.e. RFC 4519). Transport mode access behind NAT may fail in some VPN configurations Conflict with some other vendor Credential Providers (aka GINA) if already installed Conflict with some other vendor Credential Providers (aka GINA) if already installed Lost of network interface due to new 64-bit network drivers Known Bugs Vista Credential Providers (aka GINA) not working on Windows 64-bit. Release 4.60 build 007 Bug fixes since release 4.52.001 Feature Ability to use Certificates from the Windows Certificate Store which enables smooth integration with any PKI software supporting Windows Certificate Store. When using USB Tokens or Windows Certificate Store, a single Certificate can be selected in case multiple ones have been pre-stored. Vista Credential Providers (aka GINA on W2K/WXP) support to enable Windows logon via VPN tunnel or choose to logon on local machine. Windows 7 (32-bit) Support. Cyberoam IPSec VPN Client now supports Windows 2000, Windows XP 32-bit, Windows Server 2003 32-bit, Windows Server 2008 32/64-bit, Windows Vista 32/64-bit, Windows 7 32-bit. Arabic, Hindi & Thai language support. Cyberoam IPSec VPN Client is now available in 19 languages: Arabic, Chinese (simplified), Dutch, English, Finnish, French, German, Greek, Hindi, Italian, Japanese, Polish, Portuguese, Russian, Serbian, Slovenian, Spanish, Thai & Turkish. SHA-2 algorithm support

03-01-2015 12:26

Cyberoam Docs

45 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Ability to prevent software upgrade or un-installation if software usage has been protected by password. Ability to view all the certificate details like expiration date, issued by, subject and so on. Shortcut added to enable debug mode. New Oberthur AuthentIC Card v220 USB Token support. Enhancements Significant usability improvement of the USB Mode with ability to attach a VPN configuration to a specific computer or to a specific USB drive. Appropriate warning message when the user is entering a wrong password for a USB Token/Smartcard or when the USB Token/Smartcard is locked. Appropriate warning message when software activation error like quota exceeded. More detailed information on some Software Activation errors especially those due to internal activation server errors. Software localization in German language. Changed string in Certificate Import Wizard. Merged menu ‘Help’ and ‘Online support’. Impossible to open a tunnel in case an IP address has been defined as the local IP address (i.e. ‘Phase1’ > ’Interface’) but this address does not exist in the computer. Bugs Solved VPN Configuration file might not be restored properly after software upgrade on some Windows configuration. No access to a NAS shared folders depending on the NAS device. This is due to TCP checksum when IP packet is fragmented. Phase1 LocalID value malformed when certificate uses UTF8 string syntax. Oberthur Smartcard not recognized [ATR 3B:7B:18:00:00:00:31:C0:64:77:E9:10:00:01:90:00]. See easy way to add new USB Tokens or Smartcards by importing new ATR codes. Unable to read certificates on some smartcards. Incoming UDP packets larger than 1672 bytes are not handled properly and may cause blue screen. Software startup time and VPN Configuration import time might be longer than usual when debug mode enabled on some Windows Vista configuration. Wrong default remote address point when using VPN Configuration Wizard in peer-to-peer mode and VPN Configuration Wizard has been used before to connect to a VPN Gateway. Losing the Pre-Shared Key as soon as user tries to import a Certificate. Phase1 & Phase2 names could be changed only after names were cached by software. Changing ‘Remote LAN address’ multiple times might not be saved properly into the VPN Configuration file. Command lines /Open and /Close maximize the IPSec VPN Client window even it was minimize by user. Also, command lines /Open, /Close and /stop are not working if the Connection Panel has been opened prior to using them. Command lines /Open and /Close not working if tunnel name contains letters in capital case. Scripts before or after tunnel open or close might not be launched in some circumstances. Systray popup to show tunnel progress bar taking focus over other application. Latest zip compression format of the setup was not supported within some computer environments. Software could not be uninstalled successfully in some cases where software is running and a tunnel is open. A click on the systray icon would not maximize the IPSec VPN Client Connection Panel, Configuration Panel or Console windows in case they were minimized. A tunnel is shown as open in Connection Panel when an USB Drive is plugged-in, but the tunnel is still shown as open when USB drive is un-plugged although it has been closed. Phase 2 Remote LAN address might not be saved properly in some circumstances with multiple VPN tunnels. Token PIN code might be asked when tunnel start opening even though no Token is plugged-in, in case ‘Phase 1 Certificate on Token’ and ‘Auto Open on Traffic’ have been configured. Software crashed if the ‘Remote Gateway’ field is not available in the VPN Configuration file. Padding and IP frame total length when using some FTP commands with a web server preventing access through a WindRiver VPN Server. Initial DNS not restored when the user closes all tunnels, quit software or reset IKE service, in case two tunnels have been configured to use alternate DNS addresses.

03-01-2015 12:26

Cyberoam Docs

46 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Release 4.52 build 001 Enhancements and bug fixes since release 4.51.001 Enhancements PinCode management in X-Auth login/password user interface Bugs Solved Compatibility with ePass 2000 reading certificates

1.7.1.5. V 4.51 build 001

Introduction This document contains the release notes for Cyberoam IPSec VPN Client version 4.51 build 001. Document includes all the features, improvement, and bug fixes since release 4.x Download Client

www.cyberoam.com/downloads/vpnclient/CyberoamVPNClient_Setup.exe Operating Systems supported

Win 2000, Win XP, Win Server 2003, Win Vista

Release 4.51 build 001 Features, enhancements and bug fixes since release 4.50.004 Enhancements

To reflect the correct meaning SHA is replaced with SHA-1 Bugs Solved "Add or Replace" option is not displayed when Configuration file is opened Explorer.

Command line "/import" is not working when importing password protected configuration. When both primary and redundant gateways are not available, redundant Gateway does not try to check primary gateway again. VPN Configuration lost during upgrade in some Windows configurations. Software upgrade not working properly on some of the Windows XP computers. Software always prompts for activation in certain circumstances. Connection panel might not show an opened tunnel in some VPN Configurations.

