Unified Threat Management - Support | GTA, Inc.

		                         

                          GB-OS FIREWALL SOFTWARE
                            VERSION 5.3.0
                            RELEASE NOTES

Author:     Global Technology Associates, Inc.
Product:    GB-OS version 5.3.0
Date:       14 December 2009

-------------------------------------------------------------------------
GB-OS version 5.3.0 includes updated versions of the following GTA
products and utilities:

    GB-OS                       5.3.0

Release notes are located on the installation CD and on GTA's Web site.

For more about upgrading related software, see individual product
release notes.

-------------------------------------------------------------------------
CONTENTS
Release Notes sections are categorized first by feature addressed, then
by the type of change.

1.  INSTALL NOTES

2.  SYSTEM

3.  NETWORK

4.  ACTIVITY

5.  SERVICES

6.  THREAT MANAGEMENT

7.  OPERATING SYSTEM

8.  RELEASE NOTES HISTORY

-------------------------------------------------------------------------

1.  INSTALL NOTES

    1.1 Entering New Activation Codes
    
        If upgrading from 5.2.x or below, new activation codes must be
        entered. GB-OS version 5.3.0 is available at no charge to
        customers with a GTA support contract or annual maintenance
        agreement. Other users should contact their local Authorized GTA 
        Channel Partner or email sales@gta.com for information and pricing 
        of upgrade options.

        
    1.2 Upgrade Notes   
        
        1.2.1 Upgrading to GB-OS 5.3
        
              Firewalls must be on GB-OS version 5.2.0 or higher to properly
              upgrade to GB-OS 5.3. See the Upgrade Guide for more information.
              
              
        1.2.2 GB-250 Rev B Upgrade to GB-OS 5.3 
        
              GB-250 Rev B firewalls should be on runtime slice 2 when upgrading
              to version 5.3.

              The firewall's current runtime slice is displayed on the 
              firewall's System>Overview screen. To view the current slice, log 
              into the firewall’s web administration interface and navigate to 
              System>Overview. The runtime section will display the firewall's 
              current runtime slice.
              
              Additionaly, some GB-250 Rev B firewalls require a Bios Update 
              before updating to GB-OS 5.3.0. If the Bios version is not v0.99h 
              or higher,the Bios may need to be updated. 
              
              You can check the BIOS by:
          
                 1. Examining the hardware report for the Bios version:
             
                    BIOS: PC Engines ALIX.2 v0.99h tinyBIOS V1.4a (C)1997-2007
             
                 2. Connecting on the console interface and rebooting the 
                    firewall. The first line displayed should be BIOS revision. 
                
                    Example: PC Engines ALIX.2 v0.99h
              
               You can check if the firewall is a GB-250 Rev B by the following:
              
                 1. GB-250 Rev B firewalls have USB ports while GB-250 Rev A do
                    not have USB ports. 
              
                 2. GB-250 Rev B firewall serial numbers are:
                
                    Starting at S/N 65002101 and above 
                    Starting at S/N 65902101 and above

        
        1.2.3 Re-sizing Slices and Runtime Upgrades
              
              In order to support the new features in GB-OS 5.2 and above, 
              some firewalls may require partition re-sizing during the 
              upgrade process. Upon re-sizing, both runtime slices will have 
              GB-OS 5.3.0, and firewall administrators WILL NOT be able to 
              revert to previous runtimes via the Console or Web interface.
              
              GTA strongly recommends backing up current firewall 
              configurations PRIOR to upgrading.

              Firewalls requiring re-sized partitions will take approximately 
              5-8 minutes to reboot and fully update once the runtime has 
              been applied. DO NOT switch off or reboot the firewall during 
              this process.

        
        1.2.4 Error Messages Upon Initial Reboot
    
              Upon rebooting after successful installation, the GTA
              Firewall UTM Appliance may display errors when accessed
              using the Web interface.  This is expected, these errors are
              generated because the browser's cache is trying to access
              files and locations that no longer apply. Click OK to any
              displayed errors and refresh the browser window to access
              GB-OS 5.3.0. If the error messages persist, clear your
              browser's cache.
            

    1.3 SSL Certificate Replacement

        GB-OS version 5.3.0 will install a new default security/SSL
        certificate. Some browsers, including Netscape and Mozilla,
        will not recognize the new certificate if the original has
        never been replaced. If you are unable to log on to the
        firewall after upgrading, delete the browser's cached security
        certificate, then close and restart your browser before
        reattempting remote access to your firewall.
    
    
    1.4 Mail Sentinel Anti-Virus 
    
        Since the release of GB-OS version 5.1.2, Mail Sentinel Anti-Virus is 
        no longer available as a separate subscription option. Mail Sentinel 
        Anti-Virus is included as a standard feature with valid support 
        contracts.


