Unified Threat Management - Support | GTA, Inc.

		Global Technology Associates, Inc.

Date:       22 March 2002
Subject:    Release Notes
Version:    GNAT Box System Software 
            Version 3.2 patch level 5 (3.2.5)


Previous Version Release Notes

These release notes cover the latest incremental release of
GNAT Box System Software patch level 5 (3.2.5). For users who
have not installed versions 3.2.2, 3.2.3 or 3.2.4, release
notes from those versions are available in GTA's online
support center.

See section 11.2 Bug Fixes for important information on VPN

Upgrade Versions

GNAT Box System Software 2.1 and up, running on GB-1000,
GB-1000+, RoBoX and GB-Flash and GB-100 version 3.1, can be
upgraded using the setup wizards. GB-100 3.0 must be upgraded
using the floppy disk method.

To install GNAT Box Pro using version 2.1 and up, run the
installer, then open GBAdmin. Load your existing runtime image.
Use the Merge process to load the configuration. Select
File->Save to create a new runtime image saved to GNAT Box
Floppy. Insert a fully formatted diskette, select Runtime and
Configuration, then write the file. GNAT Box Pro using version
2.0 and below requires printing out the previous configuration
and entering it manually.

Refer to individual installation guides for more information.

Mobile VPN Objects Transferred to User Authorization

In GNAT Box System Software version 3.2.2 and up, mobile VPN
objects are no longer supported. (Version 3.2.1 and below used
mobile VPN objects in the Remote Network.) 

If you are upgrading to 3.2.5 from version 3.2.1 or below, you
must change your mobile VPN objects to IP addresses. GTA
recommends changing them before upgrading to the new version.
This will make it possible for the installation to move all
these mobile VPNs to the Authorization->Users screen.

If you upgrade first, you can make the changes in the
Authorization->Users screen.

New Codes Required for Upgrades 3.2.3 and Below

!  RoBoX configuration options have been modified through the
!  addition of two new feature codes: a VPN activation code and
!  a user license feature code. Feature codes are accessible
!  through the on-line support center.
!  Existing RoBoX owners will need to enter these codes when they
!  update their system software in order to maintain VPN
!  functionality and their 25-user license.

!  RoBoX users with existing mobile VPN clients will only need
!  the 25-user license code. They will not have to update their
!  current VPN activation code to maintain VPN functionality.


Release Notes include the following sections with the subsections
"Enhancements and Changes" and "Bug Fixes". "None" means there are
no issues in that subsection addressed in this release.

1.  System Software
2.  Services

3.  User Interfaces - All Interfaces

4.  GBAdmin User Interface

5.  Console User Interface

6.  Web Browser Interface

7.  Verification
8.  Syslogger

9.  Installers

10. GBReports
11. VPN Client


1.   System Software
1.1  Enhancements and Changes


1.2  Bug Fixes

  1. (RoBoX) In version 3.2.4, if VPNs are configured and
     the VPN feature code is not present, user receives an
     incorrect error message on saving VPN section. 

     Resolution: Modified system not to fail if VPNs are
     configured but no VPN feature code exists. The VPNs will
     not be installed and a warning message will be logged.

  2. GB-1000 HA system goes into a DEMO mode when network
     information is saved using the Web Interface. If the
     user saves the network information on the Web Interface
     on a system running HA in master mode, the system picks
     up the Virtual MAC addresses. This causes the system to
     be unable to decode the features and go into DEMO mode.

     Resolution: Repaired so that system initializes MAC
     addresses only at boot time.

  3. When loading a configuration from an existing system to a 
     GB-1000 or RoBoX, the MAC addresses change to those on 
     the old configuration. Reboot does not restore the correct 
     NIC MAC Addresses. This applies to GBAdmin when offline and    
     to the Web interface. 

     Resolution: Repaired so that rebooting the GTA Firewall
     resolves the problem by probing the new system for its
     MAC addresses.

