Unified Threat Management - Support | GTA, Inc.

		Global Technology Associates, Inc.

Title:    GTA Firewall Systems Release Notes 
Product:  GNAT Box System Software version 3.3.4
Date:     27 May 2003 

                         
RELEASE NOTES HISTORY

These notes cover the latest patch release of GNAT Box System Software
version 3.3.4. Release notes for previous versions can be found at
GTA's website, www.gta.com.

-------------------------------------------------------------------------

                             UPGRADE NOTES
                                                              
       For more about upgrading, see individual product text files.
       
                                           
               New Surf Sentinel Feature Activation Code
                                 ----  

Before upgrading to version 3.3.4, Surf Sentinel customers must enter a new
feature activation code to accommodate Cerberian Web Filter version 2.0.
The new code is available in the GTA support center under View Registered
Products. Delete the old feature code, enter the new code and save, then
upgrade the firewall. 
                                             
                     Default SSL Encryption Settings
                                 ----

If upgrading from a version previous to 3.2.2, SSL will be disabled and the
default port set to 80. To enable SSL encryption, copy the current web
access Remote Access Filter, change the port on it to 443 and enable. Save
the section. Next, default and save the Authorization > Remote
Admin/Authentication function and save the section. This will enable all
encryption and change the server port to 443. Delete the old filter. 

                         High Availability Names
                                 ----

Beginning in version 3.3, H2A systems began using Interface Object names
(HA-EXTERNAL, HA-PROTECTED), so GTA recommends changing references to HA
systems to reflect the new nomenclature.

                              Netscape/Mozilla
                                   ----
                                   
Version 3.3.4 installs a new default security certificate. Some browsers,
including Netscape and Mozilla, will not recognize the new certificate if
the original has never been replaced. If you are unable to log on to the
GTA Firewall after upgrading, delete the browser security certificate, then
exit and restart. 

-------------------------------------------------------------------------

                              KNOWN ISSUES
                                                                  
                    Internet Explorer 5 For Macintosh
                                   ----

Internet Explorer 5 for Macintosh will not allow you to accept or install
the SSL security certificate. SSL must be disabled to use this combination.

               Internet Explorer 5 Export Version, No Patch
                                   ----
                                   
The export version of IE 5 improperly implements SSL version 3.0, so to use
SSL 3.0, you must have installed the IE security patches.

                    Security Flaws In SSL Version 2.0
                                   ----
                                   
Because of the security flaws in SSL 2.0, GTA has removed support for it.

-------------------------------------------------------------------------


Release Notes include following enhancement and bug fix sections:

1.   SYSTEM SOFTWARE 

2.   SERVICES 

3.   CFG LIBRARY

4.   ALL USER INTERFACES 
          
5.   GBADMIN (Windows Only)

6.   WEB
          
7.   CONSOLE

8.   CONTENT FILTERING

9.   INSTALLERS

10.  SYSLOG (Windows Only)

11.  GBAUTH (Windows Only)

------------------------------------------------------------------------

1.   SYSTEM SOFTWARE 
1.1  Enhancements and Changes

     NONE
     
1.2  Bug Fixes

     1.   On the Console,  during boot does not reset the
          firewall to factory defaults. GB334476

          Resolution: 
          Restore the Reset to Factory Defaults feature by enabling 
           during boot.
          
     2.   Valid ICMP packets with non-standard formats are rejected as 
          invalid. GB334515
          
          Resolution: 
          Allow for non-standard formats in ICMP packets, so that only
          those packets with fewer than the minimum eight (8) bytes in
          the ICMP header are rejected as invalid.
          
     3.   ICMP stealth block messages incorrectly use the source
          address as the destination address. GB334541

          Resolution:
          Destination addresses for ICMP stealth mode blocks are now
          properly logged.

     
2.   SERVICES 
2.1  Enhancements and Changes   
2.2  Bug Fixes
            
          NONE 
          
          
3.   CFG LIBRARY
3.1  Enhancements and Changes
3.2  Bug Fixes

     NONE 
                   
                    
4.   ALL USER INTERFACES 
4.1  Enhancements and Changes
4.2  Bug Fixes

     NONE 
          

5.   GBADMIN (Windows Only)
5.1  Enhancements and Changes

     1.   Add selection options in log messages. Options now include: 
          select line(s) and drag; select single line; select multiple
          lines; select lines with arrow keys; and select all using 
          . GB334458
          
5.2  Bug Fixes

     1.   GBAdmin allows more than the five (5) required characters in the
          Network Time Service section NTP Key field. GB334473

          Resolution: 
          Restrict the NTP Key field to the five (5) required characters.


6.   WEB
6.1  Enhancements and Changes
6.2  Bug Fixes

     NONE


7.   CONSOLE
7.1  Enhancements and Changes
7.2  Bug Fixes

     NONE


8.   CONTENT FILTERING
8.1  Enhancements and Changes

     1.   Add support for Cerberian Web Filter 2.0 enhancements to Surf
          Sentinel Plus reporting. GB334527
     
8.2  Bug Fixes

     1.   Content filtering sometimes stops. Log message states, "proxy:
          Unable to release semaphore: Invalid argument." GB334508 
     
          Resolution:
          Remove need for semaphores.
          
     2.   When transparent proxy is enabled, connections to websites
          that use persistent connections such as Outlook Web Access on
          port 80 fail, and some sites in the allow list load slowly or
          not at all. GB334482/481

          Resolution:
          Ensure that the proxy does not override persistent connections.


9.   INSTALLERS
9.1  Enhancements and Changes 

     NONE
     
9.2  Bug Fixes
          
     1.   Can't select the GB-Flash SIO installer. GB334528
          
          Resolution:
          Add GB-Flash SIO to installer image.
                    
                    
10.  SYSLOG (Windows Only)
10.1 Enhancements and Changes 
10.2 Bug Fixes
  
     NONE
    
          
11.  GBAUTH (Windows Only)
11.1 Enhancements and Changes  

     NONE

11.2 Bug Fixes

     1.   Disconnect function triggered by using the Show option. When show
          is selected, GBAuth stops sending keep alives. GB334500
     
          Resolution: 
          Replace the Show option with Disconnect, as the Show option is
          not needed after authentication.

                
--------------------------------------------------------------------

Global Technology Associates, Inc.
3505 Lake Lynda Drive, Suite 109
Orlando, Florida 32817
www.gta.com
407.380.0220		



Copyright © 2014 Global Technology Associates, Inc. All rights reserved.

'GB-OS' and 'GB-Ware' are registered trademarks of Global Technology Associates, Incorporated.
'Global Technology Associates' and 'GTA' are service marks of Global Technology Associates, Incorporated.