Unified Threat Management - Support | GTA, Inc.

		                         

                         GB-OS FIREWALL SOFTWARE
                            VERSION 5.3.1
                            RELEASE NOTES

Author:     Global Technology Associates, Inc.
Product:    GB-OS version 5.3.1
Date:       7 April 2010

-------------------------------------------------------------------------
GB-OS version 5.3.1 includes updated versions of the following GTA
products and utilities:

    GB-OS                       5.3.1

Release notes are located on the installation CD and on GTA's Web site.

For more about upgrading related software, see individual product
release notes.

-------------------------------------------------------------------------
CONTENTS
Release Notes sections are categorized first by feature addressed, then
by the type of change.

1.  INSTALL NOTES

2.  SYSTEM

3.  NETWORK

4.  ACTIVITY

5.  SERVICES

6.  WEB INTERFACE

7.  RELEASE NOTES HISTORY

-------------------------------------------------------------------------

1.  INSTALL NOTES

    1.1 Entering New Activation Codes
    
        If upgrading from 5.2.x or below, new activation codes must be
        entered. GB-OS version 5.3.1 is available at no charge to
        customers with a GTA support contract or annual maintenance
        agreement. Other users should contact their local Authorized GTA 
        Channel Partner or email sales@gta.com for information and pricing 
        of upgrade options.

        
    1.2 Upgrade Notes   
        
        1.2.1 Upgrading to GB-OS 5.3
        
              Firewalls must be on GB-OS version 5.2.0 or higher to properly
              upgrade to GB-OS 5.3. See the Upgrade Guide for more information.
              
              
        1.2.2 GB-250 Rev B Upgrade to GB-OS 5.3 
        
              GB-250 Rev B firewalls should be on runtime slice 2 when upgrading
              to version 5.3.

              The firewall's current runtime slice is displayed on the 
              firewall's System>Overview screen. To view the current slice, log 
              into the firewall’s web administration interface and navigate to 
              System>Overview. The runtime section will display the firewall's 
              current runtime slice.
              
              Additionaly, some GB-250 Rev B firewalls require a Bios Update 
              before updating to GB-OS 5.3.0. If the Bios version is not v0.99h 
              or higher,the Bios may need to be updated. 
              
              You can check the BIOS by:
          
                 1. Examining the hardware report for the Bios version:
             
                    BIOS: PC Engines ALIX.2 v0.99h tinyBIOS V1.4a (C)1997-2007
             
                 2. Connecting on the console interface and rebooting the 
                    firewall. The first line displayed should be BIOS revision. 
                
                    Example: PC Engines ALIX.2 v0.99h
              
               You can check if the firewall is a GB-250 Rev B by the following:
              
                 1. GB-250 Rev B firewalls have USB ports while GB-250 Rev A do
                    not have USB ports. 
              
                 2. GB-250 Rev B firewall serial numbers are:
                
                    Starting at S/N 65002101 and above 
                    Starting at S/N 65902101 and above

        
        1.2.3 Re-sizing Slices and Runtime Upgrades
              
              In order to support the new features in GB-OS 5.2.x and above, 
              some firewalls may require partition re-sizing during the 
              upgrade process. Upon re-sizing, both runtime slices will have 
              GB-OS 5.3.0, and firewall administrators WILL NOT be able to 
              revert to previous runtimes via the Console or Web interface.
              
              GTA strongly recommends backing up current firewall 
              configurations PRIOR to upgrading.

              Firewalls requiring re-sized partitions will take approximately 
              5-8 minutes to reboot and fully update once the runtime has 
              been applied. DO NOT switch off or reboot the firewall during 
              this process.

        
        1.2.4 Error Messages Upon Initial Reboot
    
              Upon rebooting after successful installation, the GTA
              Firewall UTM Appliance may display errors when accessed
              using the Web interface.  This is expected, these errors are
              generated because the browser's cache is trying to access
              files and locations that no longer apply. Click OK to any
              displayed errors and refresh the browser window to access
              GB-OS 5.3.0. If the error messages persist, clear your
              browser's cache.
              
            
    1.3 SSL Certificate Replacement

        GB-OS version 5.3.1 will install a new default security/SSL
        certificate. Some browsers, including Netscape and Mozilla,
        will not recognize the new certificate if the original has
        never been replaced. If you are unable to log on to the
        firewall after upgrading, delete the browser's cached security
        certificate, then close and restart your browser before
        reattempting remote access to your firewall.
    