2.  SYSTEM      
    
    2.1 New Features
                
        2.1.1   Added ability for firewall to generate a CA certificate to sign 
                all other created certificates.
                GBOS5300012821
                
        2.1.2   License verification warnings and notifications have been added.
                GBOS5300008516 
                
        2.1.3   Added filter ALWAYS_BLOCK for address objects to deny all access
                from remote IP addresses.
                GBOS5300012371
                
    2.2 Modifications
    
        2.2.1   Updated IPS and routing engine.
                GBOS5300012706, GBOS0011276
                
        2.2.2   Configuration of user and administrator accounts has been 
                combined.
                GBOS5300012961
                
        2.2.3   Certificates are automatically generated for users based on user
                settings.
                GBOS5300013011

        2.2.4   Basic Wizard automatically creates a certificate for the 
                administrator upon completion. 
                GBOS5300013306
                
        2.2.5   Pre-shared keys are now obscured on the firewall.
                GBOS5300013936
                
        2.2.6   Administrator accounts are no longer configurable via the 
                console interface.
                GBOS5300012951
                
        2.2.7   Improved support for importing certificates in PEM format.
                GBOS5300014426
                
        2.2.8   Improved 3G USB modem support.
                GBOS5300005691
                
        2.2.9   Improved support for GSM modems.
                GBOS5300007481
            
    2.3 Bug Fixes 
                
        2.3.1   Traditional proxy properly works with Internet Explorer 8. 
                GBOS5300014021

3.  NETWORK 
                
    3.1 New Features
    
        3.1.1   VPN Wizard automatically creates a certificate for Mobile IPSec 
                Client users. 
                GBOS5300013321
        
    3.2 Modifications
    
        3.2.1   Improved VPN Wizard.
                GBOS5300009631  
                
        3.2.2   PPPoE and PPTP can now be used simultaneously.
                GBOS5300013341
                
        3.2.3   New user groups have the Mobile IPSec VPN option disabled by 
                default.
                GBOS5300014441

    3.3 Bug Fixes
    
        3.3.1   Disabled interfaces properly release the default gateway 
                interface.
                GBOS5300013716
           
        3.3.2   Firewall interfaces are no longer selectable destinations for 
                inbound tunnels.
                GBOS5300013786
                
        3.3.3   In the VPN Wizard summary screen, long IP addresses or names 
                are no longer broken.
                GBOS5300014026
                
        3.3.4   Notifications no longer delay Gateway Failover.
                GBOS5300014501
                
        3.3.5   RIP properly restarts upon saving RIP configuration sections.
                GBOS5300014591
                
        3.3.6   If RIP input and output are set to none, the interface is 
                properly appears disabled.
                GBOS5300014601

4.  ACTIVITY

    4.1 Modifications
    
        4.1.1   User groups are now displayed in account activity.
                GBOS5300014201
                
        4.1.2   IPSec Tunnel email notifications are enabled by default.
                GBOS5300014726
        
        4.1.3   Updated SNMP trap to include new SSL Sentinel policy.
                GBOS5300014491
    
    4.2 Bug Fixes
    
        4.2.1   Alarm option settings are now honored for authentication
                failures.
                GBOS5300002203              
   
5.  SERVICES

    5.1 New Features
       
        5.1.1   Added SSL Sentinel feature and security policies.
                GBOS5300011116, GBOS5300012811, GBOS5300012836
    
        5.1.2   Added ability to monitor the status of OSPF, BGP and RIP.
                GBOS5300007526, GBOS5300006941, GBOS5300010256, GBOS5300007521
                
        5.1.3   Added the ability to configure a binding interface for each
                Single Sign-On server.
                GBOS5300011056
                
        5.1.4   Added eBGP multi-hop option.
                GBOS5300005606
                
        5.1.5   Added customized SSL Sentinel login page with the ability to add
                a logo and description/disclaimer. 
                GBOS5300011656
                
        5.1.6   The ability to enable and disable LDAP and Radius authentication
                has been added for remote administration and the SSL Sentinel 
                Browser.
                GBOS5300014006
    
    5.2 Modifications
    
        5.2.1   The default user setting is now set to use certificates for 
                Mobile IPSec VPN.
                GBOS5300014571
                
    5.3 Bug Fixes
    
        5.3.1   Certificates are properly copied from the master when updating 
                the slave in High Availability. 
                GBOS5300013656
                
        5.3.2   Email recipients are now rejected by GB-OS if the recipient is 
                rejected by the server.
                GBOS5300003895
                
        5.3.3   Default route is properly set for High Availability firewalls 
                with a dynamic IP address.
                GBOS5300004513
                
        5.3.4   High Availability properly functions when saving network 
                information or rebooting the HA slave when firewall has aliases.
                GBOS5300014691
                
