GB-OS FIREWALL SOFTWARE
Author: Global Technology Associates, Inc.
Product: GB-OS version 5.3.2
Date: 6 August 2010
GB-OS version 5.3.2 includes updated versions of the following GTA
products and utilities:
Release notes are located on the installation CD and on GTA's Web site.
For more about upgrading related software, see individual product
Release Notes sections are categorized first by feature addressed, then
by the type of change.
1. INSTALL NOTES
5. WEB INTERFACE
6. RELEASE NOTES HISTORY
1. INSTALL NOTES
1.1 Entering New Activation Codes
If upgrading from 5.2.x or below, new activation codes must be
entered. GB-OS version 5.3.2 is available at no charge to
customers with a GTA support contract or annual maintenance
agreement. Other users should contact their local Authorized GTA
Channel Partner or email firstname.lastname@example.org for information and pricing
of upgrade options.
1.2 Upgrade Notes
1.2.1 Upgrading to GB-OS 5.3
Firewalls must be on GB-OS version 5.2.0 or higher to properly
upgrade to GB-OS 5.3. See the Upgrade Guide for more information.
1.2.2 GB-250 Rev B Upgrade to GB-OS 5.3
GB-250 Rev B firewalls should be on runtime slice 2 when upgrading
to version 5.3.
The firewall's current runtime slice is displayed on the
firewall's System>Overview screen. To view the current slice, log
into the firewall’s web administration interface and navigate to
System>Overview. The runtime section will display the firewall's
current runtime slice.
Additionaly, some GB-250 Rev B firewalls require a Bios Update
before updating to GB-OS 5.3.0. If the Bios version is not v0.99h
or higher,the Bios may need to be updated.
You can check the BIOS by:
1. Examining the hardware report for the Bios version:
BIOS: PC Engines ALIX.2 v0.99h tinyBIOS V1.4a (C)1997-2007
2. Connecting on the console interface and rebooting the
firewall. The first line displayed should be BIOS revision.
Example: PC Engines ALIX.2 v0.99h
You can check if the firewall is a GB-250 Rev B by the following:
1. GB-250 Rev B firewalls have USB ports while GB-250 Rev A do
not have USB ports.
2. GB-250 Rev B firewall serial numbers are:
Starting at S/N 65002101 and above
Starting at S/N 65902101 and above
1.2.3 Re-sizing Slices and Runtime Upgrades
In order to support the new features in GB-OS 5.2.x and above,
some firewalls may require partition re-sizing during the
upgrade process. Upon re-sizing, both runtime slices will have
GB-OS 5.3.0, and firewall administrators WILL NOT be able to
revert to previous runtimes via the Console or Web interface.
GTA strongly recommends backing up current firewall
configurations PRIOR to upgrading.
Firewalls requiring re-sized partitions will take approximately
5-8 minutes to reboot and fully update once the runtime has
been applied. DO NOT switch off or reboot the firewall during
1.2.4 Error Messages Upon Initial Reboot
Upon rebooting after successful installation, the GTA
Firewall UTM Appliance may display errors when accessed
using the Web interface. This is expected, these errors are
generated because the browser's cache is trying to access
files and locations that no longer apply. Click OK to any
displayed errors and refresh the browser window to access
GB-OS 5.3.2. If the error messages persist, clear your
1.3 SSL Certificate Replacement
GB-OS version 5.3.2 will install a new default security/SSL
certificate. Some browsers, including Netscape and Mozilla,
will not recognize the new certificate if the original has
never been replaced. If you are unable to log on to the
firewall after upgrading, delete the browser's cached security
certificate, then close and restart your browser before
reattempting remote access to your firewall.
