The very purpose of the Cyberoam firewall is defeated as the Cyberoam does not/cannot prevent users from setting a weak password. The Cyberoam should prevent users from setting weak password. Also, admin shoul be able to set complex password policy.
Secondly, the user should be allowed to reset his password after the first logon. Why should the admin know the users password? The admin can assign the password initially. However, when the users logs in for the first time using that password the user should be able to change his password so that it is known only to him.