Unified Threat Management - Support | GTA, Inc.

		Global Technology Associates, Inc.

Title:    GTA Firewall Systems Release Notes
Product:  GNAT Box System Software Version 3.3.2
Date:     19 November 2002


RELEASE NOTES HISTORY

These notes cover the latest patch release of GNAT Box System Software,
version 3.3.2. Release notes for previous versions can be found on GTA's
website at www.gta.com.

==========================================================================

UPGRADES

!         CAUTION: BACK UP YOUR CONFIGURATION BEFORE AN UPGRADE.         !

----------------------------------

SSL ENCRYPTION
----

Default SSL Settings

If you are upgrading from a version previous to 3.2.2, SSL will be
disabled and the default port will be set to 80. To enable SSL encryption,
first copy your current Remote Access Filter for web access, change the
port number to 443 and enable it without disabling your old filter. Save
the section. Next, default and save the Remote Admin/Authentication
function under Authorization and save the section. This will enable all
encryption and change the server port to 443. Once SSL encryption is
activated on port 443, you can delete your old web access filter.

----------------------------------

HIGH AVAILABILITY NAMES
----

Starting with version 3.3, H2A systems began using Interface Object names
(default, HA-EXTERNAL, HA-PROTECTED), so it is recommended that you change
the references to your HA systems to reflect the new nomenclature,
especially in VPN Objects and Remote Access Filters.

----------------------------------

GB-100 UPGRADES
----

In version 3.3, GB-100 directory parameters were changed in the disk label
to free up space for the enhanced GNAT Box System Software runtime. When
upgrading from a version prior to 3.3, revising the disk label requires a
destructive installation using GB-100 installation floppies.

!             BACK UP YOUR CONFIGURATION --- DESTRUCTIVE                 !
!    INSTALLATION OVERWRITES YOUR CONFIGURATION WITH FACTORY SETTINGS.   !

----------------------------------

NETWORK INTERFACE CARDS
----

See GTA's website at http://www.gta.com/tech/hardware.php for a list of
compatible NICs for GB-Pro, GB-Flash, GNAT Box Light and GNAT Box Demo.

==========================================================================

KNOWN BROWSER ISSUES

----------------------------------

Internet Explorer 5 For Macintosh
----

Internet Explorer 5 browser for the Macintosh platform will not allow you
to accept or install the SSL security certificate. SSL must be disabled to
use this combination.

----------------------------------

Internet Explorer 5 Export Version, No Patch
----

Because of security flaws in SSL version 2.0, GTA has removed SSL 2.0
support. IE 5 Export version improperly implements SSL version 3.0, so in
order to use SSL 3.0 with GNAT Box System Software 3.3.x, you must have
installed the IE security patches.

----------------------------------

Netscape/Mozilla Browser Issues
----

If you are unable to log on to your GTA Firewall after upgrading, delete
the security certificate in your browser, then exit and restart to restore
access. Version 3.3.2 installs a new default security certificate. Some
browsers, including Netscape and Mozilla, will not recognize the new
default if the original default certificate has never been replaced.

==========================================================================

Release Notes include sections on enhancements and bug fixes for the
following topics:

1.  SYSTEM SOFTWARE

2.  SERVICES

3.  ALL USER INTERFACES

4.  GBADMIN (Windows Only)

5.  WEB

6.  CONSOLE

7.  CONTENT FILTERING

8.  VERIFICATION

9.  SYSLOG (Windows Only)

10. INSTALLERS

11. GBREPORTS (Windows Only)

12. GBAUTH (Windows Only)

13. GB-DBMAINT (Windows Only)

--------------------------------------------------------------------

1.  SYSTEM SOFTWARE
1.1 Enhancements and Changes

NONE

1.2 Bug Fixes

1.  Access of an inbound tunnel whose destination is port 80 or 8080
is being logged as if the access was to an external web site.
GB332317

Resolution:
Apply "log web pages accessed" only to outbound http connections.

2.  Under high load the "em" gigabit driver is exhausting memory.
GB332327

Resolution:
Prevent memory loss in "em" driver.

3.  Email proxy logs in WELF even when "Old log format" is selected in
the Remote Logging section. GB332337

Resolution:
Make the email proxy use the old log format when that option is
selected.

4.  System does not recognize gigabit network interface cards that use
the "nge" driver. GB332344

Resolution:
System now can use the "nge" network device.


2.  SERVICES
2.1 Enhancements and Changes

1.  Add to email proxy the ability to record SMTP "To" and "From"
addresses. GB332346

As email is received, add X-From and X-To entries to the email
header.

2.2 Bug Fixes

1.  DNS server does not start properly if one of the host names listed
is incorrect. GB332320

Resolution:
Add verification code to catch invalid domain and host names, and
ignore invalid domains and host names when generating DNS
configuration files.

2.  DNS server does not resolve IP addresses to names without a subnet
entry. GB332322

Resolution:
Correctly calculate default netmask when building reverse DNS
filename.

