Cyberoam Docs

Cyberoam Docs
1 of 78
http://docs.cyberoam.com/print.asp?id=221&SID=
1. Clients
1.1. Cyberoam Android Client Version
1.1.1. Release Notes
1.1.1.1. Cyberoam Android Client Version 1.4
Release Information
Compatibility Versions:
Cyberoams General Authentication Client Version 1.4 for Android is compatible with:
1. Cyberoam Version 10.01.0667 onwards.
2. Android Version 2.2 onwards
Installation Procedure
1. Download the installer of Cyberoams Client for Android OS from:
www.cyberoam.com
Google Play
2. Double-click installer to download the Android Client and follow the on-screen steps to install.
3. For configuration details, follow the link http://kb.cyberoam.com
Introduction
This document contains the release notes for Cyberoams General Authentication Client Version 1.4 for Android. The following sections describe the release in detail.
Enhancements
Auto-login to Cyberoam on Hotspot Availability
From this version onwards, General Authentication Client for Android, supports auto-login using authorized hotspot connected to Cyberoam.
Prior to this version, manual intervention was required for Wi-Fi hotspot reconnection.
03-01-2015 12:26
Cyberoam Docs
2 of 78
Bugs Solved
The general authentication client fails to open when it is accessed in landscape mode.
The general authentication client fails to respond if the pasted gateway IP Address contains alphanumeric characters.
1.1.1.2. Cyberoam Android Client Version 1.3
Release Information
Compatibility Versions:
Cyberoams General Authentication Client for Android OS (Cyberoams Android Client) Version 1.3 is compatible with following
1. Cyberoam Version 10.01.0667 onwards.
2. Android Version 2.2 onwards
Installation Procedure
1.
Download the installer of Cyberoams Client for Android OS from:

- Cyberoam Website
- Google Play
2. Double-click installer to download the Android Client and follow the on-screen steps to install.
3. For configuration details, follow the link http://kb.cyberoam.com
Introduction
This document contains the release notes for Android Client Version 1.3. The following sections describe the release in detail.
Features
1. General Authentication Client for Android OS
03-01-2015 12:26
Cyberoam Docs
3 of 78
From this version onwards, Cyberoam supports Authentication Client for Android based devices like mobile phones, PDAs and Tablets.
Prior to this feature, an un-authenticated user within Cyberoam Network could not fetch/retrieve data using any application installed on Android device. To remain authenticated, the user was
dependent on an active browser window. This would require a multi tab support browser for authenticating and browsing. Further, if the Cyberoam Captive Portal tab is closed, the user is marked
unauthenticated and there is a possibility to lose the connection.
To resolve the mentioned issues, Cyberoam introduced a client for Android devices, a standalone Application that authenticates users with Cyberoam and logs them in.
Android Compatible Version: Android Version 2.2 onwards
Note
If user enables auto login, the username and password used for authentication thereafter will be saved automatically.
On clicking the home button of main screen, Android Client application will run in background.
On clicking the back button of settings screen, Android Client application will return to main screen.
On clicking the close button, Android Client Application shuts down.
1.2. SSO - Single Sign On

1.2.1.1. V 1.0.1.0
Release Dates
Version 1.0.1.0 6th September, 2013
Release Information
Installation/Upgrade procedure
1. Download Cyberoam SSO installer.
Installer
Client 7.3.1.3
Client 1.0.1.0
Compatible Cyberoam Version

Up to 10.01.0 Build 678
10.01.0 Build 739 onwards
2. Refer to the KB article titled Implement Single Sign On Authentication with Active Directory for English and Non-English Versions of Windows for configuration instructions.
Revision History
03-01-2015 12:26
Cyberoam Docs
4 of 78
Sr. No.
Old Revision
Number
1.0 06/09/2013
New Revision
Number
Reference
Section
1.1 16/09/2013
Revision Details
Access information
for the About tab added
Introduction
This document contains the release notes for Cyberoam Single Sign On (SSO) Client Version 1.0.1.0. The following sections describe the release in detail.
Enhancements
1. SSO Client Information
From this version onwards, the "About" tab is added to provide the information about the Client Suite, its version details and the legal information.
The tab can be accessed from a client machine after successful user login. To access the tab, go to Start Menu > Cyberoam Single Sign on Client >
SS Cyberoam GUI > About Tab.
Bugs Solved
Bug ID 31
Description Live Users page displays either blank or incorrect MAC Address for the users logged in through Cyberoam SSO Client on a Windows 7 workstation.
Bug ID 51
Description Live Users page displays either blank or incorrect MAC Address for the users logged in through Cyberoam SSO Client on a Windows Vista workstation.
Bug ID 62
Description Cyberoam SSO Client ceases to function with Windows 8 workstation.
1.2.1.2. V 1.0.0.1
Release Information
Compatibility Versions: Version 10.01.0.739 onwards
1. Download SSO (Client base Single Sign On) installer from http://www.cyberoam.com/cyberoamclients.html
03-01-2015 12:26
Cyberoam Docs
5 of 78
2. Remove SSO, if you have already installed the previous version.

3. Configure SSO from http://kb.cyberoam.com and follow the on-screen steps to install.
Introduction
This document contains the release notes for Client based Single Sign On (SSO) version 1.0.0.1. The following sections describe the release in detail.
Enhancement
1.
Internationalization Support
Client base Single Sign On (SSO) now supports four languages viz., English, Hindi, Chinese Simplified, Chinese - Traditional.
Compatibility of OS version where SSO suite can be configured are as mentioned below:
1. Windows 2003 Server 32 bit
2. Windows 2003 R2 Server 64 bit
4. Windows 2008 Server R2 Standard/Enterprise 64 bit Environment as domain
Compatibility of OS version on Client where SSO suite can be installed and executed are as mentioned below:
1. Windows XP
2. Windows VISTA
3. Windows 7 32 bit
4. Windows 7 64 bit
5. Windows 2003 32 bit
6. Windows 2003 R2 64 bit
7. Windows 2008 32 bit
8. Windows 2008 R2 Standard/ Enterprise 64 bit
1.3. OS Compatibility Matrix
03-01-2015 12:26
Cyberoam Docs
6 of 78
1.4. CATC - Cyberoam Authentication for Thin Client

1.4.1.1. V 2.0.4.3
Release Dates
Version 2.0.4.3 20th November, 2014
Release Information
Upgrade procedure
Administrative permission is required for installation.
1. Get the currently installed CATC version from:
Windows Registry or
Add Remove Programs for WindowsServer 2003 or
Programs and Features for Windows Server 2008 and onwards
2. Download CATC installer.
Installer
Client 1.0.1.5*
Client 2.0.0.9
Client 2.0.3.7
Client 2.0.4.3

Up to 10.01.0 Build 678
Upgrading from v 1.0.1.5 to v 2.0.4.3 requires reconfiguration of the Cyberoam IP Address, Exclusion List, Maximum Log Size and Logout Polling Time.
3. Double-click the downloaded CATC installer and follow the on-screen steps.
Revision History
Sr. No.
Old Revision
New Revision
Reference
Revision Details
03-01-2015 12:26
Cyberoam Docs
7 of 78
Number
Number
Section
Introduction
This document contains the release notes for Cyberoam Authentication for Thin Client (CATC) Version 2.0.4.3. The following sections describe the release in detail.
Enhancements
1. Cyberoam Settings Tab Enhancements
From this version, the Status group of Cyberoam Settings tab is enhanced to include the following fields:
a. View Log
This button displays a comprehensive set of all the logs that are generated at the event viewer in either Debug or Trace mode,
(As defined in the General Settings tab.).
b. View Logging Events
This option allows the Administrator to filter out CATC specific logs from Event Viewer logs of the Microsoft TSE or Citrix Presentation Server,
where CATC is installed.
2. General Settings Tab Enhancements

From this version onwards, the Maximum Log Size field of the General Settings tab is renamed to Logging. The Logging field now contains the following options:
Enhanced Log Level Categorization
This option allows the Administrator to filter out CATC specific logs from Event Viewer logs of the Microsoft TSE or Citrix Presentation Server, where CATC is installed.
The button next to the Log Level field consists of a drop down which when clicked shows two Log Level options:
Debug Select this option to generate a detailed log file for CATC and Logging Event logs. The set of logs can be viewed by clicking the Open buttons against View Log and View Logging Events
from the Cyberoam Settings tab.
Trace Select this option to generate a filtered and more event specific log file for CATC and Logging Event logs. The set of logs can be viewed by clicking the Open buttons against View Log and
View Logging Events from the Cyberoam Settings tab.
03-01-2015 12:26
Cyberoam Docs
8 of 78
3. Exclusion Lists Tab Enhancements

With this version, the Exclusion List section has been enhanced with support to add Destination IP Address, IP Address: Port and *:Port.
With this enhancement, an Administrator can configure CATC to not send the connection details of sessions terminating at the mentioned Destination IP Address, IP Address: Port and *:Port, to
Cyberoam.
Prior to this version, an administrator could configure only users under the Exclusion List.
4. About Tab Enhancements

With this version, the About tab information is available in three different languages apart from English, namely Hindi, Chinese (Simplified) and Chinese (Traditional).
To change the language of CATC GUI, click the Language button and select the desired language from the drop-down list.
Miscellaneous
Rename of CATC
From this version, "Cyberoam Authenticated for Thin Client" is renamed to "Cyberoam Authentication for Thin Client".
Bugs Solved
Bug ID 188
Description A delay is observed while accessing an MS.NET application when it is installed along with CATC on Windows AD 2008 Server.
Bug ID 178
Description Windows 2012 Data Center 64 bit operating system with French Language Pack fails to register to Layered Service Provider when CATC is installed.
Bug ID 269
Description CATC users surfing the Internet through Internet Explorer version 11 do not appear in Live Users list of Cyberoam.
03-01-2015 12:26
Cyberoam Docs
9 of 78
1.4.1.2. V 2.0.3.7
Release Dates
Version 2.0.3.7 23rd May, 2013
Release Information
Upgrade procedure
1. Get the currently installed CATC version from:
Windows Registry or
Add Remove Programs for WindowsServer 2003 or
Programs and Features for Windows Server 2008 and onwards
2. Download CATC installer.
Installer
Client 1.0.1.5*
Client 2.0.0.9
Client 2.0.3.7

Up to 10.01.0 Build 678
Upgrading from v 1.0.1.5 to v 2.0.3.7 requires reconfiguration of the Cyberoam IP Address, Exclusion List, Maximum Log Size and Logout Polling Time.
3. Double-click the downloaded CATC installer and follow the on-screen steps.
Revision History
Sr. No.
Old Revision
Number
New Revision
Number
Reference
Section
Revision Details
03-01-2015 12:26
Cyberoam Docs
10 of 78
Introduction
This document contains the release notes for Cyberoam Authentication for Thin Client (CATC) Version 2.0.3.7. The following sections describe the release in detail.
Enhancements
1. Support of long user name
Cyberoam now extends support of 20 characters for the user name/login name for all domains for logging through CATC client. The domain name can also be a sub-domain, such as mail.example.com.
With this enhancement, Active Directory users with long username suffixed by domain or sub-domain will now be able to login to Cyberoam through CATC client.
Prior to this version, only 9 characters were supported for the user name with sub-domain.
Following are the examples of valid usernames:
testuser@example.com
testofusernamelength@example.com
testuser@mail.example.com
testofusernamelength@mail.example.com
2. CATC Information
Bugs Solved
Bug ID 7
Description CATC user cannot login if the Domain name of terminal server is more than thirteen characters.
Bug ID 43
Description Functionality of ERP application ceases to function, if it is installed along with CATC client on same Windows 2003 Server.
Bug ID 47
Description User is not able to log in into Cyberoam through CATC client, if the username contains special characters $, % and .
Bug ID 57
Description CATC does not authenticate the user when UAC is ON in Windows 2008 Server and above. This is observed when user tries to login using Internet Explorer 8 or above.
03-01-2015 12:26
Cyberoam Docs
11 of 78
1.4.1.3. V 2.0.0.9
Release Information
1. Download CATC installer from http://www.cyberoam.com/cyberoamclients.html
2. Uninstall CATC, if you have already installed the previous version.
3. Double-click installer download in step 1 and follow the on-screen steps to install. Administrative right is required to install CATC.
Introduction
This document contains the release notes for Cyberoam Authentication for Thin Client (CATC) version 2.0.0.9. The following sections describe the release in detail.
Enhancement
1. Internationalization Support
CATC now supports four languages viz., English, Hindi, Chinese Simplified, Chinese - Traditional. Option to select the preferred language is available during the installation of CATC. Also post
installation, as per the requirement the preferred language can be modified. To modify the language go to Start menu Programs CATC CATC Click on Language Select preferred
language.
This version of CATC will be compatible with following Windows version:
1.
Windows 2000 Server with Service pack 4
2. Windows 2003 Server 32bit

5. Windows 2008 R2 Standard/Enterprise 64 bit
6. Windows SBS 2011 Server
03-01-2015 12:26
Cyberoam Docs
12 of 78
7. Windows 2003 server with Citrix configured.

