Version: 10.6.1 MR -1 Date: 27 June 2014 Release Notes 10.x/10.6... · 2014-07-02 · XenServer uses the Xen hypervisor to virtualize each server on which it is installed, enabling

Release Dates

Version 10.6.1 MR–1 – 27 June, 2014

Release Information

Release Type: Maintenance Release

Applicable to CyberoamOS Version

V 10.01.0XXX or 10.01.X Build XXX All the versions

V 10.02.0 Build XXX 047, 174, 176, 192, 206, 224, 227, 409, 473

V 10.04.X Build XXX

0 Build 214, 0 Build 304, 0 Build 311, 0 Build 338, 0 Build 433

1 Build 451

2 Build 527

3 Build 543

4 Build 028

5 Build 007

6 Build 032

V 10.5.3 Common Criteria Certificate (EAL4+) Compliant

V 10.6.X

0 Beta-1

0 Beta-2

0 Beta-3

1 RC-1, 1 RC-3, 1 RC-4, 1 GA

Upgrade procedure

To upgrade the existing Cyberoam Appliance follow the procedure below:

Logon to https://customer.cyberoam.com

Click “Upgrade” link under Upgrade URL.

Choose option “Select for Version 10.00.0xxx to current GA Version 10.00.0xxx Firmware”.

For Cyberoam versions prior to 10.01.0472 For Cyberoam version 10.01.0472 or higher

Upgrade Cyberoam to 10.01.0472 selecting option “Below 10.01.0472” and follow on-

screen instruction. By doing this, the customer will not be able to roll back.

Upgrade Cyberoam to the latest version by selecting option “10.01.0472 or higher” and follow on-screen instruction.

Compatibility Annotations

This version of CyberoamOS is Appliance Model-specific. Hence, firmware of one model will not be applicable on another model and upgrade will not be successful. You will receive an error if you try to upgrade Appliance model CR50iNG-XP with firmware for model CR100iNG-XP.

This release is compatible with all Cyberoam Virtual Appliances.

This Cyberoam version is compatible with the Cyberoam Central Console (CCC) version 02.02.1185 and above. Please check http://docs.cyberoam.com for availability of latest CCC firmware to deal with compatibility issues.

Version: 10.6.1 MR -1

Date: 27 June 2014 Release Notes

https://customer.cyberoam.com/

http://docs.cyberoam.com/default.asp?id=174&Lang=1&SID=

Release Notes: CyberoamOS Version 10.6.1 MR-1

Document Version – 1.01-02/07/2014 2

Revision History

Sr. No.

Old Revision Number

New Revision Number

Reference Section Revision Details

1 1.00-

27/06/2014 1.01-

02/07/2014 Enhancements XenServer Support



Contents

Release Information .................................................................................................. 1

Introduction ............................................................................................................... 4

Enhancements ........................................................................................................... 4

1. LAN Bypass Support for Enterprise – level Appliances ................................................................................... 4 2. Enhancing Security of XML-based API Usage ................................................................................................. 4 3. XenServer Support................................................................................................................................................ 4

Bugs Solved .............................................................................................................. 5

1. Anti Virus ................................................................................................................................................................ 5 2. Anti Spam ............................................................................................................................................................... 5 3. Application Filter Policy ........................................................................................................................................ 5 4. Guest User ............................................................................................................................................................. 5 5. CLI ........................................................................................................................................................................... 5 6. CTAS – Cyberoam Transparent Authenticate Suite ........................................................................................ 6 7. Firewall.................................................................................................................................................................... 6 8. GUI .......................................................................................................................................................................... 6 9. High Availability ..................................................................................................................................................... 7 10. Web Filter ............................................................................................................................................................... 7 11. Log Viewer ............................................................................................................................................................. 7 12. Network ................................................................................................................................................................... 7 13. Objects .................................................................................................................................................................... 8 14. Proxy ....................................................................................................................................................................... 8 15. QoS ......................................................................................................................................................................... 9 16. Report ..................................................................................................................................................................... 9 17. Spoof Prevention ................................................................................................................................................. 10 18. SSL VPN .............................................................................................................................................................. 10 19. System .................................................................................................................................................................. 10 20. IPSec VPN ........................................................................................................................................................... 10

General Information ................................................................................................ 11



Introduction

This document contains the release notes for Cyberoam Version 10.6.1 MR-1. The following sections describe the release in detail.

