Unified Threat Management - Support | GTA, Inc.

		Global Technology Associates, Inc.

Title:    GTA Firewall Systems Release Notes
Product:  GNAT Box System Software version 3.3.3
Date:     1 April 2003

RELEASE NOTES HISTORY

These notes cover the latest patch release of GNAT Box System Software
version 3.3.3. Release notes for previous versions can be found on GTA's
website at www.gta.com.

-------------------------------------------------------------------------

UPGRADES

!    Caution: Always Back Up Your Configuration Before Upgrading!     !
----------------------------------

DEFAULT SSL ENCRYPTION SETTINGS
----

If you are upgrading from a version previous to 3.2.2, SSL will be disabled
and the default port will be set to 80. To enable SSL encryption, first
copy your current Remote Access Filter for web access, change the port
number to 443 and enable it without disabling your old filter. Save the
section. Next, default and save the Remote Admin/Authentication function
under Authorization and save the section. This will enable all encryption
and change the server port to 443. Once SSL encryption is activated on port
443, you can delete your old web access filter.
----------------------------------

HIGH AVAILABILITY NAMES
----

Starting with version 3.3, H2A systems began using Interface Object names
(default, HA-EXTERNAL, HA-PROTECTED), so it is recommended that you change
the references to your HA systems to reflect the new nomenclature,
especially in VPN Objects and Remote Access Filters.
----------------------------------

GB-100 UPGRADES
----

In version 3.3, GB-100 directory parameters were changed in the disk label
to free up space for the enhanced GNAT Box System Software runtime. When
upgrading from a version prior to 3.3, revising the disk label requires a
destructive installation using GB-100 installation floppies.

!              Back Up Your Configuration --- Destructive             !
!  Installation Overwrites Your Configuration With Factory Settings.  !
----------------------------------

NETWORK INTERFACE CARDS
----

See GTA's website at http://www.gta.com/tech/hardware.php for a list of
compatible NICs for GB-Pro, GB-Flash, GNAT Box Light and GNAT Box Demo.

-------------------------------------------------------------------------

KNOWN BROWSER ISSUES

Internet Explorer 5 For Macintosh

Internet Explorer 5 browser for the Macintosh platform will not allow you
to accept or install the SSL security certificate. SSL must be disabled to
use this combination.

Internet Explorer 5 Export Version, No Patch

Because of security flaws in SSL version 2.0, GTA has removed SSL 2.0
support. IE 5 Export version improperly implements SSL version 3.0, so in
order to use SSL 3.0 with GNAT Box System Software 3.3.x, you must have
installed the IE security patches.

Netscape/Mozilla

If you are unable to log on to your GTA Firewall after upgrading, delete
the security certificate in your browser, then exit and restart to restore
access. Version 3.3.3 installs a new default security certificate. Some
browsers, including Netscape and Mozilla, will not recognize the new
default if the original default certificate has never been replaced.

-------------------------------------------------------------------------


Release Notes include following sections of enhancements and bug fixes:

1.   SYSTEM SOFTWARE

2.   SERVICES

3.   CFG LIBRARY

4.   ALL USER INTERFACES

5.   GBADMIN (Windows Only)

6.   WEB

7.   CONSOLE

8.   CONTENT FILTERING

9.   INSTALLERS

10.  SYSLOG (Windows Only)

11.  GBAUTH (Windows Only)

------------------------------------------------------------------------


1.   SYSTEM SOFTWARE
1.1  Enhancements and Changes

1.   Added Turkish localization support for GBAdmin and the Web
Interface. GB333401

2.   Added support for USB keyboard to GB-Flash systems. GB333427

3.   Added option to Filter Preferences to log the ICMP packets
dropped by Stealth mode. GB333378

1.2  Bug Fixes

1.   GB-100 runtime in version 3.3.2 did not include the DNS Server.
GB333313

Resolution:
Included DNS Server in the GB-100 runtime for version 3.3.3.

2.   RoBoX may fail to boot up when some types of terminal servers
are attached to the console port. GB333375

Resolution:
During boot, make system ignore the terminal server's modem
status lines.

3.   System log messages are sometimes merged. GB333390

Resolution:
Make the system log one message at a time, not allowing another
message to interrupt.

4.   When using RIP with an internal router that is advertising
a default route (gateway), the firewall will aggregate all
static routes on the internal router into the default route
when passing them to another router. GB333391

Resolution:
Make system ignore default route when aggregating static routes.

5.   Filter Preference options that have "log" selected are
incorrectly logged as "icmp" in configuration messages.
GB333400

Resolution:
Filter Preference options that have "log" selected are now
logged as "log."

6.   If a SYN+ACK response packet is lost before reaching the
intended External host, both the SYN packet resent by the
External host and the SYN+ACK packet resent by Internal
host are blocked as unexpected, as part of the TCP
three-way handshake validation. GB333411

Resolution:
Allow internal host to resend SYN+ACK packet.

7.   If the word "local" is used as an interface name and it is
selected in a filter, anything destined for that interface
is blocked. GB333426

Resolution:
Allow the use of the word "local" as a name for interfaces.

8.   NATed connections always use the primary interface address as
the source address of the connection. GB333459

Resolution:
Use the source address from destination route as the NAT source
address.