  4. PPPoE connection not retrying if DSL connection lost.
     When in dedicated mode, PPPoE should try to reconnect
     continually after losing a connection.

     Resolution: Made dedicated connections try to reconnect
     every 20 seconds after connection is lost.

  5. Erroneous MAX user message for RoBoX systems 3.2 - 3.2.4.
     A log message indicates that the MAX number of users is
     exceeded, even though there are fewer hosts behind the
     system than the license allows. Connectivity is not
     This is happening because when the license manager
     searches for an available license, it initially selects
     a host with a connection that is idle beyond the
     10-minute license time. Then, when the the license
     manager checks active connections, it realizes the idle
     host should keep its license and marks the host "not
     idle" but stops searching for an available license. 

     Resolution: Repaired so that the license manager
     continues to search for an available license.  
  6. In a mis-configured system, if the user tries to remove an 
     alias that matches an Interface IP address listed in the 
     Network Information section, connectivity will be lost.

     Resolution: Changed the system so that when saving
     aliases or network information, the system will:
          1) Delete old aliases
          2) Delete all routes
          3) Install network information
          4) Install aliases
          5) Install static routes

  7. Aliases assigned to PPP interfaces are not being created.

     Resolution: Repaired so that when PPP link becomes
     active, any aliases associated with the PPP interface
     are added.

  8. Email Alarms are being generated for Doorknob Twists when
     this action is disabled.

     Resolution: Made system generate alarms for doorknob twists
     only if configured to do so.
  9. (GB-Pro) Retains MAC address when changing NICs that
     are of the same type.

     Resolution: Repaired so that the system initializes MAC
     addresses only at boot time.
 10. Netmask shows all 255's in the routing table for
     Interface Networks. 
     Resolution: When parsing entries, skip forward by size
     and then align on long word boundary.

 11. Creating an external alias changes the External Interface's 
     IP to the alias's IP.
     Resolution: Changed so that if DHCP, the system ignores
     alias addresses when trying to find an assigned address.

2.   Services
2.1  Enhancements and Changes


2.2 Bug Fixes


3.   User Interfaces - All Interfaces
3.1  Enhancements and Changes


3.2  Bug Fixes


4.   GBAdmin User Interface
4.1  Enhancements and Changes


4.2  Bug Fixes

  1. GBAdmin does not retain the encryption method selected. 
     Medium and low encryption levels are being decoded 

     Resolution: Repaired so that decoding is done correctly.

  2. Reports Administration/Authentication displays "All" instead 
     of "High" encryption method after being set to High.

     Resolution: Repaired so that when the encryption method
     is cleared, it is reset to the proper value.

  3. Cannot paste copied tunnel; paste icon greyed out.

     Resolution: Added ability to cut and paste Inbound Tunnels.

  4. When setting the NIC option to AUTO, the option field is not 
     disabled, allowing user to select full_duplex. After a
     save, the fields read "AUTO...full_duplex...0". The
     GBAdmin configuration report displays this incongruency,
     but the Web Interface and its configuration report
     display the correct (automatic) option.

     Resolution: Repaired so that when NIC is in AUTO mode,
     options are disabled.
  5. Unable to paste the key into the encryption or authentication
     fields of manual VPN. 
     Resolution: Revised to check which field the system is
     currently focused on. If the focus is not on the grid,
     then the paste message is passed to the selected field.
  6. Cannot paste a copied or cut alias.

