Unified Threat Management - Support | GTA, Inc.

		Global Technology Associates, Inc.

Title:    GTA Firewall Systems Release Notes 
Product:  GNAT Box System Software Version 3.3.1
Date:     17 October 2002


RELEASE NOTES HISTORY

These notes cover the latest release of GNAT Box System Software, 
version 3.3.1. Release notes for previous versions can be found on 
www.gta.com.

====================================================================

                            UPGRADES
                          
!      CAUTION: BACK UP YOUR CONFIGURATION BEFORE AN UPGRADE.      !

                    --------------------------
                  
                         SSL ENCRYPTION
                              ---

                      Default SSL Settings

If you are upgrading from a version previous to 3.2.2, SSL will be 
disabled and the default port will be set to 80. To enable SSL 
encryption, first copy your current Remote Access Filter for web 
access, change the port number to 443 and enable it without 
disabling your old filter. Save the section. Next, default and save 
the Remote Admin/Authentication function under Authorization and 
save the section. This will enable all encryption and change the 
server port to 443. Once SSL encryption is activated on port 443, 
you can delete your old web access filter. 

                    --------------------------

                     HIGH AVAILABILITY NAMES
                              ---

H2A systems now use Interface Object names (default, HA-EXTERNAL, 
HA-PROTECTED), so it may be helpful to change the references to your 
HA systems to reflect the new nomenclature, especially in VPN 
Objects and Remote Access Filters.

                    --------------------------

                        GB-100 UPGRADES
                             ---

GB-100 directory parameters have been changed in the disk label to 
free up space for the enhanced GNAT Box System Software version 
3.3.1 runtime. Revising the disk label requires a destructive 
installation of version 3.3.1 using GB-100 installation floppies. 

!          BACK UP YOUR CONFIGURATION --- DESTRUCTIVE              ! 
! INSTALLATION OVERWRITES YOUR CONFIGURATION WITH FACTORY SETTINGS.!

                    --------------------------
                    
                     NETWORK INTERFACE CARDS
                             ---
                                
See GTA's website at www.gta.com for an up-to-date list of 
compatible NICs.                                
                      
====================================================================

                        KNOWN BROWSER ISSUES

                    --------------------------
                              
                Internet Explorer 5 For Macintosh
                              ---

Internet Explorer 5 browser for the Macintosh platform will not 
allow you to accept or install the SSL security certificate. SSL 
must be disabled to use this combination.

                   --------------------------

            Internet Explorer 5 Export Version, No Patch
                              ---

Because of security flaws in SSL version 2.0, GTA has removed SSL 
2.0 support. IE 5 Export version improperly implements 
SSL version 3.0, you must have installed the IE security patches in 
order to use SSL 3.0 in GNAT Box System Software 3.3.1. 

                   --------------------------

                  Netscape/Mozilla Browser Issues
                               ---

If you are unable to log on to your GTA Firewall after upgrading, 
delete the security certificate in your browser, then exit and 
restart to restore access. Version 3.3.1 installs a new default 
security certificate. Some browsers, including Netscape and Mozilla, 
will not recognize the new default if the original default 
certificate has never been replaced.

====================================================================   

Release Notes include the following sections:

1.  SYSTEM SOFTWARE 
1.1 Enhancements and Changes 
1.2 Bug Fixes

2.  SERVICES 
2.1 Enhancements and Changes 
2.2 Bug Fixes

3.  ALL USER INTERFACES 
3.1 Enhancements and Changes 
3.2 Bug Fixes
    
4.  GBADMIN (Windows Only)
4.1 Enhancements and Changes 
4.2 Bug Fixes

5.  WEB
5.1 Enhancements and Changes   
5.2 Bug Fixes
    
6.  CONSOLE
6.1 Enhancements and Changes    
6.2 Bug Fixes

7.  CONTENT FILTERING
7.1 Enhancements and Changes
7.2 Bug Fixes

8.  VERIFICATION
8.1 Enhancements and Changes
8.2 Bug Fixes

9.  SYSLOG
9.1 Enhancements and Changes    
9.2 Bug Fixes

10.  INSTALLERS
10.1 Enhancements and Changes    
10.2 Bug Fixes
    
11.  GBREPORTS 
11.1 Enhancements and Changes 
11.2 Bug Fixes

12.  GBAUTH
12.1 Enhancements and Changes    
12.2 Bug Fixes

13.  GB-DBMAINT
13.1 Enhancements and Changes    
13.2 Bug Fixes


--------------------------------------------------------------------

1.  SYSTEM SOFTWARE 
1.1 Enhancements and Changes

    1.  When using WELF, record packets sent and received. GB331285

    Added feature to record packets sent and received when logging 
    in WELF. New log message fields are pkts_sent and pkts_rcvd.
    
    2.  Add log message stating that the firewall is active at 
        startup. GB331286

    GNAT Box System Software now logs the startup of the firewall. 
    "GNAT Box active" is now the first message to appear in the log.
    
1.2 Bug Fixes

    1.  Using games that access Blizzard's battle.net, XDM or CUSeeMe 
        through a GTA Firewall causes the system to crash 
        intermittently. GB3310273

    Resolution: 
    Revised code to correctly set flag in virtual crack to be an IP 
    address and not an object.
  
    2.  Static Address Mappings that map local services to an alias 
        don't perform mapping for TCP services. GB331294

    Resolution: 
    Static Address Mapping now works for TCP services.
    
    3.  Alarms and email notifications are sent for Doorknob Twists 
    even when the option is disabled. GB331028

    Resolution: 
    Alarms and notifications are no longer generated by a Doorknob 
    Twist when the option is disabled.
    
    4.  Filter blocks always appear as the user facility in the log, 
        regardless of the Filter Facility set in the Remote Logging 
        section. GB331261

    Resolution: 
    The Filter Facility set in Remote Logging now appears correctly 
    in the log.
    
    5.  Multiple PPPoE configurations sharing a single NIC do not 
        work properly if one is misconfigured. GB331291

    Resolution: 
    Now, when a misconfigured PPPoE configuration shuts down, other 
    PPPoE connections on the same NIC continue to work properly.
    
    6.  Reading a configuration file under Windows 98 is very slow. 
        GB331311

    Resolution: 
    Changed the file routines so that the system moves between 
    sections more rapidly.

    7.  CERT Vulnerability VU#459371 - Multiple IPsec implementations 
        do not adequately validate authentication data.

    Resolution: 
    The IPSec code module now fully validates authentication data 
    for ESP packets.

    8.  The SNMP facility can be crashed if it attempts to process a 
        specially crafted packet. This issue potentially affects any GTA 
        firewall using the SNMP facility.

    Resolution: 
    The SNMP facility now properly validates SNMP query packets.

    
2.  SERVICES 
2.1 Enhancements and Changes
  
    1.  Make ident service respond only to hosts that have 
        established TCP connections to or through the firewall. 
        GB331292 

    Allow connections to the ident service only for hosts that have 
    already established TCP connections to or through the GTA 
    Firewall. 


2.2 Bug Fixes

    1.  When upgrading, if a tunnel has a source IP address that 
        matches an alias and the HA virtual IP address, the tunnel 
        will reference the HA object instead of the Alias object. 
        GB331263 

    Resolution: 
    The system now correctly references the selected alias object 
    when upgrading. 

    2.  Console interface access is sometimes locked out after a 
        failed attacker identification attempt during an attack on 
        the Web interface. GB331269 

    Resolution: 
    An attack on the Web interface will no longer cause the Console 
    interface to lock out.
    
    3.  In Gateway Selector, if a PPP interface used as the primary 
        gateway fails to connect, the Gateway Selector will not 
        work. GB331301

    Resolution:
    Now the Gateway Selector will not assume that the primary 
    interface is working initially, therefore it will not get stuck 
    looking for a non-existent state change.
    
    4.  Interior routers cannot learn the default route. GB331308

    Resolution: 
    Change the metric of RIP from 14 to 1, allowing interior routers 
    to learn the default route.
    