Limitation
1. On modifying the preferred language, the text on the tabs remains unchanged until CATC is restarted. However none of the functionality gets affected.
1.4.1.4. V 1.0.1.5
Release Information
Release Date
Version 1.0.1.5 2nd July, 2011
Compatibility Versions: All Versions
3. Double-click installer download in step 1 and follow the on-screen steps to install. Administrative right is required to install CATC.
Introduction
This document contains the release notes for Cyberoam Authentication for Thin Client (CATC) version 1.0.1.5. The following sections describe the release in detail.
Enhancement
Now CATC supports exclusion users having domain name in their username. Prior to this version, a user with domain name like test@bandwidthshaper.com could not be excluded.
Bugs Solved
Bug ID 5475
Description On installing the CATC version 1.0.0.9, Oracle form 6i application stops responding.
Bug ID 5519
Description User Exclusion List in CATC 1.0.0.9 can contain a duplicate usernames.
03-01-2015 12:26
Cyberoam Docs
13 of 78
1.4.1.5. V 1.0.0.9
Release Information
Compatible versions: All versions
Installation procedure
3. Double-click installer downloaded in step 1 and follow the on-screen steps to install. Administrative right is required to install CTAS.
Introduction
This document contains the release notes for Cyberoam Authentication For Thin client version 1.0.0.9. The following sections describe the release in detail.
Enhancement
1. Support of Win2K8 server
Now CATC supports Win2K8 server also. Prior to this version, only Windows Server 2000, Windows Server 2003 (Microsoft TSE) and Citrix Presentation Server were supported.
Currently CATC is not supported on Win2K8 server for Itanium based systems.
Bug Solved
Bug ID 4898
Description When multiple Citrix servers are configured and single user exists in multiple servers, than user is not logging in the domain configured for her.
1.4.2. Guides
1.5. CTAS - Cyberoam Transparent Authentication Suite
1.5.1.1. V 2.1.2.5
Release Dates
03-01-2015 12:26
Cyberoam Docs
14 of 78
Version 2.1.2.5 28th July, 2014
Release Information
Upgrade procedure
Administrative permission is required for installation.In case you are going to deploy CTAS as a Collector, please make sure that the machine on
which you are installing CTAS is in the domain whose Domain Administrative credentials you want to use for installing.
1. Download CTAS installer from: http://www.cyberoam.com/cyberoamclients.html. For Cyberoam versions prior to 10.02.0 Build 473,
please install CTAS Version 1.0.1.2.
2. Double-click the downloaded CTAS installer and follow the on-screen steps. Refer to the following KB articles for configuration instructions:
Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment
OR
Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
Revision History
Sr. No.
Old Revision
Number
New Revision
Number
Reference
Section
Revision Details
Introduction
This document contains the release notes for Cyberoam Transparent Authentication Suite (CTAS) Version 2.1.2.5. The following sections describe the release in detail.
Enhancements
1. Advanced Tab Enhancements
a. Configuration Synchronization and its Logging
From this version, following new sub-section is added to the Advanced tab:
Configuration Sync: It lets administrator to replicate CTAS configuration from one CTAS installation to another and also generates logs for the same.
03-01-2015 12:26
Cyberoam Docs
15 of 78
CTAS configurations are pushed from CTAS Machine 1 to target Machine 2 only if both have CTAS version 2.1.2.5 or above installed.
This sub-section has two buttons:
1.
Configuration Sync: Click this button and specify the IP Address of the target Machine on which CTAS Agent/Collector/Suite is installed.
Depending upon the CTAS installation type (Agent, Collector or Suite), CTAS component configurations will be synchronized from
CTAS Machine 1 to Machine 2 in the following manner:
Machine 1 (CTAS Installation Type)
Machine 2 (CTAS Installation Type)
Agent
SSO Suite (Agent values will be Sync)
Collector
SSO Suite (Collector values will be Sync)
Agent
Agent
Collector
Collector
SSO Suite
SSO Suite
Note: Synchronization is disallowed for all other CTAS installation combinations on CTAS Machine 1 and 2. .
2. View Sync Logs: Use this button to View Configuration Sync logs.
b. Configuration Synchronization and its Logging

From this version, the Logging sub-section is enhanced with the Log Level feature to neatly categorize CTAS logs and Logging event logs.
The View Logging Events button is added which allows the Administrator to filter out CTAS specific logs from Event Viewer logs of the Machine
where CTA Agent is installed. These logs are saved as a text file of the title logging_events.log.
The button next to the Log Level field consists of a drop down which when clicked shows two Log Level options:
Debug Select this option to generate a detailed log file for CTAS and Logging Event logs.
The set of logs can be viewed by clicking the View Log and View Logging Events button respectively.
Trace Select this option to generate a filtered and more event specific log file for CTAS and Logging Event logs.
The set of logs can be viewed by clicking the View Log and View Logging Events button respectively.
Bugs Solved
Bug ID - 412
Description CTAS initiates WMI query for hosts/networks added in the Exclusion List.
03-01-2015 12:26
Cyberoam Docs
16 of 78
Bug ID - 404
Description CTAS Advanced tab and Backup / Restore sub title is incorrectly spelled as Advance and Back Restore respectively.
1.5.1.2. V 2.1.1.4
Release Dates
Version 2.1.1.4 06th May, 2014
Release Information
Upgrade procedure
OR
Revision History
Sr. No.
Old Revision
Number
New Revision
Number
Reference
Section
Revision Details
Introduction
03-01-2015 12:26
Cyberoam Docs
17 of 78
Enhancements
1. New Sub-sections added in Advance Tab
From this version, following new sub-sections have been added to the Advance tab:
Backup Restore: It lets administrator take backup of current CTAS configurations, as well as restore a previously taken backup.
Use the Backup Now button against Backup Configuration to take backup of current CTAS configurations.
Use the Browse button against Restore Configuration to browse to the location containing previously taken CTAS configuration backup.
Click Upload and Restore button to restore the selected backup.
Test Connectivity: It lets administrator gather the connectivity status of a Cyberoam appliance, CTAS Agent and CTAS Collector
with respect to the AD Server where CTA Agent /Collector /Suite is installed:
- Cyberoam: Specify the IP Address of Cyberoam appliance, to test its connectivity status with respect to the AD Server
where CTA Agent /Collector /Suite is installed.
- CTA Agent: Specify the IP Address of CTA Agent, to test its connectivity status with respect to the AD Server where CTA Agent /Suite is installed.
- CTA Collector: Specify the IP Address of CTA Collector, to test its connectivity status with respect to the AD Server where CTA Collector /Suite
is installed.
Note: Test Connectivity feature is supported from Firmware Versions 10.6.1 RC-3 onwards only.
2. Support for Dead entry timeout
From this version, Dead entry timeout parameter is added under Logoff Detection Settings sub-section of CTA Collector tab.
With this enhancement, an administrator can configure time in hours after which a user is to be logged off from Cyberoam.
Accordingly, a user will be logged off from Cyberoam after the specified time, even when the Logoff Detection for the user fails.
Note that Dead entry timeout is independent of whether the Logoff Detection is enabled or not.
3. Support for Subnet mask in Exclusion List Tab
From this version, an administrator can specify a Network Subnet mask (For example, 172.16.16.0/24) under Exclusion List tab.
With this enhancement, an administrator can configure an entire Network Subnet Mask to exclude from authentication.
Accordingly, an IP Address falling under the specified Network Subnet mask is not authentication via CTAS.
Prior to this version, an administrator could specify only IP Address of Host(s) in Exclusion List.
03-01-2015 12:26
Cyberoam Docs
18 of 78
Bugs Solved
Bug ID - 346
Description WMI query fails for a user / Administrator user logging into ADS machine itself
1.5.1.3. V 2.1.0.3
Release Dates
Version 2.1.0.3 11th February, 2014
Release Information
Upgrade procedure
OR
Revision History
Sr. No.
Old Revision
Number
New Revision
Number
Reference
Section
Revision Details
03-01-2015 12:26
Cyberoam Docs
19 of 78
Introduction
Enhancements
1. New Tab Added - Advance Tab
From this version, the Advance tab is added to aid the administrator with logging and troubleshooting.
The Advance tab contains following sub-sections:
Show Live Users: It displays detail of all the Domain users, which is registered to CTA Collector by all the CTA Agents in network.
The Active Collector will use this database to communicate user information to Cyberoam.
Logging: It provides logs as per the configured settings. The administrator can also set the log size between 10 to 25 MB.
Trouble Shooting: The CTA Collector uses WMI and Registry Read polling methods to check user login on a remote machine. Administrator can use the
following utilities to check if the CTA Collector is able to connect and get user information from a remote machine or not:
1. WMI Verification: Use to perform WMI Verification for the client with the specified IP Address.
2. Registry Read Verification: Use to perform Registry Read Verification for the client with the specified IP Address.
1.5.1.4. V 2.0.6.4
Release Dates
Version 2.0.6.4 24th December, 2013
Release Information
Upgrade procedure
03-01-2015 12:26
Cyberoam Docs
20 of 78

OR
Revision History
Sr. No.
Old Revision
Number
New Revision
Number
Reference
Section
Revision Details
Introduction
Enhancements
1. Migration Support
Cyberoam now supports migration from following Versions of CTAS to the latest Version - 2.0.6.4:
CTAS Version 2.0.4.0 and Version 2.0.5.2
2. CTAS Information
Behaviour Change
1. From this Version onwards, the parameter Domain Name under Monitored Domains in General Tab is renamed to NetBIOS.
03-01-2015 12:26
Cyberoam Docs
21 of 78
2. From Version 2.0.5.2 onwards, Cyberoam IP Address under parameter Cyberoam Appliances in General Tab is displayed only when:
a. The Cyberoam Appliance is active and
b. The Active Collector is added to the Cyberoam Appliance via CLI
Bugs Solved
Bug ID 115
Description Letter i automatically follows the specified FQDN against Fully Qualified Domain Name parameter under Monitored Domains in the General Tab.
Bug ID 111
Description CTAS Service does not start if the number of Monitored Networks under CTA Agent Tab is more than 115.
Bug ID 152
Description DETECTION-RETRY parameter in CTAS.ini file is missing in CTAS Version 2.0.5.7.
Bug ID 231
Description CTAS Collector fails to execute WMI query if the CTAS administrator password contains non-English character(s).
1.5.1.5. V 2.0.5.2
Release Information
1. Download CTAS installer from http://www.cyberoam.com/cyberoamclients.html
2. Uninstall CTAS, if you have already installed the previous version.
3. Double-click installer download in step 1 and follow the on-screen steps to install. Administrative right is required to install CTAS.
Introduction
This document contains the release notes for Cyberoam Transparent Authentication Suite (CTAS) version 2.0.5.2. The following sections describe the release in detail.
Enhancement
1. CTAS: More Resilient Transparent Authentication
From this version onwards, CTAS Fault Tolerance capability is optimized by:
Providing a high availability of collectors and agents.
03-01-2015 12:26
Cyberoam Docs
22 of 78
Minimizing authentication delay due to AD Server failure.
Automatic recovery mode support, thus when CTAS service crashes or fails, it will restart automatically.
Modus operandi
The CTAS Agent can be:
Installed on every domain controller.

Configured to support group of collectors. One of these collectors act as a primary collector, while remaining shall be backup collectors. A maximum 5 collectors can be
added to a group
If the primary collector goes down, one of the backup collectors shall become primary collector.
Unlike prior, list of collectors will now be available, if CTAS Agent and CTAS Collector are on same machine.
It is now possible to add multiple collectors, if only CTAS Agent is available on the machine. Prior, in absence of CTAS Collector, only one collector could be configured.
While using NETAPI mode, if CTAS HA mode is enabled, IP Address of primary collector and port number on which the backup collector listens to the primary collector
must be configured.
Note
A Group Number along with IP Address and Port number is required to add a Collector.
CLI Commands
1.
Command: cyberoam auth cta collector add collector-ip <ip-address> collector-port <port> create-new-collector-group
To add a collector in new group.

2.
Command: cyberoam auth cta collector add collector-ip <ip-address> collector-port <port> collector-group <group-number>
To add a collector in an existing collector group.

