Global Technology Associates, Inc.
Date: 22 March 2002
Subject: Release Notes
Version: GNAT Box System Software
Version 3.2 patch level 5 (3.2.5)
----------Notes-------------Notes-------------Notes-----------
Previous Version Release Notes
These release notes cover the latest incremental release of
GNAT Box System Software patch level 5 (3.2.5). For users who
have not installed versions 3.2.2, 3.2.3 or 3.2.4, release
notes from those versions are available in GTA's online
support center.
------
See section 11.2 Bug Fixes for important information on VPN
Client
------
Upgrade Versions
GNAT Box System Software 2.1 and up, running on GB-1000,
GB-1000+, RoBoX and GB-Flash and GB-100 version 3.1, can be
upgraded using the setup wizards. GB-100 3.0 must be upgraded
using the floppy disk method.
To install GNAT Box Pro using version 2.1 and up, run the
installer, then open GBAdmin. Load your existing runtime image.
Use the Merge process to load the configuration. Select
File->Save to create a new runtime image saved to GNAT Box
Floppy. Insert a fully formatted diskette, select Runtime and
Configuration, then write the file. GNAT Box Pro using version
2.0 and below requires printing out the previous configuration
and entering it manually.
Refer to individual installation guides for more information.
------
Mobile VPN Objects Transferred to User Authorization
In GNAT Box System Software version 3.2.2 and up, mobile VPN
objects are no longer supported. (Version 3.2.1 and below used
mobile VPN objects in the Remote Network.)
If you are upgrading to 3.2.5 from version 3.2.1 or below, you
must change your mobile VPN objects to IP addresses. GTA
recommends changing them before upgrading to the new version.
This will make it possible for the installation to move all
these mobile VPNs to the Authorization->Users screen.
If you upgrade first, you can make the changes in the
Authorization->Users screen.
------
New Codes Required for Upgrades 3.2.3 and Below
! RoBoX configuration options have been modified through the
! addition of two new feature codes: a VPN activation code and
! a user license feature code. Feature codes are accessible
! through the on-line support center.
!
! Existing RoBoX owners will need to enter these codes when they
! update their system software in order to maintain VPN
! functionality and their 25-user license.
! RoBoX users with existing mobile VPN clients will only need
! the 25-user license code. They will not have to update their
! current VPN activation code to maintain VPN functionality.
----------Notes-------------Notes-------------Notes-----------
Release Notes include the following sections with the subsections
"Enhancements and Changes" and "Bug Fixes". "None" means there are
no issues in that subsection addressed in this release.
1. System Software
2. Services
3. User Interfaces - All Interfaces
4. GBAdmin User Interface
5. Console User Interface
6. Web Browser Interface
7. Verification
8. Syslogger
9. Installers
10. GBReports
11. VPN Client
------------------------------------------------------------------
1. System Software
1.1 Enhancements and Changes
None
1.2 Bug Fixes
1. (RoBoX) In version 3.2.4, if VPNs are configured and
the VPN feature code is not present, user receives an
incorrect error message on saving VPN section.
Resolution: Modified system not to fail if VPNs are
configured but no VPN feature code exists. The VPNs will
not be installed and a warning message will be logged.
2. GB-1000 HA system goes into a DEMO mode when network
information is saved using the Web Interface. If the
user saves the network information on the Web Interface
on a system running HA in master mode, the system picks
up the Virtual MAC addresses. This causes the system to
be unable to decode the features and go into DEMO mode.
Resolution: Repaired so that system initializes MAC
addresses only at boot time.
3. When loading a configuration from an existing system to a
GB-1000 or RoBoX, the MAC addresses change to those on
the old configuration. Reboot does not restore the correct
NIC MAC Addresses. This applies to GBAdmin when offline and
to the Web interface.
Resolution: Repaired so that rebooting the GTA Firewall
resolves the problem by probing the new system for its
MAC addresses.
4. PPPoE connection not retrying if DSL connection lost.
When in dedicated mode, PPPoE should try to reconnect
continually after losing a connection.
Resolution: Made dedicated connections try to reconnect
every 20 seconds after connection is lost.
5. Erroneous MAX user message for RoBoX systems 3.2 - 3.2.4.
A log message indicates that the MAX number of users is
exceeded, even though there are fewer hosts behind the
system than the license allows. Connectivity is not
lost.
This is happening because when the license manager
searches for an available license, it initially selects
a host with a connection that is idle beyond the
10-minute license time. Then, when the the license
manager checks active connections, it realizes the idle
host should keep its license and marks the host "not
idle" but stops searching for an available license.
Resolution: Repaired so that the license manager
continues to search for an available license.
6. In a mis-configured system, if the user tries to remove an
alias that matches an Interface IP address listed in the
Network Information section, connectivity will be lost.
Resolution: Changed the system so that when saving
aliases or network information, the system will:
1) Delete old aliases
2) Delete all routes
3) Install network information
4) Install aliases
5) Install static routes
7. Aliases assigned to PPP interfaces are not being created.
Resolution: Repaired so that when PPP link becomes
active, any aliases associated with the PPP interface
are added.
8. Email Alarms are being generated for Doorknob Twists when
this action is disabled.
Resolution: Made system generate alarms for doorknob twists
only if configured to do so.
9. (GB-Pro) Retains MAC address when changing NICs that
are of the same type.
Resolution: Repaired so that the system initializes MAC
addresses only at boot time.
10. Netmask shows all 255's in the routing table for
Interface Networks.