03-01-2015 12:26

Cyberoam Docs

47 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Client crashes in Config-Mode

Release 4.50 build 004 Features, enhancements and bug fixes since release 4.50.003 Feature

Windows Server 2008 support. Cyberoam IPSec VPN Client now supports Windows 2000, Windows XP 32-bit, Windows Server 2003 32-bit, Windows Server 2008 32/64-bit, Windows Vista 32/64-bit. Bugs Solved

No need to take configuration backup before uninstalling client. Known Bugs

On VPN client startup, tunnel does not come up automatically i.e. check box in Phase 2 advanced is ineffective Encrypted configuration files cannot be imported when password used for encryption is less than 3 characters. Activation fails (auto or manual) in some rare network configuration cases. Opening or closing a tunnel from the command line fails in some Windows environments. BSOD when powering on a virtual machine in VMware Server 2 environment

Release 4.50 build 003 Bug fixes since release 4.50.002 Bugs Solved IKE crashes on X-Auth failure

Upgrade blocked on XP OS when computer is running slowly.

Release 4.50 build 002 Features, enhancements and bug fixes since release 4.2 Feature

Windows Vista 32-bit and 64-bit support New Gemalto.Net Two-Factor Authentication Smart Cards certified New Token ePass 2000 and ePass 3000 certified Enhancements

Configurable X-Auth login/password popup window display duration

03-01-2015 12:26

Cyberoam Docs

48 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Extensive help provided on how to move license to other computer on successful software activation. Faster ‘Save&Apply’. Confirmation popup on configuration reset. New Publisher Certificate Bugs Solved

Alternate DNS/WINS server addresses are not released when closing the VPN tunnel in some Windows configuration. Restore some Windows settings like Vista IKE service and XP PolicyAgent to pre-install values after un-installation the IPSec VPN Client software. Change the ‘?’ menu in Chinese language. Wrong icon is displayed when VPN Configuration is created with the VPN Configuration Wizard. Language codes in all online links are now iso-639-2code compliant. Temporary license activation may prohibit the IPSec VPN Client software to start properly. White icon on grey background in systray menu. Software activation response wrongly parsed generating Activation Error Code 50. Not possible to restart IPSec VPN Client software in user mode on Windows XP in certain circumstances after software activation. USB drive plug in not detected in some circumstances. Phase2 lost link to Phase1 after renaming and in multiple VPN tunnels configuration. VPN configuration modification not reflected when switching back and forth to USB mode with specific USB drivers Certificate subject truncated to 124 char. Phase1 unstable when using Neusoft VPN Gateways. Display errors in remaining evaluation days in Chinese Display errors in the Italian DLL X-Auth password window title displayed the wrong name for Phase 1

Release 4.20 build 009 Features, enhancements and bug fixes since release 4.20.006 Feature

IPV4 Subnet management with Config Mode Enhancements

IPv4 subnet and subnet mask is now handled by the IPSec VPN Client software when sent by the remote gateway in Config Mode exchange Reduce Activation Error 50 frequency The IPSec VPN Client software switches immediately to the second gateway as soon as the DPD (Dead Peer Detection) detects the first gateway as idle. Bugs Solved

Improper management of Non-latin character paths Redundant Gateway switchover time. Now switch over will be immediate Removed dependency of booting twice after installation

03-01-2015 12:26

Cyberoam Docs

49 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Ike crash when debug is on Compatibility problems with Windows server 2003 Error of the number of rest days in the Evaluation window in Chinese version Driver mismatch when client is installed on Windows Vista Known Bugs

String display error in the evaluation window for the Chinese release

Release 4.20 build 009 Features, enhancements and bug fixes since release 4.20.006 Features

IPV4 Subnet management with Config Mode Enhancements

Reduce Activation Error 50 frequency Bugs Solved

Improper management of Non-latin character paths Redudant Gateway switchover time. Now switch over will be immediate Removed dependency of booting twice after installation Ike crash when debug is on Compatibility problems with Windows server 2003 Error of the number of rest days in the Evaluation window in Chinese version

Release 4.20 build 006 Features and bug fixes since release 4.20.005 Features

New Console button and GUI menu for restarting IKE service Bugs Solved

Release number correctly managed during the activation process Customized bitmaps correctly resized depending on the localization Correct management of the "open/close tunnel" button on reset IKE

03-01-2015 12:26

Cyberoam Docs

50 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Release 4.20 build 005 Bug fixes since release 4.20.004 Bugs Solved

Update check not working

Release 4.20 build 004 Bug fixes since release 4.20.003 Bugs Solved

Replace Serbian with Serbian Latin Certificates management on Chinese localization

Release 4.20 build 003 Bug fixes since release 4.20.002 Bugs Solved

Phase 2 'open/close tunnel' button not working properly Improper management of ANSI/UNICODE characters

Release 4.20 build 002 Bug fixes since release 4.20.001 Bugs Solved

Setup version problems solved If activation process results in "Unspecified error", activation window goes blank Improper management of Vista drivers

Release 4.20 build 001 Features, enhancements and bug fixes since release 4.19.003 Features

Automatic Activation reset on upgrade or software un-installation Configuration of X-Auth popup appearance time enabled in VPN Configuration file. Default time changedto 60 sec. Full Unicode software enables Chinese (simplified Chinese) and Japanese localization

03-01-2015 12:26

Cyberoam Docs

51 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Support to additional 9 languages. TheGreenBow IPSec VPN Client is now available in 16 languages. New localizations for TheGreenBow IPSec VPN Client include: English, French, Portuguese, Spanish, Italian, Dutch, German, Polish, Slovenian, Serbian, Greek, Turkish, Russian, Chinese (simplified), Japanese and Finnish Automatic creation of the appropriate rules in the Vista Firewall for enabling IPSec VPN tunnels Ability to access a remote LAN from a local network with same IP address schema Specify preferred Installation language through a setup command line Enhancements

Use of standard PFS / Diffie-Hellman terminology New installation software. This new software installation enables Unicode installation, and improves the upgrade process with only one reboot. Setup is easier with no more setup summary dialog. It also allows to reduce software setup size by half. IKE credential disclosure vulnerability fixed Improvisations in Spanish localization VPN Configurations are signed to maintain content integrity. Integrity check added during VPN Configuration import and export process. Required support page will be opened automatically on some activation errors Switch process between connection panel and configuration panel is made easy Better management of DNS/WINS server address when static (not assigned by DHCP server) Application icon is improved to reflect the correct meaning Bugs Solved

