Unified Threat Management - Support | GTA, Inc.

		Global Technology Associates, Inc.

Title:    GTA Firewall Systems Release Notes 
Product:  GNAT Box System Software version 3.4.1
Date:     11 February 2004

                         
RELEASE NOTES HISTORY

These notes cover the 3.4.1 patch release of GNAT Box System Software.
Release notes for previous versions can be found at GTA's website,
www.gta.com.

-------------------------------------------------------------------------

GNAT Box System Software version 3.4.1 includes the following versions of
GTA products and utilities:

     GNAT Box System Software      3.4.1
     GBAdmin                       3.4.1
     GBAuth (Windows only)         3.4.1
     GBAuth (Java)                 1.0.1                          
     GTAsyslog                     1.0.3 b
     DBmanager                     1.0.4
     LogView                       1.0.0
     
-------------------------------------------------------------------------

                             UPGRADE NOTES
                                                              
       For more about upgrading, see individual product text files.
       
                                           
               New Surf Sentinel Feature Activation Code
                                 ----  

Before upgrading to version 3.4.1, Surf Sentinel customers upgrading from
a version previous to 3.3.4 must enter a new feature activation code to
accommodate Cerberian Web Filter version 2.0. The new code is available
in the GTA support center under View Registered Products. Delete the old
feature code, enter the new code and save, then upgrade the firewall. 
                                             
                     Default SSL Encryption Settings
                                 ----

If upgrading from a version previous to 3.2.2, SSL will be disabled and the
default port set to 80. To enable SSL encryption, copy the current web
access Remote Access Filter, change the port on it to 443 and enable. Save
the section. Next, default and save the Authorization > Remote
Admin/Authentication function and save the section. This will enable all
encryption and change the server port to 443. Delete the old filter. 

                         High Availability Names
                                 ----

Beginning in version 3.3, H2A systems began using Interface Object names
(HA-EXTERNAL, HA-PROTECTED), so GTA recommends changing references to HA
systems to reflect the new nomenclature.

                              Netscape/Mozilla
                                   ----
                                   
Version 3.4.1 installs a new default security certificate. Some browsers,
including Netscape and Mozilla, will not recognize the new certificate if
the original has never been replaced. If you are unable to log on to the
GTA Firewall after upgrading, delete the browser security certificate, then
exit and restart. 

-------------------------------------------------------------------------

                              KNOWN ISSUES
                                                                  
                    Internet Explorer 5 for Macintosh
                                   ----

Internet Explorer 5 for Macintosh will not allow you to accept or install
the SSL security certificate. SSL must be disabled to use this combination.

               Internet Explorer 5 Export Version, No Patch
                                   ----
                                   
The export version of IE 5 improperly implements SSL version 3.0, so to use
SSL 3.0, you must have installed the IE security patches.

                 Security Vulnerabilities in SSL Version 2.0
                                   ----
                                   
Due to security vulnerabilities in SSL 2.0, support for it has been
removed in GNAT Box System Software.

-------------------------------------------------------------------------


Release Notes include following enhancements, modification and bug fix
sections:

1.   SYSTEM SOFTWARE 

2.   SERVICES 

3.   CFG LIBRARY

4.   ALL USER INTERFACES 
          
5.   GBADMIN (Windows Only)

6.   WEB
          
7.   CONSOLE

8.   CONTENT FILTERING

9.   INSTALLERS

10.  GTASYSLOG (Windows Only)

11.  DBMANAGER (Windows Only)

12.  GBAUTH (Windows Only)

------------------------------------------------------------------------

1.   SYSTEM SOFTWARE 
1.1  Enhancements

     1.   Add support for GB-1000R product. GB3411107
     
1.2  Modifications
1.3  Bug Fixes

     1.   GNAT Box Light does not pass any traffic from the Internal to
          the External network. GB3411158

          Resolution:
          GNAT Box Light is fully functional.
     
     2.   Firewall does not correctly send "Spoofing" and "Connect to Close"  
          port messages to GB-Commander Server. GB3411151

          Resolution:
          Map "Spoofing" and "Connect to Close" port message types from 
          internal to external when sending alarms to GB-Commander.
   