1.4 Mail Sentinel Anti-Virus
Since the release of GB-OS version 5.1.2, Mail Sentinel Anti-Virus is
no longer available as a separate subscription option. Mail Sentinel
Anti-Virus is included as a standard feature with valid support
2.1.1 Updated IPS engine.
2.1.2 Support added for VPNs with encryption objects without
2.1.3 Removed POP3 UDP port for 110 and IMAP UDP port for 143 from
2.2 Bug Fixes
2.2.1 Maintain read-only for runtime partition.
2.2.2 When in bridge mode, the fxp driver correctly drops invalid
2.2.3 Configurations properly downloaded for IPSec Client LDAP or
RADIUS users with XAuth + Hybrid authentication.
2.2.4 MAC addresses are properly assigned for bridged firewalls.
2.2.5 DHCP rebind only flushes DHCP interface connections.
2.2.6 Systems properly reboot on upgrade, and on command from the Web
or Console Interface.
2.2.7 VPN notifications are correctly no longer sent when firewall is
in HA Slave state.
2.2.8 Firewall remains operational after modifying address objects.
2.2.9 Firewalls remain operational during High Availability state
2.2.10 Firewall remains operational without unexpected or random
3.1.1 Improved VPN Wizard.
GBOS5320015396, GBOS5320015371, GBOS5320015361
3.1.2 If duplicate remote networks are found, only the first user's
VPN will be configured.
3.1.3 VPNs with encryption objects set to ANY in GB-OS 5.2.x are
mapped to Difiie-Hellman group 2 in GB-OS 5.3.x
3.1.4 When using Xauth, assign a 32-bit netmask to the IPSec
3.3 Bug Fixes
3.2.1 VPN identity is properly imported when using certificates.
3.2.2 Network interface changes are properly configured when copying
test to live mode.
3.2.3 Outbound mapping properly follows index order when assigning NAT
3.2.4 IPSec VPN configuration files properly reload after changes.
3.2.5 DNS cache is properly maintained for hosts that fail to resolve
during VPN configuration.
3.2.6 High Availability remains operational with VLAN interfaces.
3.2.7 When in High Availability mode, virtual MAC addresses are
properly used with VLAN.
5.1.1 Added DHCP Relay support.
5.1.2 Updated SNMP service.
4.2 Bug Fixes
4.2.1 DNS server properly handles continuous DNS queries.
4.2.2 DNS sever fully restarts before additional services are
4.2.3 Authenticated users are properly flushed.
4.2.4 When applying configurations from Test to Live mode, services
properly restart after the entire configuration has been applied.
4.2.5 Outlook Exchange new message function properly behaves through
the SSL Sentinel Browser.
4.2.6 VLANs are properly merged from Master to Slave with High
4.2.7 Traditional proxy properly processes post requests.
4.2.8 SSL Sentinel services are properly started only with High
4.2.9 Rejected email recipients are properly logged as
4.2.10 NTP server properly logs IP address of peer server.
5. WEB INTERFACE
5.1.1 Improved system configuration verification.
GBOS5320015521, GBOS5320015291, GBOS5320016656
5.1.2 Verification added requiring bridged interfaces or LAGG
interfaces to have the same MTU.
5.1.3 Improved web interface link navigation.
5.1.4 Account Group list view now displays separate SSL Sentinel
Browser and Client settings.
5.1.5 Renamed built-in encryption object, IPSec Mobile Encrypt,
to IPSec Mobile Enc.
5.1.6 Added Port under Service in Monitoring section for network
5.1.7 Added VLAN ID number to configuration settings and summary
5.1.8 Improved web interface.
5.1.9 Improved web interface descriptions for standard VPNs.
5.2 Bug Fixes
5.2.1 IPS Policies properly display when configuration section is
5.2.2 Remote Access webpage is properly displayed according to user
5.2.3 Edit functions are properly disabled for read-only SSL Sentinel
5.2.4 Flushed and idle connections are properly cleared from the
statistics data and graphs.
6. RELEASE NOTES HISTORY
6.1 Previous Release Notes
These notes cover the 5.3.2 release of GB-OS. Release notes for
previous versions can be found at GTA's website, http://www.gta.com.
Global Technology Associates, Inc.
3505 Lake Lynda Drive, Suite 109
Orlando, Florida 32817