This release comes with a couple of enhancements and a number of bug fixes to improve quality, reliability and performance.

Enhancements

1. LAN Bypass Support for Enterprise – level Appliances

The LAN Bypass feature is now broadened to cover the entire appliance spectrum. From this version the feature support is extended to cover CR1000iNG-XP, CR1500iNG-XP and CR2500iNG-XP Appliances. A 4-port, 1 GbE Copper FleXi Port Module supporting LAN Bypass needs to be plugged in to the Appliance to use this feature. For technical specification, refer to respective XP data sheet on Cyberoam Docs.

For module availability, please contact Cyberoam Support at [email protected].

2. Enhancing Security of XML-based API Usage

The following optimizations have further fortified the API feature:

As third-party Solution Providers like ISPs, System Integrators use CyberoamOS’s XML-based API to integrate/automate Cyberoam User Log on and Log off process, it is necessary that only authorized providers have the privilege to access this feature.

In order to allow only the authorized providers to initiate an API operation, the Administrator can configure IP Address of the authorized providers through which the API operations will be allowed.

Configure the authorized IP Address from System > Administration > API and enable the API Configuration option from the Web Admin Console.

The Administrator can filter Admin Logs based on the API component to view API events.

3. XenServer Support

From this version CyberoamOS supports XenServer.

XenServer is a server virtualization platform that offers bare-metal virtualization performance for virtualized operating systems. XenServer uses the Xen hypervisor to virtualize each server on which it is installed, enabling each to host multiple Virtual Machines simultaneously.

Prior to this firmware, VMware ESX/ESXi, VMware Workstation, VMware Player, Microsoft Hyper-V and KVM platforms were supported.

To reach the install guide, please click here.

http://docs.cyberoam.com/default.asp?id=737&Lang=1&SID=

mailto:[email protected]

http://docs.cyberoam.com/default.asp?id=544



Bugs Solved

1. Anti Virus

Bug ID –17412

Description – Incorrect tool tip message is displayed for “Notify Sender” under “SMTP Scanning Rules” of Anti Virus Email in firmware version 10.6.1.

Bug ID – 3488

Description – When FTP scanning is enabled, MLSD command of FileZilla FTP Client does not work.

2. Anti Spam

Bug ID – 11687

Description – Anti Spam Address Group Configuration cannot be updated, if the imported file contains Email Address/Domain names ending with a string of special characters like comma (,,,,).

Bug ID – 11247

Description – A csv file containing comma separated Email Addresses / Domains can be successfully imported for an Address Group within Anti Spam.

3. Application Filter Policy

Bug ID – 16373

Description – Even when Squirrelmail WebMail Application Category is denied,

website www.mail4india.com was accessible.

4. Guest User

Bug ID – 17146

Description – An Administrative Profile user is unable to view the “Guest Users” tab under Identity and an error message “You do not have privilege to access the page or perform the operation” is displayed even though Read-write permission is assigned to the user.

5. CLI

Bug ID – 17407

Description - Administrator is unable to add Citrix IP Address for Cyberoam Authentication Thin Client (CATC) from Cyberoam CLI console “cyberoam auth thin-client add citrix-ip” command.

http://www.mail4india.com/



Bug ID – 17363

Description - A route configured using the CLI command “set advanced-firewall bypass-stateful-firewall-config” with Source Network and Destination Host cannot be deleted.

Bug ID – 11045

Description – An error message "Authentication Failed" is displayed on Cyberoam CLI Console, if the password includes special character Hash (#).

6. CTAS – Cyberoam Transparent Authenticate Suite

Bug ID – 16273

Description – After upgrading Cyberoam firmware to 10.6.1 RC-1, users cannot be authenticated through CTAS.