    5.  The SMTP proxy goes into a loop if an email destination 
    address contains the character "%," stopping when the process is 
    killed by an idle timeout after 120 seconds. GB331307

    Resolution: 
    SMTP proxy now correctly validates domains delimited using the 
    "%" character.
    
    6.  The Gateway Selector fails to change to an alternate default 
        route in some cases in which "Ping secondary only if primary 
        down" is selected. GB331312

    Resolution:
    Change gateway selector logic not to assume that the primary 
    gateway is reachable when selector starts.	


3.  ALL USER INTERFACES 
3.1 Enhancements and Changes

    1.  Make Stealth Mode the Default Factory Setting. GB331284 

    Made Stealth Mode the default factory setting for GNAT Box 
    System Software so that the External Interface does not respond 
    to pings or trace routes.
    

3.2 Bug Fixes

    1.  Time Groups cannot be made active from 11:50 pm to midnight 
        when creating a block that extends from one day to the next. 
        GB331213 

    Resolution: 
    "24:00" can now be used to indicate the end of the day. 

    2.  Aliases have a default name, which is inconsistent with the 
        rest of the GNAT Box system. GB331272 

    Resolution: 
    Aliases now do not have a default name.
    

4.  GBADMIN (Windows Only)
4.1 Enhancements and Changes

    NONE
    
4.2 Bug Fixes

    1.  Resizing a GBAdmin list window with no entries (rows) causes 
        GBAdmin to crash. GB331257

    Resolution: 
    Resizing an empty list window no longer crashes the interface.	

    2.  Verification is not performed on a section until after the 
        section is saved. GB331252 
        
    Resolution:
    Verification now occurs before saving a section; all validation 
    errors in the current section must be corrected before the 
    section can be saved.

    3.  Copy functions unavailable in View Log Messages list in 
        System Activity. GB331265 

    Resolution: 
    Copy and paste functions are now available in View Log Messages. 	

    4.  COM Port is being set incorrectly to COM0, causing PPP to 
        fail. GB331266 

    Resolution: 
    COM Port is now being set correctly. 

    5.  In the VPN Objects section, HA interface names do not 
        display in the dropdown box for the Local Gateway. GB331270

    Resolution: 
    HA Interface names now appear in the selection list for Local 
    Gateway.

    6.  When saving a configuration with GBAdmin 3.3.0, name fields
        are truncated to 19 characters. This truncation can cause 
        data loss in multi-byte Asian strings. GB331275 

    Resolution: 
    Allow user to enter 19 visual characters, regardless of actual 
    string length.

    7.  Some grids use the Arial font. Kanji text converts to 
        nonsense when displayed in these grids. GB331282 

    Resolution: 
    Use system font for grid. The system font is capable of 
    displaying Kanji on Asian versions of Windows.

    8.  Vertical scroll bar is cropped on the right side of the 
        window when GBAdmin is resized to smallest horizontal width. 
        GB331259 

    Resolution: 
    Horizontal scroll bar now scrolls all the way from left to right 
    after resizing.

    9.  After deleting all VPN Objects and moving to another 
        section, VPN Object fields are not disabled (greyed out). 
        GB331262 

    Resolution: 
    VPN Object fields are now disabled (greyed out) after all 
    objects have been deleted.	

    10. In the Filters/Time Group section, selecting OK in the Time 
        Edit Dialog dialog does not close the Time Edit dialog. 
        GB331264 

    Resolution: 
    Selecting the OK button now closes the Time Edit dialog box in 
    the Filters/Time Group section. 

    11. Resizing the Inbound Tunnels screen from small to large 
        creates a redraw problem on the right-hand side of the 
        screen. GB331267 

    Resolution: 
    Corrected redraw problem when resizing Inbound Tunnels screen.	

    12. COM4 is missing from the PPP COM Port selection dropdown box 
        in GB-Pro, GNAT Box Light, GNAT Box Demo, GB-Flash, and 
        GB-100. GB331274 

    Resolution: 
    Added COM Port 4 selection to the dropdown box in these 
    products.	