Prior to this enhancement, to support multiple domain controllers, CTAS Agent was installed on every domain controller and a single collector on any one of the CTAS Controller.
1.5.1.6. V 2.0.4.0
Release Information
Compatibility Versions: Version 10.01.0 Build 739 onwards
03-01-2015 12:26
Cyberoam Docs
23 of 78
For further information on installation of the CTAS client, please click here.
Introduction
New Feature
1. Novell eDirectory Support
Cyberoam now supports Single Sign-on authentication for Novells eDirectory through Cyberoam Transparent Authentication Suite (CTAS). Novell eDirectory is an authentication server used to
provide centralized identity management, infrastructure, Net-wide security and scalability to all types of applications running behind a security solution like Cyberoam UTM. Henceforth,
Cyberoams Client-less SSO will grant access of resources to the users that are successfully authenticated by eDirectory
Compatible Novell Server versions are:
1. eDirectory_88_SP5_Windows_x32
2. SLES10_SP4(OES2SP3)
3. Netware 6.5_SP8
Compatible Novell Client versions are:
1. Novell client 4.91_SP5 for Windows XP and Windows 2003
2. Novell client 2 SP1 for Windows 7 (32 bits and 64 bits), Windows Vista
Known Behaviour
1. Ping method of CTAS-Novell eDirectory does not work for Windows XP (SP2 and SP3)
2. User's simultaneous login/logout activity does not get logged on Cyberoam with CTAS-Novell edirectory
3. Under i18n compliance, Cyberoam Transparent Authentication Suite (CTAS) with Novells eDirectory support English and French languages only.
With Active Directory, CTAS also supports Hindi and Chinese Simplified and Traditional.
1.5.1.7. V 2.0.1.2
Release Information
03-01-2015 12:26
Cyberoam Docs
24 of 78
Introduction
Enhancement
CTAS now supports four languages viz., English, Hindi, Chinese Simplified, Chinese - Traditional. Option to select the preferred language is available during the installation of CTAS. Also post
installation, as per the requirement the preferred language can be modified. To modify the language go to Start menu Programs CTAS Cyberoam Transfer Authentication Suite Click on
Language Select preferred language.
Compatible OS versions are as mentioned below:
1.
2.
3.
Windows 2003 Server 32 bit

Windows 2003 R2 Server 64 bit
Windows 2008 Server 32 bit
4. Windows 2008 Server R2 Standard/Enterprise 64 bit Environment as domain

Known Behaviour
1. For any selected language (Hindi, Chinese), the tab titles are displayed in English.
1.5.1.8. V 1.0.1.2
Release Information
Release Date
2.
Uninstall CTAS, if you have already installed the previous version.
03-01-2015 12:26
Cyberoam Docs
25 of 78
Introduction
This release introduces enhancements that improve quality, reliability and performance.
Enhancement
CTAS now supports Login IP Exclusion List. Users with their IP addresses added in the IP Exclusion List are not logged in Cyberoam via CTAS.
This is particularly helpful if both CTAS and CATC authentication clients are present in the network. In this scenario, Terminal Server IP address can be added in Login IP Exclusion List, so the
remote terminal users do not log in through CTAS with the Terminal Server IP address.
Bugs Solved
Bug ID 4961
Description If the Active Directory server Domain name is different than that of the NetBios name then the user cannot login.
It is required that the Domain Name option should be renamed to Domain NetBios Name in Monitoring Domains tab
1.5.1.9. V 1.0.0.8
Release Information
Compatible versions: All versions
Installation procedure
3. Double-click installer downloaded in step 1 and follow the on-screen steps to install. Administrative right is required to install CTAS.
Introduction
This release introduces enhancements that improve quality, reliability, and performance.
Enhancements
1.
Single Installer for English and Non-English versions of OS
03-01-2015 12:26
Cyberoam Docs
26 of 78
Cyberoam is introducing new CTAS installer which supports both English and non-English versions of Operating Systems. Hence, now there is no need to download and install CTAS multiple
times.
Download path: http://www.cyberoam.com/cyberoamclients.html
2.
Support of Exclusion List for User Login

Now, administrator can bypass the authentication check on users such as system accounts that are not required to authenticate by simply adding them in Login User Exclusion List.
Option to configure exclusion list from Agent is removed and now added on Controller as well as Suite. This is useful when multiple Agents exist as in previous version one had to configure list
on each Agent, while this version, one has to configure list only on Collector or Suite
Suite/Controller Configuration
Go to Exclusion List tab and under Login User Exclusion List add all the users who are required to bypass the login check.
3.
Support of IP based Exclusion List for User Logoff

Now, administrator can bypass IP address log off detection check by creating Logoff IP Exclusion list. This is useful when Logoff detection is enabled to monitor user log off and still you want
to bypass monitoring.
Suite/Controller Configuration
Go to Exclusion List tab and under Logoff IP Exclusion List add all the IP addresses, which should not be subjected to logoff detection.
4.
Login request redirection based on Subnet mask

In case, multiple Cyberoams are used to monitor, now it is possible to re-direct the login request to a particular Cyberoam based on the subnet.
For example, if setup has 3 Cyberoams with IP address 192.168.1.1, 192.168.2.2 and 192.168.3.3 and Agent is monitoring 10.10.20.0/24 and sending update to Collector. Then on Collector,
we can assign a Cyberoam to a particular subnet that is being monitored.We can configure Cyberoam 192.168.1.1 to monitor 10.10.20.0/25, Cyberoam 192.168.2.2 to monitor
10.10.20.128/25 and Cyberoam 192.168.3.3 to monitor all the networks.
Collector Configuration
Go to CTA Collector tab and under Cyberoam Appliances, click Add to
1.
2.
3.
5.
Add Cyberoam appliance IP address

Enable subnet based filtering
Specify subnet and subnet mask
Option to update Administrator credentials

To run the CTAS services, administrative rights are required. One had to uninstall CTAS and re-install if it was required to change the user credentials or user itself. Now, with this version,
there is no need to uninstall CTAS to change the user credentials.
This feature will be useful, if by mistake CTAS is installed for the user who does not have administrative rights.
03-01-2015 12:26
Cyberoam Docs
27 of 78
Configuration
1.
2.
3.
4.
Go to General tab
Under Status option, stop the CTAS services
Under Administrative Credentials, click Update to change username and password
Under Status option, start CTAS services
1.5.2. Guides
1.5.2.1. V 2.1.2.5
1.5.2.2. V 2.1.1.4
1.5.2.3. V 2.1.0.3
1.5.2.4. V 2.0.6.4
1.5.2.5. V 1.0.0.8
1.6. CGAC - Cyberoam General Authentication Client
1.6.1.1. V 2.1.1.12, V 2.1.1.15
Release Dates
Version 2.1.1.12 6 September, 2013
Version 2.1.1.15 24 June, 2014
Release Information
Installation/Upgrade procedure
1. Download CGAC installer Version 2.1.1.12 / 2.1.1.15 from http://www.cyberoam.com/cyberoamclients.html.
2. Double-click the downloaded CGAC installer and follow the on-screen steps. Refer to the KB article titled
Install and Configure Cyberoam General Authentication Client for Windows OS for configuration instructions.
Revision History
Sr. No.
Old Revision Number
New Revision Number
Reference Section
Revision Details
03-01-2015 12:26
Cyberoam Docs
28 of 78
1.0 -06/09/2013
1.1 -16/09/2013
Access information for the About tab

added
1.1 -16/09/2013
1.2 -24/06/2014
Translations update
Introduction
This document contains the release notes for Cyberoam General Authentication Client (CGAC) Version 2.1.1.12 and Version 2.1.1.15. The following sections describe the release in detail.
Enhancements
1. Rename of Corporate Client
From this version, the Cyberoam Corporate Client is renamed to Cyberoam General Authentication Client (CGAC).
2. CGAC Information
From this version onwards, the "About" tab provides information about the Client Suite, its version details and the legal information.
The tab can be accessed only after the client installation is completed. Click on the top-left corner of the clients login window to access the About tab.
3. Log File Support
From this version, the Log File support for the Cyberoam General Authentication Client (CGAC) is added.To access the Log File, go to Start > Run
and enter the following command:
%appdata%\Cyberoam\Cyberoam General Authentication Client
Known Behaviour
1. Restoration of saved user credentials after CGAC upgrade
Cyberoam General Authentication Client (CGAC) does not restore the saved user credentials and IP Address of Cyberoam Server, after upgrading to Cyberoam General Authentication Client
(CGAC) Version 2.1.1.12.
1.6.1.2. V 2.1.0.0
03-01-2015 12:26
Cyberoam Docs
29 of 78
Release Information
1. Download Corporate Client installer from http://www.cyberoam.com/cyberoamclients.html
2. Uninstall Corporate Client, if you have already installed the previous version.
3. Double-click installer download in step 1 and follow the on-screen steps to install. Administrative right is required to install Corporate Client.
Introduction
This document contains the release notes for Corporate Client version 2.1.0.0. The following sections describe the release in detail.
Enhancement
Corporate Client now supports four languages viz., English, Hindi, Chinese Simplified, Chinese - Traditional. Option to select the preferred language is available during the installation of Corporate
Client. Also post installation, as per the requirement the preferred language can be modified. To modify the language go to Start menu Programs Cyberoam client for corporate Tray icon
(located on task bar) Right click on Corporate Client icon Preference Select preferred language Ok.
Compatible OS versions are as mentioned below:
1.
Windows XP with all the Service packages
2. Windows Vista
3. Windows 7 32 bit
4. Windows 7 64 bit
8. Windows 2008 R2 Standard and Enterprise 64 bit
9. Windows SBS 2011 Server
Note
03-01-2015 12:26
Cyberoam Docs
30 of 78
1. This Version is not compatible with Linux Flavors like Linux, Fedora, Unix, MAC, etc
1.6.1.3. V 2.0.0.3
Release Information
Release Date
1. Download Corporate Client installer from http://www.cyberoam.com/cyberoamclients.html
2.
Uninstall Corporate Client, if you have already installed the previous version.
3. Double-click installer download in step 1 and follow the on-screen steps to install. Administrative right is required to install Corporate Client.
Introduction
This document contains the release notes for Cyberoam Corporate Client version 2.0.0.3. The following sections describe the release in detail.
Bugs Solved
Bug ID 4580
Description Auto Login of Corporate Client does not work from version 10.00.0309.
Bug ID 5458
Description A wrong MAC address is displayed when the user logs in from a workstation having SSL VPN client installed.
1.6.2. Guides
1.7. IPSec VPN Client
1.7.1.1. V 4.71 Build 001, V 5.XX Build XXX
Introduction
03-01-2015 12:26
Cyberoam Docs
31 of 78
This document contains the release notes for Cyberoam that includes all the features, enhancements, bug fixes and known issues for the following:
Version 5.51 Build 001
Download Client
http://www.cyberoam.com
OperatingSystem supported
Windows 2000 (Workstation), WinXP 32-bit (all service pack including SP2), Windows Server 2003 32bit, Windows Server 2008 32/64-bit, Windows Vista 32/64 bit, Windows 7 32/64bit,
Windows 8 32/64-bit.
Revision History
Sr. No.
Old Revision
Number
New Revision
Number
Reference
Section
Revision Details
5.02.001-11052011
5.51.
001-26042013
Operating
System
Supported
Added support for Windows 8

32/64-bits
03-01-2015 12:26
Cyberoam Docs
32 of 78
IPSec VPN Client Release Notes

This Release Note details the features, enhancements and fixes of the release 5.51 build 001.
IPSec VPN Client 5.51 Build 001

This release note includes features, enhancements and bug fixes since release 5.01.001.
Compatibility
Support for Windows 8 32/64-bit added.

Bugs Solved
Version tgbgina.dllnot foundon the 'about' window.

Bugs Solved
Mainly in Windows XP, due to various naming of the Application Data folder, Activation error 70. Cant activate software message gets displayed.
Any automated scripts that are supposed to be executed at opening and closing of a tunnel might not run and DNS/WINS may not get restored properly if alternate DNS/WINS are
configured and the user is using another VPN Configuration via a USB.
Activation Wizard in help menu cannot be disabled after software activation.
The VPN Configuration does not load from an USB Drive if it is already plugged in before initialization of IPSec VPN Client software.
Phase 2 Advanced option "Automatically open this tunnel when USB stick is inserted" might not work in some Windows configuration if USB drive not detected.
Importing VPN Configurations with Certificates in IPSec VPN Client 5.0 from a VPN Client 4.7 prevents from opening a tunnel. The field Name is not properly parsed.
03-01-2015 12:26
Cyberoam Docs
33 of 78
Windows IP stack may crash when forcing high fragmentation of IP packets beyond 10 fragments.
Known Issues
Some setup command line options may not work correctly during a silent install.
After locking/unlocking Window session, the tunnel cannot be opened and the configurations cannot be applied or saved. The user requires restarting the VPN Client software.
Gina connection panel (before Windows logon) may appear with 5-8sec delay on Windows XP. The Gina connection panel does not display when computer is locked on Windows 2007.
In USB Mode, exporting a protected VPN Configuration creates a wrong configuration file.
Note
Debug mode (Ctrl+Alt+D) creates large trace logs. Disable the debug mode or regularly delete the log files.