Resolution: When parsing entries, skip forward by size
and then align on long word boundary.
11. Creating an external alias changes the External Interface's
IP to the alias's IP.
Resolution: Changed so that if DHCP, the system ignores
alias addresses when trying to find an assigned address.
2. Services
2.1 Enhancements and Changes
None
2.2 Bug Fixes
None
3. User Interfaces - All Interfaces
3.1 Enhancements and Changes
None
3.2 Bug Fixes
None
4. GBAdmin User Interface
4.1 Enhancements and Changes
None
4.2 Bug Fixes
1. GBAdmin does not retain the encryption method selected.
Medium and low encryption levels are being decoded
incorrectly.
Resolution: Repaired so that decoding is done correctly.
2. Reports Administration/Authentication displays "All" instead
of "High" encryption method after being set to High.
Resolution: Repaired so that when the encryption method
is cleared, it is reset to the proper value.
3. Cannot paste copied tunnel; paste icon greyed out.
Resolution: Added ability to cut and paste Inbound Tunnels.
4. When setting the NIC option to AUTO, the option field is not
disabled, allowing user to select full_duplex. After a
save, the fields read "AUTO...full_duplex...0". The
GBAdmin configuration report displays this incongruency,
but the Web Interface and its configuration report
display the correct (automatic) option.
Resolution: Repaired so that when NIC is in AUTO mode,
options are disabled.
5. Unable to paste the key into the encryption or authentication
fields of manual VPN.
Resolution: Revised to check which field the system is
currently focused on. If the focus is not on the grid,
then the paste message is passed to the selected field.
6. Cannot paste a copied or cut alias.
Resolution: Changed to a new method of cut/paste.
Cut/paste is updated to the new method in the functions
where it is used most often: VPN, USERS, Filters,
Inbound Tunnels, VPN Objects and Address Objects.
7. After GBAdmin is loaded with network information that
one interface is set to PPP, the option to set any other
interface is greyed out. When the PPP interface is removed,
the PPPoE option remains greyed-out until GBAdmin is
shutdown and restarted.
Resolution: Repaired.
8. Leading spaces in IP addresses are not stripped during
a save.
Resolution: Changed code to strip leading and trailing
white space before saving.
9. Leading and trailing spaces are both saved in Network
Information->Host Name. Should be stripped.
Resolution: Changed code to strip leading and trailing
white space before saving.
10. In Network Information, if the user saves the section
while one of the logical interfaces is high-lighted, then
clicks on another entry, the previous entry will copy over
it, creating two apparently identical entries. The
actual data is not changed.
Resolution: Repaired.
5. Console Interface
5.1 Enhancements and Changes
None
5.2 Bug Fixes
1. NIC connection option information does not match in the
console interface.
Resolution: Repaired to use correct index when mapping
options to names.
6. Web Interface
6.1 Enhancements and Changes
None
6.2 Bug Fixes
1. In Address Objects, the delete function does not delete
middle array element correctly. (Erratic results come from
deleting an element in the middle of the Address Object
array.)
Resolution: Repaired an internal index that was off by 1.
7. Verification
7.1 Enhancements and Changes
None
7.2 Bug Fixes
1. Verification does not catch the case of a filter that
references an object with Interface Objects as members.
Resolution: Changed to check addresses associated with
interface objects when checking for object match.
2. Verification does not catch the use of an Interface Object
in the Filter definition.
Resolution: Changed verification to match address
associated with name.
3. A verification error displays when the Remote IP Address
is set to 0.0.0.0, even though the Remote IP Address works.
Resolution: Changed verification to require only the remote
PPP address, if PPP is configured to be on demand.
4. Verification does not catch the case of a hash key
entered with no phase II hash algorithm selected.
Resolution: Added verification warning of the case in
which keys are specified for manual VPN when no
algorithms are selected.
5. In Address Objects, nested named object with a number as
the first character becomes an IP address.
Resolution: Object names may not begin with a number.
Added a check for this to verification.
8. Syslogger
8.1 Enhancements and Changes
1. The separator between the IP Address and Port changed
from '/' to ':'
Resolution: Changed syslogger to look for either a '/'
or a ':' between the IP address and the port.
8.2 Bug Fixes
None
9. Installers
9.1 Enhancements and Changes
None
9.2 Bug Fixes
None
10. GBReports
10.1 Enhancements and Changes
1. Implemented Copy, Find and Select All functions.
2. Added localization support for Japanese language.
3. Added Reverse Sort capability.
10.2 Bug Fixes
None
11. VPN Client
11.1 Enhancements and Changes
None
11.2 Bug Fixes
1. It takes up to 20 seconds for the client to re-negotiate
the VPN.
Resolution:
GTA has traced this issue to the SafeNet VPN client and
has incorporated SoftRemoteLT Version 7.0.1 (Build 20) as
an interim solution. The final branded version will be
available shortly.
To update, save your old policies, deinstall the previous
version of VPN Client, then install the new version.
Release notes from SafeNet for this version of
SoftRemoteLT are located in the VPN Client folder. The
Client has so far been functional on Windows XP, despite
installation alarms; however, SoftRemote 7.0.1 doesn't
yet officially support XP. Disregard references to the
built-in firewall (ZoneAlarm) in SafeNet's release notes.
------------------------------------------------------------------
Global Technology Associates, Inc.
3505 Lake Lynda Drive, Suite 109
Orlando, Florida 32817
Tel: +1.407.380.0220
Fax: +1.407.380.6080
www: http://www.gnatbox.com
|