     3.   A dynamic to static connection between two GTA Firewalls that 
          uses mobile protocol counts as a VPN client license. GB341937

          Resolution:
          A dynamic to static connection between GTA Firewalls using the
          mobile protocol does not count as a VPN client license.
          
     4.   Secondary connections for Virtual Cracks do not inherit priority. 
          GB3411033

          Resolution:
          Allow Virtual Cracks to inherit priority and allow filter from
          main connection.          

     5.   Connections allowed by time-based filter close before time
          inherited from filter. GB3411074

          Resolution:
          Change ending time calculation for connections enabled by
          time-based filter.

     6.   The filter preference "Deny Fragmented Packets" does not work. 
          GB3411086

          Resolution:
          "Deny Fragmented Packets" preference is now functional.

     7.   Connections allowed by inbound tunnels using "Auto-accept" filter 
          aren't logged. GB3411220

          Resolution:
          Set logging priority to "Notice" for connections allowed by inbound 
          tunnel "Auto-accept" filter option.

     8.   Accept filters with the Log field set to "Yes" (always log) are not 
          logged.  GB3411062
          
          Resolution:
          If option is set to always log in Accept filter, log accepts.

     9.   Protected network aliases are not added to Protected Networks
          object when the Address Objects section is auto-configured.
          GB3411078

          Resolution:
          Add networks from protected interface alaises to Protected Networks 
          object when the Address Objects section is auto-configured.     

          
2.   SERVICES 
2.1  Enhancements     
2.2  Modifications

     1.   Add serial number to alarm emails. GB3411153
     
     2.   Add support for H2A configuration without entering a netmask.
          Netmask is inherited from the Network Information screen.
          GB3411101
          
     3.   Disable DNS proxy by default. GB3411109
     
     4.   Change originating port for DNS proxy from 53 to ephemeral port. 
          GB3411110

2.3  Bug Fixes
            
     1.   Static address mapping to PPPoE alias fails after renegotiation
          of PPPoE connection dropped by server. GB341584

          Resolution:
          Delete obsolete aliases and their routes when connection goes down.

     2.   High Availability service does not function correctly on
          GB-750. GB341968

          Resolution:
          Modified GB-750 NIC driver so that the virtual MAC address can
          be updated on the NIC.
          
                   
3.   CFG LIBRARY
3.1  Enhancements and Changes
3.2  Modifications

     1.   Change HA configuration report to use CIDR notation. GB3411100    

3.3  Bug Fixes

     1.   Even though DNS Server is disabled, a verification message
          displays when it is unconfigured. GB341817

          Resolution:
          Don't check for primary DNS domain name if DNS server is not
          enabled and primary name is blank.
 
     2.   System returns an error message when a VPN object references an
          alias other than the first. GB341878
          
          Resolution:
          Check all aliases when verifying addresses in VPN objects.
                   
                    
4.   ALL USER INTERFACES 
4.1  Enhancements          
4.2  Modifications     
4.3  Bug Fixes
          
     NONE
     

5.   GBADMIN (Windows Only)
5.1  Enhancements
5.2  Modifications
5.3  Bug Fixes

     1.   Verification in GBAdmin requires GB-Commander port setting even if           
          the GB-Commander Server is disabled. GB341944

          Resolution:
          Verify port setting only when GB-Commander Server is enabled.

     2.   GBAdmin limits tunnel and VPN object description to 19
          characters. GB341833, GB341879

          Resolution:
          Tunnel and VPN descriptions now allow 79 characters. 

     3.   The index column of most tables are not wide enough to support 
          the number of rows required. GB3411104

          Resolution:
          Modified the index column width for the affected tables.

     4.   Inserting a new inbound tunnel does not select a valid "From" 
          interface selection if no valid external interfaces exist. GB341834
          
          Resolution:
          If no external interface exists, inserting an inbound tunnel selects 
          a valid "From" interface from the protected or PSN interfaces.
          