7. Firewall

Bug ID – 14760

Description – The values of attributes "Upload Data Transfer" and "Download Data Transfer" displayed in the Data Transfer Report for a Gateway Interface does not match with the values displayed on the Firewall Rule page.

Bug ID – 12148

Description – The public port values do not match with the mapped port values for a Virtual Host configured from Firewall, if the public port exceeds the limit of 60 characters.

8. GUI

Bug ID – 17267

Description – Users imported through csv file cannot be deleted, if their credentials contain spaces.

Bug ID – 16268

Description – "One Time" Schedule remains active on firewall page even though the configured "Days" Schedule period is expired from the Object > Schedule page.

Bug ID – 11185

Description – Any user with one of the available Administrative profiles can access Cyberoam Web Admin Console.



Bug ID – 10997

Description – A User cannot be deleted, if parameter "User Type" is selected as "Administrator" and parameter "Profile" is selected as "Crypto Admin, Security Admin, Audit Admin or HAProfile", while configuring a user from Identity page.

Bug ID – 9928

Description – The scroll bar do not appear when the console is accessed via Web Admin Console.

9. High Availability

Bug ID – 9467

Description – Auxiliary Appliance generates a blank report notification mail for all the events when HA is configured in Active – Passive mode.

10. Web Filter

Bug ID - 17295

Description - A Web Filter Policy configured by the Administrator is not applied if Cyberoam fails to connect to the Web Cloud Signature database.

Bug ID – 8135

Description – A login page is not displayed for "Market Boomer" application when Web Filter policy is applied.

11. Log Viewer

Bug ID – 7671

Description – User password change event does not get logged in log viewer when user modifies his password from 'My Account'.

12. Network

Bug ID - 17205

Description – 3G modem Vodafone is not compatible with Cyberoam Appliance.

Bug ID – 11494

Description – Internet traffic gets dropped, if DHCP leased IP Address of WAN interface and its Gateway IP Address both are in different subnets.



Bug ID – 11336

Description – A key with hexadecimal characters must be provided each time while updating a Wireless LAN Access Point with security mode method selected as WEP-Auto or WEP-Shared or WEP-Open.

Bug ID – 11240

Description – A scan resultant message “Wireless Access Point Scanning failed” is displayed on the Web Admin Console of CR15wiNG, CR25wiNG and CR35wiNG appliances, if “Scan Now” is clicked on Wireless LAN Rogue AP Scan page.

13. Objects

Bug ID - 12644

Description – FQDN service ceases to function on adding more than 1024 FQDN hosts.

14. Proxy

Bug ID – 15361

Description – Cyberoam allows uploading on the Gmail and webmail websites, though “Deny HTTP Upload” Web Filter Policy is configured and HTTPS scanning is applied from Firewall Rule.

Bug ID – 9939

Description – Documents on Google Docs cannot be edited, if HTTP/HTTPS scanning is applied via Firewall Rule.

Bug ID – 9381

Description – A Web Application from website www.amadeusvista.com cannot be accessed when Web Filter Policy is configured as "Allow All".

Bug ID – 8398

Description – Proxy stops functioning, if any custom category contains more than 16,479 URL's.

Bud ID - 7187

Description – The website www.tickerplantindia.com do not open if web filter policy is configured as "Allow All".

Bug ID – 7370

Description – An application “eToro Trading” will not work when Web Filter Policy is configured as “Allow All” or scanning is enabled.

http://www.amadeusvista.com/

http://www.tickerplantindia.com/



15. QoS

Bug ID – 10731

Description – The Bandwidth Management service ceases to function after rebooting, if the parameter "Total Bandwidth" in QoS policy is configured with maximum value "10240000".

16. Report

Bug ID – 16296

Description – After upgrading Cyberoam firmware to 10.6.1 RC-1, report notifications are not mailed.

Bug ID – 12980

Description – A mismatch for severity levels “Notice” and “Information” is observed between “Count” and “Total Records” values displayed on On-Appliance iView Event Summary Report page and Exported Excel sheet respectively.