At the time of activation, it was not possible to copy and paste the license number in the Activation dialog Systray popup takes focus Improper Certificates management issues are solved It was not possible to take backup of VPN Configuration at the time of software upgrade Erratic GUI crashes due to token manipulation Activation code was not saved after quitting from the Activation process after upgrade Miscellaneous registry key and values fixes

Release 4.10 build 014 Bug fixes since release 4.10.013 Bugs Solved

Error in OEM names

Release 4.10 build 013 Features, enhancements and bug fixes since release 4.10.011 Features

Activate VPN Client in User mode

03-01-2015 12:26

Cyberoam Docs

52 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Enhancements

Update the default display time of X-Auth login/password window Bugs Solved

IKE credential disclosure vulnerability solved Drivers crashes when X-Auth windows are not completed Drivers crash. The exact configuration parameter that triggers this situation is not known.

Release 4.10 build 011 Bug fixes since release 4.10.010 Bugs Solved

Drivers crash. The exact configuration parameter that triggers this situation is not known. Setup custom settings are correctly managed now.

1.7.1.6. V 4.20 build 009

Introduction This document contains the release notes for Cyberoam IPSec VPN Client version 4.20 build 009. Document includes all the features, improvement, and bug fixes since release 10.010 Download Client

www.cyberoam.com/downloads/vpnclient/CyberoamVPNClient_Setup.exe Operating Systems supported

Win 2000, Win XP, Win Server 2003, Win Vista

Release 4.20 build 009 Features, enhancements and bug fixes since release 4.20.006 Features

IPV4 Subnet management with Config Mode Enhancements

03-01-2015 12:26

Cyberoam Docs

53 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Reduce Activation Error 50 frequency Bugs Solved

Improper management of Non-latin character paths Redudant Gateway switchover time. Now switch over will be immediate Removed dependency of booting twice after installation Ike crash when debug is on Compatibility problems with Windows server 2003 Error of the number of rest days in the Evaluation window in Chinese version

Release 4.20 build 006 Features and bug fixes since release 4.20.005 Features

New Console button and GUI menu for restarting IKE service Bugs Solved

Release number correctly managed during the activation process Customized bitmaps correctly resized depending on the localization Correct management of the "open/close tunnel" button on reset IKE

Release 4.20 build 005 Bug fixes since release 4.20.004 Bugs Solved

Update check not working

Release 4.20 build 004 Bug fixes since release 4.20.003 Bugs Solved

Replace Serbian with Serbian Latin Certificates management on Chinese localization

Release 4.20 build 003 Bug fixes since release 4.20.002

03-01-2015 12:26

Cyberoam Docs

54 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Bugs Solved

Phase 2 'open/close tunnel' button not working properly Improper management of ANSI/UNICODE characters

Release 4.20 build 002 Bug fixes since release 4.20.001 Bugs Solved

Setup version problems solved If activation process results in "Unspecified error", activation window goes blank Improper management of Vista drivers

Release 4.20 build 001 Features, enhancements and bug fixes since release 4.19.003 Features

Automatic Activation reset on upgrade or software un-installation Configuration of X-Auth popup appearance time enabled in VPN Configuration file. Default time changedto 60 sec. Full Unicode software enables Chinese (simplified Chinese) and Japanese localization Support to additional 9 languages. TheGreenBow IPSec VPN Client is now available in 16 languages. New localizations for TheGreenBow IPSec VPN Client include: English, French, Portuguese, Spanish, Italian, Dutch, German, Polish, Slovenian, Serbian, Greek, Turkish, Russian, Chinese (simplified), Japanese and Finnish Automatic creation of the appropriate rules in the Vista Firewall for enabling IPSec VPN tunnels Ability to access a remote LAN from a local network with same IP address schema Specify preferred Installation language through a setup command line Enhancements

Use of standard PFS / Diffie-Hellman terminology New installation software. This new software installation enables Unicode installation, and improves the upgrade process with only one reboot. Setup is easier with no more setup summary dialog. It also allows to reduce software setup size by half. IKE credential disclosure vulnerability fixed Improvisations in Spanish localization VPN Configurations are signed to maintain content integrity. Integrity check added during VPN Configuration import and export process. Required support page will be opened automatically on some activation errors Switch process between connection panel and configuration panel is made easy Better management of DNS/WINS server address when static (not assigned by DHCP server) Application icon is improved to reflect the correct meaning Bugs Solved

03-01-2015 12:26

Cyberoam Docs

55 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

At the time of activation, it was not possible to copy and paste the license number in the Activation dialog Systray popup takes focus Improper Certificates management issues are solved It was not possible to take backup of VPN Configuration at the time of software upgrade Erratic GUI crashes due to token manipulation Activation code was not saved after quitting from the Activation process after upgrade Miscellaneous registry key and values fixes

Release 4.10 build 014 Bug fixes since release 4.10.013 Bugs Solved

Error in OEM names

Release 4.10 build 013 Features, enhancements and bug fixes since release 4.10.011 Features

Activate VPN Client in User mode Enhancements

Update the default display time of X-Auth login/password window Bugs Solved

IKE credential disclosure vulnerability solved Drivers crashes when X-Auth windows are not completed Drivers crash. The exact configuration parameter that triggers this situation is not known.

Release 4.10 build 011 Bug fixes since release 4.10.010 Bugs Solved

Drivers crash. The exact configuration parameter that triggers this situation is not known. Setup custom settings are correctly managed now.