    
    1.4 Mail Sentinel Anti-Virus 
    
        Since the release of GB-OS version 5.1.2, Mail Sentinel Anti-Virus is 
        no longer available as a separate subscription option. Mail Sentinel 
        Anti-Virus is included as a standard feature with valid support 
        contracts.


2.  SYSTEM      
    
    2.1 New Features
    
        2.1.1  Added X-AUTH VPN support.
               GBOS5310006861
               
    2.2 Modifications
    
        2.2.1  Updated IPS engine.
               GBOS5310015016
               
        2.2.2  Improved password security by obscuring password entry.
               GBOS5310014881
               
        2.2.3  Current slice is now displayed for runtime updates.
               GBOS5310014901
               
        2.2.4  Improved USB dongle support.
               GBOS5310014926
               
        2.2.5  A VPN certificate is now created by default in the Basic Setup 
               Wizard or when defaulting the certificates section.
               GBOS5310014271, GBOS5310014276
               
        2.2.6  Default CA certificates are now named after the host firewall.
               GBOS5310015766
               
        2.2.7  Certificates now use a larger hash and key size for increased 
               security.
               GBOS5310016026, GBOS5310016031
    
    2.3 Bug Fixes 
                
        2.3.1  When upgrading, circular account groups no longer prevent 
               configuration conversion. 
               GBOS5310015051
               
        2.3.2  When creating new SSL certificates via the Console, the system's
               local certificate is properly updated and the admin interface and
               authentication services properly restarted upon saving changes.
               GBOS5310015221
               
        2.3.3  IPSec tunnels using DNS gateways properly start on boot.
               GBOS5310015346
               
        2.3.4  Configuration data is properly exported when certificate names
               contain special characters.
               GBOS5310015386
               
        2.3.5  A user's group name is properly displayed in XML schema.
               GBOS5310015636, GBOS5310015631
               
        2.3.6  VPNs using DNS are properly maintained when saving address 
               objects.
               GBOS5310015606
               
        2.3.7  Certificate subject is properly exported.
               GBOS5310015791
               
        2.3.8  Special characters are properly allowed for password protecting 
               configuration files in ZIP and 7ZIP format.
               GBOS5310016021
               
        2.3.9  Firewall properly re-attempts connections with ALS server.
               GBOS5310016076
               
        2.3.10 Firewall remains operational when saving supernetted VPNs.
               GBOS5310016136
               
        2.3.11 Certificate Signing Requests (CSR) are properly generated.
               GBOS5310016246
        
3.  NETWORK 
                
    3.1 Modifications
    
        3.1.1  VPN Setup Wizard now uses the full name for generating 
               certificate names, followed by identity and unknown if fields 
               left empty.
               GBOS5310014306, GBOS5310014301
               
        3.1.2  Improved VPN throughput speed.
               GBOS5310015661

    3.3 Bug Fixes
    
        3.2.1  GB-OS service response packets to a local subnet of a remote VPN
               supernet are no longer sent over the VPN.
               GBOS5310014946
               
        3.2.2  When configuring groups, only aggressive mode VPN objects are 
               available when selecting a Mobile IPSec VPN object. 
               GBOS5310014446
               
        3.2.3  Gateway failover properly functions when the name of a disabled 
               gateway matches an enabled gateway.
               GBOS5310015031
               
        3.2.4  Unique IPSec security policies are used for each VPN connection.
               GBOS5310010926
               
        3.2.5  Multiple subnets with non-GTA firewalls are properly supported 
               when using IPSec.
               GBOS5310010926
               
        3.2.6  Routing services are maintained when the admin web interface is 
               restarted following certificate updates.
               GBO5310015231
               
        3.2.7  Gateway Failover properly falls back to the primary gateway when
               the gateway returns.
               GBOS5310014951
               
        3.2.8  Configurable interfaces and VLAN limits are properly enforced.
               GBOS5310015491
               
        3.2.9  Interfaces now display full and half duplex options with duplex
               set to automatic if connection is set to automatic.
               GBOS5310015716
               
        3.2.10 Policy based routing properly uses the last gateway as 
               configured.
               GBOS5310015676
               
        3.2.11 VPN Failover properly functions with multiple local gateways.
               GBOS5310015556

4.  ACTIVITY

    4.1 Modifications
    
        4.1.1  Added sessions report option for configuration reports.
               GBOS5310014911
               
        4.1.2  Runtime update configuration reports now include current version,
               last update check, active slice and console mode information.
               GBOS5310014896
               
    4.2 Bug Fixes
    
        4.2.1  Protocol is properly set for logging when using the SSL Sentinel
               Browser.
               GBOS5310015246
   