Bug ID – 12619

Description – Reports based on Domain are displayed in Search Web Surfing Reports for a user though the parameter “Search Type” is selected as URL.

Bug ID – 12142

Description – Administrator receives a blank Email Report Notification, if a Search Report Bookmark containing a URL with special encoded characters, is configured for the parameter “Bookmark” on the System Report Notification page.

Bug ID – 11692

Description – Only few out of all Custom View Report Names are displayed in the navigation bar of On-Appliance iView.

Bug ID – 11817

Description – Same logs are displayed in two different Web Surfing Summary Reports, even if different time periods are selected.

Bug ID – 11786

Description – A string "User {0}, Domain {1}, Host {2} > Detail Report” is displayed on On-Appliance iView for the Web Usage Host Detail report.



17. Spoof Prevention

Bug ID – 17154

Description – DHCP Server does not lease IP over bridge interface, if Spoof Prevention is enabled in “Firewall”.

Bug ID – 16745

Description – Even when spoof prevention is enabled for custom zone, MAC address filtering and IP-MAC address filtering is not applied.

18. SSL VPN

Bug ID – 17171

Description – SSL VPN connection configured in Tunnel Access mode does not get established, if SSL Client Certificate name contains space.

Bug ID – 9959

Description – A user specific SSL VPN Policy is over-ridden by the Group SSL VPN Policy to which the user belongs to.

19. System

Bug ID – 17389

Description – The SSL/TLS MITM vulnerability (CVE-2014-0224) has been averted. For more information on the Security Advisory for the vulnerability, click here.

20. IPSec VPN

Bug ID – 17372

Description - An established IPSec VPN Connection disconnects randomly and the Administrator is unable to re-establish it if the connection is configured on PPPoE or DHCP type WAN interfaces.

Bug ID – 17202

Description – IPSec VPN does not get established, if more than 9 WAN interfaces are configured.

Bug ID – 12655

Description – A single Remote LAN Network is listed for Site to Site connection on VPN IPSec page while adding an IP Network, though multiple Remote LAN Networks are selected.

https://www.openssl.org/news/secadv_20140605.txt

http://kb.cyberoam.com/default.asp?id=2973&SID=&Lang=1



General Information

Technical Assistance

If you have problems with your system, contact customer support using one of the following methods:

E-mail ID: [email protected]

Telephonic support (Toll free)

APAC/EMEA: +1-877-777- 0368

Europe: +44-808-120-3958

India: 1-800-301-00013

USA: +1-877-777- 0368

Please have the following information available prior to contacting support. This helps to ensure that our support staff can best assist you in resolving problems:

Description of the problem, including the situation where the problem occurs and its impact on your operation

Product version, including any patches and other software that might be affecting the problem

Detailed steps on the methods you have used to reproduce the problem

Any error logs or dumps

Technical Support Documents

Knowledgebase: http://kb.cyberoam.com

Documentation set: http://docs.cyberoam.com

mailto:[email protected]

http://kb.cyberoam.com/

http://docs.cyberoam.com/



Important Notice Cyberoam Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Cyberoam Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document. Cyberoam Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice.

USER’S LICENSE Use of this product and document is subject to acceptance of the terms and conditions of Cyberoam End User License Agreement (EULA) and Warranty Policy for Cyberoam UTM Appliances. You will find the copy of the EULA at http://www.cyberoam.com/documents/EULA.html and the Warranty Policy for Cyberoam UTM Appliances at http://kb.cyberoam.com.

RESTRICTED RIGHTS Copyright 1999 - 2014 Cyberoam Technologies Private Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of Cyberoam Technologies Pvt. Ltd.

Corporate Headquarters Cyberoam House, Saigulshan Complex, Opp. Sanskruti, Beside White House, Panchwati Cross Road, Ahmedabad - 380006, GUJARAT, INDIA. Tel: +91-79-66216666 Fax: +91-79-26407640

Web site: www.cyberoam.com

http://www.cyberoam.com/documents/EULA.html

http://kb.cyberoam.com/

http://www.cyberoam.com/