3.  PPP aliases do not work correctly. GB332325

Resolution:
Change system so that a host route for PPP aliases is not
installed.

4.  If mutiple PPPoE connections are using a single NIC, and one of
the connections goes down, the other PPPoE connection sometimes
goes down as well. GB332326

Resolution:
When shutting down a connection, change system to correctly detect
that another PPPoE connection is still using the NIC.

5.  Services sometimes do not work when route to internet is PPPoE or
DHCP. GB332335

Resolution:
Make services restart when PPP or DHCP negotiates a new address.

6.  A VPN that uses HMAC-SHA2 as the Phase II hash algorithm
does not function. GB332318

Resolution:
Add logic to enable the IKE service to configure SHA2
authentication.

7.  VPNs default to the primary IP address when originating a
connection. GB332350

Resolution:
Make VPNs use defined local gateway when they originate a VPN
connection instead of defaulting to the primary IP address.

8.  BIND version 8.3.3 allows a buffer overflow in DNS server.
GB332352

Resolution:
Upgrade DNS server to BIND 8.3.4.

9.  DNS Server does not always work when using subnets. GB332353

Resolution:
Add logic to ensure that if a netmask is specified, the system
will not try to calculate the netmask.

3.  ALL USER INTERFACES
3.1 Enhancements and Changes

1.  Add options for "Deny fragmented packets," "Unexpected packets,"
"Invalid packets" and "Automatic filters" to Filter Preferences.
GB332324

Add Filter Preferences options to:
- deny and log fragmented packets;
- log unexpected packets;
- log invalid packets; and
- disable and log automatic filters.

3.2 Bug Fixes

NONE


4.  GBADMIN (Windows Only)
4.1 Enhancements and Changes

NONE

4.2 Bug Fixes

1.  If the PPP section is selected twice, the next time the Network
Information screen is selected, GBAdmin sometimes crashes.
GB332315

Resolution:
GBAdmin no longer crashes when the PPP section is selected twice.

2.  GB-Pro, GNAT Box Light and GNAT Box Demo display links to
online documentation for features that are not valid for each
respective product. GB332336

Resolution:
Remove NTP and Content Filtering links.

3.  If new PPP configuration information is entered in the PPP
section, but not saved, and then the section is selected again
the new configuration data disappears. GB332341

Resolution:
Page is refreshed, instead of reloaded, when the section is
selected again from the menu.


5.  WEB
5.1 Enhancements and Changes
5.2 Bug Fixes

NONE


6.  CONSOLE
6.1 Enhancements and Changes
6.2 Bug Fixes

NONE


7.  CONTENT FILTERING
7.1 Enhancements and Changes

1.  Match Surf Sentinel categories to Cerberian's "Potential Liable &
Objectionable Content" categories. GB332340

Make defaults for Surf Sentinel's deny categories match
Cerberian's "Potential Liable & Objectionable Content" categories.

7.2 Bug Fixes

NONE


8.  VERIFICATION
8.1 Enhancements and Changes
8.2 Bug Fixes
NONE


9.  SYSLOG (Windows Only)
9.1 Enhancements and Changes
9.2 Bug Fixes

NONE


10.  INSTALLERS
10.1 Enhancements and Changes
10.2 Bug Fixes

1.  GBReports installer overwrites the file 'my.cnf' if MySQL was
previously installed. GB332314

Resolution:
If MySQL is already installed, the GBReports installer will use
the existing MySQL instead of overwriting it with a new copy.


11. GBREPORTS (Windows Only)
11.1 Enhancements and Changes

1.  Add date and time constraints to reports and charts. GB332343

GBReports now allows users to select the date and time range for
which reports and charts will be generated.

2.  Use GB-DBMaint utility if it exists. GB332351

If GBReports can find the GB-DBMaint utility it will execute it,
otherwise it will revert to its original behavior, i.e. a dialog
box asking the user for a date and time.
Two situations will invoke this new behavior:
1.  Select 'File/Database Maintenance' from the menu
2.  Select 'File/Import Log Files' from the menu, then click 'yes'
to clear old log data.

11.2 Bug Fixes

1.  When using old logging format, www log messages are not being
parsed correctly. GB332319

Resolution:
Added logic to properly parse www log messages in old logging
format.


12.  GBAUTH (Windows Only)
12.1 Enhancements and Changes
12.2 Bug Fixes

NONE


13.  GB-DBMAINT (Windows Only)
13.1 Enhancements and Changes
13.2 Bug Fixes

NONE

--------------------------------------------------------------------

Global Technology Associates, Inc.
3505 Lake Lynda Drive, Suite 109
Orlando, Florida 32817
www.gta.com
407.380.0220		



Copyright © 2014 Global Technology Associates, Inc. All rights reserved.

'GB-OS' and 'GB-Ware' are registered trademarks of Global Technology Associates, Incorporated.
'Global Technology Associates' and 'GTA' are service marks of Global Technology Associates, Incorporated.