Features
New graphical user interface provides easier user experience. Among major changes are a simpler top menu, smaller and clearer Connection Panel, less buttons and more tabs in
Configuration Panel.
Language can be changed on the fly, and all the strings can be modified from the software. This allows localizing any strings.
Support of 2 new languages Hungarian and Norwegian which makes it a total of 23 languages.
Automatically sort VPN tunnels by name.
Displays virtual IP Address sent by gateway when "Mode-Config" feature is set.
Add "Purchase licenses online" link under helpmenu.
Command line option /pwd (password) must be specified when using command line option /export.
New setup option --reboot=1 to reboot automatically after silent installation.
DNS/WINS server addresses received from remote gateway are now displayed in Phase2>Advanced. In case Mode-Config feature is enabled, both fields are disabled to prevent
03-01-2015 12:26
Cyberoam Docs
34 of 78
manual settings but the DNS/WINS server addresses are still displayed.
Displays the amount of data encrypted per VPN tunnel in Connection Panel.
DPD can now be disabled with a checkbox added in Global Parameters > DPD.
Enhancements
Phase1 > Certificate tab now shows all Tokens/SmartCard Readers configured, except those plugged in. A warning message is displayed when the certificate cannot be read on the
configured Token/SmartCard Reader.
No administrative previledge dependency to activate IPSec VPN Client software.
Single field to enter the license number up to 24 digits long.
VPN Client virtual IP Address and DNS/WINS fields are disabled when Mode-Config is selected.
Script fields are now disabled when Enable before Windows login is selected.
If a VPN tunnel closes because the computer has changed its IP address, the VPN tunnel does not re-open automatically once the network is available again.
X-Auth Authentication Type "OTP" is now supported. If VPN gateway supports it and requests it, the IPSec VPN Client will ask the user for X-Auth authentication for each key
renegotiation.
X-Auth Authentication Type CHAP" is now supported. It can be used by the VPN Gateway, if supported, to pass through the X-Auth login/password to AAA Authentication server.
Bugs Solved
CHAP Radius X-Auth does not work when login and password are embedded in the configuration file.
X509 Certificate parser assumes that serial number in Certificate is mandatory and rejects certificates without serial number (e.g. coming from USB Tokens). X509 standard ETSI TS 102
280 doesnot specify that the serial number field is mandatory in the Certificates.
IPSec VPN Client Mode-Config feature does not take into account the mask value provided by the VPN gateway but instead uses a default mask (i.e. RFC2408 A.4 ISAKMP Identification
Type Values).
The reply to an X-Auth Authentication type server from the VPN gateway and the request received thereof, are not identical.
DNS Windows network setting is set back to static when VPN tunnel closes, although it was set to dynamic before opening the VPN tunnel. This may occurs on some Windows versions as
the inet_addr system function used does not have the same behavior on all Windows versions.
Software un-installation might not remove NDIS filter drivers properly which disable network adapters.
03-01-2015 12:26
Cyberoam Docs
35 of 78
Phase2 > IP Addresses are mandatory fields even when Mode-Config is selected.
Windows XP doesn not accept a 20 digit license number.
DNS address not restored properly after closing a VPN tunnel as a consequence of un-plugging the USB drive with VPN configuration on it while that VPN tunnel was opened.
VPN Client stops working after entering smartcard PIN code beyond 10 digits.
Opening a tunnel, triggers some systray popup messages about another VPN tunnel when using multiple VPN tunnels configuration.
Receiving a message with unknown System Administaor may trigger a systray popup message repeatedly.
VPN Configuration file cannot be imported from a network drive on some Windows network configuration.
Command line option "/export" does not work if the VPN Client software is already running.
VPN tunnel status in Configuration Panel does not get updated to Tunnel opened" but the Connection Panel tunnel status is updated properly.
The feature Launch this script after the tunnel is closed" executes the script too early in case the user quits the software, which in turn forces all opened tunnels to close.
The feature that prohibits users to access the Configuration Panel (menu Options" > Configuration
enter a password) should also prohibit the ability to import via command line using vpnconf.exe /import", or "/replace".
Selecting the Desktop folder in the Windows "browse" panel (e.g. when trying to import a configuration file) results an error, on Windows Vista.
Execution of command line options vpnconf.exe /close:tunnel1 and /open:tunnel1 opens the Configuration Panel. Configuration will remain closed, only systray popup messages will appear.
IPSec VPN retries to authenticate the user serveral times if ther gateway responds with a authentication failure response
The Gina library in the client (i.e. Connection Panel windows before logon) does not find all necessary system resources which might prevent user from login, which may force the user to
login in safe mode. Problem occurs, on all Windows XP in some VMware (without VMware "Tools"), and some strip down versions of Windows XP (not up to date with all service packs)
and only if a tunnel feature Windows before logon" have been selected.
Connection problem on the NetgearLite version with the Windows 7, 64-Bit installation.
Known Issues
Save the configuration before you quit the software, failing which, the IKE modules fail to connect when the software starts the next time.
User cannot update the DNS/WINS server address when the tunnels are open.
Gina connection panel may appear with 5-8sec delay on Windows XP. The Gina connection panel does not display when computer is "locked" on Windows Seven only. Gina Connection
Panel displays only 1 tunnel (if multiple configured in Configuration Panel).
03-01-2015 12:26
Cyberoam Docs
36 of 78
Importing VPN Configurations with Certificates in IPSec VPN Client 5.0 from a VPN Client 4.7 might prevent from opening a tunnel.
Changing from a "left to right" language to a "right to left" language (or vice-versa) might not take effect. A work around would be to quit the software and restart.
The Phase 2 Advanced option "Automatically open this tunnel when USB stick is inserted" does not work in some Windows configuration if USB drive not detected.
VPN configuration cannot be exported to a mapped drive and there is no error message displayed for same.
The new language translator editor does not support delete Del key.

This release note includes features,enhancementsand bug fixessince release 4.70.001.
Enhancements
Displays more information from Mode-Config feature (DNS, WINS) in the Console.
Bugs Solved
Initial DNS, WINS server addresses cannot be restored in some circumstances like unplugging LAN cable with an opened VPN tunnel using Mode-Config.
Secondary DNS, WINS server addresses provided by the gateway Mode-Config feature disables IPSec VPN Client Mode-Config feature, especially if those DNS, WINS server addresses
are empty.
1.7.1.2. V 4.70 build 001
Introduction
This document contains the release notes for Cyberoam IPSec VPN Client version 4.70 build 00. Document includes all the features, improvement, and bug fixes from the release 4.70 build 001.
Operating Systems supported
Windows 2000 (Workstation), WinXP 32-bit (all service packs including SP2), Windows Server 2003 32-bit, Windows Server 2008 32/64-bit, Windows Vista 32/64-bit, Windows 7 32/64-bit
Features
Support 2 new languages - Czech and Danish for total of 21 languages. Czech and Danish now embedded in the software setup.
Support of new WWAN driver model for 3G/4G devices on Windows 7 (Windows Seven 32/64bit). All 3G/4G wireless modem/adapter manufactures must support Mobile Broadband Driver Model
03-01-2015 12:26
Cyberoam Docs
37 of 78
Specification for Windows 7 based on NDIS6.20 miniport driver model. Among those adapters, we now support Atheros Wireless Adapter, Dell Wireless 5530 HSDPA Mini-Card, Dell Wireless 5600
EVDO-HSPA Mini-Card, Huawei 3G modem, Qualcomm Gobi 2000, Sierra wireless MC8781 HSPDA. See our list of 3G modem/adapters.
Latest NetGear VPN Routers Mode-Config support.
Windows firewall rules auto setup extended to 'public' and 'domain' profiles.
Ability to upgrade a group of license numbers at a specific date (with different expiration dates). This is useful to large customers/resellers to simplify their accounting/reporting of maintenance option.
Configuration file now encrypted during software upgrade. Password set for GUI access or command line can be used.
Enhancements
Ability to copy&paste the license number from the 'About..' windows.
Change in user interface of the Phase2 panel around the Certificates Management.. button.
Temporary installation folder for drivers in Windows 7 64-bit shall not have restricted access rights.
RFC defines port 4500 UDP for key renegotiation. Port 500 is allowed now.
Mode-Config in IKE Engine has been adapted for compatibility with NetGear gateways.
Added Push mode in Mode-Config for compatibility with NetGear gateway.
Command line /pwd switch is mandatory for /export and /exportonce requires (e.g. vpnconf.exe /export:c:"test.tgb /pwd:test).
Bugs Solved
Command line to replace a configuration file protected with password (e.g. /replace:c:"test.tgb /pwd:test) might erase current configuration if wrong password. Command lines to /add or /importonce are
not affected.
Command lines ("vpnconf.exe /import:[filename]") might not be executed properly.
Events not logged in Console when opening/closing tunnel before Windows logon (for Gina mode go to Phase2 Advanced > Enable before Windows logon)
Software activation may not work properly in case Windows default temporary folder is restricted to the user.
Leaving sleep mode in Windows 7 64-bit might lead to Bluescreen.
Special characters in Phase1 or Phase2 names could crash when software starts.
Popup shows continuously "Remaining tunnel" after tunnel closed, due to erroneous cookie in INVALID COOKIE notification message (i.e. RFC2522)
Limitation in length of all parameters to avoid buffer overflow.
03-01-2015 12:26
Cyberoam Docs
38 of 78
Open Tunnel button disabled while network interfaces become available or unavailable to avoid crash. Especially wireless network interfaces (e.g. 3G, WiFi,..).
IKE service might crash if user open and close the tunnel multiple times rapidly while a redundant gateway as been set.
Support for numerical OID in certificate subject may lead to inability to open tunnel.
Sound (Ding) when using Tab keyboard key in X-Auth Authentication popup.
Password limiting access to some features (View > Configuration) might be asked even when not set.
"Don't start VPN Client when I start Windows" is not working on Windows 7 64-bit. The IPSec VPN Client always starts.
Bluescreen on Sony VAIO VGN-FW51MF with 3G option, Windows Seven 64-bit (Win 7) and a VPN Configuration using Certificates.
When local and remote network are on the same subnet, access to remote network would not work properly if the Auto open tunnel on traffic detection feature has not been selected.
Bad version IKE daemon.
1.7.1.3. V 4.65 build 003
Introduction
This document contains the release notes for Cyberoam IPSec VPN Client version 4.65 build 003. Document includes all the features, improvement, and bug fixes from the release 4.65 build 003 to 4.52
build 001.
Windows 2000 (Workstation), WinXP 32-bit (all service packs including SP2), Windows Server 2003 32-bit, Windows Server 2008 32/64-bit, Windows Vista 32/64-bit, Windows 7 RC1 32/64-bit
Release 4.65 build 003

Features, enhancements and bug fixes since release 4.65.002
Bugs Solved
IKE (tgbike.exe) crashes in certain circumstances like renegotiating user authentication using X-Auth twice and getting a not ok response from X-Auth remote server although initial
negotiation was authorized with same login/password.
In Peer2Peer mode, SHA-2 algorithm for phase2 Authentication is not working properly.
Import VPN Configuration window takes several seconds to appear. This situation occurs only for Windows 7 Operating System.
When multiple tunnels are configured, Configuration Panel displays mismatched tunnel names.
03-01-2015 12:26
Cyberoam Docs
39 of 78
When multiple tunnels are configured, Configuration Panel might display the wrong tunnel status.
Feature
Windows Seven (7) RTM 32/64-bit full compatibility. IPSec VPN Client now supports Windows 2000 (Workstation), Windows XP 32-bit, Windows Server 2003 32-bit, Windows Server 2008
32/64-bit, Windows Vista 32/64-bit, Windows 7 32/64-bit.
Enhancements
Easier activation wizard to accept 20 or 24 digit license number.
Appropriate and self explanatory message instead of Error 056 will be displayed when trying to activate an expired temporary license.
Limit of temporary license extended.
Management of temporary license improved
Connection Panel redesigned for better display of multiple tunnels.
Ability to maintain trial period while installing multiple OEM customization releases
Bugs Solved
At the time of importing VPN Configuration, IKE crashes in some Windows environments.
FTP transfer in ESP tunnel creates a BSOD when active mode is set.
When the user re-inserts smartcard after closing tunnel, PIN Windows does not pop up for checking PIN code.
DoS vulnerability is fixed.
Software might not run properly when USB Drive mode is active (i.e. VPN Config moved onto USB Drive) and one of the network drives is inaccessible.
Use of Certificate from Windows Certificate Store does not working properly on Windows XP 32/64-bit.
Corrected Warning message in English language when global parameters set outside limits.
VPN Peer 2 peer not working in aggressive mode.
VMWare Server and IPSec VPN Client, installed on Windows Vista may cause BSOD. Problem fixed also for Virtual PC, Virtual Box from Sun.
System crashed at the time of importing Certificate .P12 generated by Checkpoint firewall.
System crashed during extremely large data load with NVIDIA Ethernet chipset integrated to mother board or network board based on Realtek chipset.
USB Drive wizard is not running on forefront.
"Alternate WINS Server" address might not be updated when opening a tunnel. This issue is only found in Windows 7.
Evaluation period might expire at first installation in some rare circumstances with very aggressive desktop firewall settings. Network drivers might not be installed properly on Vista 64bits when
installation path contains spaces.
Spelling mistakes in deployment guide in noactiv and /D switches in command line section.
Systray icon might disappear when Windows Explorer crash.
Bugs solved
03-01-2015 12:26
Cyberoam Docs
40 of 78
Incorrect Software Activation request is sent during software un-installation.