1.7.2. Guides

03-01-2015 12:26

Cyberoam Docs

56 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

1.7.2.1. V 4.10 build 003 1.7.2.2. V 3.12. build 002 1.7.3. Archives 1.7.3.1. Release Notes 1.7.3.1.1. V 4.10 build 010 Download Client www.cyberoam.com/downloads/vpnclient/CyberoamVPNClient_Setup.exe Operating Systems supported Win 2000, Win XP,Win Server 2003, Win Vista Introduction This document contains the release notes for Cyberoam IPSec VPN Client version 4.10 build 010. Document includes all the features, improvement, and bug fixes since release 3.12

Release 4.10 build 010 Bug fixes since release 4.10.009 Bugs Solved Drivers crash under certain circumstances At the time of establishing tunnel, silent activation is launched unexpectedly

Release 4.10 build 009 Features, enhancements and bug fixes since release 4.10.008 Features Path MTU discovery is supported to negotiate MTU size with the Network. This will optimize traffic. Compatible with Aladdin eToken: JC1.0b, M4.20, M4.20b, T1 16k, T1 32k for token based authentication Enhancements

03-01-2015 12:26

Cyberoam Docs

57 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

White Spaces enclosed in double-quotes can be included in the path configured in Phase 2 “Scripts” window. Bugs Solved Import VPN Connection always imported “Block non ciphered connection IKE module crash (Vista only) Manual activation failed depending on the user rights (Vista only) Tunnels with Certificate did not open under certain circumstances (Vista only)

Release 4.10 build 008 Bug fixes since release 4.10.007 Bugs solved VPN GUI crashes upon activation of a temporary License number.

Release 4.10 build 007 Features, enhancements and bug fixes since release 4.10.006 Features Support of RFC 3947 (NAT-T) Enhancements New driver release to improve stability (Vista only) Better handling of access rights resulting in a quicker start of the IPSec VPN Client Bugs Solved Configuration is correctly imported from wizard (Vista only).

Release 4.10 build 006 Features and enhancements since release 4.10.004 Features

03-01-2015 12:26

Cyberoam Docs

58 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Setup extraction with “/extract:[Vista|XP]” command line parameter. This is specifically required for silent installation. Enhancements Command line parameters not working in some circumstances (Vista only)

Release 4.10 build 004 Bug fixes since release 4.10.003 Bug Solved Missing registry Key ObjectName under Windows 2000 IPSec VPN Client not started under Windows 2000 TgbIke Starter service description added for Windows Service Manager

Release 4.10 build 003 Bug fixes since release 4.10.001 Bugs Solved The VPN Configuration is correctly kept during an upgrade (Vista only) The command line option of the software are correctly managed (Vista only) Import and export functions open a correct User Folder rather than a "system" folder (Vista only)

Release 4.10 build 001 Feature, enhancement, and bug fixes since release 4.04.011 Features Cyberoam IPSec VPN Client 4.1 is Vista compatible (32 bits only) A new systray popup window appears when a tunnel is opening or closing. This systray popup window shows the tunnel opening progress, and the warnings on tunnel opening errors A whole VPN Configuration can be added to the current VPN Configuration, via either a drag & drop operation, or the Import File menu within the Configuration Panel A tunnel can be opened and closed through new command lines (option "/open", "/close") A VPN Configuration can be added to the current VPN Configuration through a new command line (option "/add"). In the contextual menu associated with the "Configuration" item of the VPN tree, a menu enables to clear the VPN Configuration Tunnels can be imported and exported separately. This feature enables to configure several tunnels (Phase1/Phase2) in a single VPN Configuration, then to export (and deploy) each tunnel

03-01-2015 12:26

Cyberoam Docs

59 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

separately to the relevant user or user group. More USB Tokens and Smartcards are supported: Aladdin eToken PRO, Safenet iKey1000, ActivCard, etc... Optional management of ASN1 teletext description of the Certificates subjects The Phase 2 tree icon shows whether the tunnel will open on traffic detection or not. Standard Vista User (non powered) can use Cyberoam IPSec Client. Enhancement The Hotkeys are modified in Ctrl+Enter (switch back and forth between the Configuration Panel and the Connection Panel), Ctrl+S (Save and Apply) and Ctrl+D (Open the Console Window) The VPN Console is simplified with a unique log level to make easier VPN connection error debugging Script commands on opening/closing tunnels now accept parameters Automatically disable Microsoft “IKE and AuthIP IPSec Keying Modules” service Redundant Gateway assumes infinite switch between gateway and redundant gateway Bugs Solved The license number remains during a software upgrade DNS and WINS server addresses are restored on hibernate The log files use a system hour and date for time stamping IKE "floating point" crashes due to log dump are fixed Crashes on Xauth popup are fixed BSOD with Intel Wireless 3945 chipsets are fixed BSOD with Realtek 8139 chipsets fixed Document Version – 1.0-02/03/2008

1.7.3.1.2. V 4.10 build 007 Operating Systems supported

Win 2000, Win XP,Win Server 2003, Win Vista Introduction

This document contains the release notes for Cyberoam IPSec VPN Client version 4.10 build 007. Document includes all the features, improvement, and bug fixes since release 3.12

Release 4.10 build 007 Features, enhancements and bug fixes since release 4.10.006 Features

·

Support of RFC 3947 (NAT-T)

03-01-2015 12:26

Cyberoam Docs

60 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Enhancements

·

New driver release to improve stability (Vista only)

·

Better handling of access rights resulting in a quicker start of the IPSec VPN Client

Bugs Solved

·

Configuration is correctly imported from wizard (Vista only).

Release 4.10 build 006 Features and enhancements since release 4.10.004

Features

·

Setup extraction with “/extract:[Vista|XP]” command line parameter. This is specifically required for silent installation.

Enhancements

·

Command line parameters not working in some circumstances (Vista only)

Release 4.10 build 004 Bug fixes since release 4.10.003

Bug Solved

·

Missing registry Key ObjectName under Windows 2000

·

IPSec VPN Client not started under Windows 2000

·

TgbIke Starter service description added for Windows Service Manager

Release 4.10 build 003

03-01-2015 12:26

Cyberoam Docs

61 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Bug fixes since release 4.10.001 Bugs Solved

·

The VPN Configuration is correctly kept during an upgrade (Vista only)

·

The command line option of the software are correctly managed (Vista only)

·

Import and export functions open a correct User Folder rather than a "system" folder (Vista only)

Release 4.10 build 001 Feature, enhancement, and bug fixes since release 4.04.011 Features

·

Cyberoam IPSec VPN Client 4.1 is Vista compatible (32 bits only)

·

A new systray popup window appears when a tunnel is opening or closing. This systray popup

·

window shows the tunnel opening progress, and the warnings on tunnel opening errors

·

A whole VPN Configuration can be added to the current VPN Configuration, via either a drag & drop operation, or the Import File menu within the Configuration Panel

·

A tunnel can be opened and closed through new command lines (option "/open", "/close")

·

A VPN Configuration can be added to the current VPN Configuration through a new command line (option "/add").

