Escolar Documentos
Profissional Documentos
Cultura Documentos
Release Notes
Table of Contents
Introduction ....................................................................................................................... 3
Features ............................................................................................................................. 4
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
Open Issues..................................................................................................................... 13
1.
2.
General Information...................................................................................................................... 14
Introduction
This release notes document describes the features introduced and issues fixed in Cyberoam SSL
VPN v3.5.0.5.
Installing Cyberoam SSL VPN v3.5
Cyberoam SSL VPN v3.5 is available as an integrated installer in form of an ISO that can be
burned on a CD/DVD ROM.
The Cyberoam SSL integrated installer includes OS as well as the VPN software image. The
installer is available in form of an ISO, which is made available on bootable CD-ROM or can be
downloaded from Cyberoam website (www.cyberoam.com).
Please refer product documentations for detailed instructions.
Cyberoam SSL VPN can be installed on a virtualization platform or any custom hardware that is
compliant to run any Linux distribution.
Prerequisites
Cyberoam SSL VPN can be installed on a virtualization platform or any custom hardware, which is
compliant to run any Linux distribution.
Features
1. Improved Management Console Interface
The VPN management console GUI is simplified and improved now. The left navigation tree has a
new organization with more logical grouping of configuration screens.
6. Block Groups
Administrator can specify a list of native/local groups that are not allowed to login into the VPN
gateway. This feature can be used when the external authentication server cannot provide any role
information and VPN local groups need to be used to put users into particular roles. In that case,
specific local groups can be blocked to login into VPN.
Production license
A newly installed VPN gateway can be started in system default license which is valid for 5
concurrent users for 30 days. Alternatively, administrator can choose to put a license key at the
time of pre-boot stage. A license key can be added from management console after the VPN is
configured.
To get a license key, administrator must send the product key displayed on management console
to sales@cyberoam.com. The new license key will be valid only for the hardware from which
product key was taken. The new license can enable endpoint security feature on the appliance.
The VPN gateway will send notification emails to all registered security officers and administrators
before 5 days and 2 days from expiry of the license. The VPN gateway will send a last notification
email 24 hours before expiry of the license.
Local Groups
Applications
Application Groups
Access Control
Authentication servers
VPN Domain
Device Profiles
This backup does not include any certificate and system information hence is portable across
various VPN gateways located at difference locations.
Full System Backup:
This backup exports everything including the certificates related configuration. This backup is
useful to rebuild a whole system by reinstalling the firmware and then restoring it to the last
backed-up state again.
This backup includes following information:
User certificates
It is important to make sure the hostname of the system should be set to same as what it was
when the backup was taken from the system. If the hostname is different, an error will be prompted
to the administrator. It will also give the name of the expected hostname.
This backup type can be used to restore a whole system.
In both cases, VPN must be in configuration state and the VPN services will restart after restore
process is over.
A Device profile cannot be added unless a Host scan policy is already present.
A Mandatory Device Profile cannot be created unless at least one more device profile exists.
A Quarantine Device Profile cannot be created unless at least one more device profile exists.
26. New Endpoint Security Policy Types for MAC ID and IP Address
New endpoint policies are added for MAC ID and IP address checks. Admin can upload a list of
MAC ID/IP addresses that can enforced for the connecting device as part of endpoint security host
scanning checks. Application access control can be then employed based on the result of the
checks.
It is now possible to control logon access or application access based on the identity of the
machine by matching the machine against the pre-known MAC ID and IP Addresses. Admin can
define the known good MAC Addresses and/or IP addresses or define known bad MAC
Addresses and/or IP addresses. When the user tries to login from a specific machine into VPN, the
MAC ID of the active network adaptor and the public IP address of the user are evaluated by the
VPN gateway against the MAC Address/IP Address policies. Optionally when set, VPN gateway
can pass or fail a policy if any of the MAC Address (MAC address of other interfaces on users
machine) or IP address matches the list specified by administrator in VPN configuration. This
makes sure that same policy gets enforced on the end user machine irrespective of whether the
end user connects using wireless network or wired network.
Internet Cache
Cookies
Browsing History
Typed URLs
It is also possible to block the clipboard function so that user cannot perform any cut-copy-paste
operation.
Create applications
Assign endpoint security policies and add applications to endpoint security zones
Note: Endpoint security needs to be enabled from Server Configuration -> Endpoint Security
page. By default endpoint security is disabled.
Endpoint Security Product Definition Update
Cyberoam SSL VPN endpoint security definitions are updated in real time every hour. Cyberoam
SSL VPN gateway is configured to check for product updates every hour from site
www.oesismonitor.com over a HTTPS connection.
Note: On a freshly installed gateway, there are no product definitions available. Cyberoam SSL
VPN should have access to Internet to update the definitions. The definitions are updated on every
reboot and then every hour. If there are no definitions present, the product up to date checks are
considered successful.
Reporting
The endpoint security zone to which the endpoint belongs is logged in the user logs.
Users can see the zone name on the VPN status window.
Remediation
In this version, user is reported about the policies they need to remediate to get more access. The
details are displayed on the browser.
If the endpoint fails to fall into any security zone or falls into quarantine zone, the remediation
information is displayed automatically. Alternatively, user can see the remediation information from
the system tray menu item Show Remediation Info. If the endpoint does not need to remediate
any policies, the menu item is disabled.