Bugs Solved
The DN value in Certificates OID (Object ID) not correctly parsed leading to an unknown OID error message when using comma inside either of the RDNs (i.e. Relative Distinguished Name).
System crashes while using Certificate whose private key cannot be read properly
A Phase2 Advanced ID Type change in Configuration Panel is not saved in VPN Configuration file.
Windows function CryptUIDlgViewContext from cryptui.dll not available in Windows 2000, however used to view Certificate details in IPSec VPN Client 4.6 and further.
Not supporting Certificate subjectaltname extension properly which generates a subjectaltname invalid length error message.
Enhancements
Removed the registry key DnSeparator. The Certificate subject is now RFC compliant - RFC 4514.

Enhancements
Remove the application focus from the Vista Credential Providers window (aka GINA on W2K/WXP). User had to click on the Windows Logon password field to be able to enter it.
Bugs Solved
Credential Providers (aka GINA) not disabled after software un-installation under Windows XP in case one VPN tunnel has been enabled with the Enable before Windows Logon feature
Known issue
After exiting the Windows session without closing that session by Switch user or Lock this computer, IPSec VPN Client software does not display the opened tunnel even though they are still
open.
Work around Quit and restart the software. After restart all the opened tunnel will be showed as UP
03-01-2015 12:26
Cyberoam Docs
41 of 78

Feature
Windows 7 RC 32-bit and 64-bit support. Cyberoam IPSec VPN Client now supports Windows 2000, Windows XP 32 bit, Windows Server 2003 32 bit, Windows Server 2008 32/64 bit, Windows
Vista 32/64 bit and Windows 7 32/64 bit.
Enhancements
Remove the application focus onto the Vista Credential Providers window (aka GINA on W2K/WXP)
Following command line switches can now be used with the /pwd:xxx option: /export, /import, /exportonce, /importonce, /add, /replace.
Bugs Solved
Background color of few links in Software Activation Wizard and Connection Panel.
VPN tunnel might not open automatically when connecting using IP Range address.
Some OID (Object ID) in Certificates not supported (i.e. RFC 4519).
Transport mode access behind NAT may fail in some VPN configurations
Conflict with some other vendor Credential Providers (aka GINA) if already installed
Lost of network interface due to new 64-bit network drivers
Known Bugs
Vista Credential Providers (aka GINA) not working on Windows 64-bit.
Bug fixes since release 4.52.001
Feature
Ability to use Certificates from the Windows Certificate Store which enables smooth integration with any PKI software supporting Windows Certificate Store. When using USB Tokens or Windows
Certificate Store, a single Certificate can be selected in case multiple ones have been pre-stored.
Vista Credential Providers (aka GINA on W2K/WXP) support to enable Windows logon via VPN tunnel or choose to logon on local machine.
Windows 7 (32-bit) Support. Cyberoam IPSec VPN Client now supports Windows 2000, Windows XP 32-bit, Windows Server 2003 32-bit, Windows Server 2008 32/64-bit, Windows Vista 32/64-bit,
Windows 7 32-bit.
Arabic, Hindi & Thai language support. Cyberoam IPSec VPN Client is now available in 19 languages: Arabic, Chinese (simplified), Dutch, English, Finnish, French, German, Greek, Hindi, Italian,
Japanese, Polish, Portuguese, Russian, Serbian, Slovenian, Spanish, Thai & Turkish.
SHA-2 algorithm support
Ability to prevent software upgrade or un-installation if software usage has been protected by password.
Ability to view all the certificate details like expiration date, issued by, subject and so on.
03-01-2015 12:26
Cyberoam Docs
42 of 78
Shortcut added to enable debug mode.

New Oberthur AuthentIC Card v220 USB Token support.
Enhancements
Significant usability improvement of the USB Mode with ability to attach a VPN configuration to a specific computer or to a specific USB drive.
Appropriate warning message when the user is entering a wrong password for a USB Token/Smartcard or when the USB Token/Smartcard is locked.
Appropriate warning message when software activation error like quota exceeded.
More detailed information on some Software Activation errors especially those due to internal activation server errors.
Software localization in German language.
Changed string in Certificate Import Wizard.
Merged menu Help and Online support.
Impossible to open a tunnel in case an IP address has been defined as the local IP address (i.e. Phase1 > Interface) but this address does not exist in the computer.
Bugs Solved
VPN Configuration file might not be restored properly after software upgrade on some Windows configuration.
No access to a NAS shared folders depending on the NAS device. This is due to TCP checksum when IP packet is fragmented.
Phase1 LocalID value malformed when certificate uses UTF8 string syntax.
Oberthur Smartcard not recognized [ATR 3B:7B:18:00:00:00:31:C0:64:77:E9:10:00:01:90:00]. See easy way to add new USB Tokens or Smartcards by importing new ATR codes.
Unable to read certificates on some smartcards.
Incoming UDP packets larger than 1672 bytes are not handled properly and may cause blue screen.
Software startup time and VPN Configuration import time might be longer than usual when debug mode enabled on some Windows Vista configuration.
Wrong default remote address point when using VPN Configuration Wizard in peer-to-peer mode and VPN Configuration Wizard has been used before to connect to a VPN Gateway.
Losing the Pre-Shared Key as soon as user tries to import a Certificate.
Phase1 & Phase2 names could be changed only after names were cached by software.
Changing Remote LAN address multiple times might not be saved properly into the VPN Configuration file.
Command lines /Open and /Close maximize the IPSec VPN Client window even it was minimize by user. Also, command lines /Open, /Close and /stop are not working if the Connection Panel has
been opened prior to using them.
Command lines /Open and /Close not working if tunnel name contains letters in capital case.
Scripts before or after tunnel open or close might not be launched in some circumstances.
Systray popup to show tunnel progress bar taking focus over other application.
Latest zip compression format of the setup was not supported within some computer environments.
Software could not be uninstalled successfully in some cases where software is running and a tunnel is open.
A click on the systray icon would not maximize the IPSec VPN Client Connection Panel, Configuration Panel or Console windows in case they were minimized.
A tunnel is shown as open in Connection Panel when an USB Drive is plugged-in, but the tunnel is still shown as open when USB drive is un-plugged although it has been closed.
Phase 2 Remote LAN address might not be saved properly in some circumstances with multiple VPN tunnels.
Token PIN code might be asked when tunnel start opening even though no Token is plugged-in, in case Phase 1 Certificate on Token and Auto Open on Traffic have been configured.
Software crashed if the Remote Gateway field is not available in the VPN Configuration file.
Padding and IP frame total length when using some FTP commands with a web server preventing access through a WindRiver VPN Server.
Initial DNS not restored when the user closes all tunnels, quit software or reset IKE service, in case two tunnels have been configured to use alternate DNS addresses.
03-01-2015 12:26
Cyberoam Docs
43 of 78
Enhancements and bug fixes since release 4.51.001

Enhancements
PinCode management in X-Auth login/password user interface
Bugs Solved
Compatibility with ePass 2000 reading certificates
1.7.1.4. V 4.61 build 003
Introduction
This document contains the release notes for Cyberoam IPSec VPN Client version 4.61 build 003. Document includes all the features, improvement, and bug fixes from the release 4.61 build 003 to 4.52
build 001
Download Client
http://www.cyberoam.com/downloads/vpnclient/CyberoamVPNClient_Setup.exe
Windows 2000 (Workstation), WinXP 32-bit (all service packs including SP2), Windows Server 2003 32-bit, Windows Server 2008 32/64-bit, Windows Vista 32/64-bit, Windows 7 RC1 32/64-bit
Enhancements
Remove the application focus from the Vista Credential Providers window (aka GINA on W2K/WXP). User had to click on the Windows Logon password field to be able to enter it.
Bugs Solved
Credential Providers (aka GINA) not disabled after software un-installation under Windows XP in case one VPN tunnel has been enabled with the Enable before Windows Logon feature
Known issue
After exiting the Windows session without closing that session by Switch user or Lock this computer, IPSec VPN Client software does not display the opened tunnel even though they are still
open.
03-01-2015 12:26
Cyberoam Docs
44 of 78
Work around Quit and restart the software. After restart all the opened tunnel will be showed as UP
Feature
Windows 7 RC 32-bit and 64-bit support. Cyberoam IPSec VPN Client now supports Windows 2000, Windows XP 32 bit, Windows Server 2003 32 bit, Windows Server 2008 32/64 bit, Windows
Vista 32/64 bit and Windows 7 32/64 bit.
Enhancements
Remove the application focus onto the Vista Credential Providers window (aka GINA on W2K/WXP)
Following command line switches can now be used with the /pwd:xxx option: /export, /import, /exportonce, /importonce, /add, /replace.
Bugs Solved
Background color of few links in Software Activation Wizard and Connection Panel.
VPN tunnel might not open automatically when connecting using IP Range address.
Some OID (Object ID) in Certificates not supported (i.e. RFC 4519).
Transport mode access behind NAT may fail in some VPN configurations
Lost of network interface due to new 64-bit network drivers
Known Bugs
Vista Credential Providers (aka GINA) not working on Windows 64-bit.
Feature
Ability to use Certificates from the Windows Certificate Store which enables smooth integration with any PKI software supporting Windows Certificate Store. When using USB Tokens or Windows
Certificate Store, a single Certificate can be selected in case multiple ones have been pre-stored.
Vista Credential Providers (aka GINA on W2K/WXP) support to enable Windows logon via VPN tunnel or choose to logon on local machine.
Windows 7 (32-bit) Support. Cyberoam IPSec VPN Client now supports Windows 2000, Windows XP 32-bit, Windows Server 2003 32-bit, Windows Server 2008 32/64-bit, Windows Vista 32/64-bit,
Windows 7 32-bit.
Arabic, Hindi & Thai language support. Cyberoam IPSec VPN Client is now available in 19 languages: Arabic, Chinese (simplified), Dutch, English, Finnish, French, German, Greek, Hindi, Italian,
Japanese, Polish, Portuguese, Russian, Serbian, Slovenian, Spanish, Thai & Turkish.
SHA-2 algorithm support
03-01-2015 12:26
Cyberoam Docs
45 of 78
Ability to prevent software upgrade or un-installation if software usage has been protected by password.
Ability to view all the certificate details like expiration date, issued by, subject and so on.
Shortcut added to enable debug mode.
New Oberthur AuthentIC Card v220 USB Token support.
Enhancements
Significant usability improvement of the USB Mode with ability to attach a VPN configuration to a specific computer or to a specific USB drive.
Appropriate warning message when the user is entering a wrong password for a USB Token/Smartcard or when the USB Token/Smartcard is locked.
Appropriate warning message when software activation error like quota exceeded.
More detailed information on some Software Activation errors especially those due to internal activation server errors.
Software localization in German language.
Changed string in Certificate Import Wizard.
Merged menu Help and Online support.
Impossible to open a tunnel in case an IP address has been defined as the local IP address (i.e. Phase1 > Interface) but this address does not exist in the computer.
Bugs Solved
VPN Configuration file might not be restored properly after software upgrade on some Windows configuration.
No access to a NAS shared folders depending on the NAS device. This is due to TCP checksum when IP packet is fragmented.
Phase1 LocalID value malformed when certificate uses UTF8 string syntax.
Oberthur Smartcard not recognized [ATR 3B:7B:18:00:00:00:31:C0:64:77:E9:10:00:01:90:00]. See easy way to add new USB Tokens or Smartcards by importing new ATR codes.
Unable to read certificates on some smartcards.
Incoming UDP packets larger than 1672 bytes are not handled properly and may cause blue screen.
Software startup time and VPN Configuration import time might be longer than usual when debug mode enabled on some Windows Vista configuration.
Wrong default remote address point when using VPN Configuration Wizard in peer-to-peer mode and VPN Configuration Wizard has been used before to connect to a VPN Gateway.
Losing the Pre-Shared Key as soon as user tries to import a Certificate.
Phase1 & Phase2 names could be changed only after names were cached by software.
Changing Remote LAN address multiple times might not be saved properly into the VPN Configuration file.
Command lines /Open and /Close maximize the IPSec VPN Client window even it was minimize by user. Also, command lines /Open, /Close and /stop are not working if the Connection Panel has
been opened prior to using them.
Command lines /Open and /Close not working if tunnel name contains letters in capital case.
Scripts before or after tunnel open or close might not be launched in some circumstances.
Systray popup to show tunnel progress bar taking focus over other application.
Latest zip compression format of the setup was not supported within some computer environments.
Software could not be uninstalled successfully in some cases where software is running and a tunnel is open.
A click on the systray icon would not maximize the IPSec VPN Client Connection Panel, Configuration Panel or Console windows in case they were minimized.
A tunnel is shown as open in Connection Panel when an USB Drive is plugged-in, but the tunnel is still shown as open when USB drive is un-plugged although it has been closed.
Phase 2 Remote LAN address might not be saved properly in some circumstances with multiple VPN tunnels.
Token PIN code might be asked when tunnel start opening even though no Token is plugged-in, in case Phase 1 Certificate on Token and Auto Open on Traffic have been configured.
Software crashed if the Remote Gateway field is not available in the VPN Configuration file.
Padding and IP frame total length when using some FTP commands with a web server preventing access through a WindRiver VPN Server.
Initial DNS not restored when the user closes all tunnels, quit software or reset IKE service, in case two tunnels have been configured to use alternate DNS addresses.
03-01-2015 12:26
Cyberoam Docs
46 of 78