·

In the contextual menu associated with the "Configuration" item of the VPN tree, a menu enables to clear the VPN Configuration

Tunnels can be imported and exported separately. This feature enables to configure several tunnels (Phase1/Phase2) in a single VPN Configuration, then to export (and deploy) each tunnel separately to the relevant user or user group. · More USB Tokens and Smartcards are supported: Aladdin eToken PRO, Safenet iKey1000, ActivCard, etc... ·

·

Optional management of ASN1 teletext description of the Certificates subjects

·

The Phase 2 tree icon shows whether the tunnel will open on traffic detection or not.

·

Standard Vista User (non powered) can use Cyberoam IPSec Client.

Enhancement

·

The Hotkeys are modified in Ctrl+Enter (switch back and forth between the Configuration Panel and the Connection Panel), Ctrl+S (Save and Apply) and Ctrl+D (Open the Console Window)

·

The VPN Console is simplified with a unique log level to make easier VPN connection error debugging

·

Script commands on opening/closing tunnels now accept parameters

·

Automatically disable Microsoft “IKE and AuthIP IPSec Keying Modules” service

·

Redundant Gateway assumes infinite switch between gateway and redundant gateway

03-01-2015 12:26

Cyberoam Docs

62 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Bugs Solved

·

The license number remains during a software upgrade

·

DNS and WINS server addresses are restored on hibernate

·

The log files use a system hour and date for time stamping

·

IKE "floating point" crashes due to log dump are fixed

·

Crashes on Xauth popup are fixed

·

BSOD with Intel Wireless 3945 chipsets are fixed

·

BSOD with Realtek 8139 chipsets fixed

Release 4.04 build 011 Bug fixes since release 4.04.010 Bugs Solved

·

No crash on X-Auth Popup

Release 4.04 build 010 Bug fixes since release 4.04.009 Bugs Solved

·

During an upgrade, the product version is correctly managed and the VPN Configuration is automatically backuped

Release 4.04 build 009 Enhancement and bug fixes since release 4.04.005 Enhancement

·

Generic SmartCard support Improvment

·

SmartCard ActivCard now supported

03-01-2015 12:26

Cyberoam Docs

63 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Bugs Solved

·

SmartCard iKey 1000 correctly managed

Release 4.04 build 005 Enhancement and bug fixes since release 4.04.002 Enhancement

·

The hotkeys used by the software are more compliant with the Windows standards: 'Ctrl+S' for save, 'Ctrl+Enter' for toggling between the Configuration Panel and the Connection Panel, and 'Ctrl+D' for the console

Bugs Solved

·

The system time is used for log files

Release 4.04 build 002 Enhancement since release 4.03.101 Enhancement

·

iToken Pro smartcard supported

·

iKey 1000 smartcard supported

Release 4.03 build 101 Feature, enhancement, and bug fixes since release 4.03.100 Feature

·

Parameters are allowed in the scripts run when tunnel opens or closes

03-01-2015 12:26

Cyberoam Docs

64 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Enhancement

·

The hotkeys used by the software are more compliant with the Windows standards: 'Ctrl+S' for save, 'Ctrl+Enter' for toggling between the Configuration Panel and the Connection Panel, and 'Ctrl+D' for the console

Bugs Solved

·

The DNS/WINS addresses are restored on hibernate

·

The License number is correctly backuped and restored during an upgrade

Release 4.03 build 100 Feature and Enhancement since release 4.01.000 Feature

·

Gemplus smartcard support available

·

ASN 1 Certificate description

Enhancement

·

The concept of Active/Inactive Phase (which is the same as 'automatically open a tunnel on trafic detection') is shown in the GUI by a new Phase2 icon rather by the old Phase1 'checked' icon

·

ConfigMode traces improvement

Release 4.02 build 001 Feature and Bug fixes since release 4.01.000 Feature

·

Scripts can be run when a tunnel just opened, before it is closed and after it is closed

Bug fixes

·

No IKE crash due to change of IP address

03-01-2015 12:26

Cyberoam Docs

65 of 78

·

http://docs.cyberoam.com/print.asp?id=221&SID=

The License number is correctly backuped and restored during an upgrade

Release 4.01 build 000 Enhancement since release 4.00.007 Enhancement

·

Fragmented IP packets management

Release 4.00 build 007 Enhancement and bug fixes since release 4.00.006 Enhancement

·

Standard portuguese finalized

Bug fixes

·

GUI crashed in some circumstances when closing tunnel

Release 4.00 build 006 Features, enhancement, and bug fixes since release 3.12 Features

·

A new Connection Panel makes the GUI even easier for users. Switches between the Configuration Panel and the Connection Panel is easy as the shortcut key "Ctrl+P", but can be easily restricted by IT managers (the users are only allowed to use the Connection Panel, in order to avoid misusing of the software). The Connection Panel shows in real-time a tunnel while it opens. It even identifies the IKE/IPSec steps with a "fragmented" progress bar. Most of all, the Connection Panel implements a popup help for troubles, which dramatically improves the accuracy of diagnostic

·

A tunnel can be opened via a double-click on a VPN configuration (e.g. shortcut icon on the desktop)

·

VPN configuration file drag and drop onto the Configuration Panel or Connection Panel automatically imports the configuration and enables it

·

Scripts or applications can be configured before and after opening or closing a tunnel.

