Global Technology Associates, Inc.
Title: GTA Firewall Systems Release Notes
Product: GNAT Box System Software version 3.4.1
Date: 11 February 2004
RELEASE NOTES HISTORY
These notes cover the 3.4.1 patch release of GNAT Box System Software.
Release notes for previous versions can be found at GTA's website,
www.gta.com.
-------------------------------------------------------------------------
GNAT Box System Software version 3.4.1 includes the following versions of
GTA products and utilities:
GNAT Box System Software 3.4.1
GBAdmin 3.4.1
GBAuth (Windows only) 3.4.1
GBAuth (Java) 1.0.1
GTAsyslog 1.0.3 b
DBmanager 1.0.4
LogView 1.0.0
-------------------------------------------------------------------------
UPGRADE NOTES
For more about upgrading, see individual product text files.
New Surf Sentinel Feature Activation Code
----
Before upgrading to version 3.4.1, Surf Sentinel customers upgrading from
a version previous to 3.3.4 must enter a new feature activation code to
accommodate Cerberian Web Filter version 2.0. The new code is available
in the GTA support center under View Registered Products. Delete the old
feature code, enter the new code and save, then upgrade the firewall.
Default SSL Encryption Settings
----
If upgrading from a version previous to 3.2.2, SSL will be disabled and the
default port set to 80. To enable SSL encryption, copy the current web
access Remote Access Filter, change the port on it to 443 and enable. Save
the section. Next, default and save the Authorization > Remote
Admin/Authentication function and save the section. This will enable all
encryption and change the server port to 443. Delete the old filter.
High Availability Names
----
Beginning in version 3.3, H2A systems began using Interface Object names
(HA-EXTERNAL, HA-PROTECTED), so GTA recommends changing references to HA
systems to reflect the new nomenclature.
Netscape/Mozilla
----
Version 3.4.1 installs a new default security certificate. Some browsers,
including Netscape and Mozilla, will not recognize the new certificate if
the original has never been replaced. If you are unable to log on to the
GTA Firewall after upgrading, delete the browser security certificate, then
exit and restart.
-------------------------------------------------------------------------
KNOWN ISSUES
Internet Explorer 5 for Macintosh
----
Internet Explorer 5 for Macintosh will not allow you to accept or install
the SSL security certificate. SSL must be disabled to use this combination.
Internet Explorer 5 Export Version, No Patch
----
The export version of IE 5 improperly implements SSL version 3.0, so to use
SSL 3.0, you must have installed the IE security patches.
Security Vulnerabilities in SSL Version 2.0
----
Due to security vulnerabilities in SSL 2.0, support for it has been
removed in GNAT Box System Software.
-------------------------------------------------------------------------
Release Notes include following enhancements, modification and bug fix
sections:
1. SYSTEM SOFTWARE
2. SERVICES
3. CFG LIBRARY
4. ALL USER INTERFACES
5. GBADMIN (Windows Only)
6. WEB
7. CONSOLE
8. CONTENT FILTERING
9. INSTALLERS
10. GTASYSLOG (Windows Only)
11. DBMANAGER (Windows Only)
12. GBAUTH (Windows Only)
------------------------------------------------------------------------
1. SYSTEM SOFTWARE
1.1 Enhancements
1. Add support for GB-1000R product. GB3411107
1.2 Modifications
1.3 Bug Fixes
1. GNAT Box Light does not pass any traffic from the Internal to
the External network. GB3411158
Resolution:
GNAT Box Light is fully functional.
2. Firewall does not correctly send "Spoofing" and "Connect to Close"
port messages to GB-Commander Server. GB3411151
Resolution:
Map "Spoofing" and "Connect to Close" port message types from
internal to external when sending alarms to GB-Commander.
3. A dynamic to static connection between two GTA Firewalls that
uses mobile protocol counts as a VPN client license. GB341937
Resolution:
A dynamic to static connection between GTA Firewalls using the
mobile protocol does not count as a VPN client license.
4. Secondary connections for Virtual Cracks do not inherit priority.
GB3411033
Resolution:
Allow Virtual Cracks to inherit priority and allow filter from
main connection.
5. Connections allowed by time-based filter close before time
inherited from filter. GB3411074
Resolution:
Change ending time calculation for connections enabled by
time-based filter.
6. The filter preference "Deny Fragmented Packets" does not work.
GB3411086
Resolution:
"Deny Fragmented Packets" preference is now functional.
7. Connections allowed by inbound tunnels using "Auto-accept" filter
aren't logged. GB3411220
Resolution:
Set logging priority to "Notice" for connections allowed by inbound
tunnel "Auto-accept" filter option.
8. Accept filters with the Log field set to "Yes" (always log) are not
logged. GB3411062
Resolution:
If option is set to always log in Accept filter, log accepts.
9. Protected network aliases are not added to Protected Networks
object when the Address Objects section is auto-configured.
GB3411078
Resolution:
Add networks from protected interface alaises to Protected Networks
object when the Address Objects section is auto-configured.
2. SERVICES
2.1 Enhancements
2.2 Modifications
1. Add serial number to alarm emails. GB3411153
2. Add support for H2A configuration without entering a netmask.
Netmask is inherited from the Network Information screen.