    13. In DHCP server, the user can add more than five exclusion 
        ranges. In addtion, multiple rows cannot be deleted 
        properly. GB331288 

    Resolution: 
    Modified the code so that the correct number of rows can be 
    added, and multiple rows can be deleted properly.

    14. GBAdmin prevents the user from creating a GNAT Box Floppy if 
        no runtime is loaded. GB331299

    Resolution:
    The user can now create a GNAT Box Floppy even if a runtime is 
    not loaded into GBAdmin. Now, when saving, GBAdmin will display 
    a warning that no runtime is loaded.
    
    15. In Static Routes, any entered mask is lost. GB331300

    Resolution:
    Any entered mask now remains in network address field. 
    
    16. Selecting "Use old log format" in the Remote Logging section 
        does not work. 

    Resolution: 
    The "Use old log format" option in GBAdmin now functions 
    correctly. 
    
    
5.  WEB
5.1 Enhancements and Changes

    NONE

5.2 Bug Fixes

    1.  Surf Sentinel category "Abortion Advocacy" missing from Web 
        interface. GB331258 

    Resolution: 
    Added missing category.	

    2.  GB-Flash Serial console (SIO) version. Only the COM2 
        selection is available on the Web interface. 

    Resolution: 
    All available COM ports now appear on the Web interface in the 
    SIO version of GB-Flash.


6.  CONSOLE

    NONE


7.  CONTENT FILTERING
7.1 Enhancements and Changes

    NONE
   
7.2 Bug Fixes

    1.  Firewall logs http connections as "cat_site: Unknown" when 
        unable to determine categorization. GB331276 

    Resolution: 
    Log cat_site only when the category can be determined.
    
    
8.  VERIFICATION
8.1 Enhancements and Changes

    1.  Verification does not catch case in which HA is disabled and 
        an HA interface object is referenced elsewhere in the 
        configuration. GB331303 

    Resolution: 
    If HA is disabled, and an HA interface object is used, the     
    system will now create a verification error message.	
 
8.2 Bug Fixes

    NONE
    
    
9.  SYSLOG
9.1 Enhancements and Changes

    NONE
    
9.2 Bug Fixes

    1.  The Syslog displays "unable to parse" pop-up error message 
        when the WELF parser encounters an unknown field. GB331293

    Resolution: 
    Change syslog code to ignore unknown fields.	
    

10.  INSTALLERS
10.1 Enhancements and Changes

    NONE
    
10.2 Bug Fixes

    1.  Custom install offers to create shortcuts to Syslog and 
        GBAdmin when these options have not been selected. GB331298

    Resolution: 
    Installers now check for existing programs before offering to 
    create icons or shortcuts.	


11. GBREPORTS
11.1 Enhancements and Changes

    1.  Add ability for GBReports to import logs in WebTrends' 
        syslog format. GB331304

    GBReports is now able to import logs from third-party syslog 
    programs that use WebTrends syslog format. 


11.2 Bug Fixes
    
    NONE
    
    
12.  GBAUTH

    NONE
    
    
13.  GB-DBMAINT
13.1 Enhancements and Changes  

    NONE
      
13.2 Bug Fixes

    1.  When Purge Old Records is selected and "Backup old records 
        first" is unchecked, GB-DBMaint.exe crashes because it 
        attempts to write to an unopened backup file. GB331271 

    Resolution: 
    The program no longer attempts to write to an unopened backup 
    file.
    
   
--------------------------------------------------------------------

Global Technology Associates, Inc.
3505 Lake Lynda Drive, Suite 109
Orlando, Florida 32817
www.gta.com
407.380.0220		



Copyright © 2014 Global Technology Associates, Inc. All rights reserved.

'GB-OS' and 'GB-Ware' are registered trademarks of Global Technology Associates, Incorporated.
'Global Technology Associates' and 'GTA' are service marks of Global Technology Associates, Incorporated.