·

The Configuration Panel may be protected with password, to avoid misuse of VPN configuration by end-users

03-01-2015 12:26

Cyberoam Docs

66 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

·

IT Managers can pre-configure the access control to the Configuration Panel via a new set of Setup Options

·

Shortcut keys to access main features (Save&Apply, Console, toggle Configuration/Connection Panel)

·

Certificates can be imported from several media: USB Stick, SmartCards, Tokens

·

Import of PKCS#12 Certificates from Configuration Panel. This feature obsoletes the use of the conversion tool from PKCS#12 to PEM format

·

The 'Import Certificates...' window now displays the subjects of the imported Certificates, even if they are on a Token (e.g. Smart Card)

·

Certificate subject is automatically selected for 'Local ID' in Phase 1

·

Support of Aladdin tokens i.e. new ATR supported

·

The Hybrid-Mode is fully supported (RFC: draft-ietf-ipsec-isakmp-hybrid-auth-05.txt)

·

The Config-Mode is fully supported

Enhancement

·

Better usability in the 'Import certificates...' window

·

Messages are displayed in default language i.e. English, if not available in the language dll, this is especially useful for local version

·

Better management of the Console Window, for background/foreground display

·

More Kaspersky product release supported

Bug fixes

·

Correct custom bitmap loaded on light user Interface

·

Retrieving configuration when updating to Custom client version

·

Compatibility of X-Auth parameters with old IPSec VPN Client software release

·

DNS IP server not always removed when closing a tunnel

·

In some conditions, when Phase 2 fails, IKE service crash

·

No answer to an IKE CERT_REQ message in Aggressive and Main modes

·

Management of DPD (retries and crash in some conditions)

·

Improvement of the certificate management during the IKE Service Initialization phase

·

GUI memory leak

·

Crash due to ActiveSync

Document Version – 1.0-23/11/2007

1.7.3.1.3. V 4.10 build 003 Operating Systems supported

03-01-2015 12:26

Cyberoam Docs

67 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Win 2000, Win XP,Win Server 2003, Win Vista Introduction

This document contains the release notes for Cyberoam IPSec VPN Client version 4.10 build 003. Document includes all the features, improvement, and bug fixes since release 3.12

Release 4.10 build 003 Bug fixes since release 4.10.001 Bugs Solved

·

The VPN Configuration is correctly kept during an upgrade (Vista only)

·

The command line option of the software are correctly managed (Vista only)

·

Import and export functions open a correct User Folder rather than a "system" folder (Vista only)

Release 4.10 build 001 Feature, enhancement, and bug fixes since release 4.04.011 Features

·

Cyberoam IPSec VPN Client 4.1 is Vista compatible (32 bits only)

·

A new systray popup window appears when a tunnel is opening or closing. This systray popup

·

window shows the tunnel opening progress, and the warnings on tunnel opening errors

·

A whole VPN Configuration can be added to the current VPN Configuration, via either a drag & drop operation, or the Import File menu within the Configuration Panel

·

A tunnel can be opened and closed through new command lines (option "/open", "/close")

·

A VPN Configuration can be added to the current VPN Configuration through a new command line (option "/add").

·

In the contextual menu associated with the "Configuration" item of the VPN tree, a menu enables to clear the VPN Configuration

·

Tunnels can be imported and exported separately. This feature enables to configure several tunnels (Phase1/Phase2) in a single VPN Configuration, then to export (and deploy) each tunnel separately to the relevant user or user group.

·

More USB Tokens and Smartcards are supported: Aladdin eToken PRO, Safenet iKey1000, ActivCard, etc...

·

Optional management of ASN1 teletext description of the Certificates subjects

·

The Phase 2 tree icon shows whether the tunnel will open on traffic detection or not.

·

Standard Vista User (non powered) can use Cyberoam IPSec Client.

03-01-2015 12:26

Cyberoam Docs

68 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Enhancement

·

The Hotkeys are modified in Ctrl+Enter (switch back and forth between the Configuration Panel and the Connection Panel), Ctrl+S (Save and Apply) and Ctrl+D (Open the Console Window)

·

The VPN Console is simplified with a unique log level to make easier VPN connection error debugging

·

Script commands on opening/closing tunnels now accept parameters

·

Automatically disable Microsoft “IKE and AuthIP IPSec Keying Modules” service

·

Redundant Gateway assumes infinite switch between gateway and redundant gateway

Bugs Solved

·

The license number remains during a software upgrade

·

DNS and WINS server addresses are restored on hibernate

·

The log files use a system hour and date for time stamping

·

IKE "floating point" crashes due to log dump are fixed

·

Crashes on Xauth popup are fixed

·

BSOD with Intel Wireless 3945 chipsets are fixed

·

BSOD with Realtek 8139 chipsets fixed

Release 4.04 build 011 Bug fixes since release 4.04.010 Bugs Solved

·

No crash on X-Auth Popup

Release 4.04 build 010 Bug fixes since release 4.04.009 Bugs Solved

·

During an upgrade, the product version is correctly managed and the VPN Configuration is automatically backuped

03-01-2015 12:26

Cyberoam Docs

69 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Release 4.04 build 009 Enhancement and bug fixes since release 4.04.005 Enhancement

·

Generic SmartCard support Improvment

·

SmartCard ActivCard now supported

Bugs Solved

·

SmartCard iKey 1000 correctly managed

Release 4.04 build 005 Enhancement and bug fixes since release 4.04.002 Enhancement

·

The hotkeys used by the software are more compliant with the Windows standards: 'Ctrl+S' for save, 'Ctrl+Enter' for toggling between the Configuration Panel and the Connection Panel, and 'Ctrl+D' for the console

Bugs Solved

·

The system time is used for log files

Release 4.04 build 002 Enhancement since release 4.03.101 Enhancement

·

iToken Pro smartcard supported

·

iKey 1000 smartcard supported

03-01-2015 12:26

Cyberoam Docs

70 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Release 4.03 build 101 Feature, enhancement, and bug fixes since release 4.03.100 Feature

·

Parameters are allowed in the scripts run when tunnel opens or closes

Enhancement

·

The hotkeys used by the software are more compliant with the Windows standards: 'Ctrl+S' for save, 'Ctrl+Enter' for toggling between the Configuration Panel and the Connection Panel, and 'Ctrl+D' for the console

Bugs Solved

·

The DNS/WINS addresses are restored on hibernate

·

The License number is correctly backuped and restored during an upgrade

Release 4.03 build 100 Feature and Enhancement since release 4.01.000 Feature

·

Gemplus smartcard support available

·

ASN 1 Certificate description

Enhancement

·

The concept of Active/Inactive Phase (which is the same as 'automatically open a tunnel on trafic detection') is shown in the GUI by a new Phase2 icon rather by the old Phase1 'checked' icon

