GB-OS FIREWALL SOFTWARE
Author: Global Technology Associates, Inc.
Product: GB-OS version 5.3.0
Date: 14 December 2009
GB-OS version 5.3.0 includes updated versions of the following GTA
products and utilities:
Release notes are located on the installation CD and on GTA's Web site.
For more about upgrading related software, see individual product
Release Notes sections are categorized first by feature addressed, then
by the type of change.
1. INSTALL NOTES
6. THREAT MANAGEMENT
7. OPERATING SYSTEM
8. RELEASE NOTES HISTORY
1. INSTALL NOTES
1.1 Entering New Activation Codes
If upgrading from 5.2.x or below, new activation codes must be
entered. GB-OS version 5.3.0 is available at no charge to
customers with a GTA support contract or annual maintenance
agreement. Other users should contact their local Authorized GTA
Channel Partner or email firstname.lastname@example.org for information and pricing
of upgrade options.
1.2 Upgrade Notes
1.2.1 Upgrading to GB-OS 5.3
Firewalls must be on GB-OS version 5.2.0 or higher to properly
upgrade to GB-OS 5.3. See the Upgrade Guide for more information.
1.2.2 GB-250 Rev B Upgrade to GB-OS 5.3
GB-250 Rev B firewalls should be on runtime slice 2 when upgrading
to version 5.3.
The firewall's current runtime slice is displayed on the
firewall's System>Overview screen. To view the current slice, log
into the firewall’s web administration interface and navigate to
System>Overview. The runtime section will display the firewall's
current runtime slice.
Additionaly, some GB-250 Rev B firewalls require a Bios Update
before updating to GB-OS 5.3.0. If the Bios version is not v0.99h
or higher,the Bios may need to be updated.
You can check the BIOS by:
1. Examining the hardware report for the Bios version:
BIOS: PC Engines ALIX.2 v0.99h tinyBIOS V1.4a (C)1997-2007
2. Connecting on the console interface and rebooting the
firewall. The first line displayed should be BIOS revision.
Example: PC Engines ALIX.2 v0.99h
You can check if the firewall is a GB-250 Rev B by the following:
1. GB-250 Rev B firewalls have USB ports while GB-250 Rev A do
not have USB ports.
2. GB-250 Rev B firewall serial numbers are:
Starting at S/N 65002101 and above
Starting at S/N 65902101 and above
1.2.3 Re-sizing Slices and Runtime Upgrades
In order to support the new features in GB-OS 5.2 and above,
some firewalls may require partition re-sizing during the
upgrade process. Upon re-sizing, both runtime slices will have
GB-OS 5.3.0, and firewall administrators WILL NOT be able to
revert to previous runtimes via the Console or Web interface.
GTA strongly recommends backing up current firewall
configurations PRIOR to upgrading.
Firewalls requiring re-sized partitions will take approximately
5-8 minutes to reboot and fully update once the runtime has
been applied. DO NOT switch off or reboot the firewall during
1.2.4 Error Messages Upon Initial Reboot
Upon rebooting after successful installation, the GTA
Firewall UTM Appliance may display errors when accessed
using the Web interface. This is expected, these errors are
generated because the browser's cache is trying to access
files and locations that no longer apply. Click OK to any
displayed errors and refresh the browser window to access
GB-OS 5.3.0. If the error messages persist, clear your
1.3 SSL Certificate Replacement
GB-OS version 5.3.0 will install a new default security/SSL
certificate. Some browsers, including Netscape and Mozilla,
will not recognize the new certificate if the original has
never been replaced. If you are unable to log on to the
firewall after upgrading, delete the browser's cached security
certificate, then close and restart your browser before
reattempting remote access to your firewall.
1.4 Mail Sentinel Anti-Virus
Since the release of GB-OS version 5.1.2, Mail Sentinel Anti-Virus is
no longer available as a separate subscription option. Mail Sentinel
Anti-Virus is included as a standard feature with valid support
2.1 New Features
2.1.1 Added ability for firewall to generate a CA certificate to sign
all other created certificates.
2.1.2 License verification warnings and notifications have been added.
2.1.3 Added filter ALWAYS_BLOCK for address objects to deny all access
from remote IP addresses.
2.2.1 Updated IPS and routing engine.
2.2.2 Configuration of user and administrator accounts has been
2.2.3 Certificates are automatically generated for users based on user
2.2.4 Basic Wizard automatically creates a certificate for the
administrator upon completion.
2.2.5 Pre-shared keys are now obscured on the firewall.
2.2.6 Administrator accounts are no longer configurable via the
2.2.7 Improved support for importing certificates in PEM format.
2.2.8 Improved 3G USB modem support.
2.2.9 Improved support for GSM modems.
2.3 Bug Fixes
2.3.1 Traditional proxy properly works with Internet Explorer 8.
3.1 New Features
3.1.1 VPN Wizard automatically creates a certificate for Mobile IPSec
3.2.1 Improved VPN Wizard.
3.2.2 PPPoE and PPTP can now be used simultaneously.
3.2.3 New user groups have the Mobile IPSec VPN option disabled by
3.3 Bug Fixes
3.3.1 Disabled interfaces properly release the default gateway
3.3.2 Firewall interfaces are no longer selectable destinations for
3.3.3 In the VPN Wizard summary screen, long IP addresses or names
are no longer broken.