     5.   The inbound tunnel summary does not update promptly after 
          modification. GB341934

          Resolution:
          The inbound tunnel summary updates promptly after modification.

     6.   After loading a configuration from a version older than 3.4.0,
          GBAdmin does not correctly determine the selected product. 
          GB3411229

          Resolution:
          System software version is now correctly determined by GBAdmin.
          
     7.   Merging a flash-based product configuration with a floppy-based
          product runtime fails. GB3411233

          Resolution:
          A flash-based product configuration can now be merged with a
          floppy-based product runtime.

     8.   Tunnels cannot be reordered using drag and drop function.
     	GB3411240

          Resolution:
          Drag and drop function can now be used to reorder tunnels.

     9.   Once created, Address Object descriptions cannot be changed.
     	GB3411241

          Resolution:
          Address Object descriptions can now be changed.
          

6.   WEB
6.1  Enhancements
6.2  Modifications
6.3  Bug Fixes

     1.   Paste option is not available for Inbound Tunnels section.
          GB341850

          Resolution:
          Specified correct path for paste cookie in copy function.
          
     2.   Changing the refresh rate does not work on tunnels and current
          statistics. GB3411211

          Resolution:
          Refresh rate cookie is now set correctly.


7.   CONSOLE
7.1  Enhancements
7.2  Modifications
7.3  Bug Fixes

     NONE


8.   CONTENT FILTERING
8.1  Enhancements
8.2  Modifications          
8.3  Bug Fixes

     1.   Surf Sentinel does not work properly if http traffic is routed 
          through an off-site proxy server that modifies response packets. 
          GB341821

          Resolution
          Allow modifications to the Cerberian response packet upon
          validation to support proxy servers in front of the firewall.  
                      

9.   INSTALLERS
9.1  Enhancements 
9.2  Modifications
9.3  Bug Fixes

     NONE
     
                    
10.  GTASYSLOG (Windows Only)
10.1 Enhancements 
10.2 Modifications
10.3 Bug Fixes
            
     1.   GTAsyslog will not write to the database if the database is not
          up and running before GTAsyslog starts. SYS102915

          Resolution:
          GTAsyslog now periodically checks the database status. 

     2.   GTA Reporting Suite sometimes loses its license. SYS1021046
          
          Resolution:
          GTAsyslog now updates license entry when database starts.

     3.   Multiple copies of GTAsyslog are able to write to the same
          database, causing licensing conflicts. SYS1021156

          Resolution:
          Only one GTAsyslog is allowed to write to a given database. 
                   
                   
11.  DBMANAGER (Windows Only)
11.1 Enhancements      
11.2 Modifications

     1.   Grey out the Firewalls section of the GTAsyslog Settings screen
          when not in licensed mode. DB1031225

11.3 Bug Fixes

     1.   Full Restore does not work correctly: 'Cannot insert a
          duplicate key into unique index bandwidth_pkey' error. DB102848 

          Resolution: 
          Bandwidth table is now cleared during purge, so that duplicate
          records do not exist.
     
     2.   Some event log messages have invalid event IDs. DB1031170

          Resolution:
          Event log messages now have valid event IDs.
          
     3.   Opening About Box interferes with GTA Reporting Suite license.
          DB1031232

          Resolution: 
          GTA Reporting Suite license is no longer affected by opening
          About Box.
    
          
12.  GBAUTH (Windows Only)
12.1 Enhancements 

     1.   Add a list of most recently used identities. GB3411223
          
     2.   Add a minimize button. GB3411224
     
12.2 Modifications
12.3 Bug Fixes

     NONE
     
                          
--------------------------------------------------------------------

Global Technology Associates, Inc.
3505 Lake Lynda Drive, Suite 109
Orlando, Florida 32817
www.gta.com
407.380.0220		



Copyright © 2014 Global Technology Associates, Inc. All rights reserved.

'GB-OS' and 'GB-Ware' are registered trademarks of Global Technology Associates, Incorporated.
'Global Technology Associates' and 'GTA' are service marks of Global Technology Associates, Incorporated.