·

ConfigMode traces improvement

Release 4.02 build 001 Feature and Bug fixes since release 4.01.000

03-01-2015 12:26

Cyberoam Docs

71 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Feature

·

Scripts can be run when a tunnel just opened, before it is closed and after it is closed

Bug fixes

·

No IKE crash due to change of IP address

·

The License number is correctly backuped and restored during an upgrade

Release 4.01 build 000 Enhancement since release 4.00.007 Enhancement

·

Fragmented IP packets management

Release 4.00 build 007 Enhancement and bug fixes since release 4.00.006 Enhancement

·

Standard portuguese finalized

Bug fixes

·

GUI crashed in some circumstances when closing tunnel

Release 4.00 build 006 Features, enhancement, and bug fixes since release 3.12 Features

03-01-2015 12:26

Cyberoam Docs

72 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

·

A new Connection Panel makes the GUI even easier for users. Switches between the Configuration Panel and the Connection Panel is easy as the shortcut key "Ctrl+P", but can be easily restricted by IT managers (the users are only allowed to use the Connection Panel, in order to avoid misusing of the software). The Connection Panel shows in real-time a tunnel while it opens. It even identifies the IKE/IPSec steps with a "fragmented" progress bar. Most of all, the Connection Panel implements a popup help for troubles, which dramatically improves the accuracy of diagnostic

·

A tunnel can be opened via a double-click on a VPN configuration (e.g. shortcut icon on the desktop)

·

VPN configuration file drag and drop onto the Configuration Panel or Connection Panel automatically imports the configuration and enables it

·

Scripts or applications can be configured before and after opening or closing a tunnel.

·

The Configuration Panel may be protected with password, to avoid misuse of VPN configuration by end-users

·

IT Managers can pre-configure the access control to the Configuration Panel via a new set of Setup Options

·

Shortcut keys to access main features (Save&Apply, Console, toggle Configuration/Connection Panel)

·

Certificates can be imported from several media: USB Stick, SmartCards, Tokens

·

Import of PKCS#12 Certificates from Configuration Panel. This feature obsoletes the use of the conversion tool from PKCS#12 to PEM format

·

The 'Import Certificates...' window now displays the subjects of the imported Certificates, even if they are on a Token (e.g. Smart Card)

·

Certificate subject is automatically selected for 'Local ID' in Phase 1

·

Support of Aladdin tokens i.e. new ATR supported

·

The Hybrid-Mode is fully supported (RFC: draft-ietf-ipsec-isakmp-hybrid-auth-05.txt)

·

The Config-Mode is fully supported

Enhancement

·

Better usability in the 'Import certificates...' window

·

Messages are displayed in default language i.e. English, if not available in the language dll, this is especially useful for local version

·

Better management of the Console Window, for background/foreground display

·

More Kaspersky product release supported

Bug fixes

·

Correct custom bitmap loaded on light user Interface

·

Retrieving configuration when updating to Custom client version

·

Compatibility of X-Auth parameters with old IPSec VPN Client software release

·

DNS IP server not always removed when closing a tunnel

·

In some conditions, when Phase 2 fails, IKE service crash

·

No answer to an IKE CERT_REQ message in Aggressive and Main modes

·

Management of DPD (retries and crash in some conditions)

·

Improvement of the certificate management during the IKE Service Initialization phase

03-01-2015 12:26

Cyberoam Docs

73 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

·

GUI memory leak

·

Crash due to ActiveSync

Document Version – 1.0-11/10/2007

1.7.3.1.4. V 3.12 build 002 Product Release Information

Product: Cyberoam IPSec VPN Client Release Number: 3.12 build 002 Customer Support: For more information or support, please visit our www.cyberoam.com or email at [email protected]

Important note

Re-activation of Client is required after upgrading

New Feature · VPN Configuration is saved and restored after an upgrade

Enhancement · Login and password of the X-Auth popup are now validated · To allow managing VPN Client through a Remote Desktop(RDP) connection, the communication mode between IKE and the GUI is enhanced · Management of the timers is enhanced to avoid IKE crashes

Bug fixes · Kaspersky Anti-Virus was not compatible with VPN Client · IKE crashes on time-out · Configuration Wizard not displayed after an upgrade · For configuring X-Auth, it was required to enable "Automatically open VPN tunnel on traffic detection" in Phase 2 · The /Importonce, /export or /exportonce command line options did not start the IKE. · Incorrect Certificates imported from a ".tgb" VPN configuration file

03-01-2015 12:26

Cyberoam Docs

74 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Document version-1.0-312002/12/102006

1.8. SSL VPN Client 1.8.1. Release Notes 1.8.1.1. V 1.3.0.5, V 1.3.0.9

Release Dates Version 1.3.0.5 – 26 May, 2014 Version 1.3.0.9 – 25 June, 2014

Release Information Installation / Upgrade procedure Version 1.3.0.5 Cyberoam has released an SSL VPN Client Version 1.3.0.5 for Windows 8 OS, which is compatible with previous Windows operating systems as well. Click here to download the client. Please note that this client is available for download from Cyberoam website only. For installation and configuration instructions, refer to the Installation and Configuration Guide for the client. Click here to download the guide. Cyberoam SSL VPN Client also works when the “Run in Compatibility Mode” option is enabled on the following operating systems:

Operating System Windows 8 (32 bit) Windows 8.1 (64 bit) Windows Server 2012 Standard Edition

Compatibility Mode Windows XP SP3, Windows 7 Windows XP SP3, Windows 7 Windows XP SP3, Windows 7

Version 1.3.0.9 SSL VPN Client Version 1.3.0.9 is compatible with all Windows operating systems Administrative permission is required for installation 1. Download SSL VPN Client installer Version 1.3.0.9 from: http://www.cyberoam.com/cyberoamclients.html. 2. Double-click the downloaded SSL VPN installer and follow the on-screen steps. For detailed installation and configuration instructions, refer to the Installation and Configuration Guide.

03-01-2015 12:26

Cyberoam Docs

75 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Revision History

Sr. No.