Enhancements and bug fixes since release 4.51.001
Enhancements
PinCode management in X-Auth login/password user interface
Bugs Solved
Compatibility with ePass 2000 reading certificates
1.7.1.5. V 4.51 build 001
Introduction
This document contains the release notes for Cyberoam IPSec VPN Client version 4.51 build 001. Document includes all the features, improvement, and bug fixes since release 4.x
Download Client
www.cyberoam.com/downloads/vpnclient/CyberoamVPNClient_Setup.exe
Win 2000, Win XP, Win Server 2003, Win Vista

Enhancements
To reflect the correct meaning SHA is replaced with SHA-1

Bugs Solved
"Add or Replace" option is not displayed when Configuration file is opened Explorer.
Command line "/import" is not working when importing password protected configuration.
When both primary and redundant gateways are not available, redundant Gateway does not try to check primary gateway again.
VPN Configuration lost during upgrade in some Windows configurations.
Software upgrade not working properly on some of the Windows XP computers.
Software always prompts for activation in certain circumstances.
Connection panel might not show an opened tunnel in some VPN Configurations.
03-01-2015 12:26
Cyberoam Docs
47 of 78
Client crashes in Config-Mode

Feature
Windows Server 2008 support. Cyberoam IPSec VPN Client now supports Windows 2000, Windows XP 32-bit, Windows Server 2003 32-bit, Windows Server 2008 32/64-bit, Windows Vista
32/64-bit.
Bugs Solved
No need to take configuration backup before uninstalling client.

Known Bugs
On VPN client startup, tunnel does not come up automatically i.e. check box in Phase 2 advanced is ineffective
Encrypted configuration files cannot be imported when password used for encryption is less than 3 characters.
Activation fails (auto or manual) in some rare network configuration cases.
Opening or closing a tunnel from the command line fails in some Windows environments.
BSOD when powering on a virtual machine in VMware Server 2 environment

Bugs Solved
IKE crashes on X-Auth failure
Upgrade blocked on XP OS when computer is running slowly.

Features, enhancements and bug fixes since release 4.2
Feature
Windows Vista 32-bit and 64-bit support

New Gemalto.Net Two-Factor Authentication Smart Cards certified
New Token ePass 2000 and ePass 3000 certified
Enhancements
Configurable X-Auth login/password popup window display duration
03-01-2015 12:26
Cyberoam Docs
48 of 78
Extensive help provided on how to move license to other computer on successful software activation.
Faster Save&Apply.
Confirmation popup on configuration reset.
New Publisher Certificate
Bugs Solved
Alternate DNS/WINS server addresses are not released when closing the VPN tunnel in some Windows configuration.
Restore some Windows settings like Vista IKE service and XP PolicyAgent to pre-install values after un-installation the IPSec VPN Client software.
Change the ? menu in Chinese language.
Wrong icon is displayed when VPN Configuration is created with the VPN Configuration Wizard.
Language codes in all online links are now iso-639-2code compliant.
Temporary license activation may prohibit the IPSec VPN Client software to start properly.
White icon on grey background in systray menu.
Software activation response wrongly parsed generating Activation Error Code 50.
Not possible to restart IPSec VPN Client software in user mode on Windows XP in certain circumstances after software activation.
USB drive plug in not detected in some circumstances.
Phase2 lost link to Phase1 after renaming and in multiple VPN tunnels configuration.
VPN configuration modification not reflected when switching back and forth to USB mode with specific USB drivers
Certificate subject truncated to 124 char.
Phase1 unstable when using Neusoft VPN Gateways.
Display errors in remaining evaluation days in Chinese
Display errors in the Italian DLL
X-Auth password window title displayed the wrong name for Phase 1

Feature
IPV4 Subnet management with Config Mode

Enhancements
IPv4 subnet and subnet mask is now handled by the IPSec VPN Client software when sent by the remote gateway in Config Mode exchange
Reduce Activation Error 50 frequency
The IPSec VPN Client software switches immediately to the second gateway as soon as the DPD (Dead Peer Detection) detects the first gateway as idle.
Bugs Solved
Improper management of Non-latin character paths

Redundant Gateway switchover time. Now switch over will be immediate
Removed dependency of booting twice after installation
03-01-2015 12:26
Cyberoam Docs
49 of 78
Ike crash when debug is on

Compatibility problems with Windows server 2003
Error of the number of rest days in the Evaluation window in Chinese version
Driver mismatch when client is installed on Windows Vista
Known Bugs
String display error in the evaluation window for the Chinese release

Features

Enhancements

Bugs Solved

Redudant Gateway switchover time. Now switch over will be immediate

Features and bug fixes since release 4.20.005
Features
New Console button and GUI menu for restarting IKE service
Bugs Solved
Release number correctly managed during the activation process

Customized bitmaps correctly resized depending on the localization
Correct management of the "open/close tunnel" button on reset IKE
03-01-2015 12:26
Cyberoam Docs
50 of 78

Bugs Solved
Update check not working

Bugs Solved
Replace Serbian with Serbian Latin

Certificates management on Chinese localization

Bugs Solved
Phase 2 'open/close tunnel' button not working properly

Improper management of ANSI/UNICODE characters

Bugs Solved
Setup version problems solved

If activation process results in "Unspecified error", activation window goes blank
Improper management of Vista drivers

Features
Automatic Activation reset on upgrade or software un-installation

Configuration of X-Auth popup appearance time enabled in VPN Configuration file. Default time changedto 60 sec.
Full Unicode software enables Chinese (simplified Chinese) and Japanese localization
03-01-2015 12:26
Cyberoam Docs
51 of 78
Support to additional 9 languages. TheGreenBow IPSec VPN Client is now available in 16 languages. New localizations for TheGreenBow IPSec VPN Client include: English, French, Portuguese,
Spanish, Italian, Dutch, German, Polish, Slovenian, Serbian, Greek, Turkish, Russian, Chinese (simplified), Japanese and Finnish
Automatic creation of the appropriate rules in the Vista Firewall for enabling IPSec VPN tunnels
Ability to access a remote LAN from a local network with same IP address schema
Specify preferred Installation language through a setup command line
Enhancements
Use of standard PFS / Diffie-Hellman terminology

New installation software. This new software installation enables Unicode installation, and improves the upgrade process with only one reboot. Setup is easier with no more setup summary dialog. It
also allows to reduce software setup size by half.
IKE credential disclosure vulnerability fixed
Improvisations in Spanish localization
VPN Configurations are signed to maintain content integrity. Integrity check added during VPN Configuration import and export process.
Required support page will be opened automatically on some activation errors
Switch process between connection panel and configuration panel is made easy
Better management of DNS/WINS server address when static (not assigned by DHCP server)
Application icon is improved to reflect the correct meaning
Bugs Solved
At the time of activation, it was not possible to copy and paste the license number in the Activation dialog
Systray popup takes focus
Improper Certificates management issues are solved
It was not possible to take backup of VPN Configuration at the time of software upgrade
Erratic GUI crashes due to token manipulation
Activation code was not saved after quitting from the Activation process after upgrade
Miscellaneous registry key and values fixes

Bugs Solved
Error in OEM names

Features
Activate VPN Client in User mode
03-01-2015 12:26
Cyberoam Docs
52 of 78
Enhancements
Update the default display time of X-Auth login/password window

Bugs Solved
IKE credential disclosure vulnerability solved

Drivers crashes when X-Auth windows are not completed
Drivers crash. The exact configuration parameter that triggers this situation is not known.

Bugs Solved
Setup custom settings are correctly managed now.
1.7.1.6. V 4.20 build 009
Introduction
This document contains the release notes for Cyberoam IPSec VPN Client version 4.20 build 009. Document includes all the features, improvement, and bug fixes since release 10.010
Download Client
Win 2000, Win XP, Win Server 2003, Win Vista

Features

Enhancements
03-01-2015 12:26
Cyberoam Docs
53 of 78

Bugs Solved

Redudant Gateway switchover time. Now switch over will be immediate

Features and bug fixes since release 4.20.005
Features
New Console button and GUI menu for restarting IKE service
Bugs Solved
Release number correctly managed during the activation process

Customized bitmaps correctly resized depending on the localization
Correct management of the "open/close tunnel" button on reset IKE

Bugs Solved
Update check not working

Bugs Solved
Replace Serbian with Serbian Latin

Certificates management on Chinese localization

03-01-2015 12:26
Cyberoam Docs
54 of 78
Bugs Solved
Phase 2 'open/close tunnel' button not working properly

Improper management of ANSI/UNICODE characters

Bugs Solved
Setup version problems solved

If activation process results in "Unspecified error", activation window goes blank
Improper management of Vista drivers

Features
Automatic Activation reset on upgrade or software un-installation

Configuration of X-Auth popup appearance time enabled in VPN Configuration file. Default time changedto 60 sec.
Full Unicode software enables Chinese (simplified Chinese) and Japanese localization
Support to additional 9 languages. TheGreenBow IPSec VPN Client is now available in 16 languages. New localizations for TheGreenBow IPSec VPN Client include: English, French, Portuguese,
Spanish, Italian, Dutch, German, Polish, Slovenian, Serbian, Greek, Turkish, Russian, Chinese (simplified), Japanese and Finnish
Automatic creation of the appropriate rules in the Vista Firewall for enabling IPSec VPN tunnels
Ability to access a remote LAN from a local network with same IP address schema
Specify preferred Installation language through a setup command line
Enhancements
Use of standard PFS / Diffie-Hellman terminology

New installation software. This new software installation enables Unicode installation, and improves the upgrade process with only one reboot. Setup is easier with no more setup summary dialog. It
also allows to reduce software setup size by half.
IKE credential disclosure vulnerability fixed
Improvisations in Spanish localization
VPN Configurations are signed to maintain content integrity. Integrity check added during VPN Configuration import and export process.
Required support page will be opened automatically on some activation errors
Switch process between connection panel and configuration panel is made easy
Better management of DNS/WINS server address when static (not assigned by DHCP server)
Application icon is improved to reflect the correct meaning
Bugs Solved
03-01-2015 12:26
Cyberoam Docs
55 of 78
At the time of activation, it was not possible to copy and paste the license number in the Activation dialog
Systray popup takes focus
Improper Certificates management issues are solved
It was not possible to take backup of VPN Configuration at the time of software upgrade
Erratic GUI crashes due to token manipulation
Activation code was not saved after quitting from the Activation process after upgrade
Miscellaneous registry key and values fixes

Bugs Solved
Error in OEM names

Features
Activate VPN Client in User mode

Enhancements
Update the default display time of X-Auth login/password window

Bugs Solved
IKE credential disclosure vulnerability solved

Drivers crashes when X-Auth windows are not completed

Bugs Solved
Setup custom settings are correctly managed now.
1.7.2. Guides
03-01-2015 12:26
Cyberoam Docs
56 of 78
1.7.2.1. V 4.10 build 003

1.7.2.2. V 3.12. build 002
1.7.3. Archives
1.7.3.1. Release Notes
1.7.3.1.1. V 4.10 build 010
Download Client
Win 2000, Win XP,Win Server 2003, Win Vista
Introduction

Bugs Solved
Drivers crash under certain circumstances
At the time of establishing tunnel, silent activation is launched unexpectedly

Features
Path MTU discovery is supported to negotiate MTU size with the Network. This will optimize traffic.
Compatible with Aladdin eToken: JC1.0b, M4.20, M4.20b, T1 16k, T1 32k for token based authentication
Enhancements
03-01-2015 12:26
Cyberoam Docs
57 of 78
White Spaces enclosed in double-quotes can be included in the path configured in Phase 2 Scripts window.
Bugs Solved
Import VPN Connection always imported Block non ciphered connection
IKE module crash (Vista only)
Manual activation failed depending on the user rights (Vista only)
Tunnels with Certificate did not open under certain circumstances (Vista only)

Bugs solved
VPN GUI crashes upon activation of a temporary License number.