6.  THREAT MANAGEMENT

    6.1 Modifications
    
        6.1.1   Increased field size for customized Surf Sentinel block message.
                GBOS5300013031
                
        6.1.2   Improved Surf Sentinel category name localization.
                GBOS5300013916
                
        6.1.3   Improved speed of DNS lookups for Surf Sentinel.
                GBOS5300004059
                
        6.1.4   New categories added to Surf Sentinel for Social Networking and 
                Translation Sites. Note: Categories effective 5 January, 2010.
                GBOS5300013806
                
        6.1.5   Surf Sentinel now looks up domains for IP addresses when 
                rating by IP address.
                GBOS5300005986, GBOS5300006326
                
7.  WEB INTERFACE

    7.1 New Features
                
        7.1.1   Added the ability to dynamically add and delete configuration 
                rows in applicable sections.
                GBOS5300010136
                
        7.1.2   Added auto logout for Web admin based on session timeout 
                settings.
                GBOS5300009221
                
        7.1.3   Added warning message for auto logout.
                GBOS5300011466
                
        7.1.4   List of all active firewall sessions added to Monitoring 
                section.
                GBOS5300011636
                
        7.1.5   Added option to select interface and object for controlling
                access to remote admin.
                GBOS530008171, GBOS5300010251
                
        7.1.6   User names and passwords now have minimum length requirements at
                three (3) characters and five (5) characters, respectively.
                GBOS5300011506
                
        7.1.7   Added Administrator and SSL Sentinel columns to Groups display.
                GBOS5300012316
                
        7.1.8   Link to the GTA Forum added under Support in the Web interface.
                GBOS5300012891
                
        7.1.9   Customized welcome added for users when logged in.
                GBOS5300013076
                
        7.1.10  Added pop-up notification of mode change when uploading 
                configurations.
                GBOS5300009936
                
        7.1.11  Added built-in icons for configured bookmarks.
                GBOS5300013631
                
        7.1.12  Added virtual keyboard to login interfaces and SSL Sentinel file
                browser authentication prompt.
                GBOS5300011651, GBOS5300014616
    
    7.2 Modfications
                
        7.2.1   Control bar displays only the available controls per user
                permissions.
                GBOS5300011981
                
        7.2.2   Improved function and display of main web interface menu.
                GBOS5300005173
                
        7.2.3   Improved login/logout web interface.
                GBOS5300009191, GBO530006216
                
        7.2.4   Objects menu selection moved up one level under Configure.
                GBOS5300012246
                
        7.2.5   Menu category VPN renamed to IPSec throughout the Web and 
                Console interfaces.
                GBOS5300012971, GBOS5300012981
                
        7.2.6   Improved system configuration verification.
                GBOS5300011921, GBOS5300009496, GBOS5300011871, GBOS5300014451
                
        7.2.7   Valid ranges are now displayed for applicable input fields.
                GBOS5300009931
                
        7.2.8   Updated IPSec tunnel descriptions on the monitoring page.
                GBOS5300013851
                
        7.2.9   Improved title and heading descriptions in web interface.
                GBOS5300013801
                
        7.2.10  Wizard access removed for read-only administrators.
                GBOS5300012301
                
        7.2.11  Built-in objects are now sorted to the top, followed by 
                alphabetical sorting. 
                GBOS5300011956
                
        7.2.12  Reset action is removed from the control bar.
                GBOS5300013866, GBOS5300007291
                
        7.2.13  Password rows are hidden for RIP unless input or output are set 
                to version 2.
                GBOS5300014596
      
    7.3 Bug Fixes

        7.3.1   Current administrators list no longer displays multiple sessions
                for the same user.
                GBOS5300012066
               
        7.3.2   Unconfigurable options are properly disabled when in Bridge 
                mode.
                GBOS5300014321
                
        7.3.3   Accounts summary now properly displays when the SSL option is 
                used for LDAP authentication
                GBOS5300013986
                
        7.3.4   Default priority is set to level 5 when policies are changed to 
                Accept.
                GBOS5300013921
                
        7.3.5   Dynamic add row function properly work for time groups.
                GBOS5300014371
                
        7.3.6   ICMP and Stop Interface are only displayed for Deny policies.
                GBOS5300013536
                
8.  RELEASE NOTES HISTORY

    8.1   Previous Release Notes
          These notes cover the 5.3.0 release of GB-OS. Release notes for 
          previous versions can be found at GTA's Web site, http://www.gta.com.

-------------------------------------------------------------------------
Global Technology Associates, Inc.
3505 Lake Lynda Drive, Suite 109
Orlando, Florida 32817
www.gta.com
407.380.0220
		



Copyright © 2014 Global Technology Associates, Inc. All rights reserved.

'GB-OS' and 'GB-Ware' are registered trademarks of Global Technology Associates, Incorporated.
'Global Technology Associates' and 'GTA' are service marks of Global Technology Associates, Incorporated.