3.3.4 Notifications no longer delay Gateway Failover.
3.3.5 RIP properly restarts upon saving RIP configuration sections.
3.3.6 If RIP input and output are set to none, the interface is
properly appears disabled.
4.1.1 User groups are now displayed in account activity.
4.1.2 IPSec Tunnel email notifications are enabled by default.
4.1.3 Updated SNMP trap to include new SSL Sentinel policy.
4.2 Bug Fixes
4.2.1 Alarm option settings are now honored for authentication
5.1 New Features
5.1.1 Added SSL Sentinel feature and security policies.
GBOS5300011116, GBOS5300012811, GBOS5300012836
5.1.2 Added ability to monitor the status of OSPF, BGP and RIP.
GBOS5300007526, GBOS5300006941, GBOS5300010256, GBOS5300007521
5.1.3 Added the ability to configure a binding interface for each
Single Sign-On server.
5.1.4 Added eBGP multi-hop option.
5.1.5 Added customized SSL Sentinel login page with the ability to add
a logo and description/disclaimer.
5.1.6 The ability to enable and disable LDAP and Radius authentication
has been added for remote administration and the SSL Sentinel
5.2.1 The default user setting is now set to use certificates for
Mobile IPSec VPN.
5.3 Bug Fixes
5.3.1 Certificates are properly copied from the master when updating
the slave in High Availability.
5.3.2 Email recipients are now rejected by GB-OS if the recipient is
rejected by the server.
5.3.3 Default route is properly set for High Availability firewalls
with a dynamic IP address.
5.3.4 High Availability properly functions when saving network
information or rebooting the HA slave when firewall has aliases.
6. THREAT MANAGEMENT
6.1.1 Increased field size for customized Surf Sentinel block message.
6.1.2 Improved Surf Sentinel category name localization.
6.1.3 Improved speed of DNS lookups for Surf Sentinel.
6.1.4 New categories added to Surf Sentinel for Social Networking and
Translation Sites. Note: Categories effective 5 January, 2010.
6.1.5 Surf Sentinel now looks up domains for IP addresses when
rating by IP address.
7. WEB INTERFACE
7.1 New Features
7.1.1 Added the ability to dynamically add and delete configuration
rows in applicable sections.
7.1.2 Added auto logout for Web admin based on session timeout
7.1.3 Added warning message for auto logout.
7.1.4 List of all active firewall sessions added to Monitoring
7.1.5 Added option to select interface and object for controlling
access to remote admin.
7.1.6 User names and passwords now have minimum length requirements at
three (3) characters and five (5) characters, respectively.
7.1.7 Added Administrator and SSL Sentinel columns to Groups display.
7.1.8 Link to the GTA Forum added under Support in the Web interface.
7.1.9 Customized welcome added for users when logged in.
7.1.10 Added pop-up notification of mode change when uploading
7.1.11 Added built-in icons for configured bookmarks.
7.1.12 Added virtual keyboard to login interfaces and SSL Sentinel file
browser authentication prompt.
7.2.1 Control bar displays only the available controls per user
7.2.2 Improved function and display of main web interface menu.
7.2.3 Improved login/logout web interface.
7.2.4 Objects menu selection moved up one level under Configure.
7.2.5 Menu category VPN renamed to IPSec throughout the Web and
7.2.6 Improved system configuration verification.
GBOS5300011921, GBOS5300009496, GBOS5300011871, GBOS5300014451
7.2.7 Valid ranges are now displayed for applicable input fields.
7.2.8 Updated IPSec tunnel descriptions on the monitoring page.
7.2.9 Improved title and heading descriptions in web interface.
7.2.10 Wizard access removed for read-only administrators.
7.2.11 Built-in objects are now sorted to the top, followed by
7.2.12 Reset action is removed from the control bar.
7.2.13 Password rows are hidden for RIP unless input or output are set
to version 2.
7.3 Bug Fixes
7.3.1 Current administrators list no longer displays multiple sessions
for the same user.
7.3.2 Unconfigurable options are properly disabled when in Bridge
7.3.3 Accounts summary now properly displays when the SSL option is
used for LDAP authentication
7.3.4 Default priority is set to level 5 when policies are changed to
7.3.5 Dynamic add row function properly work for time groups.
7.3.6 ICMP and Stop Interface are only displayed for Deny policies.
8. RELEASE NOTES HISTORY
8.1 Previous Release Notes
These notes cover the 5.3.0 release of GB-OS. Release notes for
previous versions can be found at GTA's Web site, http://www.gta.com.
Global Technology Associates, Inc.
3505 Lake Lynda Drive, Suite 109
Orlando, Florida 32817