     Resolution: Changed to a new method of cut/paste.
     Cut/paste is updated to the new method in the functions
     where it is used most often: VPN, USERS, Filters,
     Inbound Tunnels, VPN Objects and Address Objects.
  7. After GBAdmin is loaded with network information that 
     one interface is set to PPP, the option to set any other 
     interface is greyed out. When the PPP interface is removed,
     the PPPoE option remains greyed-out until GBAdmin is 
     shutdown and restarted.
     Resolution: Repaired.
  8. Leading spaces in IP addresses are not stripped during 
     a save. 
     Resolution: Changed code to strip leading and trailing 
     white space before saving.  
  9. Leading and trailing spaces are both saved in Network 
     Information->Host Name. Should be stripped.
     Resolution: Changed code to strip leading and trailing 
     white space before saving.
 10. In Network Information, if the user saves the section
     while one of the logical interfaces is high-lighted, then 
     clicks on another entry, the previous entry will copy over 
     it, creating two apparently identical entries. The
     actual data is not changed.
     Resolution: Repaired.      

5.   Console Interface
5.1  Enhancements and Changes


5.2  Bug Fixes

  1. NIC connection option information does not match in the 
     console interface. 
     Resolution: Repaired to use correct index when mapping
     options to names.

6.   Web Interface
6.1  Enhancements and Changes


6.2  Bug Fixes

  1. In Address Objects, the delete function does not delete 
     middle array element correctly. (Erratic results come from 
     deleting an element in the middle of the Address Object

     Resolution: Repaired an internal index that was off by 1.

7.   Verification
7.1  Enhancements and Changes


7.2  Bug Fixes

  1. Verification does not catch the case of a filter that
     references an object with Interface Objects as members.

     Resolution: Changed to check addresses associated with
     interface objects when checking for object match.
  2. Verification does not catch the use of an Interface Object 
     in the Filter definition.
     Resolution: Changed verification to match address
     associated with name.

  3. A verification error displays when the Remote IP Address 
     is set to, even though the Remote IP Address works.
     Resolution: Changed verification to require only the remote 
     PPP address, if PPP is configured to be on demand.     
  4. Verification does not catch the case of a hash key 
     entered with no phase II hash algorithm selected. 

     Resolution: Added verification warning of the case in
     which keys are specified for manual VPN when no
     algorithms are selected.

  5. In Address Objects, nested named object with a number as
     the first character becomes an IP address. 

     Resolution: Object names may not begin with a number.
     Added a check for this to verification.
8.   Syslogger
8.1  Enhancements and Changes

  1. The separator between the IP Address and Port changed
     from '/' to ':'

     Resolution: Changed syslogger to look for either a '/'
     or a ':' between the IP address and the port.

8.2  Bug Fixes


9.   Installers
9.1  Enhancements and Changes


9.2  Bug Fixes


10.  GBReports
10.1 Enhancements and Changes

  1. Implemented Copy, Find and Select All functions.

  2. Added localization support for Japanese language.

  3. Added Reverse Sort capability.

10.2 Bug Fixes

11.  VPN Client
11.1 Enhancements and Changes

11.2 Bug Fixes

  1. It takes up to 20 seconds for the client to re-negotiate 
     the VPN.
     GTA has traced this issue to the SafeNet VPN client and
     has incorporated SoftRemoteLT Version 7.0.1 (Build 20) as
     an interim solution. The final branded version will be
     available shortly.
     To update, save your old policies, deinstall the previous
     version of VPN Client, then install the new version.
     Release notes from SafeNet for this version of
     SoftRemoteLT are located in the VPN Client folder. The
     Client has so far been functional on Windows XP, despite
     installation alarms; however, SoftRemote 7.0.1 doesn't
     yet officially support XP. Disregard references to the
     built-in firewall (ZoneAlarm) in SafeNet's release notes.

Global Technology Associates, Inc.
3505 Lake Lynda Drive, Suite 109
Orlando, Florida 32817
Tel: +1.407.380.0220
Fax: +1.407.380.6080
www: http://www.gnatbox.com		

Copyright © 2016 Global Technology Associates, Inc. All rights reserved.

'GB-OS' and 'GB-Ware' are registered trademarks of Global Technology Associates, Incorporated.
'Global Technology Associates' and 'GTA' are service marks of Global Technology Associates, Incorporated.