Configuration Example:
Use Case: Endpoint running any Antivirus product and firewall product is allowed to login and
should be allowed all applications. The Antivirus must be latest, updated and real time protection
must be ON. Firewall must be turned ON. Any endpoint failing these checks should be put in
quarantine zone and should be given only web email access.
Configuration Steps:
Add the two policies Check for Antivirus and Check for Firewall
Make sure endpoint security is turned ON on page Server Configuration -> Endpoint
Security
This client does not support name resolution and DNS resolution. Hence all applications must
be accessed using IP address.
For web based applications to work through Vista client, the URL must be added as trusted
site in internet explorer.
The activeX is not yet supported on Vista OS. User must use the client.
The Client is not yet tested on Vista 64 bit edition and Windows 2008 server.
The VPN client now works for standard users but administrator password is required for
installation and un-installation. The client will automatically prompt the user to end the admin
credentials when required. Admin rights are also required for first time use of the client.
Open Issues
1. File Share/Drive Mapping Support on Vista/Windows 7
Issue:
File share/Driver mapping is not supported on Vista and Windows 7
Resolution:
Its a work in progress. The feature will be available in next release.
General Information
Technical Assistance
If you have problems with your system, contact customer support using one of the following
methods:
Email id: support@cyberoam.com
Telephonic support (Toll free)
Europe: +44-808-120-3958
India: 1-800-301-00013
Please have the following information available prior to contacting support. This helps to ensure
that our support staff can best assist you in resolving problems:
Description of the problem, including the situation where the problem occurs and its impact on
your operation
Product version, including any patches and other software that might be affecting the problem
Detailed steps on the methods you have used to reproduce the problem
IMPORTANT NOTICE
Elitecore Technologies Limited (hereinafter referred to as Elitecore) has supplied this Information believing it to be accurate and reliable
at the time of printing, but is presented without warranty of any kind, expressed or implied. Users shall be solely responsible for the
application of any products. Elitecore assumes no responsibility of any sorts for any errors that may appear in this document. Elitecore
reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice.
USERS LICENSE
The Appliance and/or software described in this document is furnished subject to the terms of Elitecores End User license agreement.
Please read these terms and conditions carefully before using the Appliance/software. By using this Appliance, you agree to be bound by the
terms and conditions of this license. If you do not agree with the terms of this license, you are required and under obligation to promptly
return the unused Appliance and /or software and manual (with proof of payment) to the place of purchase for a full refund.
LIMITED WARRANTY
Elitecore hereby declares that it has acquired a non-exclusive, unlimited, fully paid up worldwide right and license to sell and market the
SSLVPN software including Endpoint Security software from third Party. Accordingly, all the warranties in respect of the Software,
including but not limited to the performance, IPRs and others, are subject to the warranties given by the said third party owner to Elitecore.
Elitecore shall not be responsible for any breach / failure of any such warranties. Subject to this, the Elitecore hereby warrants that.
Software: Elitecore warrants, for a limited period of ninety (90) days from the date of shipment by Elitecore (1) the media on which the
Software is furnished will be free of defects in materials and workmanship under normal use; and (2) the Software substantially conforms to
its published specifications except for the foregoing, the software is provided AS IS basis. This limited warranty extends only to the
customer as the original licensee. Customers exclusive remedy shall be and the entire liability of Elitecore and its suppliers under this
warranty shall be, at Elitecore or its service centers absolute discretion, only for repair, replacement, or refund of the software, if reported
(or, upon, request, returned) to the party supplying the software to the customer. In no event does Elitecore warrant that the Software is error
free, or that the customer will be able to operate the software without problems or interruptions.
Hardware: Elitecore warrants that the Hardware portion of the Elitecore Products excluding power supplies, fans and electrical components
will be free from material defects in workmanship and materials for a period of One (1) year from the date of shipment by Elitecore. Further
, Elitecore's sole obligation shall be to repair or replace the defective Hardware as may be decided by Elitecore in its absolution discretion, at
no charge to the original owner. The replacement Hardware need not be new or of an identical make, model or part; Elitecore may, in its
absolute discretion, replace the defective Hardware (or any part thereof) with any new or reconditioned product that Elitecore reasonably
determines is substantially equivalent (or superior) in all material respects to the defective Hardware.
DISCLAIMER OF WARRANTY
Except as specified in this warranty, all expressed or implied conditions, representations, and warranties including, without limitation, any
implied warranty of merchantability, fitness for a particular purpose, non-infringement or arising from a course of dealing, usage, or trade
practice, and hereby excluded to the extent allowed by applicable law.
In no event will Elitecore or its supplier be liable for any lost revenue, profit, or data, or for any direct, indirect, special, consequential,
incidental, or punitive damages howsoever caused and regardless of the theory of liability arising out of the use of or inability to use the
product even if Elitecore or its suppliers have been advised of the possibility of such damages. In no event shall Elitecores or its suppliers
liability to the customer, whether in contract, tort (including negligence) or otherwise, exceed the price paid by the customer. The foregoing
limitations shall apply even if the above stated warranty fails of its essential purpose.
In no event shall Elitecore or its supplier be liable for any direct, indirect, special, consequential, or incidental damages, including, without
limitation, lost profits or loss or damage to data arising out of the use or inability to use this manual, even if Elitecore or its suppliers have
been advised of the possibility of such damages.
RESTRICTED RIGHTS
Copyright 1999-2009 Elitecore Technologies Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademarks of Elitecore Technologies
Limited, While all the Intellectual Property Rights (IPR) in respect of SSLVPN and Endpoint Security Software belongs to the third party.