1

Old Revision Number

New Revision Number

1.0 - 26/05/2014

1.1 - 25/06/2014

Reference Section

-

Revision Details

Enhancement for Version 1.3.0.9 added

Introduction This document contains the release notes for Cyberoam SSL VPN Client Version 1.3.0.5 and Version 1.3.0.9. The following sections describe the release in detail.

Enhancements 1. Increased character limit for Username and Password From this version, Cyberoam SSL VPN Client supports up to Fifty (50) characters for the “Username” and “Password” fields. To use password as an effective authentication mechanism, it is necessary that username and password are strong enough to reduce the risk of a security breach. With the increased character limit, an Administrator can enforce a greater username and password length making it difficult for an attacker to guess the login credentials.

1.8.1.2. V 1.0

Release Dates Version 1.0.1 – 2nd October, 2009 Version 1.0.0 – 30th April, 2009

03-01-2015 12:26

Cyberoam Docs

76 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

Release Information Release type: GA Cyberoam Compatible versions: V 1.0 build 1 – Cyberoam Version 9.6.0 build 60 onwards V 1.1 build 0 – Cyberoam Version 9.6.0 build 16 and build 34 Upgrade Information Upgrade type: Manual upgrade Installation/Upgrade procedure(V 1.0 build 1 onwards) 1. 2. 3.

Uninstall the existing SSL VPN Client, if installed. Access SSL VPN User Portal – Browse to https://<WAN IP address of Cyberoam:port> Click “Download Bundled SSL VPN Client” to download and install the client. Refer to SSL VPN Client Installation Guide V 1.0.1 for details.

Installation procedure(V 1.0 build 0) 1. 2. 3. 4. 5. 6.

Access SSL VPN User Portal – Browse to https://<WAN IP address of Cyberoam:port> Click “Download SSL VPN Client” to download the client. Run SSL VPN Client Installer and install the client. Click “Download SSL VPN Client Configuration” to download the client configuration. For more details on installation, refer to SSL VPN Client Installation Guide V 1.0.0 For more details on configuration, refer to SSL VPN Client Administration Guide V 1.0.0

Compatible Operating Systems Microsoft Microsoft Microsoft Microsoft

Windows 2000 Professional Windows XP including SP2 and SP3 (both 32-bit and 64-bit) Windows Server 2008 including SP2 (both 32-bit and 64-bit ) Windows Vista including SP1 and SP2 (both 32-bit and 64-bit)

Introduction The Cyberoam VPN feature is extended to include SSL VPN functionality within Cyberoam to provide secure access for the remote users. SSL VPN delivers a set of features and benefits that makes it easier to use and also control the access to the Corporate network from anywhere, anytime. Cyberoam SSL VPN is completely location independent as it supports road warrior tunneling and it also offers granular access policies for better security. Refer to Cyberoam Release Notes v 9.6 for more details. SSL VPN client is used for establishing remote connections in full access mode. A remote user having an internet connection can download and install SSL VPN Client. Once the client is installed, an

03-01-2015 12:26

Cyberoam Docs

77 of 78

http://docs.cyberoam.com/print.asp?id=221&SID=

encrypted tunnel can be established for secure access to Corporate network on providing user credentials. This document contains the release notes for Cyberoam SSL VPN Client version 1.0 build 1. Document includes all the features and enhancements from the release 1.0 build 0 to 1.0 build 1.

Features and Enhancements Build 1 1.

Bundled Client Installer Installation process has been optimized as a single step process. It is not required to import the configuration separately, as it is now a part of the installation itself. This makes installation and re-installation of SSL VPN client easier. The Client Configuration download feature is available separately but Configuration can be downloaded and imported only when the server settings are changed. In this situation, the whole bundled installer may not be downloaded. The installer is available as Bundled SSL VPN Client from SSL VPN End User Portal under “Full Access mode”.

2.

HTTP/SOCKS Proxy support for Clients SSL VPN Client has added support of HTTP or SOCKS proxy for those remote users who are not able to access the Internet directly. The users can configure HTTP or SOCKS proxy server to access the network behind the Cyberoam. Proxy can be configured from the SSL VPN Client’s Proxy Settings menu. By default, proxy is not enabled but one can use proxy configured in the Browser – Internet Explorer or can configure manually.

3.

User based Certificate Support for Authentication The current feature of authenticating all the users through single System wide certificate is extended one step further to provide an option of authenticating through individual user certificates. These certificates not only provide granular control in Certificate management but also create a user identity which can be used beyond SSL VPN implementation. This feature can be configured by the administrator from Web Admin Console of Cyberoam appliance.

Build 0 1.

Tunnel Establishment over TCP/UDP protocol SSL VPN tunnel can be established over TCP or UDP protocol as per the SSL VPN Global Settings page in Cyberoam. Better performance can be achieved by establishing tunnel over UDP protocol while better security can be achieved over TCP protocol.

2.

Certificate based Authentication SSL VPN client provides authentication based on SSL Client Certificates. The selected certificate is bundled with client installer and downloaded when the client is installed. This is a common certificate for authentication to all the SSL VPN users. The unique combination of Username/Password and certificates is used for authentication. Existing certificates can be selected and new certificates can be generated by the administrator from Web Admin Console of Cyberoam appliance.

03-01-2015 12:26

Cyberoam Docs

78 of 78

3.

http://docs.cyberoam.com/print.asp?id=221&SID=

Support to Import Configuration SSL VPN Client provides the feature to import the bundled client configuration. It is necessary to import the configuration to establish a SSL VPN connection. The configuration also includes SSL Client Certificate that ensures secure access. SSL VPN Client configuration can be downloaded from the SSL VPN End User Portal under “Full Access mode” and imported from the SSL VPN Client’s Import Configuration menu.

1.8.2. Guides 1.8.2.1. V 1.3.0.9 1.8.2.2. V 1.3.0.5 1.8.2.3. V 1.0.1 1.8.2.3.1. Cyberoam Version X 1.8.2.3.2. Cyberoam V 9.x 1.8.2.4. V 1.0.0

03-01-2015 12:26

Sponsor Documents


Recommended

No recommend documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close