GB3411101
3. Disable DNS proxy by default. GB3411109
4. Change originating port for DNS proxy from 53 to ephemeral port.
GB3411110
2.3 Bug Fixes
1. Static address mapping to PPPoE alias fails after renegotiation
of PPPoE connection dropped by server. GB341584
Resolution:
Delete obsolete aliases and their routes when connection goes down.
2. High Availability service does not function correctly on
GB-750. GB341968
Resolution:
Modified GB-750 NIC driver so that the virtual MAC address can
be updated on the NIC.
3. CFG LIBRARY
3.1 Enhancements and Changes
3.2 Modifications
1. Change HA configuration report to use CIDR notation. GB3411100
3.3 Bug Fixes
1. Even though DNS Server is disabled, a verification message
displays when it is unconfigured. GB341817
Resolution:
Don't check for primary DNS domain name if DNS server is not
enabled and primary name is blank.
2. System returns an error message when a VPN object references an
alias other than the first. GB341878
Resolution:
Check all aliases when verifying addresses in VPN objects.
4. ALL USER INTERFACES
4.1 Enhancements
4.2 Modifications
4.3 Bug Fixes
NONE
5. GBADMIN (Windows Only)
5.1 Enhancements
5.2 Modifications
5.3 Bug Fixes
1. Verification in GBAdmin requires GB-Commander port setting even if
the GB-Commander Server is disabled. GB341944
Resolution:
Verify port setting only when GB-Commander Server is enabled.
2. GBAdmin limits tunnel and VPN object description to 19
characters. GB341833, GB341879
Resolution:
Tunnel and VPN descriptions now allow 79 characters.
3. The index column of most tables are not wide enough to support
the number of rows required. GB3411104
Resolution:
Modified the index column width for the affected tables.
4. Inserting a new inbound tunnel does not select a valid "From"
interface selection if no valid external interfaces exist. GB341834
Resolution:
If no external interface exists, inserting an inbound tunnel selects
a valid "From" interface from the protected or PSN interfaces.
5. The inbound tunnel summary does not update promptly after
modification. GB341934
Resolution:
The inbound tunnel summary updates promptly after modification.
6. After loading a configuration from a version older than 3.4.0,
GBAdmin does not correctly determine the selected product.
GB3411229
Resolution:
System software version is now correctly determined by GBAdmin.
7. Merging a flash-based product configuration with a floppy-based
product runtime fails. GB3411233
Resolution:
A flash-based product configuration can now be merged with a
floppy-based product runtime.
8. Tunnels cannot be reordered using drag and drop function.
GB3411240
Resolution:
Drag and drop function can now be used to reorder tunnels.
9. Once created, Address Object descriptions cannot be changed.
GB3411241
Resolution:
Address Object descriptions can now be changed.
6. WEB
6.1 Enhancements
6.2 Modifications
6.3 Bug Fixes
1. Paste option is not available for Inbound Tunnels section.
GB341850
Resolution:
Specified correct path for paste cookie in copy function.
2. Changing the refresh rate does not work on tunnels and current
statistics. GB3411211
Resolution:
Refresh rate cookie is now set correctly.
7. CONSOLE
7.1 Enhancements
7.2 Modifications
7.3 Bug Fixes
NONE
8. CONTENT FILTERING
8.1 Enhancements
8.2 Modifications
8.3 Bug Fixes
1. Surf Sentinel does not work properly if http traffic is routed
through an off-site proxy server that modifies response packets.
GB341821
Resolution
Allow modifications to the Cerberian response packet upon
validation to support proxy servers in front of the firewall.
9. INSTALLERS
9.1 Enhancements
9.2 Modifications
9.3 Bug Fixes
NONE
10. GTASYSLOG (Windows Only)
10.1 Enhancements
10.2 Modifications
10.3 Bug Fixes
1. GTAsyslog will not write to the database if the database is not
up and running before GTAsyslog starts. SYS102915
Resolution:
GTAsyslog now periodically checks the database status.
2. GTA Reporting Suite sometimes loses its license. SYS1021046
Resolution:
GTAsyslog now updates license entry when database starts.
3. Multiple copies of GTAsyslog are able to write to the same
database, causing licensing conflicts. SYS1021156
Resolution:
Only one GTAsyslog is allowed to write to a given database.
11. DBMANAGER (Windows Only)
11.1 Enhancements
11.2 Modifications
1. Grey out the Firewalls section of the GTAsyslog Settings screen
when not in licensed mode. DB1031225
11.3 Bug Fixes
1. Full Restore does not work correctly: 'Cannot insert a
duplicate key into unique index bandwidth_pkey' error. DB102848
Resolution:
Bandwidth table is now cleared during purge, so that duplicate
records do not exist.
2. Some event log messages have invalid event IDs. DB1031170
Resolution:
Event log messages now have valid event IDs.
3. Opening About Box interferes with GTA Reporting Suite license.
DB1031232
Resolution:
GTA Reporting Suite license is no longer affected by opening
About Box.
12. GBAUTH (Windows Only)
12.1 Enhancements
1. Add a list of most recently used identities. GB3411223
2. Add a minimize button. GB3411224
12.2 Modifications
12.3 Bug Fixes
NONE
--------------------------------------------------------------------
Global Technology Associates, Inc.
3505 Lake Lynda Drive, Suite 109
Orlando, Florida 32817
www.gta.com
407.380.0220
|