Features
Support of RFC 3947 (NAT-T)
Enhancements
New driver release to improve stability (Vista only)
Better handling of access rights resulting in a quicker start of the IPSec VPN Client
Bugs Solved
Configuration is correctly imported from wizard (Vista only).

Features and enhancements since release 4.10.004
Features
03-01-2015 12:26
Cyberoam Docs
58 of 78
Setup extraction with /extract:[Vista|XP] command line parameter. This is specifically required for silent installation.
Enhancements
Command line parameters not working in some circumstances (Vista only)

Bug Solved
Missing registry Key ObjectName under Windows 2000
IPSec VPN Client not started under Windows 2000
TgbIke Starter service description added for Windows Service Manager

Bugs Solved
The VPN Configuration is correctly kept during an upgrade (Vista only)
The command line option of the software are correctly managed (Vista only)
Import and export functions open a correct User Folder rather than a "system" folder (Vista only)

Feature, enhancement, and bug fixes since release 4.04.011
Features
Cyberoam IPSec VPN Client 4.1 is Vista compatible (32 bits only)
A new systray popup window appears when a tunnel is opening or closing. This systray popup window shows the tunnel opening progress, and the warnings on tunnel opening errors
A whole VPN Configuration can be added to the current VPN Configuration, via either a drag & drop operation, or the Import File menu within the Configuration Panel
A tunnel can be opened and closed through new command lines (option "/open", "/close")
A VPN Configuration can be added to the current VPN Configuration through a new command line (option "/add").
In the contextual menu associated with the "Configuration" item of the VPN tree, a menu enables to clear the VPN Configuration
Tunnels can be imported and exported separately. This feature enables to configure several tunnels (Phase1/Phase2) in a single VPN Configuration, then to export (and deploy) each tunnel
03-01-2015 12:26
Cyberoam Docs
59 of 78
separately to the relevant user or user group.

More USB Tokens and Smartcards are supported: Aladdin eToken PRO, Safenet iKey1000, ActivCard, etc...
Optional management of ASN1 teletext description of the Certificates subjects
The Phase 2 tree icon shows whether the tunnel will open on traffic detection or not.
Standard Vista User (non powered) can use Cyberoam IPSec Client.
Enhancement
The Hotkeys are modified in Ctrl+Enter (switch back and forth between the Configuration Panel and the Connection Panel), Ctrl+S (Save and Apply) and Ctrl+D (Open the Console Window)
The VPN Console is simplified with a unique log level to make easier VPN connection error debugging
Script commands on opening/closing tunnels now accept parameters
Automatically disable Microsoft IKE and AuthIP IPSec Keying Modules service
Redundant Gateway assumes infinite switch between gateway and redundant gateway
Bugs Solved
The license number remains during a software upgrade
DNS and WINS server addresses are restored on hibernate
The log files use a system hour and date for time stamping
IKE "floating point" crashes due to log dump are fixed
Crashes on Xauth popup are fixed
BSOD with Intel Wireless 3945 chipsets are fixed
BSOD with Realtek 8139 chipsets fixed
Document Version 1.0-02/03/2008
1.7.3.1.2. V 4.10 build 007


Introduction

Features
Support of RFC 3947 (NAT-T)
03-01-2015 12:26
Cyberoam Docs
60 of 78
Enhancements
New driver release to improve stability (Vista only)
Better handling of access rights resulting in a quicker start of the IPSec VPN Client
Bugs Solved
Configuration is correctly imported from wizard (Vista only).

Features and enhancements since release 4.10.004
Features
Setup extraction with /extract:[Vista|XP] command line parameter. This is specifically required for silent installation.
Enhancements
Command line parameters not working in some circumstances (Vista only)

Bug Solved
Missing registry Key ObjectName under Windows 2000
IPSec VPN Client not started under Windows 2000
TgbIke Starter service description added for Windows Service Manager
03-01-2015 12:26
Cyberoam Docs
61 of 78

Bugs Solved

Features
A new systray popup window appears when a tunnel is opening or closing. This systray popup
window shows the tunnel opening progress, and the warnings on tunnel opening errors
Tunnels can be imported and exported separately. This feature enables to configure several tunnels (Phase1/Phase2) in a single VPN Configuration, then to export (and deploy) each tunnel separately to the
relevant user or user group.
Enhancement
03-01-2015 12:26
Cyberoam Docs
62 of 78
Bugs Solved

Bugs Solved
No crash on X-Auth Popup

Bugs Solved
During an upgrade, the product version is correctly managed and the VPN Configuration is automatically backuped

Enhancement and bug fixes since release 4.04.005
Enhancement
Generic SmartCard support Improvment
SmartCard ActivCard now supported
03-01-2015 12:26
Cyberoam Docs
63 of 78
Bugs Solved
SmartCard iKey 1000 correctly managed

Enhancement
The hotkeys used by the software are more compliant with the Windows standards: 'Ctrl+S' for save, 'Ctrl+Enter' for toggling between the Configuration Panel and the Connection Panel, and 'Ctrl+D' for the
console
Bugs Solved
The system time is used for log files

Enhancement since release 4.03.101
Enhancement
iToken Pro smartcard supported
iKey 1000 smartcard supported

Feature
Parameters are allowed in the scripts run when tunnel opens or closes
03-01-2015 12:26
Cyberoam Docs
64 of 78
Enhancement
console
Bugs Solved
The DNS/WINS addresses are restored on hibernate
The License number is correctly backuped and restored during an upgrade

Feature and Enhancement since release 4.01.000
Feature
Gemplus smartcard support available
ASN 1 Certificate description
Enhancement
The concept of Active/Inactive Phase (which is the same as 'automatically open a tunnel on trafic detection') is shown in the GUI by a new Phase2 icon rather by the old Phase1 'checked' icon
ConfigMode traces improvement

Feature and Bug fixes since release 4.01.000
Feature
Scripts can be run when a tunnel just opened, before it is closed and after it is closed
Bug fixes
No IKE crash due to change of IP address
03-01-2015 12:26
Cyberoam Docs
65 of 78

Enhancement
Fragmented IP packets management

Enhancement
Standard portuguese finalized
Bug fixes
GUI crashed in some circumstances when closing tunnel

Features, enhancement, and bug fixes since release 3.12
Features
A new Connection Panel makes the GUI even easier for users. Switches between the Configuration Panel and the Connection Panel is easy as the shortcut key "Ctrl+P", but can be easily restricted by IT
managers (the users are only allowed to use the Connection Panel, in order to avoid misusing of the software). The Connection Panel shows in real-time a tunnel while it opens. It even identifies the
IKE/IPSec steps with a "fragmented" progress bar. Most of all, the Connection Panel implements a popup help for troubles, which dramatically improves the accuracy of diagnostic
A tunnel can be opened via a double-click on a VPN configuration (e.g. shortcut icon on the desktop)
VPN configuration file drag and drop onto the Configuration Panel or Connection Panel automatically imports the configuration and enables it
Scripts or applications can be configured before and after opening or closing a tunnel.
The Configuration Panel may be protected with password, to avoid misuse of VPN configuration by end-users
03-01-2015 12:26
Cyberoam Docs
66 of 78
IT Managers can pre-configure the access control to the Configuration Panel via a new set of Setup Options
Shortcut keys to access main features (Save&Apply, Console, toggle Configuration/Connection Panel)
Certificates can be imported from several media: USB Stick, SmartCards, Tokens
Import of PKCS#12 Certificates from Configuration Panel. This feature obsoletes the use of the conversion tool from PKCS#12 to PEM format
The 'Import Certificates...' window now displays the subjects of the imported Certificates, even if they are on a Token (e.g. Smart Card)
Certificate subject is automatically selected for 'Local ID' in Phase 1
Support of Aladdin tokens i.e. new ATR supported
The Hybrid-Mode is fully supported (RFC: draft-ietf-ipsec-isakmp-hybrid-auth-05.txt)
The Config-Mode is fully supported
Enhancement
Better usability in the 'Import certificates...' window
Messages are displayed in default language i.e. English, if not available in the language dll, this is especially useful for local version
Better management of the Console Window, for background/foreground display
More Kaspersky product release supported
Bug fixes
Correct custom bitmap loaded on light user Interface
Retrieving configuration when updating to Custom client version
Compatibility of X-Auth parameters with old IPSec VPN Client software release
DNS IP server not always removed when closing a tunnel
In some conditions, when Phase 2 fails, IKE service crash
No answer to an IKE CERT_REQ message in Aggressive and Main modes
Management of DPD (retries and crash in some conditions)
Improvement of the certificate management during the IKE Service Initialization phase
GUI memory leak
Crash due to ActiveSync
1.7.3.1.3. V 4.10 build 003

03-01-2015 12:26
Cyberoam Docs
67 of 78

Introduction

Bugs Solved

Features
A new systray popup window appears when a tunnel is opening or closing. This systray popup
window shows the tunnel opening progress, and the warnings on tunnel opening errors
Tunnels can be imported and exported separately. This feature enables to configure several tunnels (Phase1/Phase2) in a single VPN Configuration, then to export (and deploy) each tunnel separately to the
relevant user or user group.
03-01-2015 12:26
Cyberoam Docs
68 of 78
Enhancement
Bugs Solved

Bugs Solved
No crash on X-Auth Popup

Bugs Solved
During an upgrade, the product version is correctly managed and the VPN Configuration is automatically backuped
03-01-2015 12:26
Cyberoam Docs
69 of 78

Enhancement
Generic SmartCard support Improvment
SmartCard ActivCard now supported
Bugs Solved
SmartCard iKey 1000 correctly managed

Enhancement
console
Bugs Solved
The system time is used for log files

Enhancement
iToken Pro smartcard supported
iKey 1000 smartcard supported
03-01-2015 12:26
Cyberoam Docs
70 of 78

Feature
Parameters are allowed in the scripts run when tunnel opens or closes
Enhancement
console
Bugs Solved
The DNS/WINS addresses are restored on hibernate

Feature and Enhancement since release 4.01.000
Feature
Gemplus smartcard support available
ASN 1 Certificate description
Enhancement
The concept of Active/Inactive Phase (which is the same as 'automatically open a tunnel on trafic detection') is shown in the GUI by a new Phase2 icon rather by the old Phase1 'checked' icon
ConfigMode traces improvement

Feature and Bug fixes since release 4.01.000
03-01-2015 12:26
Cyberoam Docs
71 of 78
Feature
Scripts can be run when a tunnel just opened, before it is closed and after it is closed
Bug fixes
No IKE crash due to change of IP address

Enhancement
Fragmented IP packets management

Enhancement
Standard portuguese finalized
Bug fixes
GUI crashed in some circumstances when closing tunnel