2.   SERVICES
2.1  Enhancements and Changes

1.   Increase support for DHCP servers and/or clients from four
to nine. GB333415

2.2 Bug Fixes

1.   Priority can be set to "0" and higher than "255" in the
HA configuration screen. GB333373

Resolution:
When loading HA, force an invalid priority to be a number from
1-255; force an invalid VRID to be a number from 0-15.

2.   In Mobile and IKE VPN, an odd number of HEX characters is not
valid in the pre-shared secret field. GB333376

Resolution:
If a pre-shared secret in HEX format has an odd number of
characters, append a 0.

3.   DNS proxy stops accepting requests. GB333383

Resolution:
Ensure that all stale DNS proxy entries are removed so the
proxy can continue accepting new requests.

4.   If a "/" is used in a reverse zone name, no zone entry is
created, creating errors in the DNS configuration files.
GB333384

Resolution:
When creating zone filenames, map "/" to "-".

5.   If there are extraneous bits in the network portion of
the subnet IP address/mask (e.g., 10.10.10.50/29), the
reverse DNS file is created with a default mask (e.g.,
10.10.10.0/24). GB333385

Resolution:
Ignore extraneous bits in network when matching.

6.   The web proxy has memory leaks in Traditional Proxy mode.
GB333389

Resolution:
Close memory leaks in the web proxy.

7.   If DHCP is used on the secondary Interface/router, Gateway
Selector does not fail over. GB333429

Resolution:
If interface uses DHCP, use DHCP gateway address.


3.   CFG LIBRARY
3.1  Enhancements and Changes

1.   Enhanced verification message to indicate that he firewall
cannot be used as a beacon for another H2A firewall while in
Stealth mode. GB333364

3.2  Bug Fixes

1.   Auto-configuring IP Pass Through filters sometimes causes
GBAdmin or the Web interface to crash. GB333392

Resolution:
Increase filter space, and verify that space is available for
the new list of filters before auto-configuration is executed.

2.   The Priority selection made for a filter does not display
correctly in the GBAdmin Configuration Report. GB333414

Resolution:
Priority selection now displays correctly in the Configuration
Report.

3.   Configuration Report does not indicate if DNS proxy is enabled
or disabled. GB333419

Resolution:
Added a report line for indicating whether DNS Proxy is
enabled or disabled.


4.   ALL USER INTERFACES
4.1  Enhancements and Changes
4.2  Bug Fixes

NONE


5.   GBADMIN (Windows Only)
5.1  Enhancements and Changes

NONE

5.2  Bug Fixes

1.   The user name in PPPoE settings can be no longer than 18
characters. GB333367

Resolution:
The user name in PPPoE may now be 51 characters long.

2.   When adding a new logical interface, if the focus is in an
existing item, the new item will not contain default
information. GB333405

Resolution:
All items newly added to Logical Interfaces will contain
default information.

3.   GBAdmin may crash when changing sections after selecting
the Inbound checkbox field in the IP Pass Through
Host/Networks screen. GB333413

Resolution:
When changing sections, GBAdmin closes the current section
before displaying another one.

4.   More characters can be entered in name fields than the
fields can use. GB333451

Resolution:
Allow users to enter only 19 characters in name fields.


6.   WEB
6.1  Enhancements and Changes
6.2  Bug Fixes

NONE


7.   CONSOLE
7.1  Enhancements and Changes
7.2  Bug Fixes

NONE


8.   CONTENT FILTERING
8.1  Enhancements and Changes

1.   Upgrade Surf Sentinel's web filtering protocol to Cerberian
Web Filter 2.0. GB333000

2.   Change functionality of Local Allow list so that it can be
used without a categorization facility, so that only sites on
the Local Allow list are allowed. GB333417

3.   Allow use of Local Deny list with no other facilities
enabled; only entries in the Local Deny list will be blocked.
GB333418

4.   Upgrade Cerberian categories in Surf Sentinel to match
Cerberian Web Filter version 2.0. GB333428

8.2  Bug Fixes

1.   Using transparent proxy, only the first URL in a persistent
connection is rated. GB333433

Resolution:
Force all connections to be non-persistent, ensuring that all URL
requests are rated.


9.   INSTALLERS
9.1  Enhancements and Changes
9.2  Bug Fixes

NONE


10.  SYSLOG (Windows Only)
10.1 Enhancements and Changes

NONE

10.2 Bug Fixes

1.   At startup, Syslog displays the message "Unable to create
directory '.000.D:' Program Shutting Down!" when the path
specified does not have a dot (.). GB333387

Resolution:
Make Syslog accept any valid path name.


11.  GBAUTH (Windows Only)
11.1 Enhancements and Changes

NONE

11.2 Bug Fixes

1.   After the user has authenticated, GBAuth displays an
unnecessary dialog that reads: "Time remaining 0." GB333360

Resolution:
"Time remaining 0" dialog removed from GBAuth.

2.   The close command in the system tray icon menu does not
close the main window. GB333377

Resolution:
Substitute "Exit" for the "Close" command, and make the command
exit the application.

--------------------------------------------------------------------

Global Technology Associates, Inc.
3505 Lake Lynda Drive, Suite 109
Orlando, Florida 32817
www.gta.com
407.380.0220		



Copyright © 2014 Global Technology Associates, Inc. All rights reserved.

'GB-OS' and 'GB-Ware' are registered trademarks of Global Technology Associates, Incorporated.
'Global Technology Associates' and 'GTA' are service marks of Global Technology Associates, Incorporated.