5.  SERVICES
    
    5.1 New Features
    
        5.1.1  Shrew Soft VPN Client configuration and download files are now 
               dynamically generated on the user interface.
               GBOS5310015471
               
        5.1.2  Mac OS X IPSec Client, certificates and installation guide are
               now available for download via the user Interface.
               GBOS5310015896
    
    5.2 Modifications
    
        5.2.1  Single Sign-On now attempts server connection until a successful 
               connection is established.
               GBOS5310014826
               
        5.2.2  Allowed number of DHCP zones now equal to VLANs.
               GBOS5310015481    
               
        5.2.3  Mobile VPN users can now be authenticated via RADIUS and LDAP.
               GBOS5310001539
                
    5.3 Bug Fixes
    
        5.3.1  High Availability is properly disabled when no activation codes 
               are present.
               GBOS5310014996, GBOS5310015001
               
        5.3.2  LDAP authentication properly functions when no groups are found 
               by searching the base location.
               GBOS5310015341
               
        5.3.3  The SSL Sentinel Client properly reloads and recognizes user 
               password changes.
               GBOS5310015251
               
        5.3.4  Mail Sentinel auto policy configuration setting is correctly 
               enforced.
               GBOS5310015516
               
        5.3.5  Virtual keyboard is properly hidden upon entering passwords on 
               SSL Sentinel file shares.
               GBOS5310015591
               
        5.3.6  SSL Browser properly handles file uploads.
               GBOS5310015601
               
        5.3.7  SSL Sentinel permissions has been removed from the default 
               fwadmin user.
               GBOS5310015501
               
        5.3.8  SSL Sentinel properly works with HTTPS web sites.
               GBOS5310016046
               
        5.3.9  SSL Sentinel properly works with Outlook Web Access using 
               Exchange Server 2003, and Internet Explorer.
               GBOS5310015806
               
        5.3.10 High Availability maintains VPN service on the master firewall.
               GBOS5310015996
               
        5.3.11 IPSec policy compatibility option added for firewalls that are 
               not compatible with unique policies.
               GBOS5310016226
                                
6.  WEB INTERFACE 
    
    6.1 Modfications
                
        6.1.1  Improved system configuration verification.
               GBOS5310015006, GBOS5310014521, GBOS5310015096, GBOS5310015226,
               GBOS5310015776
               
        6.1.2  When attempting to enable SSL Sentinel in group accounts, the 
               activation code requirement is displayed for GB-250 10 User 
               systems with no VPN option.
               GBOS5310014871
               
        6.1.3  LDAPv3 and RADIUS authentication options have been moved to the 
               default view, and disabled by default, in Account Preferences and
               SSL Sentinel Browser configuration screens. 
               GBOS5310014606
               
        6.1.4  VPN Objects and VPN Setup are now referenced as IPSec Objects 
               and IPSec Setup throughout the Web Interface.
               GBOS5310015356, GBOS5310015711
               
        6.1.5  Certificates configuration section is now located under VPN.
               GBOS5310015831
               
        6.1.6  IPSec Tunnels configuration section has been renamed to 
               Site to Site.
               GBOS5310015821
      
    6.2 Bug Fixes

        6.2.1  Time group options are properly displayed when adding new time 
               group rows.
               GBOS5310015056
               
        6.2.2  Multi-byte characters are properly displayed with certificates.
               GBOS5310015141 
        
        6.2.3  Defined web interface refresh rate is properly displayed.
               GBOS5310015266
               
        6.2.4  Bookmark icons are properly exported and imported.
               GBOS5310015586
               
        6.2.5  SSL Sentinel Browser disclaimer text displays properly.
               GBOS5310015581, GBOS5310015721
               
        6.2.6  Virtual keyboard properly functions on Google Chrome 4.x.
               GBOS5310015546
               
        6.2.7  Multiple user sessions no longer appear when using basic 
               authentication.
               GBOS5310016096
        
                
7.  RELEASE NOTES HISTORY

    7.1   Previous Release Notes
          These notes cover the 5.3.1 release of GB-OS. Release notes for 
          previous versions can be found at GTA's Web site, http://www.gta.com.

-------------------------------------------------------------------------
Global Technology Associates, Inc.
3505 Lake Lynda Drive, Suite 109
Orlando, Florida 32817
www.gta.com
407.380.0220		



Copyright © 2014 Global Technology Associates, Inc. All rights reserved.

'GB-OS' and 'GB-Ware' are registered trademarks of Global Technology Associates, Incorporated.
'Global Technology Associates' and 'GTA' are service marks of Global Technology Associates, Incorporated.