Features, enhancement, and bug fixes since release 3.12
Features
03-01-2015 12:26
Cyberoam Docs
72 of 78
A new Connection Panel makes the GUI even easier for users. Switches between the Configuration Panel and the Connection Panel is easy as the shortcut key "Ctrl+P", but can be easily restricted by IT
managers (the users are only allowed to use the Connection Panel, in order to avoid misusing of the software). The Connection Panel shows in real-time a tunnel while it opens. It even identifies the
IKE/IPSec steps with a "fragmented" progress bar. Most of all, the Connection Panel implements a popup help for troubles, which dramatically improves the accuracy of diagnostic
A tunnel can be opened via a double-click on a VPN configuration (e.g. shortcut icon on the desktop)
VPN configuration file drag and drop onto the Configuration Panel or Connection Panel automatically imports the configuration and enables it
Scripts or applications can be configured before and after opening or closing a tunnel.
The Configuration Panel may be protected with password, to avoid misuse of VPN configuration by end-users
IT Managers can pre-configure the access control to the Configuration Panel via a new set of Setup Options
Shortcut keys to access main features (Save&Apply, Console, toggle Configuration/Connection Panel)
Certificates can be imported from several media: USB Stick, SmartCards, Tokens
Import of PKCS#12 Certificates from Configuration Panel. This feature obsoletes the use of the conversion tool from PKCS#12 to PEM format
The 'Import Certificates...' window now displays the subjects of the imported Certificates, even if they are on a Token (e.g. Smart Card)
Certificate subject is automatically selected for 'Local ID' in Phase 1
Support of Aladdin tokens i.e. new ATR supported
The Hybrid-Mode is fully supported (RFC: draft-ietf-ipsec-isakmp-hybrid-auth-05.txt)
The Config-Mode is fully supported
Enhancement
Better usability in the 'Import certificates...' window
Messages are displayed in default language i.e. English, if not available in the language dll, this is especially useful for local version
Better management of the Console Window, for background/foreground display
More Kaspersky product release supported
Bug fixes
Correct custom bitmap loaded on light user Interface
Retrieving configuration when updating to Custom client version
Compatibility of X-Auth parameters with old IPSec VPN Client software release
DNS IP server not always removed when closing a tunnel
In some conditions, when Phase 2 fails, IKE service crash
No answer to an IKE CERT_REQ message in Aggressive and Main modes
Management of DPD (retries and crash in some conditions)
Improvement of the certificate management during the IKE Service Initialization phase
03-01-2015 12:26
Cyberoam Docs
73 of 78
GUI memory leak
Crash due to ActiveSync
1.7.3.1.4. V 3.12 build 002

Product Release Information
Product: Cyberoam IPSec VPN Client

Release Number: 3.12 build 002
Customer Support: For more information or support, please visit our www.cyberoam.com or email at support@cyberoam.com
Important note
Re-activation of Client is required after upgrading
New Feature
VPN Configuration is saved and restored after an upgrade
Enhancement
Login and password of the X-Auth popup are now validated
To allow managing VPN Client through a Remote Desktop(RDP) connection, the communication mode between IKE and the GUI is enhanced
Management of the timers is enhanced to avoid IKE crashes
Bug fixes
Kaspersky Anti-Virus was not compatible with VPN Client
IKE crashes on time-out
Configuration Wizard not displayed after an upgrade
For configuring X-Auth, it was required to enable "Automatically open VPN tunnel on traffic detection" in Phase 2
The /Importonce, /export or /exportonce command line options did not start the IKE.
Incorrect Certificates imported from a ".tgb" VPN configuration file
03-01-2015 12:26
Cyberoam Docs
74 of 78
Document version-1.0-312002/12/102006
1.8. SSL VPN Client

1.8.1.1. V 1.3.0.5, V 1.3.0.9
Release Dates
Version 1.3.0.5 26 May, 2014
Version 1.3.0.9 25 June, 2014
Release Information
Installation / Upgrade procedure
Version 1.3.0.5
Cyberoam has released an SSL VPN Client Version 1.3.0.5 for Windows 8 OS, which is compatible with previous Windows operating systems as well.
Click here to download the client. Please note that this client is available for download from Cyberoam website only.
For installation and configuration instructions, refer to the Installation and Configuration Guide for the client. Click here to download the guide.
Cyberoam SSL VPN Client also works when the Run in Compatibility Mode option is enabled on the following operating systems:
Operating System
Windows 8 (32 bit)
Windows 8.1 (64 bit)
Windows Server 2012 Standard
Edition
Compatibility Mode
Windows XP SP3, Windows 7
Version 1.3.0.9
SSL VPN Client Version 1.3.0.9 is compatible with all Windows operating systems
Administrative permission is required for installation
1. Download SSL VPN Client installer Version 1.3.0.9 from: http://www.cyberoam.com/cyberoamclients.html.
2. Double-click the downloaded SSL VPN installer and follow the on-screen steps. For detailed installation and configuration instructions,
refer to the Installation and Configuration Guide.
03-01-2015 12:26
Cyberoam Docs
75 of 78
Revision History
Sr. No.
Old Revision
Number
New Revision
Number
1.0 - 26/05/2014
1.1 - 25/06/2014
Reference
Section
Revision Details
Enhancement for Version 1.3.0.9 added
Introduction
This document contains the release notes for Cyberoam SSL VPN Client Version 1.3.0.5 and Version 1.3.0.9. The following sections describe the release in detail.
Enhancements
1. Increased character limit for Username and Password
From this version, Cyberoam SSL VPN Client supports up to Fifty (50) characters for the Username and Password fields.
To use password as an effective authentication mechanism, it is necessary that username and password are strong enough to reduce the risk of
a security breach. With the increased character limit, an Administrator can enforce a greater username and password length making it difficult for
an attacker to guess the login credentials.
1.8.1.2. V 1.0
Release Dates
Version 1.0.1 2nd October, 2009
Version 1.0.0 30th April, 2009
03-01-2015 12:26
Cyberoam Docs
76 of 78
Release Information
Release type: GA
Cyberoam Compatible versions:
V 1.0 build 1 Cyberoam Version 9.6.0 build 60 onwards
V 1.1 build 0 Cyberoam Version 9.6.0 build 16 and build 34
Upgrade Information
Upgrade type: Manual upgrade
Installation/Upgrade procedure(V 1.0 build 1 onwards)
1.
2.
3.
Uninstall the existing SSL VPN Client, if installed.

Access SSL VPN User Portal Browse to https://<WAN IP address of Cyberoam:port>
Click Download Bundled SSL VPN Client to download and install the client. Refer to SSL VPN Client Installation
Guide V 1.0.1 for details.
Installation procedure(V 1.0 build 0)

1.
2.
3.
4.
5.
6.
Access SSL VPN User Portal Browse to https://<WAN IP address of Cyberoam:port>

Click Download SSL VPN Client to download the client.
Run SSL VPN Client Installer and install the client.
Click Download SSL VPN Client Configuration to download the client configuration.
For more details on installation, refer to SSL VPN Client Installation Guide V 1.0.0
For more details on configuration, refer to SSL VPN Client Administration Guide V 1.0.0
Compatible Operating Systems

Microsoft
Microsoft
Microsoft
Microsoft
Windows 2000 Professional

Windows XP including SP2 and SP3 (both 32-bit and 64-bit)
Windows Server 2008 including SP2 (both 32-bit and 64-bit )
Windows Vista including SP1 and SP2 (both 32-bit and 64-bit)
Introduction
The Cyberoam VPN feature is extended to include SSL VPN functionality within Cyberoam to provide secure access for the remote users. SSL VPN delivers a set of features and benefits that makes it
easier to use and also control the access to the Corporate network from anywhere, anytime.
Cyberoam SSL VPN is completely location independent as it supports road warrior tunneling and it also offers granular access policies for better security. Refer to Cyberoam Release Notes v 9.6 for more
details.
SSL VPN client is used for establishing remote connections in full access mode. A remote user having an internet connection can download and install SSL VPN Client. Once the client is installed, an
03-01-2015 12:26
Cyberoam Docs
77 of 78
encrypted tunnel can be established for secure access to Corporate network on providing user credentials.
This document contains the release notes for Cyberoam SSL VPN Client version 1.0 build 1. Document includes all the features and enhancements from the release 1.0 build 0 to 1.0 build 1.
Features and Enhancements

Build 1
1.
Bundled Client Installer

Installation process has been optimized as a single step process. It is not required to import the configuration separately, as it is now a part of the installation itself. This makes installation and re-installation
of SSL VPN client easier.
The Client Configuration download feature is available separately but Configuration can be downloaded and imported only when the server settings are changed. In this situation, the whole bundled installer
may not be downloaded.
The installer is available as Bundled SSL VPN Client from SSL VPN End User Portal under Full Access mode.
2.
HTTP/SOCKS Proxy support for Clients

SSL VPN Client has added support of HTTP or SOCKS proxy for those remote users who are not able to access the Internet directly. The users can configure HTTP or SOCKS proxy server to access the
network behind the Cyberoam.
Proxy can be configured from the SSL VPN Clients Proxy Settings menu.
By default, proxy is not enabled but one can use proxy configured in the Browser Internet Explorer or can configure manually.
3.
User based Certificate Support for Authentication

The current feature of authenticating all the users through single System wide certificate is extended one step further to provide an option of authenticating through individual user certificates. These
certificates not only provide granular control in Certificate management but also create a user identity which can be used beyond SSL VPN implementation.
This feature can be configured by the administrator from Web Admin Console of Cyberoam appliance.
Build 0
1.
Tunnel Establishment over TCP/UDP protocol

SSL VPN tunnel can be established over TCP or UDP protocol as per the SSL VPN Global Settings page in Cyberoam. Better performance can be achieved by establishing tunnel over UDP protocol while
better security can be achieved over TCP protocol.
2.
Certificate based Authentication

SSL VPN client provides authentication based on SSL Client Certificates. The selected certificate is bundled with client installer and downloaded when the client is installed. This is a common certificate for
authentication to all the SSL VPN users. The unique combination of Username/Password and certificates is used for authentication.
Existing certificates can be selected and new certificates can be generated by the administrator from Web Admin Console of Cyberoam appliance.
03-01-2015 12:26
Cyberoam Docs
78 of 78
3.
Support to Import Configuration

SSL VPN Client provides the feature to import the bundled client configuration. It is necessary to import the configuration to establish a SSL VPN connection. The configuration also includes SSL Client
Certificate that ensures secure access.
SSL VPN Client configuration can be downloaded from the SSL VPN End User Portal under Full Access mode and imported from the SSL VPN Clients Import Configuration menu.
1.8.2. Guides
1.8.2.1. V 1.3.0.9
1.8.2.2. V 1.3.0.5
1.8.2.3. V 1.0.1
1.8.2.3.1. Cyberoam Version X
1.8.2.3.2. Cyberoam V 9.x
1.8.2.4. V 1.0.0
03-01-2015 12:26

Cyberoam Docs

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Cyberoam Docs

Enviado por

Direitos autorais:

Formatos disponíveis

Cyberoam Docs

1.1.1.2. Cyberoam Android Client Version 1.3

Download the installer of Cyberoams Client for Android OS from:

1.2. SSO - Single Sign On

Compatible Cyberoam Version

2. Remove SSO, if you have already installed the previous version.

1.3. OS Compatibility Matrix

1.4. CATC - Cyberoam Authentication for Thin Client

Compatible Cyberoam Version

2. General Settings Tab Enhancements

3. Exclusion Lists Tab Enhancements

4. About Tab Enhancements

Compatible Cyberoam Version

Windows 2000 Server with Service pack 4

2. Windows 2003 Server 32bit

7. Windows 2003 server with Citrix configured.

Version 2.1.2.5 28th July, 2014

Machine 2 (CTAS Installation Type)

SSO Suite (Agent values will be Sync)

SSO Suite (Collector values will be Sync)

b. Configuration Synchronization and its Logging

Administrative permission is required for installation.

Providing a high availability of collectors and agents.

Minimizing authentication delay due to AD Server failure.

Installed on every domain controller.

To add a collector in new group.

To add a collector in an existing collector group.

Windows 2003 Server 32 bit

4. Windows 2008 Server R2 Standard/Enterprise 64 bit Environment as domain

Uninstall CTAS, if you have already installed the previous version.

Single Installer for English and Non-English versions of OS

Support of Exclusion List for User Login

Support of IP based Exclusion List for User Logoff

Login request redirection based on Subnet mask

Add Cyberoam appliance IP address

Option to update Administrator credentials

Old Revision Number

New Revision Number

Access information for the About tab

Windows XP with all the Service packages

Version 5.51 Build 001

Version 5.02 Build 001

Version 5.01 Build 001

Version 5.00 Build 023

Version 4.71 Build 001

Added support for Windows 8

IPSec VPN Client Release Notes

IPSec VPN Client 5.51 Build 001

Support for Windows 8 32/64-bit added.

IPSec VPN Client 5.02 Build 001

Version tgbgina.dllnot foundon the 'about' window.

IPSec VPN Client 5.01 Build 001

Activation Wizard in help menu cannot be disabled after software activation.

IPSec VPN Client 5.00 Build 023

Automatically sort VPN tunnels by name.

Displays virtual IP Address sent by gateway when "Mode-Config" feature is set.

Add "Purchase licenses online" link under helpmenu.

New setup option --reboot=1 to reboot automatically after silent installation.

No administrative previledge dependency to activate IPSec VPN Client software.

Single field to enter the license number up to 24 digits long.

Windows XP doesn not accept a 20 digit license number.

IPSec VPN Client 4.71 Build 001

1.7.1.2. V 4.70 build 001

Latest NetGear VPN Routers Mode-Config support.